Hangar/.github/workflows/deploy.yml

name: Deploy

on:
  # allow manual dispatch
  workflow_dispatch:
  # run on PRs
  push:
    branches:
      - master

concurrency:
  group: ${{ github.ref }}
  cancel-in-progress: true

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Set up JDK
        uses: actions/setup-java@v1
        with:
          java-version: 11

      - name: Set up Node
        uses: actions/setup-node@v2
        with:
          node-version: '12'

      - name: Cache Maven Deps
        uses: actions/cache@v2
        with:
          path: $GITHUB_WORKSPACE/.m2/repository
          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
          restore-keys: |
            ${{ runner.os }}-maven-

      - name: Build backend
        run: mvn --batch-mode --errors --fail-at-end --show-version --no-transfer-progress -Dmaven.repo.local=$GITHUB_WORKSPACE/.m2/repository install

      - name: Cache Yarn
        uses: actions/cache@v2
        with:
          path: "~/.cache/yarn"
          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
          restore-keys: |
            ${{ runner.os }}-yarn-

      - name: Install frontend deps
        env:
          CI: true
        run: (cd frontend && yarn install --frozen-lockfile --cache-folder ~/.cache/yarn)

      - name: Lint frontend
        env:
          CI: true
        run: (cd frontend && yarn lint)

      - name: Sync forth and back with crowdin
        uses: crowdin/github-action@1.4.0
        with:
          upload_sources: true
          download_translations: true
          push_translations: false
          create_pull_request: false
          skip_untranslated_strings: true
          config: 'crowdin.yml'
          crowdin_branch_name: master
        env:
          CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}

      - name: Build frontend
        env:
          CI: true
          # keep these in sync with compose!
          proxyHost: "http://hangar_new_backend:8080"
          authHost: "https://hangar-auth.benndorf.dev"
          host: "0.0.0.0"
          PUBLIC_HOST: "https://hangar.benndorf.dev"
        run: (cd frontend && yarn build)

      - name: SSH
        uses: webfactory/ssh-agent@v0.5.2
        if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
        with:
          ssh-private-key: ${{ secrets.DOCKER_HOST_SSH_KEY }}

      - name: Docker
        env:
          SECRET_KEY: ${{ secrets.SECRET_KEY }}
          POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
          POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
          EMAIL_HOST_USER: ${{ secrets.EMAIL_HOST_USER }}
          EMAIL_HOST_PASSWORD: ${{ secrets.EMAIL_HOST_PASSWORD }}
          SSO_CLIENT_ID: ${{ secrets.SSO_CLIENT_ID }}
          SSO_SECRET: ${{ secrets.SSO_SECRET }}
          API_KEY: ${{ secrets.API_KEY }}
          TOKEN_SECRET: ${{ secrets.TOKEN_SECRET }}
        run: |
          echo ${{ secrets.DOCKER_HOST_SSH_SIG }} > ~/.ssh/known_hosts
          cd docker/deployment
          echo ${{ secrets.CR_PAT }} | docker login ghcr.io -u ${{ secrets.CR_USER }} --password-stdin
          docker-compose build
          docker-compose push
          DOCKER_HOST="${{ secrets.DOCKER_HOST }}" docker stack deploy --with-registry-auth --compose-file=docker-compose.yml hangar_new
initial try of deployment 2021-02-06 02:04:28 +08:00			`name: Deploy`
add build scripts for PRs 2021-02-05 23:45:53 +08:00
			`on:`
			`# allow manual dispatch`
			`workflow_dispatch:`
actually push the new file 2021-02-06 02:07:58 +08:00			`# run on PRs`
test 2021-02-06 00:30:57 +08:00			`push:`
actually push the new file 2021-02-06 02:07:58 +08:00			`branches:`
fix CI Signed-off-by: MiniDigger <admin@minidigger.me> 2021-04-17 15:28:41 +08:00			`- master`
improve workflow actions (#482) * initial attempt * change names 2021-06-01 14:11:08 +08:00
			`concurrency:`
hello github wtf is wrong with you? Signed-off-by: MiniDigger <admin@benndorf.dev> 2021-12-04 01:25:37 +08:00			`group: ${{ github.ref }}`
improve workflow actions (#482) * initial attempt * change names 2021-06-01 14:11:08 +08:00			`cancel-in-progress: true`
add build scripts for PRs 2021-02-05 23:45:53 +08:00
			`jobs:`
			`build:`
			`runs-on: ubuntu-latest`

			`steps:`
			`- name: Checkout`
			`uses: actions/checkout@v2`

			`- name: Set up JDK`
			`uses: actions/setup-java@v1`
			`with:`
			`java-version: 11`

			`- name: Set up Node`
			`uses: actions/setup-node@v2`
			`with:`
			`node-version: '12'`

actually push the new file 2021-02-06 02:07:58 +08:00			`- name: Cache Maven Deps`
			`uses: actions/cache@v2`
			`with:`
			`path: $GITHUB_WORKSPACE/.m2/repository`
			`key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}`
			`restore-keys: \|`
			`${{ runner.os }}-maven-`

			`- name: Build backend`
fix tests, make CI run tests again Signed-off-by: MiniDigger <admin@minidigger.me> 2021-04-17 15:57:45 +08:00			`run: mvn --batch-mode --errors --fail-at-end --show-version --no-transfer-progress -Dmaven.repo.local=$GITHUB_WORKSPACE/.m2/repository install`
actually push the new file 2021-02-06 02:07:58 +08:00
			`- name: Cache Yarn`
			`uses: actions/cache@v2`
			`with:`
			`path: "~/.cache/yarn"`
			`key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}`
			`restore-keys: \|`
			`${{ runner.os }}-yarn-`

			`- name: Install frontend deps`
			`env:`
			`CI: true`
			`run: (cd frontend && yarn install --frozen-lockfile --cache-folder ~/.cache/yarn)`

			`- name: Lint frontend`
			`env:`
			`CI: true`
			`run: (cd frontend && yarn lint)`

Sync with crowdin using github actions on deploy (#553) Co-authored-by: MiniDigger <admin@benndorf.dev> 2021-12-19 18:59:02 +08:00			`- name: Sync forth and back with crowdin`
			`uses: crowdin/github-action@1.4.0`
			`with:`
			`upload_sources: true`
			`download_translations: true`
			`push_translations: false`
			`create_pull_request: false`
try to understand why lang stuff isn't working on staging Signed-off-by: MiniDigger <admin@benndorf.dev> 2021-12-21 20:06:06 +08:00			`skip_untranslated_strings: true`
Sync with crowdin using github actions on deploy (#553) Co-authored-by: MiniDigger <admin@benndorf.dev> 2021-12-19 18:59:02 +08:00			`config: 'crowdin.yml'`
			`crowdin_branch_name: master`
			`env:`
			`CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}`

actually push the new file 2021-02-06 02:07:58 +08:00			`- name: Build frontend`
			`env:`
			`CI: true`
we need env vars at build time too Signed-off-by: MiniDigger <admin@minidigger.me> 2021-03-17 02:12:13 +08:00			`# keep these in sync with compose!`
			`proxyHost: "http://hangar_new_backend:8080"`
remove unused backend auth host and rename lazy auth host Signed-off-by: MiniDigger <admin@benndorf.dev> 2021-11-23 14:49:45 +08:00			`authHost: "https://hangar-auth.benndorf.dev"`
we need env vars at build time too Signed-off-by: MiniDigger <admin@minidigger.me> 2021-03-17 02:12:13 +08:00			`host: "0.0.0.0"`
change staging for now Signed-off-by: MiniDigger <admin@minidigger.me> 2021-04-02 20:59:32 +08:00			`PUBLIC_HOST: "https://hangar.benndorf.dev"`
actually push the new file 2021-02-06 02:07:58 +08:00			`run: (cd frontend && yarn build)`

try to deploy using ssh Signed-off-by: MiniDigger <admin@minidigger.me> 2021-03-16 02:37:18 +08:00			`- name: SSH`
Update webfactory/ssh-agent action to v0.5.2 2021-04-07 18:46:54 +08:00			`uses: webfactory/ssh-agent@v0.5.2`
don't run ssh setup on PR 2021-04-23 05:05:20 +08:00			`if: github.event_name == 'push' \|\| github.event_name == 'workflow_dispatch'`
try to deploy using ssh Signed-off-by: MiniDigger <admin@minidigger.me> 2021-03-16 02:37:18 +08:00			`with:`
			`ssh-private-key: ${{ secrets.DOCKER_HOST_SSH_KEY }}`

merge docker steps 2021-02-06 02:26:05 +08:00			`- name: Docker`
migrate to gh secrets 2021-07-01 02:12:01 +08:00			`env:`
			`SECRET_KEY: ${{ secrets.SECRET_KEY }}`
fix secret names 2021-07-01 02:34:27 +08:00			`POSTGRES_USER: ${{ secrets.POSTGRES_USER }}`
			`POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}`
			`EMAIL_HOST_USER: ${{ secrets.EMAIL_HOST_USER }}`
			`EMAIL_HOST_PASSWORD: ${{ secrets.EMAIL_HOST_PASSWORD }}`
🤦‍♂️ Signed-off-by: MiniDigger <admin@benndorf.dev> 2021-10-17 00:20:06 +08:00			`SSO_CLIENT_ID: ${{ secrets.SSO_CLIENT_ID }}`
migrate to gh secrets 2021-07-01 02:12:01 +08:00			`SSO_SECRET: ${{ secrets.SSO_SECRET }}`
			`API_KEY: ${{ secrets.API_KEY }}`
fix sso endpoint port 2021-07-01 05:19:04 +08:00			`TOKEN_SECRET: ${{ secrets.TOKEN_SECRET }}`
initial try of deployment 2021-02-06 02:04:28 +08:00			`run: \|`
trust my dum ssh key already, smh Signed-off-by: MiniDigger <admin@minidigger.me> 2021-03-16 02:50:20 +08:00			`echo ${{ secrets.DOCKER_HOST_SSH_SIG }} > ~/.ssh/known_hosts`
initial try of deployment 2021-02-06 02:04:28 +08:00			`cd docker/deployment`
try to properly deploy docker images to ghcr 2021-02-06 16:39:19 +08:00			`echo ${{ secrets.CR_PAT }} \| docker login ghcr.io -u ${{ secrets.CR_USER }} --password-stdin`
initial try of deployment 2021-02-06 02:04:28 +08:00			`docker-compose build`
try to properly deploy docker images to ghcr 2021-02-06 16:39:19 +08:00			`docker-compose push`
try to deploy using ssh Signed-off-by: MiniDigger <admin@minidigger.me> 2021-03-16 02:37:18 +08:00			`DOCKER_HOST="${{ secrets.DOCKER_HOST }}" docker stack deploy --with-registry-auth --compose-file=docker-compose.yml hangar_new`