Skip to content

#3143 deployments actions adjustments by @aaboyle878 #3157

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MSzalowski merged 36 commits into from
Mar 6, 2025
Merged

#3143 deployments actions adjustments by @aaboyle878 #3157

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
d45c8ce
Merge pull request #2731 from IntersectMBO/staging
MSzalowski Jan 24, 2025
4929e39
Merge pull request #2735 from IntersectMBO/staging
MSzalowski Jan 24, 2025
f063c97
Merge pull request #2742 from IntersectMBO/staging
MSzalowski Jan 24, 2025
c972040
Merge pull request #2763 from IntersectMBO/staging
MSzalowski Jan 27, 2025
bfb0899
Merge pull request #2767 from IntersectMBO/staging
MSzalowski Jan 27, 2025
a76762f
Merge pull request #2772 from IntersectMBO/staging
MSzalowski Jan 27, 2025
017cae4
Merge pull request #2797 from IntersectMBO/staging
MSzalowski Jan 28, 2025
23c77a4
Merge pull request #2801 from IntersectMBO/staging
MSzalowski Jan 28, 2025
8dab8e0
Merge pull request #2810 from IntersectMBO/staging
MSzalowski Jan 29, 2025
2ceb696
Merge pull request #2820 from IntersectMBO/staging
MSzalowski Jan 29, 2025
d1f6b88
Merge pull request #2845 from IntersectMBO/staging
MSzalowski Jan 30, 2025
40bfc2c
Merge pull request #2869 from IntersectMBO/staging
MSzalowski Jan 31, 2025
edc71a4
Merge pull request #2873 from IntersectMBO/staging
MSzalowski Jan 31, 2025
b17b0bd
Merge pull request #2884 from IntersectMBO/staging
MSzalowski Feb 3, 2025
026b486
Merge pull request #2903 from IntersectMBO/staging
MSzalowski Feb 4, 2025
d9c58b5
Merge pull request #2907 from IntersectMBO/staging
MSzalowski Feb 4, 2025
197b0eb
Merge pull request #2932 from IntersectMBO/staging
MSzalowski Feb 10, 2025
d176709
Merge pull request #2936 from IntersectMBO/staging
MSzalowski Feb 10, 2025
8be0f19
Merge pull request #2962 from IntersectMBO/test
MSzalowski Feb 12, 2025
4b2ba70
Merge pull request #2963 from IntersectMBO/staging
MSzalowski Feb 12, 2025
0ee819e
Merge pull request #2978 from IntersectMBO/test
MSzalowski Feb 13, 2025
d01b6a7
Merge pull request #2979 from IntersectMBO/staging
MSzalowski Feb 13, 2025
2f146ce
Merge pull request #2982 from IntersectMBO/test
MSzalowski Feb 13, 2025
061a43d
Merge pull request #2983 from IntersectMBO/staging
MSzalowski Feb 13, 2025
2d6f47c
Merge pull request #3000 from IntersectMBO/test
MSzalowski Feb 14, 2025
10de6ac
Merge pull request #3001 from IntersectMBO/staging
MSzalowski Feb 14, 2025
7bcf45f
Merge pull request #3009 from IntersectMBO/test
MSzalowski Feb 17, 2025
eeb24f6
Merge pull request #3010 from IntersectMBO/staging
MSzalowski Feb 17, 2025
4639c98
updates matrix to use main branch with network specific secrets
aaboyle878 Feb 25, 2025
22e042e
fixes punctuation
aaboyle878 Feb 25, 2025
b60ba57
updates workflow name
aaboyle878 Feb 25, 2025
8a3d918
updates matrix to build packages for each network from staging and ma…
aaboyle878 Mar 4, 2025
9c59a4c
adds support for triggering manually
aaboyle878 Mar 5, 2025
5280455
disables workflow from running
aaboyle878 Mar 5, 2025
dc55a82
removes commented out workflow trigger
aaboyle878 Mar 5, 2025
f154c64
Merge pull request #3143 from IntersectMBO/feat/actions-workflow
aaboyle878 Mar 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
310 changes: 310 additions & 0 deletions .github/workflows/build-from-main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,310 @@
name: Check and Build Main

on:
push:
branches:
- main
- staging
workflow_dispatch:

permissions:
contents: write
pull-requests: write
packages: write

jobs:
check-build:
if: contains(fromJson('["main", "staging"]'), github.ref_name)
environment: ${{ matrix.network }}
strategy:
fail-fast: false
matrix:
include:
- branch: main
network: preview-govtool
workdir: ./govtool/backend
name: govtool-backend
dockerfile: ./govtool/backend/Dockerfile.qovery
image: ghcr.io/${{ github.repository }}-backend
qovery_container_name: govtool-backend
- branch: main
network: preview-govtool
workdir: ./govtool/frontend
name: govtool-frontend
dockerfile: ./govtool/frontend/Dockerfile.qovery
image: ghcr.io/${{ github.repository }}-frontend
qovery_container_name: govtool-frontend
- branch: main
network: preview-govtool
workdir: ./govtool/metadata-validation
name: govtool-metadata-validation
dockerfile: ./govtool/metadata-validation/Dockerfile
image: ghcr.io/${{ github.repository }}-metadata-validation
qovery_container_name: govtool-metadata-validation
- branch: main
network: pre-prod-govtool
workdir: ./govtool/backend
name: govtool-backend
dockerfile: ./govtool/backend/Dockerfile.qovery
image: ghcr.io/${{ github.repository }}-backend
qovery_container_name: govtool-backend
- branch: main
network: pre-prod-govtool
workdir: ./govtool/frontend
name: govtool-frontend
dockerfile: ./govtool/frontend/Dockerfile.qovery
image: ghcr.io/${{ github.repository }}-frontend
qovery_container_name: govtool-frontend
- branch: main
network: pre-prod-govtool
workdir: ./govtool/metadata-validation
name: govtool-metadata-validation
dockerfile: ./govtool/metadata-validation/Dockerfile
image: ghcr.io/${{ github.repository }}-metadata-validation
qovery_container_name: govtool-metadata-validation
- branch: main
network: prod-govtool
workdir: ./govtool/backend
name: govtool-backend
dockerfile: ./govtool/backend/Dockerfile.qovery
image: ghcr.io/${{ github.repository }}-backend
qovery_container_name: govtool-backend
- branch: main
network: prod-govtool
workdir: ./govtool/frontend
name: govtool-frontend
dockerfile: ./govtool/frontend/Dockerfile.qovery
image: ghcr.io/${{ github.repository }}-frontend
qovery_container_name: govtool-frontend
- branch: main
network: prod-govtool
workdir: ./govtool/metadata-validation
name: govtool-metadata-validation
dockerfile: ./govtool/metadata-validation/Dockerfile
image: ghcr.io/${{ github.repository }}-metadata-validation
qovery_container_name: govtool-metadata-validation
- branch: staging
network: preview-govtool
workdir: ./govtool/backend
name: govtool-backend
dockerfile: ./govtool/backend/Dockerfile.qovery
image: ghcr.io/${{ github.repository }}-backend
qovery_container_name: govtool-backend
- branch: staging
network: preview-govtool
workdir: ./govtool/frontend
name: govtool-frontend
dockerfile: ./govtool/frontend/Dockerfile.qovery
image: ghcr.io/${{ github.repository }}-frontend
qovery_container_name: govtool-frontend
- branch: staging
network: preview-govtool
workdir: ./govtool/metadata-validation
name: govtool-metadata-validation
dockerfile: ./govtool/metadata-validation/Dockerfile
image: ghcr.io/${{ github.repository }}-metadata-validation
qovery_container_name: govtool-metadata-validation
- branch: staging
network: pre-prod-govtool
workdir: ./govtool/backend
name: govtool-backend
dockerfile: ./govtool/backend/Dockerfile.qovery
image: ghcr.io/${{ github.repository }}-backend
qovery_container_name: govtool-backend
- branch: staging
network: pre-prod-govtool
workdir: ./govtool/frontend
name: govtool-frontend
dockerfile: ./govtool/frontend/Dockerfile.qovery
image: ghcr.io/${{ github.repository }}-frontend
qovery_container_name: govtool-frontend
- branch: staging
network: pre-prod-govtool
workdir: ./govtool/metadata-validation
name: govtool-metadata-validation
dockerfile: ./govtool/metadata-validation/Dockerfile
image: ghcr.io/${{ github.repository }}-metadata-validation
qovery_container_name: govtool-metadata-validation
- branch: staging
network: prod-govtool
workdir: ./govtool/backend
name: govtool-backend
dockerfile: ./govtool/backend/Dockerfile.qovery
image: ghcr.io/${{ github.repository }}-backend
qovery_container_name: govtool-backend
- branch: staging
network: prod-govtool
workdir: ./govtool/frontend
name: govtool-frontend
dockerfile: ./govtool/frontend/Dockerfile.qovery
image: ghcr.io/${{ github.repository }}-frontend
qovery_container_name: govtool-frontend
- branch: staging
network: prod-govtool
workdir: ./govtool/metadata-validation
name: govtool-metadata-validation
dockerfile: ./govtool/metadata-validation/Dockerfile
image: ghcr.io/${{ github.repository }}-metadata-validation
qovery_container_name: govtool-metadata-validation


runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Ensure Job Runs Only for Matching Branch
if: github.ref_name != matrix.branch
run: |
echo "Branch mismatch, exiting..."
exit 0

- name: Set TAG Environment Variable
id: set_tag
run: |
SANITIZED_BRANCH=$(echo "${{ github.ref_name }}" | tr '/' '-')
if [ "${{ github.ref_name }}" = "main" ]; then
echo "TAG=${{ github.sha }}-${{ github.run_number }}" >> $GITHUB_ENV
else
echo "TAG=${SANITIZED_BRANCH}-${{ github.sha }}-${{ github.run_number }}" >> $GITHUB_ENV
fi
echo "Generated TAG: $TAG"


- name: Lint Dockerfile
id: hadolint
uses: hadolint/hadolint-action@v3.1.0
with:
failure-threshold: error
format: json
dockerfile: ${{ matrix.dockerfile }}
# output-file: hadolint_output.json

- name: Save Hadolint output
id: save_hadolint_output
if: always()
run: cd ${{ matrix.workdir }} && echo "$HADOLINT_RESULTS" | jq '.' > hadolint_output.json

- name: Print Dockerfile lint output
run: |
cd ${{ matrix.workdir }}
echo "-----HADOLINT RESULT-----"
echo "Outcome: ${{ steps.hadolint.outcome }}"
echo "-----DETAILS--------"
cat hadolint_output.json
echo "--------------------"

- name: Code lint
id: code_lint
run: |
cd ${{ matrix.workdir }}
if [ ! -f lint.sh ]; then
echo "lint skipped" | tee code_lint_output.txt
exit 0
fi
set -o pipefail
sudo chmod +x lint.sh && ./lint.sh 2>&1 | tee code_lint_output.txt

- name: Unit tests
id: unit_tests
run: |
cd ${{ matrix.workdir }}
if [ ! -f unit-test.sh ]; then
echo "unit tests skipped" | tee code_lint_output.txt
exit 0
fi
set -o pipefail
sudo chmod +x unit-test.sh && ./unit-test.sh 2>&1 | tee unit_test_output.txt

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2

- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-

- id: image_lowercase
uses: ASzc/change-string-case-action@v6
with:
string: ${{ matrix.image }}

- name: Set ENVIRONMENT Variable
run: echo "ENVIRONMENT=${{ matrix.network }}" >> $GITHUB_ENV

- name: Sanitize Network Name
run: |
CLEAN_NETWORK=$(echo "${{ matrix.network }}" | sed 's/-govtool$//')
echo "CLEAN_NETWORK=$CLEAN_NETWORK" >> $GITHUB_ENV

- name: Build Docker image
uses: docker/build-push-action@v5
with:
context: ${{ matrix.workdir }}
file: ${{ matrix.dockerfile }}
tags: ${{ steps.image_lowercase.outputs.lowercase }}-${{ env.CLEAN_NETWORK }}:${{ env.TAG }}
load: false
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar
build-args: |
VITE_APP_ENV=${{ secrets.VITE_APP_ENV }}
VITE_BASE_URL=${{ secrets.VITE_BASE_URL }}
VITE_METADATA_API_URL=${{ secrets.VITE_METADATA_API_URL }}
VITE_GTM_ID=${{ secrets.VITE_GTM_ID }}
VITE_NETWORK_FLAG=${{ secrets.VITE_NETWORK_FLAG }}
VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }}
NPMRC_TOKEN=${{ secrets.NPMRC_TOKEN }}
VITE_USERSNAP_SPACE_API_KEY=${{ secrets.VITE_USERSNAP_SPACE_API_KEY }}
VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED=${{ secrets.VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED }}
VITE_IS_GOVERNANCE_OUTCOMES_PILLAR_ENABLED=${{ secrets.VITE_IS_GOVERNANCE_OUTCOMES_PILLAR_ENABLED }}
VITE_OUTCOMES_API_URL=${{secrets.VITE_OUTCOMES_API_URL}}
VITE_PDF_API_URL=${{ secrets.VITE_PDF_API_URL }}
VITE_IPFS_GATEWAY=${{ secrets.IPFS_GATEWAY }}
VITE_IPFS_PROJECT_ID=${{ secrets.IPFS_PROJECT_ID }}
IPFS_GATEWAY=${{ secrets.IPFS_GATEWAY }}
IPFS_PROJECT_ID=${{ secrets.IPFS_PROJECT_ID }}

- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Scan Docker image with Dockle
id: dockle
run: |
wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
tar zxf dockle_0.4.14_Linux-64bit.tar.gz
sudo mv dockle /usr/local/bin

dockle --exit-code 1 --exit-level fatal --format json -ak GHC_RELEASE_KEY -ak CABAL_INSTALL_RELEASE_KEY -ak STACK_RELEASE_KEY -ak KEY_SHA512 --input '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json
echo " dockle exited w/ $?"
cat ${{ matrix.workdir }}/dockle_scan_output.json

echo "outcome=success" >> $GITHUB_OUTPUT

- name: Debug TAG Before Docker Push
run: |
echo "Lowercase Image: ${{ steps.image_lowercase.outputs.lowercase }}"
echo "Network: ${{ matrix.network }}"
echo "TAG: ${{ env.TAG }}"
echo "Final Docker Tag: ${{ steps.image_lowercase.outputs.lowercase }}-${{ matrix.network}}:${{ env.TAG }}"

- name: Push Docker image to GHCR
run: |
docker load -i '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar'
rm -rf '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar'
docker push ${{ steps.image_lowercase.outputs.lowercase }}-${{ env.CLEAN_NETWORK}}:${{ env.TAG }}

- name: Add tag as a PR comment
uses: ubie-oss/comment-to-merged-pr-action@v0.3.3
id: comment-to-merged-pr
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
message: |-
This PR is in the tag: ${{ env.TAG }} , for ${{ matrix.name }} service
Loading