-
Notifications
You must be signed in to change notification settings - Fork 1
230 lines (214 loc) · 10.7 KB
/
build_and_publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
name: Build, publish and deploy docker
on:
push:
branches: [ 'main' ]
tags:
- 'v*'
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
build-and-push-image:
name: Build and push
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in to the Container registry
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=tag,enable=${{ startsWith(github.ref, 'refs/tags/v') }}
type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/v') }}
type=raw,value=test,enable=true
- name: Build and push Docker image
uses: docker/build-push-action@v4
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
APP_VERSION=${{ github.ref_name }}
deploy-testing:
name: Deploy Testing
needs: build-and-push-image
runs-on: [ self-hosted, Linux, testing ]
environment:
name: Testing
url: https://api.test.profcomff.com/
env:
CONTAINER_NAME: com_profcomff_api_auth_test
permissions:
packages: read
steps:
- name: Pull new version
run: docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:test
- name: Migrate DB
run: |
docker run \
--rm \
--network=web \
--env DB_DSN=${{ secrets.DB_DSN }} \
--name ${{ env.CONTAINER_NAME }}_migration \
--workdir="/" \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:test \
alembic upgrade head
- name: Run new version
id: run_test
run: |
docker stop ${{ env.CONTAINER_NAME }} || true && docker rm ${{ env.CONTAINER_NAME }} || true
docker run \
--detach \
--restart always \
--network=kafka \
--env DB_DSN='${{ secrets.DB_DSN }}' \
--env ROOT_PATH='/auth' \
--env EMAIL='${{ secrets.EMAIL }}' \
--env EMAIL_PASS='${{ secrets.EMAIL_PASS }}' \
--env ENABLED_AUTH_METHODS='${{ vars.ENABLED_AUTH_METHODS }}' \
--env SMTP_HOST='mail.profcomff.com' \
--env SMTP_PORT='465' \
--env APPLICATION_HOST='${{ vars.HOST }}' \
--env GOOGLE_REDIRECT_URL='${{ vars.GOOGLE_REDIRECT_URL }}' \
--env GOOGLE_CREDENTIALS='${{ secrets.GOOGLE_CREDENTIALS }}' \
--env PHYSICS_REDIRECT_URL='${{ vars.PHYSICS_REDIRECT_URL }}' \
--env PHYSICS_CREDENTIALS='${{ secrets.PHYSICS_CREDENTIALS }}' \
--env LKMSU_REDIRECT_URL='${{ vars.LKMSU_REDIRECT_URL }}' \
--env LKMSU_CLIENT_ID='${{ secrets.LKMSU_CLIENT_ID }}' \
--env LKMSU_CLIENT_SECRET='${{ secrets.LKMSU_CLIENT_SECRET }}' \
--env YANDEX_REDIRECT_URL='${{ vars.YANDEX_REDIRECT_URL }}' \
--env YANDEX_CLIENT_ID='${{ secrets.YANDEX_CLIENT_ID }}' \
--env YANDEX_CLIENT_SECRET='${{ secrets.YANDEX_CLIENT_SECRET }}' \
--env MY_MSU_REDIRECT_URL='${{ vars.MY_MSU_REDIRECT_URL }}' \
--env MY_MSU_CLIENT_ID='${{ secrets.MY_MSU_CLIENT_ID }}' \
--env MY_MSU_CLIENT_SECRET='${{ secrets.MY_MSU_CLIENT_SECRET }}' \
--env GITHUB_REDIRECT_URL='${{ vars.GH_REDIRECT_URL }}' \
--env GITHUB_CLIENT_ID='${{ secrets.GH_CLIENT_ID }}' \
--env GITHUB_CLIENT_SECRET='${{ secrets.GH_CLIENT_SECRET }}' \
--env TELEGRAM_REDIRECT_URL='${{ vars.TELEGRAM_REDIRECT_URL }}' \
--env TELEGRAM_BOT_TOKEN='${{ secrets.TELEGRAM_BOT_TOKEN }}' \
--env VK_REDIRECT_URL='${{ vars.VK_REDIRECT_URL }}' \
--env VK_CLIENT_ID='${{ secrets.VK_CLIENT_ID }}' \
--env VK_CLIENT_ACCESS_TOKEN='${{ secrets.VK_CLIENT_ACCESS_TOKEN }}' \
--env VK_CLIENT_SECRET='${{ secrets.VK_CLIENT_SECRET }}' \
--env AIRFLOW_AUTH_BASE_URL='${{ vars.AIRFLOW_AUTH_BASE_URL }}' \
--env AIRFLOW_AUTH_ADMIN_USERNAME='${{ secrets.AIRFLOW_AUTH_ADMIN_USERNAME }}' \
--env AIRFLOW_AUTH_ADMIN_PASSWORD='${{ secrets.AIRFLOW_AUTH_ADMIN_PASSWORD }}' \
--env CODER_AUTH_BASE_URL='${{ vars.CODER_AUTH_BASE_URL }}' \
--env CODER_AUTH_ADMIN_TOKEN='${{ secrets.CODER_AUTH_ADMIN_TOKEN }}' \
--env MAILU_AUTH_BASE_URL='${{ vars.MAILU_AUTH_BASE_URL }}' \
--env MAILU_AUTH_API_KEY='${{ secrets.MAILU_AUTH_API_KEY }}' \
--env POSTGRES_AUTH_DB_DSN='${{ secrets.POSTGRES_AUTH_DB_DSN }}' \
--env AUTHENTIC_ROOT_URL='${{ vars.AUTHENTIC_ROOT_URL }}' \
--env AUTHENTIC_OIDC_CONFIGURATION_URL='${{ vars.AUTHENTIC_OIDC_CONFIGURATION_URL }}' \
--env AUTHENTIC_REDIRECT_URL='${{ vars.AUTHENTIC_REDIRECT_URL }}' \
--env AUTHENTIC_CLIENT_ID='${{ secrets.AUTHENTIC_CLIENT_ID }}' \
--env AUTHENTIC_CLIENT_SECRET='${{ secrets.AUTHENTIC_CLIENT_SECRET }}' \
--env AUTHENTIC_TOKEN='${{ secrets.AUTHENTIC_TOKEN }}' \
--env ENCRYPTION_KEY='${{ secrets.ENCRYPTION_KEY }}' \
--env KAFKA_DSN='${{ secrets.KAFKA_DSN }}' \
--env KAFKA_LOGIN='${{ secrets.KAFKA_LOGIN }}' \
--env KAFKA_PASSWORD='${{ secrets.KAFKA_PASSWORD }}' \
--env KAFKA_USER_LOGIN_TOPIC_NAME='${{ secrets.KAFKA_USER_LOGIN_TOPIC_NAME }}' \
--env GUNICORN_CMD_ARGS='--log-config logging_test.conf' \
--name ${{ env.CONTAINER_NAME }} \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:test
docker network connect web ${{ env.CONTAINER_NAME }}
deploy-production:
name: Deploy Production
needs: build-and-push-image
if: startsWith(github.ref, 'refs/tags/v')
runs-on: [ self-hosted, Linux, production ]
environment:
name: Production
url: https://api.profcomff.com/
env:
CONTAINER_NAME: com_profcomff_api_auth
permissions:
packages: read
steps:
- name: Pull new version
run: docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
- name: Migrate DB
run: |
docker run \
--rm \
--network=web \
--env DB_DSN=${{ secrets.DB_DSN }} \
--name ${{ env.CONTAINER_NAME }}_migration \
--workdir="/" \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest \
alembic upgrade head
- name: Run new version
id: run_test
run: |
docker stop ${{ env.CONTAINER_NAME }} || true && docker rm ${{ env.CONTAINER_NAME }} || true
docker run \
--detach \
--restart always \
--network=kafka \
--env DB_DSN='${{ secrets.DB_DSN }}' \
--env ROOT_PATH='/auth' \
--env EMAIL='${{ secrets.EMAIL }}' \
--env EMAIL_PASS='${{ secrets.EMAIL_PASS }}' \
--env ENABLED_AUTH_METHODS='${{ vars.ENABLED_AUTH_METHODS }}' \
--env SMTP_HOST='mail.profcomff.com' \
--env SMTP_PORT='465' \
--env APPLICATION_HOST='${{ vars.HOST }}' \
--env GOOGLE_REDIRECT_URL='${{ vars.GOOGLE_REDIRECT_URL }}' \
--env GOOGLE_CREDENTIALS='${{ secrets.GOOGLE_CREDENTIALS }}' \
--env PHYSICS_REDIRECT_URL='${{ vars.PHYSICS_REDIRECT_URL }}' \
--env PHYSICS_CREDENTIALS='${{ secrets.PHYSICS_CREDENTIALS }}' \
--env LKMSU_REDIRECT_URL='${{ vars.LKMSU_REDIRECT_URL }}' \
--env LKMSU_CLIENT_ID='${{ secrets.LKMSU_CLIENT_ID }}' \
--env LKMSU_CLIENT_SECRET='${{ secrets.LKMSU_CLIENT_SECRET }}' \
--env YANDEX_REDIRECT_URL='${{ vars.YANDEX_REDIRECT_URL }}' \
--env YANDEX_CLIENT_ID='${{ secrets.YANDEX_CLIENT_ID }}' \
--env YANDEX_CLIENT_SECRET='${{ secrets.YANDEX_CLIENT_SECRET }}' \
--env MY_MSU_REDIRECT_URL='${{ vars.MY_MSU_REDIRECT_URL }}' \
--env MY_MSU_CLIENT_ID='${{ secrets.MY_MSU_CLIENT_ID }}' \
--env MY_MSU_CLIENT_SECRET='${{ secrets.MY_MSU_CLIENT_SECRET }}' \
--env GITHUB_REDIRECT_URL='${{ vars.GH_REDIRECT_URL }}' \
--env GITHUB_CLIENT_ID='${{ secrets.GH_CLIENT_ID }}' \
--env GITHUB_CLIENT_SECRET='${{ secrets.GH_CLIENT_SECRET }}' \
--env TELEGRAM_REDIRECT_URL='${{ vars.TELEGRAM_REDIRECT_URL }}' \
--env TELEGRAM_BOT_TOKEN='${{ secrets.TELEGRAM_BOT_TOKEN }}' \
--env VK_REDIRECT_URL='${{ vars.VK_REDIRECT_URL }}' \
--env VK_CLIENT_ID='${{ secrets.VK_CLIENT_ID }}' \
--env VK_CLIENT_ACCESS_TOKEN='${{ secrets.VK_CLIENT_ACCESS_TOKEN }}' \
--env VK_CLIENT_SECRET='${{ secrets.VK_CLIENT_SECRET }}' \
--env AIRFLOW_AUTH_BASE_URL='${{ vars.AIRFLOW_AUTH_BASE_URL }}' \
--env AIRFLOW_AUTH_ADMIN_USERNAME='${{ secrets.AIRFLOW_AUTH_ADMIN_USERNAME }}' \
--env AIRFLOW_AUTH_ADMIN_PASSWORD='${{ secrets.AIRFLOW_AUTH_ADMIN_PASSWORD }}' \
--env CODER_AUTH_BASE_URL='${{ vars.CODER_AUTH_BASE_URL }}' \
--env CODER_AUTH_ADMIN_TOKEN='${{ secrets.CODER_AUTH_ADMIN_TOKEN }}' \
--env MAILU_AUTH_BASE_URL='${{ vars.MAILU_AUTH_BASE_URL }}' \
--env MAILU_AUTH_API_KEY='${{ secrets.MAILU_AUTH_API_KEY }}' \
--env POSTGRES_AUTH_DB_DSN='${{ secrets.POSTGRES_AUTH_DB_DSN }}' \
--env AUTHENTIC_ROOT_URL='${{ vars.AUTHENTIC_ROOT_URL }}' \
--env AUTHENTIC_OIDC_CONFIGURATION_URL='${{ vars.AUTHENTIC_OIDC_CONFIGURATION_URL }}' \
--env AUTHENTIC_REDIRECT_URL='${{ vars.AUTHENTIC_REDIRECT_URL }}' \
--env AUTHENTIC_CLIENT_ID='${{ secrets.AUTHENTIC_CLIENT_ID }}' \
--env AUTHENTIC_CLIENT_SECRET='${{ secrets.AUTHENTIC_CLIENT_SECRET }}' \
--env AUTHENTIC_TOKEN='${{ secrets.AUTHENTIC_TOKEN }}' \
--env ENCRYPTION_KEY='${{ secrets.ENCRYPTION_KEY }}' \
--env KAFKA_DSN='${{ secrets.KAFKA_DSN }}' \
--env KAFKA_LOGIN='${{ secrets.KAFKA_LOGIN }}' \
--env KAFKA_PASSWORD='${{ secrets.KAFKA_PASSWORD }}' \
--env KAFKA_USER_LOGIN_TOPIC_NAME='${{ secrets.KAFKA_USER_LOGIN_TOPIC_NAME }}' \
--env GUNICORN_CMD_ARGS='--log-config logging_prod.conf' \
--name ${{ env.CONTAINER_NAME }} \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
docker network connect web ${{ env.CONTAINER_NAME }}