Deploy to production #53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and deploy | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| branches: | |
| - master | |
| types: [opened, reopened, synchronize, labeled] | |
| permissions: | |
| contents: write | |
| deployments: write | |
| packages: write | |
| jobs: | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKER_IMAGE: ghcr.io/dfe-digital/gias-api | |
| outputs: | |
| IMAGE_TAG: ${{ env.IMAGE_TAG }} | |
| GIT_BRANCH: ${{ env.GIT_BRANCH }} | |
| services: | |
| postgres: | |
| image: postgis/postgis | |
| ports: | |
| - 5432:5432 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@ec02537da5712d66d4d50a0f33b7eb52773b5ed1 | |
| with: | |
| ruby-version: '3.1' | |
| - name: Install dependencies | |
| run: bundle install | |
| - name: Prepare SQLite database | |
| run: make api_db pg_username="postgres:postgres" | |
| - name: Set docker image tag (push) | |
| if: github.event_name == 'push' | |
| run: | | |
| GIT_REF=${{ github.ref }} | |
| echo "GIT_BRANCH=${GIT_REF##*/}" >> $GITHUB_ENV # GIT_BRANCH will be main for refs/heads/main | |
| # add date as we will want to rebuild the same SHA with different daily data, and image tags | |
| # must be distinct for them to require deployment | |
| echo "IMAGE_TAG=${{ github.sha }}-$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV | |
| - name: Set docker image tag (pull_request) | |
| if: github.event_name == 'pull_request' | |
| run: | | |
| # This is the actual PR branch | |
| GIT_REF=${{ github.head_ref }} | |
| echo "GIT_BRANCH=${GIT_REF##*/}" >> $GITHUB_ENV | |
| echo "IMAGE_TAG=${{ github.event.pull_request.head.sha }}" >> $GITHUB_ENV | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build Docker Image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| tags: | | |
| ${{ env.DOCKER_IMAGE }}:${{ env.IMAGE_TAG }} | |
| ${{ env.DOCKER_IMAGE }}:${{ env.GIT_BRANCH }} | |
| push: false | |
| load: true | |
| cache-to: type=inline | |
| cache-from: | | |
| type=registry,ref=${{ env.DOCKER_IMAGE }}:master | |
| type=registry,ref=${{ env.DOCKER_IMAGE }}:${{ env.IMAGE_TAG }} | |
| type=registry,ref=${{ env.DOCKER_IMAGE }}:${{ env.GIT_BRANCH }} | |
| build-args: | | |
| SHA=${{ env.IMAGE_TAG }} | |
| - name: Push ${{ env.DOCKER_IMAGE }} images | |
| run: docker image push --all-tags ${{ env.DOCKER_IMAGE }} | |
| test: | |
| name: Tests | |
| needs: [build] | |
| runs-on: ubuntu-latest | |
| container: | |
| image: ghcr.io/dfe-digital/gias-api:${{ needs.build.outputs.IMAGE_TAG }} | |
| credentials: | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| env: | |
| RACK_ENV: test | |
| APP_ENV: test | |
| defaults: | |
| run: | |
| working-directory: /app | |
| steps: | |
| - name: Run tests | |
| run: bundle exec rspec | |
| deploy: | |
| name: Deploy ${{ matrix.environment }} | |
| needs: [build, test] | |
| # if: ${{ success() && github.ref == 'refs/heads/master' }} | |
| runs-on: ubuntu-latest | |
| environment: ${{ matrix.environment }} | |
| strategy: | |
| max-parallel: 1 | |
| matrix: | |
| include: | |
| - environment: development | |
| hostname: gias-api-development.test.teacherservices.cloud | |
| - environment: production | |
| hostname: FAIL | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Load terraform | |
| uses: hashicorp/setup-terraform@v1 | |
| with: | |
| terraform_version: 1.5.1 | |
| terraform_wrapper: false | |
| - name: Set Azure credentials | |
| uses: DFE-Digital/github-actions/set-arm-environment-variables@master | |
| with: | |
| azure-credentials: ${{ secrets.AZURE_CREDENTIALS }} | |
| - name: Terraform apply | |
| run: make -f tsc.mk ci development terraform-apply | |
| env: | |
| DOCKER_IMAGE_TAG: ${{ needs.build.outputs.IMAGE_TAG }} | |
| - name: Smoke test | |
| run: curl -s https://${{ matrix.hostname }}/api/schools/100000 | grep -q "The Aldgate School" |