update gems #186
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| branches: [main] | |
| push: | |
| branches: [main] | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
| env: | |
| RAILS_ENV: test | |
| CI: true | |
| SECRET_KEY_BASE: test-secret-key-base-for-ci-environment-needs-to-be-long-enough | |
| ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: test-primary-key-32-bytes-long!! | |
| ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: test-deterministic-key-32-bytes! | |
| ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: test-salt-for-key-derivation | |
| jobs: | |
| lint: | |
| name: Rubocop | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| - name: Cache Rubocop | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/rubocop_cache | |
| key: ${{ runner.os }}-rubocop-${{ hashFiles('.rubocop.yml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-rubocop- | |
| - name: Run Rubocop | |
| run: bundle exec rubocop --parallel | |
| security: | |
| name: Brakeman | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| - name: Run Brakeman | |
| run: bundle exec brakeman --no-pager | |
| test: | |
| name: RSpec | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| services: | |
| postgres: | |
| image: pgvector/pgvector:pg16 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: test | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| redis: | |
| image: redis:7 | |
| ports: | |
| - 6379:6379 | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| - name: Cache Assets | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| tmp/cache/assets | |
| public/assets | |
| key: ${{ runner.os }}-assets-${{ hashFiles('**/tailwind.config.js', 'app/assets/**/*') }} | |
| restore-keys: | | |
| ${{ runner.os }}-assets- | |
| - name: Setup Parallel Test Databases | |
| run: bundle exec rake parallel:create parallel:load_schema | |
| - name: Build Tailwind CSS | |
| run: bundle exec rails tailwindcss:build | |
| - name: Run Tests | |
| env: | |
| REDIS_URL: redis://localhost:6379/0 | |
| run: bundle exec parallel_rspec spec -n 2 -o '--format progress' | |
| update-api-docs: | |
| name: Update API Docs | |
| runs-on: ubuntu-latest | |
| needs: [lint, security, test] | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| timeout-minutes: 15 | |
| permissions: | |
| contents: write | |
| services: | |
| postgres: | |
| image: pgvector/pgvector:pg16 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: test | |
| ports: | |
| - 5432:5432 | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| redis: | |
| image: redis:7 | |
| ports: | |
| - 6379:6379 | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| ssh-key: "${{ secrets.PUSH_KEY }}" | |
| - name: Setup Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| - name: Setup Database | |
| run: | | |
| bundle exec rails db:create | |
| bundle exec rails db:schema:load | |
| - name: Run API specs with OpenAPI generation | |
| env: | |
| OPENAPI: 1 | |
| REDIS_URL: redis://localhost:6379/0 | |
| DISABLE_RACK_ATTACK: true | |
| run: bundle exec rspec spec/requests/api --format progress | |
| - name: Commit and push API Docs | |
| run: | | |
| git config --local user.email "action@github.com" | |
| git config --local user.name "GitHub Action" | |
| git add "doc/openapi.yaml" | |
| git commit -m "docs: update API documentation [skip ci]" || echo "No changes to commit" | |
| git push origin main || echo "No changes to push" | |
| kamal-deploy: | |
| name: Deploy with Kamal | |
| runs-on: ubuntu-latest | |
| needs: [lint, security, test, update-api-docs] | |
| if: github.ref == 'refs/heads/main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') | |
| timeout-minutes: 20 | |
| concurrency: | |
| group: deploy-production | |
| cancel-in-progress: false | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver-opts: | | |
| image=moby/buildkit:latest | |
| network=host | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v6 | |
| env: | |
| GIT_SHA: ${{ github.sha }} | |
| with: | |
| context: . | |
| platforms: linux/arm64 | |
| push: true | |
| tags: | | |
| ghcr.io/witcodingclub/calendar-backend:latest | |
| ghcr.io/witcodingclub/calendar-backend:${{ github.sha }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-args: | | |
| GIT_SHA=${{ env.GIT_SHA }} | |
| - name: Setup Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: '3.4' | |
| bundler-cache: true | |
| - name: Install Kamal | |
| run: gem install kamal | |
| - name: Setup Tailscale | |
| uses: tailscale/github-action@v4 | |
| with: | |
| oauth-client-id: ${{ secrets.TAILSCALE_OAUTH_CLIENT_ID }} | |
| oauth-secret: ${{ secrets.TAILSCALE_OAUTH_SECRET }} | |
| tags: tag:ci | |
| - name: Setup SSH | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519 | |
| chmod 600 ~/.ssh/id_ed25519 | |
| ssh-keyscan -H alastor >> ~/.ssh/known_hosts 2>/dev/null || true | |
| - name: Create Kamal secrets | |
| env: | |
| GITHUB_TOKEN_SECRET: ${{ secrets.GITHUB_TOKEN }} | |
| RAILS_MASTER_KEY_SECRET: ${{ secrets.RAILS_MASTER_KEY }} | |
| DB_PASSWORD_SECRET: ${{ secrets.DB_PASSWORD }} | |
| POSTGRES_PASSWORD_SECRET: ${{ secrets.POSTGRES_PASSWORD }} | |
| run: | | |
| mkdir -p .kamal | |
| cat > .kamal/secrets << EOF | |
| KAMAL_REGISTRY_PASSWORD=${GITHUB_TOKEN_SECRET} | |
| RAILS_MASTER_KEY=${RAILS_MASTER_KEY_SECRET} | |
| DB_PASSWORD=${DB_PASSWORD_SECRET} | |
| POSTGRES_PASSWORD=${POSTGRES_PASSWORD_SECRET} | |
| EOF | |
| - name: Deploy with Kamal | |
| env: | |
| RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }} | |
| KAMAL_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
| VERSION: ${{ github.sha }} | |
| run: | | |
| kamal deploy --skip-push --version=${VERSION} |