Update Rails and Ruby #64
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
bundler-cache: true | |
- name: Run linting | |
run: | | |
bundle exec rubocop --parallel | |
- name: Run security checks | |
run: | | |
bundle exec bundler-audit --update | |
bundle exec brakeman -q -w2 | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
bundler-cache: true | |
- name: Setup database | |
env: | |
RAILS_ENV: "test" | |
run: | | |
bin/rails db:setup | |
- name: Check autoloading (zeitwerk) | |
env: | |
RAILS_ENV: "test" | |
run: | | |
bin/rails zeitwerk:check | |
- name: Run tests | |
env: | |
RAILS_ENV: "test" | |
run: | | |
bin/rails test | |
bin/rails test:system | |
deploy: | |
runs-on: ubuntu-latest | |
needs: [lint, test] | |
if: github.event_name == 'push' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build production Docker image | |
run: | | |
docker build --tag ${{ secrets.REGISTRY_HOST }}/${{ secrets.REGISTRY_USERNAME }}/operum:main . | |
- name: Push Docker image | |
run: | | |
# The login is done with the default docker password storage, which is | |
# not the safest around, but it will be removed by a subsequent logout | |
# later on. | |
docker login -u "${{ secrets.REGISTRY_USERNAME }}" -p "${{ secrets.REGISTRY_PASSWORD }}" ${{ secrets.REGISTRY_HOST }} | |
docker push ${{ secrets.REGISTRY_HOST }}/${{ secrets.REGISTRY_USERNAME }}/operum:main | |
docker logout ${{ secrets.REGISTRY_HOST }} | |
# The server provides a small script named `infra-restart` which will do | |
# the right thing to pull the new image of the desired service and re-run | |
# it. | |
- name: executing remote ssh commands using password | |
uses: appleboy/[email protected] | |
with: | |
host: ${{ secrets.REMOTE_HOST }} | |
username: ${{ secrets.REMOTE_USERNAME }} | |
password: ${{ secrets.REMOTE_PASSPHRASE }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
passphrase: ${{ secrets.REMOTE_PASSPHRASE }} | |
script: infra-restart operum |