Skip to content

chore(deps): update tools #1646

chore(deps): update tools

chore(deps): update tools #1646

name: CD Azure (preview)
on:
pull_request_target:
types: [opened, synchronize, reopened, labeled]
branches:
- main
workflow_dispatch:
inputs:
preview_name:
description: 'Name of the deployment environment'
type: string
required: true
permissions:
pull-requests: write
id-token: write
jobs:
preview:
name: Build & Deploy to preview
runs-on: windows-latest
env:
PREVIEW_NAME: ${{ github.event.pull_request.number || github.event.inputs.preview_name }}
GITHUB_REPO_TOKEN: ${{ secrets.GITHUBS_REPO_TOKEN }}
NUXT_SESSION_PASSWORD: ${{ secrets.AZURE_SESSION_SECRET }}
steps:
# We could also add these checks to a job-wide if condition, to skip the workflow if its unsecure to run.
# However, Github views skipped workflows as "successful" and thus one could merge a PR without running this workflow first.
- name: Fail if unsecure
if: "github.event_name != 'workflow_dispatch' && !contains(github.event.pull_request.labels.*.name, 'status: safe to test') && github.actor != 'tobiasdiez' && github.actor != 'dependabot[bot]' && github.actor != 'renovate[bot]'"
run: exit 1
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- name: Install pnpm
uses: pnpm/action-setup@v4
- name: Setup Node.js
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: 20
cache: 'pnpm'
- name: Install dependencies
run: pnpm install
- name: Build
run: pnpm build:azure
- name: Login to Azure
uses: Azure/login@a65d910e8af852a8061c627c456678983e180302 # v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy Web App
id: deploy_web
run: |
# Workaround for https://github.com/Azure/static-web-apps-cli/issues/557 and https://github.com/Azure/static-web-apps-cli/issues/565
$output = pnpm swa deploy .output\public --env $env:PREVIEW_NAME --verbose=silly 2>&1 | Out-String
Write-Host $output
$match = $output | Select-String -Pattern 'Project deployed to (?<url>.*) '
if ($match -eq $null) { exit 1 }
$url = $match.Matches[0].Groups['url'].Value
echo "url=$url" >> $env:GITHUB_OUTPUT
env:
SWA_CLI_DEPLOYMENT_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN_MANGO_PEBBLE_0224C3803 }}
- name: Install Python
uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5
with:
python-version: '3.10'
- name: Create test database on Azure
run: |
$name = "postgres_test_$env:PREVIEW_NAME"
$pwd = az account get-access-token --resource-type oss-rdbms --output tsv --query accessToken
# az postgres flexible-server db create --server-name jabrefdb --resource-group JabRefOnline --database-name $name --charset utf8 --collation en_US.utf8
# For some reason the public schema is not created automatically or without the default permissions, so we need to do it manually
# TODO: Remove this workaround once https://github.com/Azure/azure-cli/issues/26772 is fixed
# We also need to manually install an old version of rdbms due to https://github.com/Azure/azure-cli/issues/25067
# az extension add --name rdbms-connect --version 1.0.3 --debug
# az postgres flexible-server execute --name jabrefdb -u "Github" -p "$pwd" --database-name $name -q "ALTER DATABASE $name OWNER TO azure_pg_admin; create schema public;" --output table
# az postgres flexible-server execute --name jabrefdb -u "Github" -p "$pwd" --database-name $name -q "grant usage on schema public to public; grant create on schema public to public;" --output table
# az postgres flexible-server execute --name jabrefdb -u "Github" -p "$pwd" --database-name $name -q "SELECT schema_name FROM information_schema.schemata;" --output table
# Login to the database using the Github user
$connection_string = "postgresql://Github:$pwd@$($env:DB_NAME).postgres.database.azure.com:5432/$($name)?sslmode=require"
echo "::add-mask::$connection_string"
echo "DATABASE_URL=$connection_string" >> $env:GITHUB_ENV
$Env:DATABASE_URL = $connection_string
# Finally, run the migrations (this also creates the db)
pnpm prisma:migrate:reset --force
env:
DB_NAME: ${{ secrets.AZURE_DATABASE_NAME }}
- name: Create & Link Function App
run: |
pip install azure-identity azure-mgmt-web azure-mgmt-storage azure-mgmt-applicationinsights azure-mgmt-redis azure-mgmt-communication
python .github\scripts\deploy.py --env $env:PREVIEW_NAME
env:
SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy Function App
run: |
# Nuxt/nitro creates symlinks to replicate parts of the node_modules folder
# if multiple versions of the same package are used.
# However, these symlinks are not preserved by Compress-Archive, and even they were, Azure has problems with symlinks:
# https://github.com/Azure/webapps-deploy/issues/54
# Therefore, replace all symlinks by the actual files
$links = Get-ChildItem -Path .output\server -Attributes ReparsePoint -Recurse
foreach ($link in $links)
{
$source = $link.Target;
$destination = $link.FullName;
Remove-Item $destination -Force
Copy-Item -Path $source -Destination $destination -Force -Recurse
}
Compress-Archive -Path .output\server\* -DestinationPath .output\server.zip
az functionapp deployment source config-zip -g JabRefOnline -n jabref-function-$env:PREVIEW_NAME --src .output\server.zip
- name: Check HTTP status
run: |
Start-Sleep -Seconds 30
curl -s -w 'Establish Connection: %{time_connect}s\nTTFB: %{time_starttransfer}s\nTotal: %{time_total}s\n' ${{ steps.deploy_web.outputs.url }} || true
curl -s -w 'Establish Connection: %{time_connect}s\nTTFB: %{time_starttransfer}s\nTotal: %{time_total}s\n' ${{ steps.deploy_web.outputs.url }}/api || true
# The api returns 400 status code for some reason
# uses: gerdemann/[email protected]
# with:
# url: ${{ steps.deploy_web.outputs.url }}/api
# code: 200
# timeout: 300 # initial warm up can take quite some time
# interval: 30
- name: Report URL as PR comment
if: github.event_name == 'pull_request_target'
uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2
with:
message: |
Deployed ${{ github.sha }} to ${{ steps.deploy_web.outputs.url }}
- name: Run E2E tests
run: pnpm test:e2e
env:
TEST_URL: ${{ steps.deploy_web.outputs.url }}