Skip to content

Commit b13348d

Browse files
MSzalowskiMSzalowski
authored
Merge pull request #3157 from IntersectMBO/develop
#3143 deployments actions adjustments by @aaboyle878
2 parents 465d43c + f154c64 commit b13348d

File tree

3 files changed

+529
-6
lines changed

3 files changed

+529
-6
lines changed

.github/workflows/build-from-main.yml

Lines changed: 310 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,310 @@
1+
name: Check and Build Main
2+
3+
on:
4+
push:
5+
branches:
6+
- main
7+
- staging
8+
workflow_dispatch:
9+
10+
permissions:
11+
contents: write
12+
pull-requests: write
13+
packages: write
14+
15+
jobs:
16+
check-build:
17+
if: contains(fromJson('["main", "staging"]'), github.ref_name)
18+
environment: ${{ matrix.network }}
19+
strategy:
20+
fail-fast: false
21+
matrix:
22+
include:
23+
- branch: main
24+
network: preview-govtool
25+
workdir: ./govtool/backend
26+
name: govtool-backend
27+
dockerfile: ./govtool/backend/Dockerfile.qovery
28+
image: ghcr.io/${{ github.repository }}-backend
29+
qovery_container_name: govtool-backend
30+
- branch: main
31+
network: preview-govtool
32+
workdir: ./govtool/frontend
33+
name: govtool-frontend
34+
dockerfile: ./govtool/frontend/Dockerfile.qovery
35+
image: ghcr.io/${{ github.repository }}-frontend
36+
qovery_container_name: govtool-frontend
37+
- branch: main
38+
network: preview-govtool
39+
workdir: ./govtool/metadata-validation
40+
name: govtool-metadata-validation
41+
dockerfile: ./govtool/metadata-validation/Dockerfile
42+
image: ghcr.io/${{ github.repository }}-metadata-validation
43+
qovery_container_name: govtool-metadata-validation
44+
- branch: main
45+
network: pre-prod-govtool
46+
workdir: ./govtool/backend
47+
name: govtool-backend
48+
dockerfile: ./govtool/backend/Dockerfile.qovery
49+
image: ghcr.io/${{ github.repository }}-backend
50+
qovery_container_name: govtool-backend
51+
- branch: main
52+
network: pre-prod-govtool
53+
workdir: ./govtool/frontend
54+
name: govtool-frontend
55+
dockerfile: ./govtool/frontend/Dockerfile.qovery
56+
image: ghcr.io/${{ github.repository }}-frontend
57+
qovery_container_name: govtool-frontend
58+
- branch: main
59+
network: pre-prod-govtool
60+
workdir: ./govtool/metadata-validation
61+
name: govtool-metadata-validation
62+
dockerfile: ./govtool/metadata-validation/Dockerfile
63+
image: ghcr.io/${{ github.repository }}-metadata-validation
64+
qovery_container_name: govtool-metadata-validation
65+
- branch: main
66+
network: prod-govtool
67+
workdir: ./govtool/backend
68+
name: govtool-backend
69+
dockerfile: ./govtool/backend/Dockerfile.qovery
70+
image: ghcr.io/${{ github.repository }}-backend
71+
qovery_container_name: govtool-backend
72+
- branch: main
73+
network: prod-govtool
74+
workdir: ./govtool/frontend
75+
name: govtool-frontend
76+
dockerfile: ./govtool/frontend/Dockerfile.qovery
77+
image: ghcr.io/${{ github.repository }}-frontend
78+
qovery_container_name: govtool-frontend
79+
- branch: main
80+
network: prod-govtool
81+
workdir: ./govtool/metadata-validation
82+
name: govtool-metadata-validation
83+
dockerfile: ./govtool/metadata-validation/Dockerfile
84+
image: ghcr.io/${{ github.repository }}-metadata-validation
85+
qovery_container_name: govtool-metadata-validation
86+
- branch: staging
87+
network: preview-govtool
88+
workdir: ./govtool/backend
89+
name: govtool-backend
90+
dockerfile: ./govtool/backend/Dockerfile.qovery
91+
image: ghcr.io/${{ github.repository }}-backend
92+
qovery_container_name: govtool-backend
93+
- branch: staging
94+
network: preview-govtool
95+
workdir: ./govtool/frontend
96+
name: govtool-frontend
97+
dockerfile: ./govtool/frontend/Dockerfile.qovery
98+
image: ghcr.io/${{ github.repository }}-frontend
99+
qovery_container_name: govtool-frontend
100+
- branch: staging
101+
network: preview-govtool
102+
workdir: ./govtool/metadata-validation
103+
name: govtool-metadata-validation
104+
dockerfile: ./govtool/metadata-validation/Dockerfile
105+
image: ghcr.io/${{ github.repository }}-metadata-validation
106+
qovery_container_name: govtool-metadata-validation
107+
- branch: staging
108+
network: pre-prod-govtool
109+
workdir: ./govtool/backend
110+
name: govtool-backend
111+
dockerfile: ./govtool/backend/Dockerfile.qovery
112+
image: ghcr.io/${{ github.repository }}-backend
113+
qovery_container_name: govtool-backend
114+
- branch: staging
115+
network: pre-prod-govtool
116+
workdir: ./govtool/frontend
117+
name: govtool-frontend
118+
dockerfile: ./govtool/frontend/Dockerfile.qovery
119+
image: ghcr.io/${{ github.repository }}-frontend
120+
qovery_container_name: govtool-frontend
121+
- branch: staging
122+
network: pre-prod-govtool
123+
workdir: ./govtool/metadata-validation
124+
name: govtool-metadata-validation
125+
dockerfile: ./govtool/metadata-validation/Dockerfile
126+
image: ghcr.io/${{ github.repository }}-metadata-validation
127+
qovery_container_name: govtool-metadata-validation
128+
- branch: staging
129+
network: prod-govtool
130+
workdir: ./govtool/backend
131+
name: govtool-backend
132+
dockerfile: ./govtool/backend/Dockerfile.qovery
133+
image: ghcr.io/${{ github.repository }}-backend
134+
qovery_container_name: govtool-backend
135+
- branch: staging
136+
network: prod-govtool
137+
workdir: ./govtool/frontend
138+
name: govtool-frontend
139+
dockerfile: ./govtool/frontend/Dockerfile.qovery
140+
image: ghcr.io/${{ github.repository }}-frontend
141+
qovery_container_name: govtool-frontend
142+
- branch: staging
143+
network: prod-govtool
144+
workdir: ./govtool/metadata-validation
145+
name: govtool-metadata-validation
146+
dockerfile: ./govtool/metadata-validation/Dockerfile
147+
image: ghcr.io/${{ github.repository }}-metadata-validation
148+
qovery_container_name: govtool-metadata-validation
149+
150+
151+
runs-on: ubuntu-latest
152+
steps:
153+
- name: Checkout code
154+
uses: actions/checkout@v3
155+
156+
- name: Ensure Job Runs Only for Matching Branch
157+
if: github.ref_name != matrix.branch
158+
run: |
159+
echo "Branch mismatch, exiting..."
160+
exit 0
161+
162+
- name: Set TAG Environment Variable
163+
id: set_tag
164+
run: |
165+
SANITIZED_BRANCH=$(echo "${{ github.ref_name }}" | tr '/' '-')
166+
if [ "${{ github.ref_name }}" = "main" ]; then
167+
echo "TAG=${{ github.sha }}-${{ github.run_number }}" >> $GITHUB_ENV
168+
else
169+
echo "TAG=${SANITIZED_BRANCH}-${{ github.sha }}-${{ github.run_number }}" >> $GITHUB_ENV
170+
fi
171+
echo "Generated TAG: $TAG"
172+
173+
174+
- name: Lint Dockerfile
175+
id: hadolint
176+
uses: hadolint/[email protected]
177+
with:
178+
failure-threshold: error
179+
format: json
180+
dockerfile: ${{ matrix.dockerfile }}
181+
# output-file: hadolint_output.json
182+
183+
- name: Save Hadolint output
184+
id: save_hadolint_output
185+
if: always()
186+
run: cd ${{ matrix.workdir }} && echo "$HADOLINT_RESULTS" | jq '.' > hadolint_output.json
187+
188+
- name: Print Dockerfile lint output
189+
run: |
190+
cd ${{ matrix.workdir }}
191+
echo "-----HADOLINT RESULT-----"
192+
echo "Outcome: ${{ steps.hadolint.outcome }}"
193+
echo "-----DETAILS--------"
194+
cat hadolint_output.json
195+
echo "--------------------"
196+
197+
- name: Code lint
198+
id: code_lint
199+
run: |
200+
cd ${{ matrix.workdir }}
201+
if [ ! -f lint.sh ]; then
202+
echo "lint skipped" | tee code_lint_output.txt
203+
exit 0
204+
fi
205+
set -o pipefail
206+
sudo chmod +x lint.sh && ./lint.sh 2>&1 | tee code_lint_output.txt
207+
208+
- name: Unit tests
209+
id: unit_tests
210+
run: |
211+
cd ${{ matrix.workdir }}
212+
if [ ! -f unit-test.sh ]; then
213+
echo "unit tests skipped" | tee code_lint_output.txt
214+
exit 0
215+
fi
216+
set -o pipefail
217+
sudo chmod +x unit-test.sh && ./unit-test.sh 2>&1 | tee unit_test_output.txt
218+
219+
- name: Set up Docker Buildx
220+
uses: docker/setup-buildx-action@v2
221+
222+
- name: Cache Docker layers
223+
uses: actions/cache@v3
224+
with:
225+
path: /tmp/.buildx-cache
226+
key: ${{ runner.os }}-buildx-${{ github.sha }}
227+
restore-keys: |
228+
${{ runner.os }}-buildx-
229+
230+
- id: image_lowercase
231+
uses: ASzc/change-string-case-action@v6
232+
with:
233+
string: ${{ matrix.image }}
234+
235+
- name: Set ENVIRONMENT Variable
236+
run: echo "ENVIRONMENT=${{ matrix.network }}" >> $GITHUB_ENV
237+
238+
- name: Sanitize Network Name
239+
run: |
240+
CLEAN_NETWORK=$(echo "${{ matrix.network }}" | sed 's/-govtool$//')
241+
echo "CLEAN_NETWORK=$CLEAN_NETWORK" >> $GITHUB_ENV
242+
243+
- name: Build Docker image
244+
uses: docker/build-push-action@v5
245+
with:
246+
context: ${{ matrix.workdir }}
247+
file: ${{ matrix.dockerfile }}
248+
tags: ${{ steps.image_lowercase.outputs.lowercase }}-${{ env.CLEAN_NETWORK }}:${{ env.TAG }}
249+
load: false
250+
cache-from: type=local,src=/tmp/.buildx-cache
251+
cache-to: type=local,dest=/tmp/.buildx-cache
252+
outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar
253+
build-args: |
254+
VITE_APP_ENV=${{ secrets.VITE_APP_ENV }}
255+
VITE_BASE_URL=${{ secrets.VITE_BASE_URL }}
256+
VITE_METADATA_API_URL=${{ secrets.VITE_METADATA_API_URL }}
257+
VITE_GTM_ID=${{ secrets.VITE_GTM_ID }}
258+
VITE_NETWORK_FLAG=${{ secrets.VITE_NETWORK_FLAG }}
259+
VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }}
260+
NPMRC_TOKEN=${{ secrets.NPMRC_TOKEN }}
261+
VITE_USERSNAP_SPACE_API_KEY=${{ secrets.VITE_USERSNAP_SPACE_API_KEY }}
262+
VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED=${{ secrets.VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED }}
263+
VITE_IS_GOVERNANCE_OUTCOMES_PILLAR_ENABLED=${{ secrets.VITE_IS_GOVERNANCE_OUTCOMES_PILLAR_ENABLED }}
264+
VITE_OUTCOMES_API_URL=${{secrets.VITE_OUTCOMES_API_URL}}
265+
VITE_PDF_API_URL=${{ secrets.VITE_PDF_API_URL }}
266+
VITE_IPFS_GATEWAY=${{ secrets.IPFS_GATEWAY }}
267+
VITE_IPFS_PROJECT_ID=${{ secrets.IPFS_PROJECT_ID }}
268+
IPFS_GATEWAY=${{ secrets.IPFS_GATEWAY }}
269+
IPFS_PROJECT_ID=${{ secrets.IPFS_PROJECT_ID }}
270+
271+
- name: Login to GHCR
272+
uses: docker/login-action@v2
273+
with:
274+
registry: ghcr.io
275+
username: ${{ github.actor }}
276+
password: ${{ secrets.GITHUB_TOKEN }}
277+
278+
- name: Scan Docker image with Dockle
279+
id: dockle
280+
run: |
281+
wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
282+
tar zxf dockle_0.4.14_Linux-64bit.tar.gz
283+
sudo mv dockle /usr/local/bin
284+
285+
dockle --exit-code 1 --exit-level fatal --format json -ak GHC_RELEASE_KEY -ak CABAL_INSTALL_RELEASE_KEY -ak STACK_RELEASE_KEY -ak KEY_SHA512 --input '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json
286+
echo " dockle exited w/ $?"
287+
cat ${{ matrix.workdir }}/dockle_scan_output.json
288+
289+
echo "outcome=success" >> $GITHUB_OUTPUT
290+
291+
- name: Debug TAG Before Docker Push
292+
run: |
293+
echo "Lowercase Image: ${{ steps.image_lowercase.outputs.lowercase }}"
294+
echo "Network: ${{ matrix.network }}"
295+
echo "TAG: ${{ env.TAG }}"
296+
echo "Final Docker Tag: ${{ steps.image_lowercase.outputs.lowercase }}-${{ matrix.network}}:${{ env.TAG }}"
297+
298+
- name: Push Docker image to GHCR
299+
run: |
300+
docker load -i '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar'
301+
rm -rf '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar'
302+
docker push ${{ steps.image_lowercase.outputs.lowercase }}-${{ env.CLEAN_NETWORK}}:${{ env.TAG }}
303+
304+
- name: Add tag as a PR comment
305+
uses: ubie-oss/[email protected]
306+
id: comment-to-merged-pr
307+
with:
308+
github-token: ${{ secrets.GITHUB_TOKEN }}
309+
message: |-
310+
This PR is in the tag: ${{ env.TAG }} , for ${{ matrix.name }} service

0 commit comments

Comments
 (0)