-
Notifications
You must be signed in to change notification settings - Fork 7
116 lines (99 loc) · 3.42 KB
/
update_models.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
name: Update models
on:
push:
branches:
- main
paths:
- 'models/**'
workflow_dispatch:
inputs:
environment:
description: 'Create or update models on environment'
required: true
type: environment
default: 'Stage'
jobs:
setup-check:
runs-on: ubuntu-latest
environment: ${{ inputs.environment || 'Production' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Check environment variables
uses: ./.github/actions/setup-check
with:
deploy_host: ${{ secrets.DEPLOY_HOST }}
deploy_user: ${{ secrets.DEPLOY_USER }}
deploy_path: ${{ secrets.DEPLOY_PATH }}
deploy_key: ${{ secrets.DEPLOY_KEY }}
update-models:
runs-on: ubuntu-latest
needs: setup-check
environment: ${{ inputs.environment || 'Production' }}
permissions:
id-token: write
contents: read
env:
DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }}
AWS_ENABLED: ${{ secrets.AWS_ACCOUNT != '' && secrets.AWS_REGION != '' && secrets.AWS_SECURITY_GROUP != '' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Configure AWS credentials
if: ${{ env.AWS_ENABLED == 'true' }}
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/MOT-SSH
- name: Get runners public IP address
if: ${{ env.AWS_ENABLED == 'true' }}
id: ip
uses: haythem/[email protected]
- name: Authorize IP address
if: ${{ env.AWS_ENABLED == 'true' }}
id: auth-ip
uses: ./.github/actions/authorize-ip
with:
ip: ${{ steps.ip.outputs.ipv4 }}
sgid: ${{ secrets.AWS_SECURITY_GROUP }}
- name: Start ssh-agent and add key
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.DEPLOY_KEY }}
- name: Add server to known hosts
run: ssh-keyscan -H $DEPLOY_HOST >> ~/.ssh/known_hosts
- name: Check for model changes
run: |
git fetch origin ${{ github.ref_name }}
mkdir tmp
rsync -az \
--include="*.yml" \
--exclude="*" \
$DEPLOY_USER@$DEPLOY_HOST:$DEPLOY_PATH/models/ ./tmp/
git diff --name-only --no-index --diff-filter=AM -M100% tmp models > models.txt || true
rm -rf tmp
- name: Set model sync trigger
run: |
echo "sync=$([ -s models.txt ] && echo true || echo false)" >> $GITHUB_ENV
- name: Sync models
if: ${{ env.sync == 'true' }}
run: |
rsync -az --files-from=models.txt ./ $DEPLOY_USER@$DEPLOY_HOST:$DEPLOY_PATH/
ssh $DEPLOY_USER@$DEPLOY_HOST << EOF
cd $DEPLOY_PATH
./vendor/bin/drush scr scripts/sync_models.php
./vendor/bin/drush cr
EOF
- name: No changes
if: ${{ env.sync == 'false' }}
run: echo "No model changes detected. Skipping"
- name: Revoke IP address
if: ${{ steps.auth-ip.outcome == 'success' }}
uses: ./.github/actions/revoke-ip
with:
ip: ${{ steps.ip.outputs.ipv4 }}
sgid: ${{ secrets.AWS_SECURITY_GROUP }}