Update README.md #3899
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- api/** | |
pull_request: | |
paths-ignore: | |
- api/** | |
env: | |
AWS_REGION: eu-north-1 # Set this to our AWS region | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
linter: [black, flake8] | |
include: | |
- linter: black | |
command: --check | |
- linter: flake8 | |
command: --append-config=backend/tox.ini | |
fail-fast: false | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.9.7" | |
- name: Install ${{ matrix.linter }} | |
run: pip install ${{ matrix.linter }} | |
- name: ${{ matrix.linter }} | |
run: ${{ matrix.linter }} backend ${{ matrix.command }} | |
build: | |
name: Build backend | |
runs-on: ubuntu-20.04 | |
env: | |
dockerfile: backend-production | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.AWS_REGION }} | |
mask-aws-account-id: false | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Set image tag | |
id: image-tag | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: indokweb-backend | |
IMAGE_TAG: ${{ github.sha }} | |
run: echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build backend image | |
id: build-image | |
uses: docker/build-push-action@v5 | |
with: | |
context: backend | |
file: backend/Dockerfile.prod | |
outputs: type=docker,dest=/tmp/${{ env.dockerfile }}.tar | |
tags: | | |
backend:production | |
${{ steps.image-tag.outputs.image }} | |
push: false | |
build-args: | | |
APP_ENV=production | |
- name: Push backend image | |
id: push-image | |
# If this is run on the main branch, and is a production image, it should be pushed to ECR | |
if: ${{ github.ref == 'refs/heads/main' }} | |
uses: docker/build-push-action@v5 | |
with: | |
context: backend | |
file: backend/Dockerfile.prod | |
tags: ${{ steps.image-tag.outputs.image }} | |
push: true | |
build-args: | | |
APP_ENV=production | |
- name: Upload artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ env.dockerfile }} | |
path: /tmp/${{ env.dockerfile }}.tar | |
if-no-files-found: error | |
retention-days: 1 | |
api: | |
name: API tests | |
runs-on: ubuntu-20.04 | |
needs: build | |
services: | |
postgres: | |
image: postgres | |
env: | |
POSTGRES_PASSWORD: postgres | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Download image from previous job | |
uses: actions/download-artifact@v3 | |
with: | |
name: backend-production | |
path: /tmp | |
- name: Load Docker images | |
run: | | |
docker load --input /tmp/backend-production.tar | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.AWS_REGION }} | |
- name: Run API tests | |
run: | | |
docker run \ | |
-v $GITHUB_WORKSPACE/backend:/usr/src/app \ | |
--env DJANGO_READ_DOT_ENV_FILE=true \ | |
--env DJANGO_DOT_ENV_FILES=.env.test \ | |
--env DATAPORTEN_SECRET=${{ secrets.DATAPORTEN_SECRET }} \ | |
--env GOOGLE_DRIVE_API_KEY=${{ secrets.GOOGLE_DRIVE_API_KEY }} \ | |
--env VIPPS_SECRET=${{ secrets.VIPPS_SECRET }} \ | |
--env VIPPS_SUBSCRIPTION_KEY=${{ secrets.VIPPS_SUBSCRIPTION_KEY }} \ | |
--network ${{ job.container.network }} \ | |
--entrypoint /usr/src/app/entrypoints/test.sh \ | |
backend:production | |
- name: Upload coverage | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos | |
files: coverage.xml | |
flags: apitests | |
fail_ci_if_error: true | |
prepare: | |
runs-on: ubuntu-20.04 | |
outputs: | |
uuid: ${{ steps.uuid.outputs.value }} | |
steps: | |
- name: Generate unique ID 💎 | |
id: uuid | |
# take the current commit + timestamp together | |
# the typical value would be something like | |
# "sha-5d3fe...35d3-time-1620841214" | |
run: echo "::set-output name=value::sha-$GITHUB_SHA-time-$(date +"%s")" | |
build-frontend: | |
name: Build frontend | |
runs-on: ubuntu-20.04 | |
env: | |
dockerfile: frontend-test | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.AWS_REGION }} | |
mask-aws-account-id: false | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build frontend image | |
id: build-image | |
uses: docker/build-push-action@v5 | |
with: | |
context: frontend | |
file: frontend/Dockerfile.prod | |
outputs: type=docker,dest=/tmp/${{ env.dockerfile }}.tar | |
tags: | | |
frontend:test | |
push: false | |
build-args: | | |
APP_ENV=test | |
- name: Upload artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: ${{ env.dockerfile }} | |
path: /tmp/${{ env.dockerfile }}.tar | |
if-no-files-found: error | |
retention-days: 1 | |
e2e: | |
needs: [prepare, build, build-frontend] | |
name: E2E Tests | |
runs-on: ubuntu-20.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
# Containers for parallelization, increase if necessary | |
containers: [1, 2, 3] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Download image from previous job | |
uses: actions/download-artifact@v3 | |
with: | |
path: /tmp | |
- name: Load Docker images | |
run: | | |
docker load --input /tmp/backend-production/backend-production.tar | |
docker load --input /tmp/frontend-test/frontend-test.tar | |
- name: Build and run the Application | |
env: | |
DATAPORTEN_SECRET: ${{ secrets.DATAPORTEN_SECRET }} | |
GOOGLE_DRIVE_API_KEY: ${{ secrets.GOOGLE_DRIVE_API_KEY }} | |
VIPPS_SECRET: ${{ secrets.VIPPS_SECRET }} | |
VIPPS_SUBSCRIPTION_KEY: ${{ secrets.VIPPS_SUBSCRIPTION_KEY }} | |
run: docker compose -f docker-compose.integration.yml up -d | |
- name: Run Cypress | |
uses: cypress-io/[email protected] | |
with: | |
record: true | |
parallel: true | |
group: "E2E" | |
working-directory: frontend | |
browser: chrome | |
ci-build-id: ${{ needs.prepare.outputs.uuid }} | |
wait-on: "http://localhost:8000/-/health, http://localhost:3000/api/health" | |
env: | |
# pass the Dashboard record key as an environment variable | |
CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} | |
# Recommended: pass the GitHub token lets this action correctly | |
# determine the unique run id necessary to re-run the checks | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
deploy: | |
name: Deploy to ECS | |
runs-on: ubuntu-20.04 | |
needs: [api, e2e] | |
if: github.ref == 'refs/heads/main' | |
environment: production | |
concurrency: backend | |
env: | |
ECS_TASK_DEFINITION: .aws/task-definition.backend.json | |
ECS_SERVICE: indokweb-backend-fg-service | |
ECS_REPOSITORY: indokweb-backend | |
SENTRY_PROJECT: indokweb-backend | |
CONTAINER_NAME: backend | |
ECS_CLUSTER: indokweb-cluster # Set this to our ECS cluster name, e.g. indokweb-cluster | |
SENTRY_ORG: rbberdk | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_DEPLOY_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_DEPLOY_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.AWS_REGION }} | |
mask-aws-account-id: false | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Set image tag | |
id: image-tag | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: indokweb-backend | |
IMAGE_TAG: ${{ github.sha }} | |
run: echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" | |
- name: Update task definition | |
id: task-def | |
uses: aws-actions/amazon-ecs-render-task-definition@master | |
with: | |
task-definition: ${{ env.ECS_TASK_DEFINITION }} | |
container-name: ${{ env.CONTAINER_NAME }} | |
image: ${{ steps.image-tag.outputs.image }} | |
environment-variables: | | |
GIT_COMMIT_SHA=${{ github.sha }} | |
- name: Deploy Amazon ECS task definition | |
uses: aws-actions/amazon-ecs-deploy-task-definition@v2 | |
with: | |
task-definition: ${{ steps.task-def.outputs.task-definition }} | |
service: ${{ env.ECS_SERVICE }} | |
cluster: ${{ env.ECS_CLUSTER }} | |
wait-for-service-stability: true | |
- name: Sentry release | |
uses: getsentry/[email protected] | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_ORG: ${{ env.SENTRY_ORG }} | |
SENTRY_PROJECT: ${{ env.SENTRY_PROJECT }} | |
with: | |
environment: production | |
finalize: true | |
version: ${{ github.sha }} |