Merge pull request #1676 from etalab/finetuning/ci #87
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
env: | |
CI: true | |
COVERAGE: true | |
name: CI - CD | |
on: [push] | |
jobs: | |
security: | |
name: Brakeman | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: 3.2.1 | |
- name: Brakeman | |
uses: reviewdog/action-brakeman@v2 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
bundler-cache: true | |
cache-version: 321 | |
- name: Run RuboCop | |
run: bundle exec rubocop --parallel | |
tests: | |
name: Tests | |
needs: | |
- security | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
services: | |
postgres: | |
image: postgres:latest | |
env: | |
POSTGRES_USER: admin_apientreprise | |
POSTGRES_PASSWORD: wow*verysecret | |
POSTGRES_DB: admin_apientreprise_test | |
POSTGRES_PORT: 5432 | |
ports: | |
- 5432:5432 | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
redis: | |
image: redis | |
ports: ["6379:6379"] | |
options: --entrypoint redis-server | |
steps: | |
- name: Dump Github context | |
env: | |
GITHUB_CONTEXT: ${{ toJson(github) }} | |
run: echo "$GITHUB_CONTEXT" | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
bundler-cache: true | |
cache-version: 322 | |
- name: Setup Nodejs | |
uses: actions/setup-node@v3 | |
- name: Install mjml dependency | |
run: npm install mjml | |
- name: Install postgres client #and imagemagick | |
run: sudo apt-get install libpq-dev #imagemagick | |
- name: Create database users | |
env: | |
POSTGRES_USER: admin_apientreprise | |
POSTGRES_DB: admin_apientreprise_test | |
PGPASSWORD: wow*verysecret | |
run: | | |
psql -h localhost -U ${{ env.POSTGRES_USER }} -d ${{ env.POSTGRES_DB }} -f `pwd`/postgresql_setup.txt | |
- name: Create database | |
run: bundle exec rails db:create db:schema:load RAILS_ENV=test | |
- name: Run tests | |
run: bundle exec rspec | |
- uses: joshmfrankel/simplecov-check-action@main | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
minimum_suite_coverage: 95 | |
merge-with-master: | |
name: Merge develop with master | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/develop' | |
needs: | |
- security | |
- lint | |
- tests | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Import GPG key to sign master push | |
if: github.ref == 'refs/heads/develop' | |
id: import_gpg | |
uses: crazy-max/ghaction-import-gpg@v6 | |
with: | |
gpg_private_key: ${{ secrets.GPG_SECRET_KEY }} | |
passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
- name: Force push develop to master | |
if: github.ref == 'refs/heads/develop' | |
run: | | |
git reset --hard && \ | |
git push --force origin develop:master && \ | |
git fetch && \ | |
[[ ! -s \"$(git rev-parse --git-dir)/shallow\" ]] || git fetch --unshallow | |
exit 0 | |
continuous-deployment-staging: | |
name: Continuous deployment on staging | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/develop' | |
needs: | |
- security | |
- lint | |
- tests | |
- merge-with-master | |
timeout-minutes: 10 | |
strategy: | |
matrix: | |
host: [watchdoge1, watchdoge2, watchdoge3, watchdoge4, watchdoge5] | |
fail-fast: false | |
environment: staging | |
env: | |
DEPLOY_HTTPS_LOGIN: ${{ secrets.DEPLOY_HTTPS_LOGIN }} | |
DEPLOY_HTTPS_PASSWORD: ${{ secrets.DEPLOY_HTTPS_PASSWORD }} | |
DEPLOY_HTTPS_REQUEST_URL: ${{ vars.DEPLOY_HTTPS_REQUEST_URL }} | |
DEPLOY_HTTPS_RESPONSE_URL: ${{ vars.DEPLOY_HTTPS_RESPONSE_URL }} | |
DEPLOY_HOST: host_${{ matrix.host }} | |
DEPLOY_APP: admin_apientreprise_staging | |
steps: | |
- name: Download and run deploy script | |
shell: bash | |
run: | | |
git clone https://github.com/etalab/api-entreprise-integration | |
cd api-entreprise-integration | |
./deploy-parteprise.sh | |
continuous-deployment-production: | |
name: Continuous deployment on production | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/develop' | |
needs: | |
- security | |
- lint | |
- tests | |
- merge-with-master | |
- continuous-deployment-staging | |
timeout-minutes: 20 | |
strategy: | |
matrix: | |
host: [watchdoge1, watchdoge2, watchdoge3, watchdoge4, watchdoge5] | |
deploy_env: [production] | |
fail-fast: false | |
environment: production | |
env: | |
DEPLOY_HTTPS_LOGIN: ${{ secrets.DEPLOY_HTTPS_LOGIN }} | |
DEPLOY_HTTPS_PASSWORD: ${{ secrets.DEPLOY_HTTPS_PASSWORD }} | |
DEPLOY_HTTPS_REQUEST_URL: ${{ vars.DEPLOY_HTTPS_REQUEST_URL }} | |
DEPLOY_HTTPS_RESPONSE_URL: ${{ vars.DEPLOY_HTTPS_RESPONSE_URL }} | |
DEPLOY_HOST: host_${{ matrix.host }} | |
DEPLOY_APP: admin_apientreprise_${{ matrix.deploy_env }} | |
steps: | |
- name: Download and run deploy script | |
shell: bash | |
run: | | |
git clone https://github.com/etalab/api-entreprise-integration | |
cd api-entreprise-integration | |
./deploy-parteprise.sh |