-
Notifications
You must be signed in to change notification settings - Fork 115
255 lines (216 loc) · 7.69 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
name: ci
on:
push:
branches:
- main
pull_request:
branches:
- "**"
merge_group:
env:
TERRAFORM_VERSION: "1.4.2"
jobs:
frontend:
if: github.event_name != 'push'
runs-on: ubuntu-22.04
permissions:
contents: read
id-token: write
steps:
- name: Clone repository
uses: actions/checkout@v4
- name: Install Deno
uses: denoland/setup-deno@v1
with:
deno-version: 1.x
- name: Check license headers
run: deno task lint:license
- name: Format
run: deno fmt --check
working-directory: frontend
- name: Lint
run: deno lint
working-directory: frontend
- name: Typecheck
run: deno check main.ts
working-directory: frontend
- name: Build Fresh
run: deno task build
working-directory: frontend
test:
runs-on: ubuntu-22.04
if: github.event_name != 'push'
steps:
- name: Clone repository
uses: actions/checkout@v4
- name: Install Rust
uses: dsherret/rust-toolchain-file@v1
- uses: Swatinem/rust-cache@v2
- name: Setup postgres for tests
run: docker-compose up -d
- name: Build
run: cargo build --all-targets --tests
working-directory: api
- name: Test
run: cargo test
working-directory: api
- uses: taiki-e/cache-cargo-install-action@v1
with:
tool: [email protected]
# If it's not up to date, run `cargo sqlx prepare` locally and commit the
# changes. You may have to run `cargo install sqlx-cli` first.
- name: Check sqlx metadata is up to date
run: |
cargo sqlx migrate run
cargo sqlx prepare --check
working-directory: api
env:
DATABASE_URL: postgres://user:password@localhost/registry
- name: Lint
run: cargo clippy --all-targets --all-features -- -D warnings
working-directory: api
- name: Format
run: cargo fmt --all -- --check
working-directory: api
docker-images:
if: github.event_name == 'merge_group' || github.event_name == 'push'
runs-on: ubuntu-22.04
permissions:
contents: read
id-token: write
env:
API_IMAGE_ID_BASE: us-central1-docker.pkg.dev/deno-registry3-infra/registry/api
FRONTEND_IMAGE_ID_BASE: us-central1-docker.pkg.dev/deno-registry3-infra/registry/frontend
outputs:
api_image_id: ${{ steps.api_image_id.outputs.image_id }}
frontend_image_id: ${{ steps.frontend_image_id.outputs.image_id }}
steps:
- name: Clone repository
uses: actions/checkout@v4
- name: Authenticate with GCP
id: gcp_auth
uses: google-github-actions/auth@v2
with:
project_id: deno-registry3-infra
token_format: access_token
workload_identity_provider: projects/289615555261/locations/global/workloadIdentityPools/github-actions/providers/github-actions
service_account: [email protected]
- uses: docker/login-action@v3
with:
registry: us-central1-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.gcp_auth.outputs.access_token }}
- name: Set up docker buildx
uses: docker/setup-buildx-action@v3
- name: Copy Cargo.lock
run: cp Cargo.lock api/Cargo.lock
- name: Build and push api docker image
uses: docker/build-push-action@v5
id: api_push
with:
context: api
push: true
tags: ${{ env.API_IMAGE_ID_BASE }}:${{ github.sha }}
cache-from: type=gha,scope=docker-api
cache-to: type=gha,mode=max,scope=docker-api
- name: Build and push frontend docker image
uses: docker/build-push-action@v5
id: frontend_push
with:
context: frontend
push: true
tags: ${{ env.FRONTEND_IMAGE_ID_BASE }}:${{ github.sha }}
cache-from: type=gha,scope=docker-frontend
cache-to: type=gha,mode=max,scope=docker-frontend
- name: Set api_image_id output
id: api_image_id
run: echo "image_id=${{ env.API_IMAGE_ID_BASE }}@${{ steps.api_push.outputs.imageid }}" >> $GITHUB_OUTPUT
- name: Set frontend_image_id output
id: frontend_image_id
run: echo "image_id=${{ env.FRONTEND_IMAGE_ID_BASE }}@${{ steps.frontend_push.outputs.imageid }}" >> $GITHUB_OUTPUT
staging:
if: github.event_name == 'merge_group'
runs-on: ubuntu-22.04
needs: docker-images
environment:
name: staging
url: https://deno-registry-staging.net
permissions:
contents: read
id-token: write
steps:
- name: Clone repository
uses: actions/checkout@v4
- name: Install Deno
uses: denoland/setup-deno@v1
with:
deno-version: 1.x
- name: Install terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
- name: Authenticate with GCP
id: gcp_auth
uses: google-github-actions/auth@v2
with:
project_id: deno-registry3-staging
workload_identity_provider: projects/1067420915575/locations/global/workloadIdentityPools/github-actions/providers/github-actions
service_account: [email protected]
- name: terraform plan
run: |
touch terraform/staging.secret.tfvars
deno task tf:staging:init
terraform version
deno task tf:staging:plan
env:
API_IMAGE_ID: ${{ needs.docker-images.outputs.api_image_id }}
FRONTEND_IMAGE_ID: ${{ needs.docker-images.outputs.frontend_image_id }}
TF_VAR_github_client_secret: ${{ secrets.GH_CLIENT_SECRET }}
TF_VAR_postmark_token: ${{ secrets.POSTMARK_TOKEN }}
TF_VAR_orama_index_id: ${{ secrets.ORAMA_INDEX_ID }}
TF_VAR_orama_private_api_key: ${{ secrets.ORAMA_PRIVATE_API_KEY }}
- name: terraform apply
run: deno task tf:staging:apply
prod:
if: github.event_name == 'push' || github.ref == 'refs/heads/main'
runs-on: ubuntu-22.04
needs: docker-images
environment:
name: prod
url: https://jsr.io
permissions:
contents: read
id-token: write
steps:
- name: Clone repository
uses: actions/checkout@v4
- name: Install Deno
uses: denoland/setup-deno@v1
with:
deno-version: 1.x
- name: Install terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
- name: Authenticate with GCP
id: gcp_auth
uses: google-github-actions/auth@v2
with:
project_id: deno-registry3-prod
workload_identity_provider: projects/614736529383/locations/global/workloadIdentityPools/github-actions/providers/github-actions
service_account: [email protected]
- name: terraform plan
run: |
touch terraform/prod.secret.tfvars
deno task tf:prod:init
terraform version
deno task tf:prod:plan
env:
API_IMAGE_ID: ${{ needs.docker-images.outputs.api_image_id }}
FRONTEND_IMAGE_ID: ${{ needs.docker-images.outputs.frontend_image_id }}
TF_VAR_github_client_secret: ${{ secrets.GH_CLIENT_SECRET }}
TF_VAR_postmark_token: ${{ secrets.POSTMARK_TOKEN }}
TF_VAR_orama_index_id: ${{ secrets.ORAMA_INDEX_ID }}
TF_VAR_orama_private_api_key: ${{ secrets.ORAMA_PRIVATE_API_KEY }}
- name: terraform apply
run: deno task tf:prod:apply