Publish container to GHCR & auto-deploy to k8s #1035
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: [push, pull_request] | |
| env: | |
| UI_VERSION: ${{ github.sha }} | |
| jobs: | |
| build: | |
| name: Build & test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 100 | |
| # Install Node | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22.20.0 | |
| cache: 'npm' | |
| # Install & build & test: | |
| - run: npm ci | |
| - run: npm run test:unit | |
| # Build & run normal integration tests: | |
| - name: Build & test | |
| run: npm run test:integration | |
| if: github.ref != 'refs/heads/main' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # To pull server without rate limit issues in CI | |
| # Build with secrets & run integrations tests, on main only: | |
| - name: Build & test for production release | |
| run: npm run test:integration | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| env: | |
| POSTHOG_KEY: ${{ secrets.POSTHOG_KEY }} | |
| SENTRY_DSN: ${{ vars.SENTRY_DSN }} | |
| SENTRY_ORG: http-toolkit | |
| SENTRY_PROJECT: httptoolkit-ui | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| REPORT_URI: ${{ vars.REPORT_URI }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # To pull server without rate limit issues in CI | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/* | |
| if-no-files-found: error | |
| # We build in parallel on Windows too, purely to check the build process is cross-compatible for contributors. | |
| test-windows-build: | |
| name: Test build on Windows | |
| runs-on: windows-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 100 | |
| # Install Node | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22.20.0 | |
| cache: 'npm' | |
| # Install & unit test & build | |
| - run: npm ci | |
| - run: npm run test:unit | |
| # Build the app: | |
| - name: Test a production build | |
| run: npm run build | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # To pull server without rate limit issues in CI | |
| publish-docker: | |
| name: Build & publish container | |
| if: github.event_name == 'push' && !startsWith(github.ref, 'refs/heads/dependabot/') | |
| runs-on: ubuntu-latest | |
| needs: [build, test-windows-build] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| images: | | |
| httptoolkit/ui | |
| ghcr.io/httptoolkit/ui | |
| tags: | | |
| type=raw,value=prod,enable={{is_default_branch}} | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=sha | |
| - name: Build and publish | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: ${{ github.event_name == 'push' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| publish-scaleway: | |
| name: Deploy to Scaleway | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| environment: production | |
| runs-on: ubuntu-latest | |
| needs: publish-docker | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure Kubectl | |
| run: | | |
| kubectl config set-cluster scw-cluster \ | |
| --server="${{ vars.K8S_SERVER_ADDRESS }}" \ | |
| --certificate-authority=<(echo "${{ vars.K8S_CA_CERT }}" | base64 -d) \ | |
| --embed-certs=true | |
| kubectl config set-credentials deployer --token="${{ secrets.K8S_DEPLOY_TOKEN }}" | |
| kubectl config set-context default --cluster=scw-cluster --user=deployer | |
| kubectl config use-context default | |
| - name: Deploy to Kubernetes | |
| run: | | |
| sed "s|/ui:latest|/ui:sha-${GITHUB_SHA::7}|g" deploy/deployment.yaml | \ | |
| kubectl apply -f - \ | |
| -f deploy/service.yaml \ | |
| -f deploy/routes.yaml | |
| kubectl rollout status deployment/httptoolkit-ui -n httptoolkit-ui | |
| - name: Redeploy container | |
| uses: httptoolkit/scaleway-serverless-container-deploy-action@v1 | |
| with: | |
| container_id: ${{ vars.SCW_API_CONTAINER_ID }} | |
| region: ${{ vars.SCW_API_CONTAINER_REGION }} | |
| secret_key: ${{ secrets.SCW_SECRET_KEY }} | |
| registry_image_url: "registry.hub.docker.com/httptoolkit/ui:prod" | |
| - name: Redeploy failover container | |
| uses: httptoolkit/scaleway-serverless-container-deploy-action@v1 | |
| with: | |
| container_id: ${{ vars.SCW_FAILOVER_API_CONTAINER_ID }} | |
| region: ${{ vars.SCW_FAILOVER_API_CONTAINER_REGION }} | |
| secret_key: ${{ secrets.SCW_SECRET_KEY }} | |
| registry_image_url: "registry.hub.docker.com/httptoolkit/ui:prod" | |
| - name: Flush CDN cache | |
| run: | | |
| # Clear CDN cache to re-request content: | |
| curl -f --request POST \ | |
| --url https://api.bunny.net/pullzone/$PULL_ZONE_ID/purgeCache \ | |
| --header "AccessKey: $BUNNY_SITE_API_KEY" | |
| env: | |
| PULL_ZONE_ID: 1110200 | |
| BUNNY_SITE_API_KEY: ${{ secrets.BUNNY_SITE_API_KEY }} |