Skip to content

Staging

Staging #522

Workflow file for this run

name: CI
on:
push:
# Publish `master` as Docker `latest` image.
branches:
- main
- staging
# Publish `v1.2.3` tags as releases.
tags:
- v*
# Run tests for any PRs.
pull_request:
branches:
- main
- staging
env:
CACHE_IMAGE: ghcr.io/hactar-is/openownership
DOCKER_BUILDKIT: 1
COMPOSE_DOCKER_CLI_BUILD: 1
jobs:
test:
runs-on: ubuntu-latest
if: "! contains(github.event.head_commit.message, '[skip ci]')"
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install EnvKey source
run: VERSION=$(curl https://envkey-releases.s3.amazonaws.com/latest/envkeysource-version.txt) && curl -s https://envkey-releases.s3.amazonaws.com/envkeysource/release_artifacts/$VERSION/install.sh | bash
- name: Run tests
env:
ENVKEY: ${{ secrets.ENVKEY2 }}
run: |
eval $(envkey-source)
echo $GHCR_TOKEN | docker login ghcr.io -u hactarbot3000 --password-stdin
docker-compose -f docker-compose.test.yml pull
docker-compose -f docker-compose.test.yml run --rm web
- name: Report coverage to Codacy
env:
ENVKEY: ${{ secrets.ENVKEY2 }}
run: |
eval $(envkey-source)
pip3 install codacy-coverage
python-codacy-coverage -r ${{github.workspace}}/app/coverage.xml
deploy_staging:
# Requires these vars in github secrets
# * ENVKEY
# * DEPLOY_KEY_PRIVATE
# Requires the staging IP address in EnvKey
# * IP_STAGING
runs-on: ubuntu-latest
needs: test
if: github.ref == 'refs/heads/staging' && ! contains(github.event.head_commit.message, '[skip ci]') && ! contains(github.event.head_commit.message, '[skip deploy]')
steps:
- name: Checkout staging
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Install EnvKey source
run: VERSION=$(curl https://envkey-releases.s3.amazonaws.com/latest/envkeysource-version.txt) && curl -s https://envkey-releases.s3.amazonaws.com/envkeysource/release_artifacts/$VERSION/install.sh | bash
- name: Configure .ssh and push to staging
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
ENVKEY: ${{ secrets.ENVKEY2 }}
run: |
eval $(envkey-source)
mkdir -p ~/.ssh
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-keyscan github.com >> ~/.ssh/known_hosts
ssh-keyscan $IP_STAGING >> ~/.ssh/known_hosts
ssh-add - <<< "${{ secrets.DEPLOY_KEY_PRIVATE }}"
git remote add staging ssh://deploy@$IP_STAGING/srv/repos/openownership.org.git
git push staging staging -f
sentry_release_staging:
runs-on: ubuntu-latest
needs: deploy_staging
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Create Sentry release
uses: getsentry/action-release@v1
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: hactar
SENTRY_PROJECT: openownership
with:
environment: staging
deploy_production:
# Requires these vars in github secrets
# * ENVKEY
# * DEPLOY_KEY_PRIVATE
# Requires the staging IP address in EnvKey
# * IP_STAGING
runs-on: ubuntu-latest
needs: test
if: github.ref == 'refs/heads/main' && ! contains(github.event.head_commit.message, '[skip ci]') && ! contains(github.event.head_commit.message, '[skip deploy]')
steps:
- name: Checkout main
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Install EnvKey source
run: VERSION=$(curl https://envkey-releases.s3.amazonaws.com/latest/envkeysource-version.txt) && curl -s https://envkey-releases.s3.amazonaws.com/envkeysource/release_artifacts/$VERSION/install.sh | bash
- name: Configure .ssh and push to staging
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
ENVKEY: ${{ secrets.ENVKEY2 }}
run: |
eval $(envkey-source)
mkdir -p ~/.ssh
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-keyscan github.com >> ~/.ssh/known_hosts
ssh-keyscan $IP_PRODUCTION >> ~/.ssh/known_hosts
ssh-add - <<< "${{ secrets.DEPLOY_KEY_PRIVATE }}"
git remote add production ssh://deploy@$IP_PRODUCTION/srv/repos/openownership.org.git
git push production main -f
sentry_release_prod:
runs-on: ubuntu-latest
needs: deploy_production
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Create Sentry release
uses: getsentry/action-release@v1
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: hactar
SENTRY_PROJECT: openownership
with:
environment: production