v0.14.0 #47
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy To Azure | |
permissions: | |
id-token: write | |
contents: read | |
on: | |
# workflow_dispatch: | |
release: | |
types: [created] | |
# deployment: | |
jobs: | |
validate_infrastructure: | |
runs-on: ubuntu-latest | |
environment: azure-prod | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Login to Azure | |
uses: azure/login@v2 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Lint Bicep | |
run: | | |
az bicep build --file ./azure/bicep/main.bicep | |
- name: Run what-if | |
uses: azure/arm-deploy@v2 | |
with: | |
subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
resourceGroupName: ${{ secrets.AZURE_RG }} | |
template: ./azure/bicep/main.bicep | |
parameters: > | |
ghClientId="${{ secrets.GH_CLIENT_ID }}" | |
ghClientSecret="${{ secrets.GH_CLIENT_SECRET }}" | |
postgresDb="${{ secrets.POSTGRES_DB }}" | |
postgresHost="${{ secrets.POSTGRES_HOST }}" | |
postgresPassword="${{ secrets.POSTGRES_PASSWORD }}" | |
postgresPort="${{ secrets.POSTGRES_PORT }}" | |
postgresUser="${{ secrets.POSTGRES_USER }}" | |
slackAdminMemberId="${{ secrets.SLACK_ADMIN_MEMBER_ID }}" | |
slackBotToken="${{ secrets.SLACK_BOT_TOKEN }}" | |
slackSigningSecret="${{ secrets.SLACK_SIGNING_SECRET }}" | |
nuxtOrigin="${{ secrets.NUXT_ORIGIN }}" | |
nuxtSessionPassword="${{ secrets.NUXT_SESSION_PASSWORD }}" | |
nuxtAuthClientId="${{ secrets.NUXT_AUTH_CLIENT_ID }}" | |
nuxtAuthClientSecret="${{ secrets.NUXT_AUTH_CLIENT_SECRET }}" | |
nuxtAuthTenantName="${{ secrets.NUXT_AUTH_TENANT_NAME }}" | |
nuxtAuthTenantId="${{ secrets.NUXT_AUTH_TENANT_ID }}" | |
nuxtAuthAuthorityDomain="${{ secrets.NUXT_AUTH_AUTHORITY_DOMAIN }}" | |
nuxtAuthPrimaryUserFlow="${{ secrets.NUXT_AUTH_PRIMARY_USER_FLOW }}" | |
nuxtAzureOpenaiApiKey="${{ secrets.NUXT_AZURE_OPENAI_API_KEY }}" | |
nuxtAzureOpenaiApiVersion="${{ secrets.NUXT_AZURE_OPENAI_API_VERSION }}", | |
nuxtAzureOpenaiEndpoint="${{ secrets.NUXT_AZURE_OPENAI_ENDPOINT }}", | |
nuxtAzureOpenaiDeploymentId="${{ secrets.NUXT_AZURE_OPENAI_DEPLOYMENT_ID }}" | |
scope: 'resourcegroup' | |
deploymentMode: 'Incremental' | |
failOnStdErr: false | |
additionalArguments: --what-if | |
- name: logout | |
run: az logout | |
build_app: | |
name: Build | |
runs-on: ubuntu-latest | |
environment: azure-prod | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 22.x | |
cache: "npm" | |
- name: Restore Cache | |
uses: actions/cache@v4 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- name: Install dependencies | |
run: npm install | |
- name: Typecheck | |
run: npm run typecheck | |
- name: 'Create env file' | |
run: | | |
touch .env | |
echo "POSTGRES_USER=${{secrets.POSTGRES_USER}}" > .env | |
echo "POSTGRES_PASSWORD=${{secrets.POSTGRES_PASSWORD}}" >> .env | |
echo "POSTGRES_HOST=${{secrets.POSTGRES_HOST}}" >> .env | |
echo "POSTGRES_PORT=${{secrets.POSTGRES_PORT}}" >> .env | |
echo "POSTGRES_DB=${{secrets.POSTGRES_DB}}" >> .env | |
echo "NODE_ENV=production" >> .env | |
echo "NUXT_ORIGIN=${{secrets.NUXT_ORIGIN}}" >> .env | |
echo "NUXT_SESSION_PASSWORD=${{secrets.NUXT_SESSION_PASSWORD}}" >> .env | |
echo "NUXT_AUTH_CLIENT_ID=${{secrets.NUXT_AUTH_CLIENT_ID}}" >> .env | |
echo "NUXT_AUTH_CLIENT_SECRET=${{secrets.NUXT_AUTH_CLIENT_SECRET}}" >> .env | |
echo "NUXT_AUTH_TENANT_NAME=${{secrets.NUXT_AUTH_TENANT_NAME}}" >> .env | |
echo "NUXT_AUTH_TENANT_ID=${{secrets.NUXT_AUTH_TENANT_ID}}" >> .env | |
echo "NUXT_AUTH_AUTHORITY_DOMAIN=${{secrets.NUXT_AUTH_AUTHORITY_DOMAIN}}" >> .env | |
echo "NUXT_AUTH_PRIMARY_USER_FLOW=${{secrets.NUXT_AUTH_PRIMARY_USER_FLOW}}" >> .env | |
echo "SLACK_ADMIN_MEMBER_ID=${{secrets.SLACK_ADMIN_MEMBER_ID}}" >> .env | |
echo "SLACK_BOT_TOKEN=${{secrets.SLACK_BOT_TOKEN}}" >> .env | |
echo "SLACK_SIGNING_SECRET=${{secrets.SLACK_SIGNING_SECRET}}" >> .env | |
echo "NUXT_AZURE_OPENAI_API_KEY=${{secrets.NUXT_AZURE_OPENAI_API_KEY}}" >> .env | |
echo "NUXT_AZURE_OPENAI_API_VERSION=${{secrets.NUXT_AZURE_OPENAI_API_VERSION}}" >> .env | |
echo "NUXT_AZURE_OPENAI_ENDPOINT=${{secrets.NUXT_AZURE_OPENAI_ENDPOINT}}" >> .env | |
echo "NUXT_AZURE_OPENAI_DEPLOYMENT_ID=${{secrets.NUXT_AZURE_OPENAI_DEPLOYMENT_ID}}" >> .env | |
- name: Build Application | |
run: npm run build | |
- name: Generate PWA Assets | |
run: npm run generate-pwa-assets | |
# - name: Run Unit Tests | |
# run: npm run test | |
- name: Upload artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: build_artifact | |
include-hidden-files: true | |
if-no-files-found: error | |
path: .output | |
bicep-deploy: | |
needs: validate_infrastructure | |
environment: azure-prod | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Login to Azure | |
uses: azure/login@v2 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Deploy Bicep | |
uses: azure/arm-deploy@v2 | |
with: | |
deploymentName: github-${{ github.run_number }} | |
subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
resourceGroupName: ${{ secrets.AZURE_RG }} | |
template: ./azure/bicep/main.bicep | |
deploymentMode: 'Incremental' | |
parameters: > | |
ghClientId="${{ secrets.GH_CLIENT_ID }}" | |
ghClientSecret="${{ secrets.GH_CLIENT_SECRET }}" | |
postgresDb="${{ secrets.POSTGRES_DB }}" | |
postgresHost="${{ secrets.POSTGRES_HOST }}" | |
postgresPassword="${{ secrets.POSTGRES_PASSWORD }}" | |
postgresPort="${{ secrets.POSTGRES_PORT }}" | |
postgresUser="${{ secrets.POSTGRES_USER }}" | |
slackAdminMemberId="${{ secrets.SLACK_ADMIN_MEMBER_ID }}" | |
slackBotToken="${{ secrets.SLACK_BOT_TOKEN }}" | |
slackSigningSecret="${{ secrets.SLACK_SIGNING_SECRET }}" | |
nuxtOrigin="${{ secrets.NUXT_ORIGIN }}" | |
nuxtSessionPassword="${{ secrets.NUXT_SESSION_PASSWORD }}" | |
nuxtAuthClientId="${{ secrets.NUXT_AUTH_CLIENT_ID }}" | |
nuxtAuthClientSecret="${{ secrets.NUXT_AUTH_CLIENT_SECRET }}" | |
nuxtAuthTenantName="${{ secrets.NUXT_AUTH_TENANT_NAME }}" | |
nuxtAuthTenantId="${{ secrets.NUXT_AUTH_TENANT_ID }}" | |
nuxtAuthAuthorityDomain="${{ secrets.NUXT_AUTH_AUTHORITY_DOMAIN }}" | |
nuxtAuthPrimaryUserFlow="${{ secrets.NUXT_AUTH_PRIMARY_USER_FLOW }}" | |
nuxtAzureOpenaiApiKey="${{ secrets.NUXT_AZURE_OPENAI_API_KEY }}" | |
nuxtAzureOpenaiApiVersion="${{ secrets.NUXT_AZURE_OPENAI_API_VERSION }}", | |
nuxtAzureOpenaiEndpoint="${{ secrets.NUXT_AZURE_OPENAI_ENDPOINT }}", | |
nuxtAzureOpenaiDeploymentId="${{ secrets.NUXT_AZURE_OPENAI_DEPLOYMENT_ID }}" | |
scope: 'resourcegroup' | |
failOnStdErr: false | |
- name: logout | |
run: az logout | |
deploy_app: | |
needs: [build_app, bicep-deploy, apply_db_migrations] | |
runs-on: ubuntu-latest | |
environment: azure-prod | |
steps: | |
- name: Login to Azure | |
uses: azure/login@v2 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Download artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: build_artifact | |
path: .output | |
- name: Deploy app to Azure | |
uses: azure/webapps-deploy@v2 | |
with: | |
app-name: 'app-cathedral' | |
package: .output | |
- name: logout | |
run: az logout | |
apply_db_migrations: | |
needs: [bicep-deploy] | |
runs-on: ubuntu-latest | |
environment: azure-prod | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 22.x | |
cache: "npm" | |
- name: Restore Cache | |
uses: actions/cache@v4 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- name: Install dependencies | |
run: npm install | |
- name: 'Create env file' | |
run: | | |
touch .env | |
echo "POSTGRES_USER=${{secrets.POSTGRES_USER}}" > .env | |
echo "POSTGRES_PASSWORD=${{secrets.POSTGRES_PASSWORD}}" >> .env | |
echo "POSTGRES_HOST=${{secrets.POSTGRES_HOST}}" >> .env | |
echo "POSTGRES_PORT=${{secrets.POSTGRES_PORT}}" >> .env | |
echo "POSTGRES_DB=${{secrets.POSTGRES_DB}}" >> .env | |
echo "NODE_ENV=production" >> .env | |
echo "NUXT_ORIGIN=${{secrets.NUXT_ORIGIN}}" >> .env | |
echo "NUXT_SESSION_PASSWORD=${{secrets.NUXT_SESSION_PASSWORD}}" >> .env | |
echo "NUXT_AUTH_CLIENT_ID=${{secrets.NUXT_AUTH_CLIENT_ID}}" >> .env | |
echo "NUXT_AUTH_CLIENT_SECRET=${{secrets.NUXT_AUTH_CLIENT_SECRET}}" >> .env | |
echo "NUXT_AUTH_TENANT_NAME=${{secrets.NUXT_AUTH_TENANT_NAME}}" >> .env | |
echo "NUXT_AUTH_TENANT_ID=${{secrets.NUXT_AUTH_TENANT_ID}}" >> .env | |
echo "NUXT_AUTH_AUTHORITY_DOMAIN=${{secrets.NUXT_AUTH_AUTHORITY_DOMAIN}}" >> .env | |
echo "NUXT_AUTH_PRIMARY_USER_FLOW=${{secrets.NUXT_AUTH_PRIMARY_USER_FLOW}}" >> .env | |
echo "SLACK_ADMIN_MEMBER_ID=${{secrets.SLACK_ADMIN_MEMBER_ID}}" >> .env | |
echo "SLACK_BOT_TOKEN=${{secrets.SLACK_BOT_TOKEN}}" >> .env | |
echo "SLACK_SIGNING_SECRET=${{secrets.SLACK_SIGNING_SECRET}}" >> .env | |
echo "NUXT_AZURE_OPENAI_API_KEY=${{secrets.NUXT_AZURE_OPENAI_API_KEY}}" >> .env | |
echo "NUXT_AZURE_OPENAI_API_VERSION=${{secrets.NUXT_AZURE_OPENAI_API_VERSION}}" >> .env | |
echo "NUXT_AZURE_OPENAI_ENDPOINT=${{secrets.NUXT_AZURE_OPENAI_ENDPOINT}}" >> .env | |
echo "NUXT_AZURE_OPENAI_DEPLOYMENT_ID=${{secrets.NUXT_AZURE_OPENAI_DEPLOYMENT_ID}}" >> .env | |
- name: Login to Azure | |
uses: azure/login@v2 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Test Connection | |
run: | | |
npm run orm-debug | |
- name: List Pending Migrations | |
run: | | |
npm run orm-list-pending-migrations | |
- name: Run migrations | |
run: | | |
npm run orm-run-pending-migrations | |
- name: Seed Database defaults | |
run: | | |
npm run orm-seed-users | |
- name: logout | |
run: az logout |