Fixes order of fields, adds metadata download. Closes #442 #527
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| # Publish `master` as Docker `latest` image. | |
| branches: | |
| - main | |
| - staging | |
| # Publish `v1.2.3` tags as releases. | |
| tags: | |
| - v* | |
| # Run tests for any PRs. | |
| pull_request: | |
| branches: | |
| - main | |
| - staging | |
| env: | |
| CACHE_IMAGE: ghcr.io/hactar-is/openownership | |
| DOCKER_BUILDKIT: 1 | |
| COMPOSE_DOCKER_CLI_BUILD: 1 | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| if: "! contains(github.event.head_commit.message, '[skip ci]')" | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: actions/setup-python@v2 | |
| with: | |
| python-version: '3.x' | |
| - name: Install EnvKey source | |
| run: VERSION=$(curl https://envkey-releases.s3.amazonaws.com/latest/envkeysource-version.txt) && curl -s https://envkey-releases.s3.amazonaws.com/envkeysource/release_artifacts/$VERSION/install.sh | bash | |
| - name: Run tests | |
| env: | |
| ENVKEY: ${{ secrets.ENVKEY2 }} | |
| run: | | |
| eval $(envkey-source) | |
| echo $GHCR_TOKEN | docker login ghcr.io -u hactarbot3000 --password-stdin | |
| docker-compose -f docker-compose.test.yml pull | |
| docker-compose -f docker-compose.test.yml run --rm web | |
| - name: Report coverage to Codacy | |
| env: | |
| ENVKEY: ${{ secrets.ENVKEY2 }} | |
| run: | | |
| eval $(envkey-source) | |
| pip3 install codacy-coverage | |
| python-codacy-coverage -r ${{github.workspace}}/app/coverage.xml | |
| deploy_staging: | |
| # Requires these vars in github secrets | |
| # * ENVKEY | |
| # * DEPLOY_KEY_PRIVATE | |
| # Requires the staging IP address in EnvKey | |
| # * IP_STAGING | |
| runs-on: ubuntu-latest | |
| needs: test | |
| if: github.ref == 'refs/heads/staging' && ! contains(github.event.head_commit.message, '[skip ci]') && ! contains(github.event.head_commit.message, '[skip deploy]') | |
| steps: | |
| - name: Checkout staging | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install EnvKey source | |
| run: VERSION=$(curl https://envkey-releases.s3.amazonaws.com/latest/envkeysource-version.txt) && curl -s https://envkey-releases.s3.amazonaws.com/envkeysource/release_artifacts/$VERSION/install.sh | bash | |
| - name: Configure .ssh and push to staging | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| ENVKEY: ${{ secrets.ENVKEY2 }} | |
| run: | | |
| eval $(envkey-source) | |
| mkdir -p ~/.ssh | |
| ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
| ssh-keyscan github.com >> ~/.ssh/known_hosts | |
| ssh-keyscan $IP_STAGING >> ~/.ssh/known_hosts | |
| ssh-add - <<< "${{ secrets.DEPLOY_KEY_PRIVATE }}" | |
| git remote add staging ssh://deploy@$IP_STAGING/srv/repos/openownership.org.git | |
| git push staging staging -f | |
| sentry_release_staging: | |
| runs-on: ubuntu-latest | |
| needs: deploy_staging | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Create Sentry release | |
| uses: getsentry/action-release@v1 | |
| env: | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| SENTRY_ORG: hactar | |
| SENTRY_PROJECT: openownership | |
| with: | |
| environment: staging | |
| deploy_production: | |
| # Requires these vars in github secrets | |
| # * ENVKEY | |
| # * DEPLOY_KEY_PRIVATE | |
| # Requires the staging IP address in EnvKey | |
| # * IP_STAGING | |
| runs-on: ubuntu-latest | |
| needs: test | |
| if: github.ref == 'refs/heads/main' && ! contains(github.event.head_commit.message, '[skip ci]') && ! contains(github.event.head_commit.message, '[skip deploy]') | |
| steps: | |
| - name: Checkout main | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install EnvKey source | |
| run: VERSION=$(curl https://envkey-releases.s3.amazonaws.com/latest/envkeysource-version.txt) && curl -s https://envkey-releases.s3.amazonaws.com/envkeysource/release_artifacts/$VERSION/install.sh | bash | |
| - name: Configure .ssh and push to staging | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| ENVKEY: ${{ secrets.ENVKEY2 }} | |
| run: | | |
| eval $(envkey-source) | |
| mkdir -p ~/.ssh | |
| ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
| ssh-keyscan github.com >> ~/.ssh/known_hosts | |
| ssh-keyscan $IP_PRODUCTION >> ~/.ssh/known_hosts | |
| ssh-add - <<< "${{ secrets.DEPLOY_KEY_PRIVATE }}" | |
| git remote add production ssh://deploy@$IP_PRODUCTION/srv/repos/openownership.org.git | |
| git push production main -f | |
| sentry_release_prod: | |
| runs-on: ubuntu-latest | |
| needs: deploy_production | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Create Sentry release | |
| uses: getsentry/action-release@v1 | |
| env: | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| SENTRY_ORG: hactar | |
| SENTRY_PROJECT: openownership | |
| with: | |
| environment: production |