1
+ name : Build & deploy to production
2
+
3
+ on :
4
+ # run it during push to branch
5
+ push :
6
+ branches : [ "stable" ]
7
+
8
+ jobs :
9
+ build-and-test :
10
+ name : Build and Test
11
+
12
+ # run only when code is compiling and tests are passing
13
+ runs-on : ubuntu-latest
14
+
15
+ outputs :
16
+ dockerTag : ${{ steps.compute.outputs.docker_tag }}
17
+
18
+ services :
19
+ # Label used to access the service container
20
+ postgres :
21
+ # Docker Hub image
22
+ image : postgres:11.5
23
+ # Provide the password for postgres
24
+ env :
25
+ POSTGRES_DB : testdb
26
+ # Set health checks to wait until postgres has started
27
+ options : >-
28
+ --health-cmd pg_isready
29
+ --health-interval 10s
30
+ --health-timeout 5s
31
+ --health-retries 5
32
+ ports :
33
+ # Maps tcp port 5432 on service container to the host
34
+ - 5432:5432
35
+
36
+ redis :
37
+ image : redis
38
+ # Set health checks to wait until redis has started
39
+ options : >-
40
+ --health-cmd "redis-cli ping"
41
+ --health-interval 10s
42
+ --health-timeout 5s
43
+ --health-retries 5
44
+ ports :
45
+ - 6379:6379
46
+
47
+ env :
48
+ DJANGO_SETTINGS_MODULE : app.settings
49
+ SUPRESS_DEBUG_TOOLBAR : 1
50
+ GITCOIN_API_USER : ${{ secrets.GITCOIN_API_USER }}
51
+ GITHUB_API_TOKEN : ${{ secrets.GITCOIN_API_TOKEN }}
52
+ POLYGONSCAN_API_KEY : ${{ secrets.POLYGONSCAN_API_KEY }}
53
+
54
+ # steps to perform in job
55
+ steps :
56
+ - name : Checkout code
57
+ uses : actions/checkout@v2
58
+
59
+ - name : Use Node.js 14
60
+ uses : actions/setup-node@v2
61
+ with :
62
+ node-version : 14
63
+ cache : " yarn"
64
+
65
+ - name : Use Python 3.7
66
+ uses : " actions/setup-python@v2"
67
+ with :
68
+ python-version : 3.7
69
+ cache : " pip"
70
+
71
+ - name : Setup Env
72
+ run : |
73
+ echo "PYTHONPATH=/home/runner/work/web/web/app" >> $GITHUB_ENV
74
+ cp app/app/ci.env app/app/.env
75
+ pip install pip==20.0.2 setuptools wheel --upgrade
76
+
77
+ - name : Fetch and Install GeoIP database files
78
+ run : |
79
+ sudo apt-get update && sudo apt-get install -y libmaxminddb-dev libsodium-dev libsecp256k1-dev
80
+ cp dist/*.gz ./
81
+ gunzip GeoLite2-City.mmdb.tar.gz && gunzip GeoLite2-Country.mmdb.tar.gz
82
+ tar -xvf GeoLite2-City.mmdb.tar && tar -xvf GeoLite2-Country.mmdb.tar
83
+ sudo mkdir -p /opt/GeoIP/
84
+ sudo mv GeoLite2-City_20200128/*.mmdb /opt/GeoIP/
85
+ sudo mv GeoLite2-Country_20200128/*.mmdb /opt/GeoIP/
86
+
87
+ - name : Install libvips, Node, and Python dependencies
88
+ run : |
89
+ sudo apt-get install -y libvips libvips-dev
90
+ node --version
91
+ yarn install
92
+ pip install -r requirements/test.txt
93
+ yarn run eslint
94
+ yarn run stylelint
95
+ (cd app; python ./manage.py collectstatic --noinput --disable-collectfast)
96
+
97
+ # - name: Run management commands
98
+ # run: |
99
+ # python app/manage.py migrate
100
+ # python app/manage.py fetch_gas_prices
101
+
102
+ # - name: Run Python and UI tests
103
+ # run: |
104
+ # pytest -p no:ethereum -p no:warnings
105
+ # bin/ci/cypress-run
106
+
107
+ # - name: Generate Markdown documentation and static docs page
108
+ # run: pydocmd build
109
+
110
+ # - name: Deploy to Github Pages 🚀
111
+ # uses: peaceiris/actions-gh-pages@v3
112
+ # if: github.ref == 'refs/heads/master'
113
+ # with:
114
+ # github_token: ${{ secrets.GITHUB_TOKEN }}
115
+ # publish_dir: _build/site
116
+ # cname: docs.gitcoin.coind
117
+
118
+ - name : Compute some values
119
+ id : compute
120
+ run : |
121
+ echo "::set-output name=docker_tag::gitcoin/web:${GITHUB_SHA: -10}"
122
+
123
+ - name : Login to Docker Hub
124
+ uses : docker/login-action@v1
125
+ with :
126
+ username : ${{ secrets.DOCKER_USERNAME }}
127
+ password : ${{ secrets.DOCKER_PASSWORD }}
128
+
129
+ - name : Set up Docker Buildx
130
+ id : buildx
131
+ uses : docker/setup-buildx-action@v1
132
+
133
+ - name : Deploy to Docker Hub 🚀
134
+ uses : docker/build-push-action@v2
135
+ with :
136
+ context : ./
137
+ file : ./Dockerfile-prod
138
+ builder : ${{ steps.buildx.outputs.name }}
139
+ push : true
140
+ tags : |
141
+ ${{ steps.compute.outputs.docker_tag }}
142
+ gitcoin/web:production-gha
143
+ cache-from : type=registry,ref=${{ secrets.DOCKER_USERNAME }}/web:buildcache-production
144
+ cache-to : type=registry,ref=${{ secrets.DOCKER_USERNAME }}/web:buildcache-production,mode=max
145
+
146
+ deploy :
147
+ name : Deploy
148
+ needs : build-and-test
149
+ environment : production
150
+ runs-on : ubuntu-latest
151
+
152
+ steps :
153
+
154
+ - name : Checkout code
155
+ uses : actions/checkout@v2
156
+
157
+ - name : Use Node.js
158
+ uses : actions/setup-node@v2
159
+ with :
160
+ # node-version: ${{ matrix.node-version }}
161
+ cache : " npm"
162
+ cache-dependency-path : infra/production/package-lock.json
163
+
164
+ # Install pulumi dependencies
165
+ # Select the new pulumi stack
166
+ - run : |
167
+ npm install
168
+ pulumi stack select -c gitcoin/production/dev
169
+ pulumi config -s gitcoin/production/dev set aws:region us-west-2 --non-interactive
170
+ working-directory: infra/production
171
+ env:
172
+ PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
173
+
174
+ # Run pulumi actions
175
+ - uses : pulumi/actions@v3
176
+ id : pulumi
177
+ with :
178
+ command : up
179
+ stack-name : gitcoin/production/dev
180
+ upsert : false
181
+ work-dir : infra/production
182
+ env :
183
+ PULUMI_ACCESS_TOKEN : ${{ secrets.PULUMI_ACCESS_TOKEN }}
184
+ PULUMI_CONFIG_PASSPHRASE : ${{ secrets.PULUMI_CONFIG_PASSPHRASE }}
185
+ AWS_ACCESS_KEY_ID : ${{ secrets.AWS_ACCESS_KEY_ID }}
186
+ AWS_SECRET_ACCESS_KEY : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
187
+ AWS_REGION : ${{ secrets.AWS_REGION }}
188
+ DB_NAME : ${{ secrets.DB_NAME }}
189
+ DB_PASSWORD : ${{ secrets.DB_PASSWORD }}
190
+ DB_USER : ${{ secrets.DB_USER }}
191
+ DOCKER_GTC_WEB_IMAGE : ${{ needs.build-and-test.outputs.dockerTag }}
192
+ DATADOG_KEY : ${{ secrets.DATADOG_KEY }}
193
+ ROUTE_53_ZONE : ${{ secrets.ROUTE_53_ZONE }}
194
+ DOMAIN : ${{ secrets.DOMAIN }}
195
+ SENTRY_DSN : ${{ secrets.SENTRY_DSN }}
196
+ GITHUB_CLIENT_ID : ${{ secrets.GTC_GITHUB_CLIENT_ID }}
197
+ GITHUB_CLIENT_SECRET : ${{ secrets.GTC_GITHUB_CLIENT_SECRET }}
198
+ TEMP_DATABASE : ${{ secrets.TEMP_DATABASE }}
199
+ DATABASE_URL : ${{ secrets.DATABASE_URL }}
200
+ READ_REPLICA_1_DATABASE_URL : ${{secrets.READ_REPLICA_1_DATABASE_URL}}
201
+ READ_REPLICA_2_DATABASE_URL : ${{secrets.READ_REPLICA_2_DATABASE_URL}}
202
+ READ_REPLICA_3_DATABASE_URL : ${{secrets.READ_REPLICA_3_DATABASE_URL}}
203
+ READ_REPLICA_4_DATABASE_URL : ${{secrets.READ_REPLICA_4_DATABASE_URL}}
204
+ GITHUB_API_TOKEN : ${{ secrets.GTC_GITHUB_API_TOKEN }}
205
+ GITHUB_API_USER : ${{ secrets.GTC_GITHUB_API_USER }}
206
+ GITHUB_APP_NAME : ${{ secrets.GTC_GITHUB_APP_NAME }}
207
+
208
+ # The static files are already bundled and located in the folder /code/app/static in the container
209
+ - name : Copy static files to bucket
210
+ run : |
211
+ mkdir static_files_to_deploy
212
+ mkdir docker_bin
213
+
214
+ cat <<EOT >> docker_bin/static_files.sh
215
+ #!/bin/bash
216
+ cp -Rf /code/app/static/* /static_files_to_deploy/
217
+ EOT
218
+
219
+ docker run -v $(pwd)/static_files_to_deploy:/static_files_to_deploy -v $(pwd)/docker_bin:/code/app/bin -e DATABASE_URL=${{ steps.pulumi.outputs.rdsConnectionUrl }} ${{ needs.build-and-test.outputs.dockerTag }} sh /code/app/bin/static_files.sh
220
+
221
+ echo "Syncing to bucket: ${{ steps.pulumi.outputs.bucketName }}"
222
+ echo "Source folder: $(pwd)/static_files_to_deploy"
223
+
224
+ aws s3 sync $(pwd)/static_files_to_deploy s3://${{ steps.pulumi.outputs.bucketName }}/static --acl public-read --delete
225
+ env :
226
+ # We need AWS_EC2_METADATA_DISABLED, because: https://github.com/actions/checkout/issues/440
227
+ AWS_EC2_METADATA_DISABLED : true
228
+ AWS_ACCESS_KEY_ID : ${{ secrets.AWS_ACCESS_KEY_ID }}
229
+ AWS_SECRET_ACCESS_KEY : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
230
+ BUNDLE_USE_CHECKSUM : ' false'
231
+
232
+
0 commit comments