Merge remote-tracking branch 'origin/main' into production #559
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and deploy all services | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| - production | |
| pull_request: | |
| types: [ opened, synchronize, reopened ] | |
| jobs: | |
| variables: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| VERSION_TAG: ${{ fromJson(steps.variables.outputs.result).VERSION_TAG }} | |
| ZTOR_PR_CONTAINER_APP_NAME: ${{ fromJson(steps.variables.outputs.result).ZTOR_PR_CONTAINER_APP_NAME }} | |
| DOCKER_STACK_NAME: ${{ fromJson(steps.variables.outputs.result).DOCKER_STACK_NAME }} | |
| GITHUB_ENVIRONMENT: ${{ fromJson(steps.variables.outputs.result).GITHUB_ENVIRONMENT }} | |
| FRONTEND_HOSTNAME: ${{ fromJson(steps.variables.outputs.result).FRONTEND_HOSTNAME }} | |
| ZTOR_HOSTNAME: ${{ fromJson(steps.variables.outputs.result).ZTOR_HOSTNAME }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| sparse-checkout: github-actions/get-variables.js | |
| - uses: actions/github-script@v7 | |
| id: variables | |
| with: | |
| script: | | |
| const getVariables = require('./github-actions/get-variables.js') | |
| return getVariables(context) | |
| build-vallum: | |
| needs: | |
| - variables | |
| permissions: | |
| contents: write | |
| packages: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: 17 | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v3 | |
| - name: gradle vallum:shadowJar | |
| run: gradle vallum:shadowJar | |
| - name: gradle vallum:publish | |
| env: | |
| VERSION_TAG: ${{ needs.variables.outputs.VERSION_TAG }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: gradle vallum:publish | |
| build-ztor: | |
| needs: variables | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| ## Buildx is needed for caching | |
| - name: Set up Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: true | |
| file: ./docker/production/ztor/Dockerfile | |
| tags: ghcr.io/zenmo/ztor:${{ needs.variables.outputs.VERSION_TAG }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-frontend: | |
| needs: variables | |
| environment: ${{ needs.variables.outputs.GITHUB_ENVIRONMENT }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| ## Buildx is needed for caching | |
| - name: Set up Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| push: true | |
| file: ./docker/production/frontend/Dockerfile | |
| tags: ghcr.io/zenmo/zero-frontend:${{ needs.variables.outputs.VERSION_TAG }} | |
| build-args: VITE_ZTOR_URL=https://${{ vars.ZTOR_HOSTNAME || needs.variables.outputs.ZTOR_HOSTNAME }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| migrate-swarm: | |
| needs: | |
| - variables | |
| environment: ${{ needs.variables.outputs.GITHUB_ENVIRONMENT }} | |
| runs-on: ubuntu-latest | |
| container: | |
| image: redgate/flyway:10.2.0 | |
| env: | |
| ## TODO: in case of pull request, copy and migrate test database | |
| FLYWAY_URL: jdbc:postgresql://postgres.zenmo.com:5432/${{ vars.DB_NAME }} | |
| FLYWAY_USER: ${{ vars.DB_NAME }} | |
| FLYWAY_PASSWORD: ${{ secrets.DB_PASSWORD }} | |
| FLYWAY_LOCATIONS: filesystem:./migrations | |
| FLYWAY_BASELINE_ON_MIGRATE: true | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| sparse-checkout: migrations | |
| - name: migrate | |
| run: flyway migrate | |
| deploy-swarm: | |
| needs: | |
| - migrate-swarm | |
| - build-ztor | |
| - build-frontend | |
| - variables | |
| environment: ${{ needs.variables.outputs.GITHUB_ENVIRONMENT }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| with: | |
| sparse-checkout: docker/production | |
| - name: Deploy to Docker Swarm | |
| uses: sagebind/docker-swarm-deploy-action@v2 | |
| env: | |
| TAG: ${{ needs.variables.outputs.VERSION_TAG }} | |
| FRONTEND_HOSTNAME: ${{ vars.FRONTEND_HOSTNAME || needs.variables.outputs.FRONTEND_HOSTNAME }} | |
| ZTOR_HOSTNAME: ${{ vars.ZTOR_HOSTNAME || needs.variables.outputs.ZTOR_HOSTNAME }} | |
| DB_NAME: ${{ vars.DB_NAME }} | |
| POSTGRES_PASSWORD: ${{ secrets.DB_PASSWORD }} | |
| AZURE_STORAGE_ACCOUNT_NAME: zerostore | |
| AZURE_STORAGE_ACCOUNT_KEY: ${{ secrets.AZURE_STORAGE_ACCOUNT_KEY }} | |
| AZURE_STORAGE_CONTAINER: ${{ vars.AZURE_STORAGE_CONTAINER }} | |
| CORS_ALLOW_ORIGIN_PATTERN: ${{ vars.CORS_ALLOW_ORIGIN_PATTERN }} | |
| OAUTH_CLIENT_ID: ${{ vars.OAUTH_CLIENT_ID }} | |
| OAUTH_CLIENT_SECRET: ${{ secrets.OAUTH_CLIENT_SECRET }} | |
| with: | |
| remote_host: ssh://[email protected] | |
| ssh_private_key: ${{ secrets.SWARM_SSH_PRIVATE_KEY }} | |
| ssh_public_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ1E4LUG22qgzc8U7oNYGWCn0cyA31+iyX2pck9wcPMS | |
| args: stack deploy --compose-file ./docker/production/compose.yaml ${{ needs.variables.outputs.DOCKER_STACK_NAME }} |