-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1829 from IntersectMBO/develop
Voltaire GovTool 1.0.14-qa
- Loading branch information
Showing
110 changed files
with
11,617 additions
and
11,882 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,186 @@ | ||
| name: Check,Build,Deploy | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - develop | ||
| - test | ||
| - staging | ||
| - main | ||
|
|
||
| permissions: | ||
| contents: write | ||
| pull-requests: write | ||
| packages: write | ||
|
|
||
| env: | ||
| ENVIRONMENT: ${{ (github.ref_name == 'main' && 'prod-govtool') || (github.ref_name == 'staging' && 'pre-prod-govtool') || (github.ref_name == 'test' && 'qa-govtool') || (github.ref_name == 'develop' && 'dev-govtool') }} | ||
|
|
||
| jobs: | ||
| check-build-deploy: | ||
| environment: ${{ (github.ref_name == 'main' && 'prod-govtool') || (github.ref_name == 'staging' && 'pre-prod-govtool') || (github.ref_name == 'test' && 'qa-govtool') || (github.ref_name == 'develop' && 'dev-govtool') }} | ||
| strategy: | ||
| matrix: | ||
| include: | ||
| - workdir: ./govtool/backend | ||
| name: govtool-backend | ||
| dockerfile: ./govtool/backend/Dockerfile.qovery | ||
| image: ghcr.io/${{ github.repository }}-govtool-backend | ||
| qovery_container_name: govtool-backend | ||
| - workdir: ./govtool/frontend | ||
| name: govtool-frontend | ||
| dockerfile: ./govtool/frontend/Dockerfile.qovery | ||
| image: ghcr.io/${{ github.repository }}-govtool-frontend | ||
| qovery_container_name: govtool-frontend | ||
| - workdir: ./govtool/metadata-validation | ||
| name: govtool-metadata-validation | ||
| dockerfile: ./govtool/metadata-validation/Dockerfile | ||
| image: ghcr.io/${{ github.repository }}-govtool-metadata-validation | ||
| qovery_container_name: govtool-metadata-validation | ||
|
|
||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Set TAG Environment Variable | ||
| id: set_tag | ||
| run: | | ||
| if [ "${{ github.ref_name }}" = "main" ]; then | ||
| echo "TAG=${{ github.sha }}" >> $GITHUB_ENV | ||
| else | ||
| echo "TAG=${{ github.ref_name }}-${{ github.sha }}" >> $GITHUB_ENV | ||
| fi | ||
| - name: Lint Dockerfile | ||
| id: hadolint | ||
| uses: hadolint/[email protected] | ||
| with: | ||
| failure-threshold: error | ||
| format: json | ||
| dockerfile: ${{ matrix.dockerfile }} | ||
| # output-file: hadolint_output.json | ||
|
|
||
| - name: Save Hadolint output | ||
| id: save_hadolint_output | ||
| if: always() | ||
| run: cd ${{ matrix.workdir }} && echo "$HADOLINT_RESULTS" | jq '.' > hadolint_output.json | ||
|
|
||
| - name: Print Dockerfile lint output | ||
| run: | | ||
| cd ${{ matrix.workdir }} | ||
| echo "-----HADOLINT RESULT-----" | ||
| echo "Outcome: ${{ steps.hadolint.outcome }}" | ||
| echo "-----DETAILS--------" | ||
| cat hadolint_output.json | ||
| echo "--------------------" | ||
| - name: Code lint | ||
| id: code_lint | ||
| run: | | ||
| cd ${{ matrix.workdir }} | ||
| if [ ! -f lint.sh ]; then | ||
| echo "lint skipped" | tee code_lint_output.txt | ||
| exit 0 | ||
| fi | ||
| set -o pipefail | ||
| sudo chmod +x lint.sh && ./lint.sh 2>&1 | tee code_lint_output.txt | ||
| - name: Unit tests | ||
| id: unit_tests | ||
| run: | | ||
| cd ${{ matrix.workdir }} | ||
| if [ ! -f unit-test.sh ]; then | ||
| echo "unit tests skipped" | tee code_lint_output.txt | ||
| exit 0 | ||
| fi | ||
| set -o pipefail | ||
| sudo chmod +x unit-test.sh && ./unit-test.sh 2>&1 | tee unit_test_output.txt | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v2 | ||
|
|
||
| - name: Cache Docker layers | ||
| uses: actions/cache@v3 | ||
| with: | ||
| path: /tmp/.buildx-cache | ||
| key: ${{ runner.os }}-buildx-${{ github.sha }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-buildx- | ||
| - id: image_lowercase | ||
| uses: ASzc/change-string-case-action@v6 | ||
| with: | ||
| string: ${{ matrix.image }} | ||
|
|
||
| - name: Build Docker image | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| context: ${{ matrix.workdir }} | ||
| file: ${{ matrix.dockerfile }} | ||
| tags: ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }} | ||
| load: true | ||
| cache-from: type=local,src=/tmp/.buildx-cache | ||
| cache-to: type=local,dest=/tmp/.buildx-cache | ||
| build-args: | | ||
| VITE_APP_ENV=${{ secrets.VITE_APP_ENV }} | ||
| VITE_BASE_URL=${{ secrets.VITE_BASE_URL }} | ||
| VITE_METADATA_API_URL=${{ secrets.VITE_METADATA_API_URL }} | ||
| VITE_GTM_ID=${{ secrets.VITE_GTM_ID }} | ||
| VITE_NETWORK_FLAG=${{ secrets.VITE_NETWORK_FLAG }} | ||
| VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }} | ||
| NPMRC_TOKEN=${{ secrets.NPMRC_TOKEN }} | ||
| VITE_USERSNAP_SPACE_API_KEY=${{ secrets.VITE_USERSNAP_SPACE_API_KEY }} | ||
| VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED=${{ secrets.VITE_IS_PROPOSAL_DISCUSSION_FORUM_ENABLED }} | ||
| VITE_PDF_API_URL=${{ secrets.VITE_PDF_API_URL }} | ||
| - name: Login to GHCR | ||
| uses: docker/login-action@v2 | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Scan Docker image with Dockle | ||
| id: dockle | ||
| run: | | ||
| wget https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz | ||
| tar zxvf dockle_0.4.14_Linux-64bit.tar.gz | ||
| sudo mv dockle /usr/local/bin | ||
| dockle --exit-level fatal --format json --output ${{ matrix.workdir }}/dockle_scan_output.json ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }} | ||
| echo " dockle exited w/ $?" | ||
| cat ${{ matrix.workdir }}/dockle_scan_output.json | ||
| echo "outcome=success" >> $GITHUB_OUTPUT | ||
| - name: Push Docker image to GHCR | ||
| run: | | ||
| docker push ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }} | ||
| - name: Deploy with Qovery | ||
| if: github.ref == 'refs/heads/develop' | ||
| env: | ||
| QOVERY_CLI_ACCESS_TOKEN: ${{secrets.QOVERY_CLI_ACCESS_TOKEN }} | ||
| run: | | ||
| echo "Deploying on $ENVIRONMENT" | ||
| echo "Organization - ${{ vars.ORGANIZATION }}" | ||
| echo "Project - ${{ vars.PROJECT }}" | ||
| # Download and install Qovery CLI | ||
| curl -s https://get.qovery.com | bash | ||
| qovery container list \ | ||
| --organization ${{ vars.ORGANIZATION }} \ | ||
| --project ${{ vars.PROJECT }} \ | ||
| --environment $ENVIRONMENT | ||
| qovery container deploy \ | ||
| --organization ${{ vars.ORGANIZATION }} \ | ||
| --project ${{ vars.PROJECT }} \ | ||
| --environment $ENVIRONMENT \ | ||
| --container ${{ matrix.qovery_container_name }} \ | ||
| --tag ${{ env.TAG }} \ | ||
| --watch |
Oops, something went wrong.