Change codecov icon #130
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: ['main'] | |
| jobs: | |
| test: | |
| name: Test and build node | |
| runs-on: ubuntu-latest | |
| outputs: | |
| environments: ${{ steps.environments.outputs.ENVIRONMENTS }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Use Node.js 18.x | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18.x | |
| - name: Cache dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.npm | |
| key: npm-${{ hashFiles('package-lock.json') }} | |
| restore-keys: npm- | |
| - name: Install node packages | |
| run: npm ci --no-audit | |
| - name: Run tests | |
| run: npm test | |
| - uses: codecov/codecov-action@v3 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| - id: environments | |
| name: Get environments list | |
| run: echo "ENVIRONMENTS=$(./get-environments.js)" >> $GITHUB_OUTPUT | |
| - id: zone_name | |
| name: Get Cloudflare zone name | |
| run: echo "CLOUDFLARE_ZONE_NAME=$(./get-cloudflare-zone-name.js)" >> $GITHUB_OUTPUT | |
| deploy-assets: | |
| name: Deploy assets to Cloudflare pages | |
| runs-on: ubuntu-latest | |
| needs: test | |
| outputs: | |
| capture-public-urls: ${{ steps.capture-public-urls.outputs }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Use Node.js 18.x | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18.x | |
| - name: Cache dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.npm | |
| key: npm-${{ hashFiles('package-lock.json') }} | |
| restore-keys: npm- | |
| - name: Install node packages | |
| run: npm ci --no-audit | |
| - name: Build public | |
| run: ./build-public.js | |
| - name: Remove .gitkeep files | |
| run: rm -rf public/*/.gitkeep && rm -rf public/.gitkeep && rm -rf public-urls/.gitkeep | |
| - name: Deploy assets to cloudflare | |
| run: | | |
| npx wrangler pages deploy public/ --project-name=${{ vars.CLOUDFLARE_ASSETS_PROJECT}} --commit-dirty=true | |
| env: | |
| CLOUDFLARE_API_TOKEN: ${{ secrets.CF_API_TOKEN }} | |
| - name: Purge Cloudflare Pages Cache | |
| uses: jakejarvis/cloudflare-purge-action@master | |
| env: | |
| CLOUDFLARE_TOKEN: ${{ secrets.CF_API_TOKEN }} | |
| CLOUDFLARE_ZONE: ${{ vars.CLOUDFLARE_ZONE }} | |
| - name: Save public urls as artifacts | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: public-urls | |
| path: public-urls | |
| deploy-cloudflare-worker: | |
| name: Deploy to AWS and Cloudflare workers | |
| runs-on: ubuntu-latest | |
| needs: test | |
| strategy: | |
| matrix: | |
| env: ${{fromJson(needs.test.outputs.environments)}} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Use Node.js 18.x | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18.x | |
| - name: Cache dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.npm | |
| key: npm-${{ hashFiles('package-lock.json') }} | |
| restore-keys: npm- | |
| - name: Install node packages | |
| run: npm ci --omit=dev --no-audit | |
| - name: serverless deploy | |
| run: npx serverless deploy --stage ${{ matrix.env }} | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }} | |
| - name: Put AWS credentials as Cloudflare Workers vars in wrangler.toml | |
| run: | | |
| echo -e "\n[env.${{ matrix.env }}.vars]" >> wrangler.toml | |
| grep -v ServerlessDeploymentBucketName vars-${{ matrix.env }}.toml >> wrangler.toml | |
| rm vars-${{ matrix.env }}.toml | |
| - name: Get AWS Secret for put into wrangler | |
| id: aws_secret | |
| run: | | |
| PRODUCER=$(aws ssm get-parameter --name /realtime-changes-${{ matrix.env }}-producer-user/secret --output text --query Parameter.Value) | |
| echo "::add-mask::$PRODUCER" | |
| echo "PRODUCER=$PRODUCER" >> $GITHUB_OUTPUT | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }} | |
| - name: Deploy cloudflare workers | |
| run: | | |
| echo ${{ steps.aws_secret.outputs.PRODUCER }} | npx wrangler secret put AwsSecretAccessKey --env ${{ matrix.env }} | |
| npx wrangler deploy --env ${{ matrix.env }} | |
| env: | |
| CLOUDFLARE_API_TOKEN: ${{ secrets.CF_API_TOKEN }} | |
| put-secrets-into-infisical: | |
| name: Put secrets into Infisical | |
| needs: | |
| - test | |
| - deploy-cloudflare-worker | |
| - deploy-assets | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| env: ${{fromJson(needs.test.outputs.environments)}} | |
| steps: | |
| - name: Download public urls from artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: public-urls | |
| path: public-urls | |
| - name: Put secrets into Infisical | |
| run: | | |
| curl --fail -s -o "$GET_VARS_SH" \ | |
| "https://${{ github.token }}@raw.githubusercontent.com/${{ github.repository }}/${{ github.ref_name }}/$GET_VARS_SH" | |
| chmod +x "$GET_VARS_SH" | |
| VARS=$("./$GET_VARS_SH" ${{ matrix.env }}) | |
| while IFS= read -r LINE; do | |
| IFS="=" read -r NAME VALUE <<< "$LINE" | |
| VALUE=$(echo "$VALUE" | sed "s/^'//; s/'$//") | |
| echo "Put secret: $NAME - $VALUE..." | |
| ENDPOINT="https://app.infisical.com/api/v3/secrets/raw/$NAME" | |
| CURRENT_VALUE=$( \ | |
| curl --location --silent \ | |
| "$ENDPOINT?workspaceId=${{ vars.INFISICAL_WORKSPACE_ID}}&environment=${{ matrix.env }}&secretPath=${{ vars.INFISICAL_PATH }}" \ | |
| --header 'Authorization: Bearer ${{ secrets.INFISICAL_TOKEN }}' | jq -r .secret.secretValue \ | |
| ) | |
| if [ $? -ne 0 ]; then | |
| echo "Failed to check does variable exists" | |
| exit 3 | |
| fi | |
| if [ "$CURRENT_VALUE" == "$VALUE" ]; then | |
| echo "Secret $NAME already exists with value $VALUE" | |
| continue | |
| elif [ "$CURRENT_VALUE" == "null" ]; then | |
| echo "Secret $NAME not exists, create" | |
| METHOD=POST | |
| else | |
| echo "Secret $NAME exists, update" | |
| METHOD=PATCH | |
| fi | |
| curl --fail --location \ | |
| --silent --output /dev/null \ | |
| --write-out "%{http_code}\n" \ | |
| --request $METHOD \ | |
| --url "$ENDPOINT" \ | |
| --header 'Authorization: Bearer ${{ secrets.INFISICAL_TOKEN }}' \ | |
| --header 'Content-Type: application/json' \ | |
| --data-binary @- <<EOF | |
| { | |
| "workspaceId": "${{ vars.INFISICAL_WORKSPACE_ID}}", | |
| "environment": "${{ matrix.env }}", | |
| "type": "shared", | |
| "secretPath": "${{ vars.INFISICAL_PATH }}", | |
| "secretValue": "$VALUE" | |
| } | |
| EOF | |
| done <<< "$VARS" | |
| env: | |
| GET_VARS_SH: get-environments-vars.sh | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ vars.AWS_DEFAULT_REGION }} | |
| dispatch-pigeon: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - put-secrets-into-infisical | |
| steps: | |
| - name: Pigeon App Repository Dispatch | |
| uses: peter-evans/repository-dispatch@v2 | |
| with: | |
| token: ${{ secrets.TOKEN_TO_RUN_GITHUB_ACTION }} | |
| repository: kneu-messenger-pigeon/pigeon-app | |
| event-type: environments-updated | |
| client-payload: '{"initiator": "${{ github.event.repository.name }}"}' | |
| dispatch-browser-integration-tests: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - put-secrets-into-infisical | |
| steps: | |
| # Pigeon App should be deployed before browser integration tests - they both use same OpenVPN connection to server | |
| - name: Sleep for 1 minute | |
| run: sleep 60 | |
| - name: Pigeon App Repository Dispatch | |
| uses: peter-evans/repository-dispatch@v2 | |
| with: | |
| token: ${{ secrets.TOKEN_TO_RUN_GITHUB_ACTION }} | |
| repository: kneu-messenger-pigeon/realtime-capture-browser-integration-tests | |
| event-type: realtime-capture-deployed | |
| client-payload: '{"initiator": "${{ github.event.repository.name }}"}' |