Banned users should not be able to guess #2409
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: gci-e2e | |
on: | |
schedule: | |
- cron: "0 0 * * 0" | |
workflow_dispatch: | |
push: | |
branches: [master] | |
pull_request: | |
paths-ignore: | |
- "images/**" | |
- "sql/analytics/**" | |
- "**.md" | |
- "docs/**" | |
- "i18n/**" | |
pull_request_target: | |
types: [labeled] | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
timeout-minutes: 15 | |
if: ${{!github.event.issue.pull_request_target || contains(github.event.pull_request.labels.*.name, 'safe to test')}} | |
env: | |
DB_PASS_CI: kmq_ci_password | |
DB_USER_CI: root | |
DB_PORT: 3306 | |
AUDIO_SONGS_PER_ARTIST: 10 | |
PREMIUM_AUDIO_SONGS_PER_ARTIST: 50 | |
steps: | |
- name: Checkout KMQ_Discord | |
uses: actions/checkout@v2 | |
- name: Copy .env for CI | |
env: | |
BOT_TOKEN: ${{ secrets.KMQ_CI_BOT_TOKEN }} | |
run: | | |
echo "DB_USER=$DB_USER_CI" >> .env | |
echo "DB_PASS=$DB_PASS_CI" >> .env | |
echo "DB_PORT=$DB_PORT" >> .env | |
echo "DB_HOST=127.0.0.1" >> .env | |
echo "BOT_TOKEN=$BOT_TOKEN" >> .env | |
echo "WEB_SERVER_PORT=5858" >> .env | |
echo "SONG_DOWNLOAD_DIR=/songs" >> .env | |
echo "PREMIUM_AUDIO_SONGS_PER_ARTIST=$PREMIUM_AUDIO_SONGS_PER_ARTIST" >> .env | |
echo "AUDIO_SONGS_PER_ARTIST=$AUDIO_SONGS_PER_ARTIST" >> .env | |
echo "BOT_CLIENT_ID=123" >> .env | |
echo "BOT_PREFIX=." >> .env | |
echo "APP_NAME=kmq-gci" >> .env | |
echo "DAISUKI_DB_PASSWORD=unusedpw" >> .env | |
echo "REDDIT_CLIENT_ID=$REDDIT_CLIENT_ID" >> .env | |
echo "REDDIT_CLIENT_SECRET=$REDDIT_CLIENT_SECRET" >> .env | |
echo "REDDIT_CLIENT_REFRESH_TOKEN=$REDDIT_CLIENT_REFRESH_TOKEN" >> .env | |
- name: Install node dependencies | |
run: yarn install --frozen-lockfile | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
- name: Setup MariaDB | |
uses: getong/[email protected] | |
with: | |
mariadb version: "10.3.34" | |
mysql root password: "$DB_PASS_CI" | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Log in to the Container registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build Docker image | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
file: docker/kmq/Dockerfile | |
push: true | |
tags: ghcr.io/brainicism/kmq_discord:gci | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Dry-run bootstrap | |
run: . ./.env && docker run -v ${SONG_DOWNLOAD_DIR}:${SONG_DOWNLOAD_DIR} -v ${PWD}/data:/app/data -v ${PWD}/.env:/app/.env -v ${PWD}/logs:/app/logs --env NODE_ENV=dry-run --network=host --name kmq-gci ghcr.io/brainicism/kmq_discord:gci && docker rm -f kmq-gci | |
- name: Pre-upgrade run | |
run: . ./.env && docker run -v ${SONG_DOWNLOAD_DIR}:${SONG_DOWNLOAD_DIR} -v ${PWD}/data:/app/data -v ${PWD}/.env:/app/.env -v ${PWD}/logs:/app/logs --env NODE_ENV=production --network=host --name kmq-gci ghcr.io/brainicism/kmq_discord:gci & | |
- name: Check pre-upgrade KMQ healthiness | |
run: while [[ "$(docker inspect --format='{{json .State.Health.Status}}' kmq-gci)" != "\"healthy\"" ]]; do sleep 1; done | |
- name: Parse pre-upgrade container ID | |
id: old-container-id | |
run: | | |
docker ps | |
echo OLD_CONTAINER_ID=$(sudo docker ps -aqf "name=kmq-gci") > $GITHUB_OUTPUT | |
- name: Begin upgrade | |
run: npx ts-node src/scripts/announce-restart.ts --docker-image=ghcr.io/brainicism/kmq_discord:gci --timer=0 | |
- name: Check post-upgrade KMQ healthiness | |
run: while [[ "$(docker inspect --format='{{json .State.Health.Status}}' kmq-gci)" != "\"healthy\"" ]]; do sleep 1; done | |
- name: Check old primary no longer exists | |
run: | | |
docker ps | |
[ $(docker ps -aq | grep -c ${{ steps.old-container-id.outputs.OLD_CONTAINER_ID }}) -eq 0 ] | |
- name: Validate available_songs | |
run: | | |
[[ $(mysql kmq -s -N -h 127.0.0.1 -u $DB_USER_CI -p$DB_PASS_CI -e 'select count(1) from available_songs') -eq 3 ]] |