-
Notifications
You must be signed in to change notification settings - Fork 1
104 lines (92 loc) · 3.64 KB
/
civicsignalblog-deploy-prod.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
name: CivicSignal Blog | Deploy | PROD
on:
push:
branches: [main]
# This allows a subsequently queued workflow run to interrupt previous runs
concurrency:
group: "${{ github.workflow }} @ ${{ github.ref }}"
cancel-in-progress: true
env:
DOKKU_REMOTE_BRANCH: "master"
DOKKU_REMOTE_URL: "ssh://dokku@ui-1.prod.codeforafrica.org/civicsignalblog-ui"
GIT_PUSH_FLAGS: "--force"
IMAGE_NAME: "codeforafrica/civicsignalblog-ui"
VERSION_FILE_NAME: "./apps/civicsignalblog/package.json"
NEXT_PUBLIC_APP_URL: "https://research.civicsignal.africa"
SENTRY_ENVIRONMENT: "production"
jobs:
deploy:
runs-on: ${{ matrix.os }}
strategy:
matrix:
node-version: [20.16]
os: [ubuntu-latest]
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
# Set up Node since it's required by version-check
# https://github.com/EndBug/version-check#github-workflow
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
- name: Check if version is bumped
id: version-check
uses: EndBug/version-check@v2
with:
# Whether to search in every commit's diff.
# This is useful if you often do change the version without saying it
# in the commit message. If you always include the semver of the new
# version in your commit message when you bump versions then you can
# omit this.
diff-search: true
file-name: "${{ env.VERSION_FILE_NAME }}"
- name: Set up Docker Buildx
if: steps.version-check.outputs.changed == 'true'
uses: docker/setup-buildx-action@v3
- name: Cache Docker layers
if: steps.version-check.outputs.changed == 'true'
uses: actions/cache@v4
with:
key: ${{ runner.os }}-buildx-${{ github.sha }}
path: /tmp/.buildx-cache
restore-keys: |
${{ runner.os }}-buildx-
- name: Login to DockerHub
if: steps.version-check.outputs.changed == 'true'
uses: docker/login-action@v3
with:
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
username: ${{ secrets.DOCKER_HUB_USERNAME }}
- name: Build Docker image
if: steps.version-check.outputs.changed == 'true'
uses: docker/build-push-action@v5
with:
build-args: |
MONGO_URL=${{ secrets.CIVICSIGNALBLOG_MONGO_URL }}
NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }}
PAYLOAD_SECRET=${{ secrets.CIVICSIGNALBLOG_PAYLOAD_SECRET }}
SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }}
SENTRY_ORG=${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT=${{ secrets.CIVICSIGNALBLOG_SENTRY_PROJECT }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
context: .
target: civicsignalblog-runner
push: true
tags: "${{ env.IMAGE_NAME }}:${{ steps.version-check.outputs.version }}"
- name: Move cache
if: steps.version-check.outputs.changed == 'true'
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Push to Dokku
if: steps.version-check.outputs.changed == 'true'
uses: dokku/github-action@v1.4.0
with:
deploy_docker_image: ${{ env.IMAGE_NAME }}:${{ steps.version-check.outputs.version }}
ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
git_remote_url: ${{ env.DOKKU_REMOTE_URL }}