-
-
Notifications
You must be signed in to change notification settings - Fork 2
149 lines (141 loc) · 3.95 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
name: ci
on:
push:
branches: ["main"]
tags:
- "*"
pull_request:
branches: ["main"]
jobs:
tests:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:16.4-alpine
ports:
- "5432:5432"
env:
POSTGRES_DB: opengas_test
POSTGRES_USER: opengas
POSTGRES_PASSWORD: opengas
env:
RAILS_ENV: test
DATABASE_URL: "postgres://opengas:opengas@localhost:5432/opengas_test"
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Ruby and gems
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.3.4
bundler-cache: true
- name: Set up database schema
run: bin/rails db:schema:load
- name: Run tests
run: bin/rails test
system-tests:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:16.4-alpine
ports:
- "5432:5432"
env:
POSTGRES_DB: opengas_test
POSTGRES_USER: opengas
POSTGRES_PASSWORD: opengas
env:
RAILS_ENV: test
DATABASE_URL: "postgres://opengas:opengas@localhost:5432/opengas_test"
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Ruby and gems
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.3.4
bundler-cache: true
- name: Set up database schema
run: bin/rails db:schema:load
- name: Run tests
run: bin/rails test:system
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Ruby and gems
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.3.4
bundler-cache: true
- name: Security audit dependencies
run: bundle exec bundler-audit --update
- name: Security audit
run: bundle exec bundle audit
- name: Security audit application code
run: bin/brakeman -q -w2
- name: Lint Ruby files
run: bin/rubocop --parallel
build:
needs: [tests, system-tests, lint]
if: ${{ github.ref_type == 'tag' }}
runs-on: ubuntu-latest
env:
DOCKER_BUILDKIT: 1
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.3.4
bundler-cache: true
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: baldarn
password: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}
- name: Build image
uses: docker/build-push-action@v6
with:
context: .
builder: ${{ steps.buildx.outputs.name }}
push: true
labels: |
"service=open-gas"
tags: |
baldarn/open-gas:latest
baldarn/open-gas:${{ github.ref_name }}
cache-from: type=gha
cache-to: type=gha,mode=max
deploy:
needs: [build]
runs-on: ubuntu-latest
concurrency:
group: deploy
cancel-in-progress: true
env:
RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
KAMAL_REGISTRY_PASSWORD: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}
SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
APP_VERSION: ${{ github.ref_name }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.3.4
bundler-cache: true
- uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- name: Env push command
run: bundle exec kamal env push
- name: Deploy command
run: bundle exec kamal deploy --skip-push --version ${{ github.ref_name }}