-
Notifications
You must be signed in to change notification settings - Fork 1
287 lines (268 loc) · 12 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
name: CI/CD Pipeline
on:
push:
workflow_dispatch:
inputs:
ssh_debugging:
description: Enable SSH debugging
type: boolean
required: true
default: false
jobs:
test:
name: Run tests
runs-on: gha-runner-scale-set
services:
postgres:
image: postgres:14.7-alpine
env:
POSTGRES_USER: postgres
POSTGRES_HOST_AUTH_METHOD: trust
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
# Maps tcp port 5432 on service container to the host
- 5432:5432
env:
MIX_ENV: test
steps:
- uses: actions/checkout@v4
- uses: erlef/setup-beam@v1
with:
otp-version: ${{ vars.ERLANG_VERSION }} # 25.3.2
elixir-version: ${{ vars.ELIXIR_VERSION }} # 1.14.1
- name: Installing dependencies
run: mix local.hex --force && mix local.rebar --force && mix deps.get && mix compile && apk add bash git curl
- name: Run linters and code analysis
run: mix format --check-formatted && mix credo
- name: Connect to PostgreSQL
# Runs a script that creates a PostgreSQL table, populates
# the table with data, and then retrieves the data.
run: mix do ecto.create, ecto.migrate
env:
POSTGRES_HOST: postgres
POSTGRES_PORT: 5432
- name: SSH debugging instructions
if: "${{ github.event.inputs.ssh_debugging == 'true' }}"
run: |
echo "SSH debugging enabled."
echo
echo "To connect, run the following command in your devbox."
echo
echo "kubectl exec --stdin --tty $HOSTNAME --container runner -- /bin/bash"
- name: Wait for SSH debugging
if: "${{ github.event.inputs.ssh_debugging == 'true' }}"
run: |
echo "Sleeping for 1 hour."
sleep 1h
- name: Run test
run: script/ci/pipeline.sh test "mix test"
build-and-push-image:
name: Build and push Docker image to ECR and Heroku Container Registry
runs-on: gha-runner-scale-set
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ECR_ACCESS_ROLE_ARN }}
- name: Log into AWS ECR
uses: docker/login-action@v3
with:
registry: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
- name: Log in to Heroku Container Registry
uses: docker/login-action@v3
with:
registry: registry.heroku.com
username: ${{ secrets.HEROKU_REGISTRY_USERNAME }}
password: ${{ secrets.HEROKU_REGISTRY_TOKEN }}
- name: Determine image tag
id: tag
run: |
if [[ "${{ github.ref_name }}" == "${{ github.event.repository.default_branch }}" ]]; then
echo "image_tag=sha-${{ github.sha }}" >> "$GITHUB_OUTPUT"
else
echo "image_tag=${{ github.ref_name }}-sha-${{ github.sha }}" >> "$GITHUB_OUTPUT"
fi
- name: Build and push Docker image with revision and latest tags
uses: docker/build-push-action@v5
with:
build-args: |
ERLANG_VERSION=${{ vars.ERLANG_VERSION }}
ELIXIR_VERSION=${{ vars.ELIXIR_VERSION }}
ALPINE_VERSION=${{ vars.ALPINE_VERSION }}
AWS_ACCESS_KEY_ID=${{ secrets.DOCKER_BUILDER_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY=${{ secrets.DOCKER_BUILDER_AWS_SECRET_ACCESS_KEY }}
REVISION=${{ github.sha }}
context: .
push: true
tags: |
registry.heroku.com/auctionet-index-staging/app:${{ github.sha }}
registry.heroku.com/auctionet-index-production/app:${{ github.sha }}
registry.heroku.com/auctionet-query-staging/app:${{ github.sha }}
registry.heroku.com/auctionet-query-production/app:${{ github.sha }}
${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/search:${{ steps.tag.outputs.image_tag }}
deploy-to-staging:
name: Deploy to Stack staging
runs-on: gha-runner-scale-set
if: github.ref_name == github.event.repository.default_branch
needs:
- test
- build-and-push-image
concurrency:
group: ${{ github.job }}-${{ github.ref }}
cancel-in-progress: false
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 0
- name: Checkout stack repository
uses: actions/checkout@v4
with:
repository: barsoom/stack
path: stack
token: ${{ secrets.STACK_TOKEN }}
sparse-checkout: |
applications/staging-search/values.yaml
script/ci/deploy.sh
script/ci/ensure_revision_is_newer_than_deployed_revision.sh
- name: Ensure revision is newer than deployed revision
run: stack/script/ci/ensure_revision_is_newer_than_deployed_revision.sh
- name: Update values.yaml with new image tag, in staging
run: |
NEW_TAG="${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/search:sha-${{ github.sha }}"
sed -i "s|image:.*|image: $NEW_TAG|g" stack/applications/staging-search/values.yaml
- name: Deploy to Stack staging
run: stack/script/ci/deploy.sh
- name: Smoke test on Stack staging query
run: APP_URL=https://query.staging.auctionet.dev script/ci/smoke_test.sh ${{ secrets.STAGING_API_TOKEN }}
- name: Smoke test on Stack staging index
run: APP_URL=https://index.staging.auctionet.dev script/ci/smoke_test.sh ${{ secrets.STAGING_API_TOKEN }}
- name: Get API_TOKEN from Heroku config
id: get_heroku_token
run: |
echo -e "machine api.heroku.com\n login ${{ secrets.HEROKU_REGISTRY_USERNAME }}\n password ${{ secrets.HEROKU_REGISTRY_TOKEN }}\nmachine code.heroku.com\n login ${{ secrets.HEROKU_REGISTRY_USERNAME }}\n password ${{ secrets.HEROKU_REGISTRY_TOKEN }}\nmachine git.heroku.com\n login ${{ secrets.HEROKU_REGISTRY_USERNAME }}\n password ${{ secrets.HEROKU_REGISTRY_TOKEN }}" > ~/.netrc
chmod 0600 ~/.netrc
curl https://cli-assets.heroku.com/install-ubuntu.sh | sh
value=$(heroku config:get API_TOKENS -a auctionet-query-staging)
echo "deployed_app_api_token=${value}" >> "$GITHUB_OUTPUT"
- name: Deploy to Heroku staging
env:
HEROKU_REGISTRY_TOKEN: ${{ secrets.HEROKU_REGISTRY_TOKEN }}
DEPLOYED_APP_API_TOKEN: ${{ steps.get_heroku_token.deployed_app_api_token }}
run: script/ci/pipeline.sh deploy_staging "script/ci/deploy_from_github_actions.sh staging"
rebuild-indices-staging:
name: Rebuild indices in staging
runs-on: gha-runner-scale-set
if: github.ref_name == github.event.repository.default_branch
needs:
- deploy-to-staging
concurrency:
group: ${{ github.job }}-
cancel-in-progress: false
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.repository.default_branch }}
- name: Rebuild indices on Heroku
run: |
did_configuration_change=$(git log --pretty=%H ${{ github.event.before }}...${{ github.event.after }} -- lib/search/elasticsearch/index_configuration.ex)
if [ -z "$did_configuration_change" ]; then
echo "No staging reindex. Configuration unchanged." >> $GITHUB_STEP_SUMMARY
else
output=$(script/ci/rebuild_indices_on_heroku.sh staging)
echo "### Staging reindex! 🚀" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY # This is a blank line
echo "${output}" >> $GITHUB_STEP_SUMMARY
fi
env:
HEROKU_REGISTRY_USERNAME: ${{ secrets.HEROKU_REGISTRY_USERNAME }}
HEROKU_REGISTRY_TOKEN: ${{ secrets.HEROKU_REGISTRY_TOKEN }}
deploy-to-production:
name: Deploy to Stack production
runs-on: gha-runner-scale-set
if: github.ref_name == github.event.repository.default_branch
needs:
- test
- build-and-push-image
- deploy-to-staging
concurrency:
group: ${{ github.job }}-${{ github.ref }}
cancel-in-progress: false
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.repository.default_branch }}
fetch-depth: 0
- name: Checkout stack repository
uses: actions/checkout@v4
with:
repository: barsoom/stack
path: stack
token: ${{ secrets.STACK_TOKEN }}
sparse-checkout: |
applications/production-search/values.yaml
script/ci/deploy.sh
script/ci/ensure_revision_is_newer_than_deployed_revision.sh
- name: Ensure revision is newer than deployed revision
run: stack/script/ci/ensure_revision_is_newer_than_deployed_revision.sh
- name: Update values.yaml with new image tag, in production
run: |
NEW_TAG="${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/search:sha-${{ github.sha }}"
sed -i "s|image:.*|image: $NEW_TAG|g" stack/applications/production-search/values.yaml
- name: Deploy to Stack production
run: stack/script/ci/deploy.sh
- name: Smoke test on Stack production query
run: APP_URL=https://query.production.auctionet.dev script/ci/smoke_test.sh ${{ secrets.PRODUCTION_API_TOKEN }}
- name: Smoke test on Stack production index
run: APP_URL=https://index.production.auctionet.dev script/ci/smoke_test.sh ${{ secrets.PRODUCTION_API_TOKEN }}
- name: Get API_TOKEN from Heroku config
id: get_heroku_token
run: |
echo -e "machine api.heroku.com\n login ${{ secrets.HEROKU_REGISTRY_USERNAME }}\n password ${{ secrets.HEROKU_REGISTRY_TOKEN }}\nmachine code.heroku.com\n login ${{ secrets.HEROKU_REGISTRY_USERNAME }}\n password ${{ secrets.HEROKU_REGISTRY_TOKEN }}\nmachine git.heroku.com\n login ${{ secrets.HEROKU_REGISTRY_USERNAME }}\n password ${{ secrets.HEROKU_REGISTRY_TOKEN }}" > ~/.netrc
chmod 0600 ~/.netrc
curl https://cli-assets.heroku.com/install-ubuntu.sh | sh
value=$(heroku config:get API_TOKENS -a auctionet-query-production)
echo "deployed_app_api_token=${value}" >> "$GITHUB_OUTPUT"
- name: Deploy to Heroku production
env:
HEROKU_REGISTRY_TOKEN: ${{ secrets.HEROKU_REGISTRY_TOKEN }}
DEPLOYED_APP_API_TOKEN: ${{ steps.get_heroku_token.deployed_app_api_token }}
run: script/ci/pipeline.sh deploy_staging "script/ci/deploy_from_github_actions.sh production"
rebuild-indices-production:
name: Rebuild indices in production
runs-on: gha-runner-scale-set
if: github.ref_name == github.event.repository.default_branch
needs:
- deploy-to-production
concurrency:
group: ${{ github.job }}-
cancel-in-progress: false
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.repository.default_branch }}
- name: Rebuild indices on Heroku
run: |
did_configuration_change=$(git log --pretty=%H ${{ github.event.before }}...${{ github.event.after }} -- lib/search/elasticsearch/index_configuration.ex)
if [ -z "$did_configuration_change" ]; then
echo "No production reindex. Configuration unchanged." >> $GITHUB_STEP_SUMMARY
else
output=$(script/ci/rebuild_indices_on_heroku.sh production)
echo "### Production reindex! 🚀" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY # This is a blank line
echo "${output}" >> $GITHUB_STEP_SUMMARY
fi
env:
HEROKU_REGISTRY_USERNAME: ${{ secrets.HEROKU_REGISTRY_USERNAME }}
HEROKU_REGISTRY_TOKEN: ${{ secrets.HEROKU_REGISTRY_TOKEN }}