Skip to content

Commit

Permalink
Merge pull request #93 from infinum/feature/github-actions
Browse files Browse the repository at this point in the history
Task #419 - GitHub Actions workflows
  • Loading branch information
lovro-bikic authored Jan 15, 2022
2 parents 2ae9364 + 3802732 commit 27f2a6c
Show file tree
Hide file tree
Showing 7 changed files with 304 additions and 39 deletions.
107 changes: 107 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
name: Build

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

on:
workflow_call:
inputs:
# Selects the version of Postgres for running tests
# See: https://github.com/docker-library/docs/blob/master/postgres/README.md#supported-tags-and-respective-dockerfile-links
postgres_image:
required: true
type: string

# Determines whether to install Node and run `yarn install`
use_node:
required: false
type: boolean
default: true

# Sets BUNDLE_APP_CONFIG environment variable
# See: https://bundler.io/man/bundle-config.1.html
bundle_app_config:
required: false
type: string
default: .bundle/ci-build

# Selects the runner on which the workflow will run
# See: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
runner:
required: false
type: string
default: ubuntu-20.04

# Defines which scripts will run on CI
# Format: space-delimited paths to scripts
# Example: 'bin/audit bin/lint bin/test'
ci_steps:
required: true
type: string
secrets:
VAULT_ADDR:
required: true
VAULT_AUTH_METHOD:
required: true
VAULT_AUTH_USER_ID:
required: true
VAULT_AUTH_APP_ID:
required: true

jobs:
build:
name: 'Build'
runs-on: ${{ inputs.runner }}
env:
BUNDLE_APP_CONFIG: ${{ inputs.bundle_app_config }}
RUBOCOP_CACHE_ROOT: .rubocop-cache
services:
postgres:
image: postgres:${{ inputs.postgres_image }}
env:
POSTGRES_HOST_AUTH_METHOD: trust
ports:
- 5432:5432
options: --name=postgres
steps:
- name: Git checkout
uses: actions/checkout@v2
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- name: Prepare RuboCop cache
uses: actions/cache@v2
with:
path: ${{ env.RUBOCOP_CACHE_ROOT }}
key: ${{ runner.os }}-rubocop-cache-${{ github.sha }}
restore-keys: |
${{ runner.os }}-rubocop-cache-
- name: Set up Node
uses: actions/setup-node@v2
if: ${{ inputs.use_node }}
with:
node-version-file: '.node-version'
- name: Prepare node_modules cache
uses: actions/cache@v2
if: ${{ inputs.use_node }}
with:
path: node_modules
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-modules-
- name: Install JS packages
if: ${{ inputs.use_node }}
run: yarn install --frozen-lockfile
- name: Prepare CI
run: bin/prepare_ci
env:
VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
VAULT_AUTH_METHOD: ${{ secrets.VAULT_AUTH_METHOD }}
VAULT_AUTH_USER_ID: ${{ secrets.VAULT_AUTH_USER_ID }}
VAULT_AUTH_APP_ID: ${{ secrets.VAULT_AUTH_APP_ID }}
- name: Wait for Postgres to be ready
run: until docker exec postgres pg_isready; do sleep 1; done
- name: CI steps
run: 'parallel --lb -k -j0 ::: ${{ inputs.ci_steps }}'
62 changes: 62 additions & 0 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
name: Deploy

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}

on:
workflow_call:
inputs:
# Sets the Mina environment (e.g. staging, production)
# A task by the same name must exist in config/deploy.rb
environment:
required: true
type: string

# Sets the Git branch which will be checked out
branch:
required: true
type: string

# Determines who can manually trigger the workflow
# Example: "@github_username1 @github_username2"
# See: https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow
deployers:
required: false
type: string
default: ''

# Sets BUNDLE_APP_CONFIG environment variable
# See: https://bundler.io/man/bundle-config.1.html
bundle_app_config:
required: false
type: string
default: .bundle/ci-deploy

# Selects the runner on which the workflow will run
# See: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
runner:
required: false
type: string
default: ubuntu-20.04
secrets:
SSH_PRIVATE_KEY:
required: true

jobs:
deploy:
name: Deploy
runs-on: ${{ inputs.runner }}
env:
BUNDLE_APP_CONFIG: ${{ inputs.bundle_app_config }}
if: ${{ github.event_name == 'workflow_dispatch' && contains(inputs.deployers, format('@{0}', github.actor)) || github.event.workflow_run.conclusion == 'success' }}
steps:
- uses: actions/checkout@v2
with:
ref: ${{ inputs.branch }}
- uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- uses: webfactory/ssh-agent@v0.5.4
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- run: bin/deploy ${{ inputs.environment }}
16 changes: 16 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,22 @@ then run if needed:
rbenv global #{latest_ruby}
```

### GitHub Actions

This template uses GitHub Actions for CI/CD. In order for workflows to work properly some [secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) have to be set up.

For build workflow to work, the following secrets must exist (usually set up by DevOps):
- `VAULT_ADDR`
- `VAULT_AUTH_METHOD`
- `VAULT_AUTH_USER_ID`
- `VAULT_AUTH_APP_ID`

For deploy workflows, you need to generate private/public SSH key pairs for each environment. Public key should be added to the server to which you're deploying. Private key should be added as a secret to GitHub and named `SSH_PRIVATE_KEY_#{ENVIRONMENT}`, where `ENVIRONMENT` is replaced with an appropriate environment name (`STAGING`, `PRODUCTION`, etc.).

### Frontend

If your application will have a frontend (the template will ask you that), you must have Node installed on your machine. The template creates a `.node-version` file with the Node version set to the version you're currently running (check by executing `node -v`). Therefore, ensure that you have the latest [Active LTS](https://nodejs.org/en/about/releases/) version of Node running on your machine before using the template.

## Usage

```shell
Expand Down
17 changes: 17 additions & 0 deletions build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: Build

on: [push]

jobs:
build:
name: Build
uses: infinum/default_rails_template/.github/workflows/build.yml@v1
with:
postgres_image: '13.2'
use_node: false
ci_steps: 'bin/audit bin/lint bin/test'
secrets:
VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
VAULT_AUTH_METHOD: ${{ secrets.VAULT_AUTH_METHOD }}
VAULT_AUTH_USER_ID: ${{ secrets.VAULT_AUTH_USER_ID }}
VAULT_AUTH_APP_ID: ${{ secrets.VAULT_AUTH_APP_ID }}
19 changes: 19 additions & 0 deletions deploy-production.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: Deploy production

on:
workflow_dispatch:
# workflow_run: # UNCOMMENT THIS IF YOU WANT AUTOMATIC PRODUCTION DEPLOYS
# workflows: [Build]
# branches: [master]
# types: [completed]

jobs:
deploy:
name: Deploy
uses: infinum/default_rails_template/.github/workflows/deploy.yml@v1
with:
environment: production
branch: master
deployers: 'DEPLOY USERS GO HERE' # Example: '@github_username1 @github_username2'
secrets:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY_PRODUCTION }}
19 changes: 19 additions & 0 deletions deploy-staging.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: Deploy staging

on:
workflow_dispatch:
workflow_run:
workflows: [Build]
branches: [staging]
types: [completed]

jobs:
deploy:
name: Deploy
uses: infinum/default_rails_template/.github/workflows/deploy.yml@v1
with:
environment: staging
branch: staging
deployers: 'DEPLOY USERS GO HERE' # Example: '@github_username1 @github_username2'
secrets:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY_STAGING }}
Loading

0 comments on commit 27f2a6c

Please sign in to comment.