1+ name : Build & deploy to production
2+
3+ on :
4+ # run it during push to branch
5+ push :
6+ branches : [ "stable" ]
7+
8+ jobs :
9+ build-and-test :
10+ name : Build and Test
11+
12+ # run only when code is compiling and tests are passing
13+ runs-on : ubuntu-latest
14+
15+ outputs :
16+ dockerTag : ${{ steps.compute.outputs.docker_tag }}
17+
18+ services :
19+ # Label used to access the service container
20+ postgres :
21+ # Docker Hub image
22+ image : postgres:11.5
23+ # Provide the password for postgres
24+ env :
25+ POSTGRES_DB : testdb
26+ # Set health checks to wait until postgres has started
27+ options : >-
28+ --health-cmd pg_isready
29+ --health-interval 10s
30+ --health-timeout 5s
31+ --health-retries 5
32+ ports :
33+ # Maps tcp port 5432 on service container to the host
34+ - 5432:5432
35+
36+ redis :
37+ image : redis
38+ # Set health checks to wait until redis has started
39+ options : >-
40+ --health-cmd "redis-cli ping"
41+ --health-interval 10s
42+ --health-timeout 5s
43+ --health-retries 5
44+ ports :
45+ - 6379:6379
46+
47+ env :
48+ DJANGO_SETTINGS_MODULE : app.settings
49+ SUPRESS_DEBUG_TOOLBAR : 1
50+ GITCOIN_API_USER : ${{ secrets.GITCOIN_API_USER }}
51+ GITHUB_API_TOKEN : ${{ secrets.GITCOIN_API_TOKEN }}
52+ POLYGONSCAN_API_KEY : ${{ secrets.POLYGONSCAN_API_KEY }}
53+
54+ # steps to perform in job
55+ steps :
56+ - name : Checkout code
57+ uses : actions/checkout@v2
58+
59+ - name : Use Node.js 14
60+ uses : actions/setup-node@v2
61+ with :
62+ node-version : 14
63+ cache : " yarn"
64+
65+ - name : Use Python 3.7
66+ uses : " actions/setup-python@v2"
67+ with :
68+ python-version : 3.7
69+ cache : " pip"
70+
71+ - name : Setup Env
72+ run : |
73+ echo "PYTHONPATH=/home/runner/work/web/web/app" >> $GITHUB_ENV
74+ cp app/app/ci.env app/app/.env
75+ pip install pip==20.0.2 setuptools wheel --upgrade
76+
77+ name : Fetch and Install GeoIP database files
78+ run : |
79+ sudo apt-get update && sudo apt-get install -y libmaxminddb-dev libsodium-dev libsecp256k1-dev
80+ cp dist/*.gz ./
81+ gunzip GeoLite2-City.mmdb.tar.gz && gunzip GeoLite2-Country.mmdb.tar.gz
82+ tar -xvf GeoLite2-City.mmdb.tar && tar -xvf GeoLite2-Country.mmdb.tar
83+ sudo mkdir -p /opt/GeoIP/
84+ sudo mv GeoLite2-City_20200128/*.mmdb /opt/GeoIP/
85+ sudo mv GeoLite2-Country_20200128/*.mmdb /opt/GeoIP/
86+
87+ name : Install libvips, Node, and Python dependencies
88+ run : |
89+ sudo apt-get install -y libvips libvips-dev
90+ node --version
91+ yarn install
92+ pip install -r requirements/test.txt
93+ yarn run eslint
94+ yarn run stylelint
95+ (cd app; python ./manage.py collectstatic --noinput --disable-collectfast)
96+
97+ # - name: Run management commands
98+ # run: |
99+ # python app/manage.py migrate
100+ # python app/manage.py fetch_gas_prices
101+
102+ # - name: Run Python and UI tests
103+ # run: |
104+ # pytest -p no:ethereum -p no:warnings
105+ # bin/ci/cypress-run
106+
107+ # - name: Generate Markdown documentation and static docs page
108+ # run: pydocmd build
109+
110+ # - name: Deploy to Github Pages 🚀
111+ # uses: peaceiris/actions-gh-pages@v3
112+ # if: github.ref == 'refs/heads/master'
113+ # with:
114+ # github_token: ${{ secrets.GITHUB_TOKEN }}
115+ # publish_dir: _build/site
116+ # cname: docs.gitcoin.coind
117+
118+ - name : Compute some values
119+ id : compute
120+ run : |
121+ echo "::set-output name=docker_tag::gitcoin/web:${GITHUB_SHA: -10}"
122+
123+ name : Login to Docker Hub
124+ uses : docker/login-action@v1
125+ with :
126+ username : ${{ secrets.DOCKER_USERNAME }}
127+ password : ${{ secrets.DOCKER_PASSWORD }}
128+
129+ - name : Set up Docker Buildx
130+ id : buildx
131+ uses : docker/setup-buildx-action@v1
132+
133+ - name : Deploy to Docker Hub 🚀
134+ uses : docker/build-push-action@v2
135+ with :
136+ context : ./
137+ file : ./Dockerfile-prod
138+ builder : ${{ steps.buildx.outputs.name }}
139+ push : true
140+ tags : |
141+ ${{ steps.compute.outputs.docker_tag }}
142+ gitcoin/web:production-gha
143+ cache-from : type=registry,ref=${{ secrets.DOCKER_USERNAME }}/web:buildcache-production
144+ cache-to : type=registry,ref=${{ secrets.DOCKER_USERNAME }}/web:buildcache-production,mode=max
145+
146+ deploy :
147+ name : Deploy
148+ needs : build-and-test
149+ environment : production
150+ runs-on : ubuntu-latest
151+
152+ steps :
153+
154+ - name : Checkout code
155+ uses : actions/checkout@v2
156+
157+ - name : Use Node.js
158+ uses : actions/setup-node@v2
159+ with :
160+ # node-version: ${{ matrix.node-version }}
161+ cache : " npm"
162+ cache-dependency-path : infra/production/package-lock.json
163+
164+ # Install pulumi dependencies
165+ # Select the new pulumi stack
166+ - run : |
167+ npm install
168+ pulumi stack select -c gitcoin/production/dev
169+ pulumi config -s gitcoin/production/dev set aws:region us-west-2 --non-interactive
170+ working-directory: infra/production
171+ env:
172+ PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
173+
174+ # Run pulumi actions
175+ - uses : pulumi/actions@v3
176+ id : pulumi
177+ with :
178+ command : up
179+ stack-name : gitcoin/production/dev
180+ upsert : false
181+ work-dir : infra/production
182+ env :
183+ PULUMI_ACCESS_TOKEN : ${{ secrets.PULUMI_ACCESS_TOKEN }}
184+ PULUMI_CONFIG_PASSPHRASE : ${{ secrets.PULUMI_CONFIG_PASSPHRASE }}
185+ AWS_ACCESS_KEY_ID : ${{ secrets.AWS_ACCESS_KEY_ID }}
186+ AWS_SECRET_ACCESS_KEY : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
187+ AWS_REGION : ${{ secrets.AWS_REGION }}
188+ DB_NAME : ${{ secrets.DB_NAME }}
189+ DB_PASSWORD : ${{ secrets.DB_PASSWORD }}
190+ DB_USER : ${{ secrets.DB_USER }}
191+ DOCKER_GTC_WEB_IMAGE : ${{ needs.build-and-test.outputs.dockerTag }}
192+ DATADOG_KEY : ${{ secrets.DATADOG_KEY }}
193+ ROUTE_53_ZONE : ${{ secrets.ROUTE_53_ZONE }}
194+ DOMAIN : ${{ secrets.DOMAIN }}
195+ SENTRY_DSN : ${{ secrets.SENTRY_DSN }}
196+ GITHUB_CLIENT_ID : ${{ secrets.GTC_GITHUB_CLIENT_ID }}
197+ GITHUB_CLIENT_SECRET : ${{ secrets.GTC_GITHUB_CLIENT_SECRET }}
198+ TEMP_DATABASE : ${{ secrets.TEMP_DATABASE }}
199+ DATABASE_URL : ${{ secrets.DATABASE_URL }}
200+ READ_REPLICA_1_DATABASE_URL : ${{secrets.READ_REPLICA_1_DATABASE_URL}}
201+ READ_REPLICA_2_DATABASE_URL : ${{secrets.READ_REPLICA_2_DATABASE_URL}}
202+ READ_REPLICA_3_DATABASE_URL : ${{secrets.READ_REPLICA_3_DATABASE_URL}}
203+ READ_REPLICA_4_DATABASE_URL : ${{secrets.READ_REPLICA_4_DATABASE_URL}}
204+ GITHUB_API_TOKEN : ${{ secrets.GTC_GITHUB_API_TOKEN }}
205+ GITHUB_API_USER : ${{ secrets.GTC_GITHUB_API_USER }}
206+ GITHUB_APP_NAME : ${{ secrets.GTC_GITHUB_APP_NAME }}
207+
208+ # The static files are already bundled and located in the folder /code/app/static in the container
209+ - name : Copy static files to bucket
210+ run : |
211+ mkdir static_files_to_deploy
212+ mkdir docker_bin
213+
214+ cat <<EOT >> docker_bin/static_files.sh
215+ #!/bin/bash
216+ cp -Rf /code/app/static/* /static_files_to_deploy/
217+ EOT
218+
219+ docker run -v $(pwd)/static_files_to_deploy:/static_files_to_deploy -v $(pwd)/docker_bin:/code/app/bin -e DATABASE_URL=${{ steps.pulumi.outputs.rdsConnectionUrl }} ${{ needs.build-and-test.outputs.dockerTag }} sh /code/app/bin/static_files.sh
220+
221+ echo "Syncing to bucket: ${{ steps.pulumi.outputs.bucketName }}"
222+ echo "Source folder: $(pwd)/static_files_to_deploy"
223+
224+ aws s3 sync $(pwd)/static_files_to_deploy s3://${{ steps.pulumi.outputs.bucketName }}/static --acl public-read --delete
225+ env :
226+ # We need AWS_EC2_METADATA_DISABLED, because: https://github.com/actions/checkout/issues/440
227+ AWS_EC2_METADATA_DISABLED : true
228+ AWS_ACCESS_KEY_ID : ${{ secrets.AWS_ACCESS_KEY_ID }}
229+ AWS_SECRET_ACCESS_KEY : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
230+ BUNDLE_USE_CHECKSUM : ' false'
231+
232+
0 commit comments