Skip to content

Commit

Permalink
Add GitHub Actions workflows for build and deploy
Browse files Browse the repository at this point in the history
Remove bundler setup from bin/deploy

Fix bin/build reference

Add reusable workflows for build and deploy

Add workflows for build and deploy to staging and production

Copy build/deploy workflows to .github/workflows folder

Add GA explanation to readme

Turn off node by default

Ask about manual deployers

Move postgres image prefix to reusable workflow

Update SSH key naming scheme

Add commented-out automatic deploy to production

Add interpolation marks

Change Postgres image to 13.2

Add --frozen-lockfile flag to yarn install

Remove cancel-in-progress for deploys

Add optional input for GHA runner

Revert "Update SSH key naming scheme"

This reverts commit f1df594.

Separate Mina commands

Add RAILS_ENV=test

Document workflow inputs

Add bin/audit, force color output

Add prepare_ci script

Run CI steps in parallel

Move workflows to .github/workflows folder

Remove postgres user

Use trust auth method

Add -j4 flag

Add rubocop cache step

Give names to all steps

Move rubocop cache step

Rename job to build

Use github format for rubocop

Use both simple and github formats

Fix workflow path

Make the ci_steps input required

Change location of rubocop cache

Change flag -j4 to -j0

Add example for deployers input

Create .node-version file

Add info about frontend to readme
  • Loading branch information
lovro-bikic committed Jan 15, 2022
1 parent 2ae9364 commit 3802732
Show file tree
Hide file tree
Showing 7 changed files with 304 additions and 39 deletions.
107 changes: 107 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
name: Build

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

on:
workflow_call:
inputs:
# Selects the version of Postgres for running tests
# See: https://github.com/docker-library/docs/blob/master/postgres/README.md#supported-tags-and-respective-dockerfile-links
postgres_image:
required: true
type: string

# Determines whether to install Node and run `yarn install`
use_node:
required: false
type: boolean
default: true

# Sets BUNDLE_APP_CONFIG environment variable
# See: https://bundler.io/man/bundle-config.1.html
bundle_app_config:
required: false
type: string
default: .bundle/ci-build

# Selects the runner on which the workflow will run
# See: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
runner:
required: false
type: string
default: ubuntu-20.04

# Defines which scripts will run on CI
# Format: space-delimited paths to scripts
# Example: 'bin/audit bin/lint bin/test'
ci_steps:
required: true
type: string
secrets:
VAULT_ADDR:
required: true
VAULT_AUTH_METHOD:
required: true
VAULT_AUTH_USER_ID:
required: true
VAULT_AUTH_APP_ID:
required: true

jobs:
build:
name: 'Build'
runs-on: ${{ inputs.runner }}
env:
BUNDLE_APP_CONFIG: ${{ inputs.bundle_app_config }}
RUBOCOP_CACHE_ROOT: .rubocop-cache
services:
postgres:
image: postgres:${{ inputs.postgres_image }}
env:
POSTGRES_HOST_AUTH_METHOD: trust
ports:
- 5432:5432
options: --name=postgres
steps:
- name: Git checkout
uses: actions/checkout@v2
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- name: Prepare RuboCop cache
uses: actions/cache@v2
with:
path: ${{ env.RUBOCOP_CACHE_ROOT }}
key: ${{ runner.os }}-rubocop-cache-${{ github.sha }}
restore-keys: |
${{ runner.os }}-rubocop-cache-
- name: Set up Node
uses: actions/setup-node@v2
if: ${{ inputs.use_node }}
with:
node-version-file: '.node-version'
- name: Prepare node_modules cache
uses: actions/cache@v2
if: ${{ inputs.use_node }}
with:
path: node_modules
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-modules-
- name: Install JS packages
if: ${{ inputs.use_node }}
run: yarn install --frozen-lockfile
- name: Prepare CI
run: bin/prepare_ci
env:
VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
VAULT_AUTH_METHOD: ${{ secrets.VAULT_AUTH_METHOD }}
VAULT_AUTH_USER_ID: ${{ secrets.VAULT_AUTH_USER_ID }}
VAULT_AUTH_APP_ID: ${{ secrets.VAULT_AUTH_APP_ID }}
- name: Wait for Postgres to be ready
run: until docker exec postgres pg_isready; do sleep 1; done
- name: CI steps
run: 'parallel --lb -k -j0 ::: ${{ inputs.ci_steps }}'
62 changes: 62 additions & 0 deletions .github/workflows/deploy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
name: Deploy

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}

on:
workflow_call:
inputs:
# Sets the Mina environment (e.g. staging, production)
# A task by the same name must exist in config/deploy.rb
environment:
required: true
type: string

# Sets the Git branch which will be checked out
branch:
required: true
type: string

# Determines who can manually trigger the workflow
# Example: "@github_username1 @github_username2"
# See: https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow
deployers:
required: false
type: string
default: ''

# Sets BUNDLE_APP_CONFIG environment variable
# See: https://bundler.io/man/bundle-config.1.html
bundle_app_config:
required: false
type: string
default: .bundle/ci-deploy

# Selects the runner on which the workflow will run
# See: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
runner:
required: false
type: string
default: ubuntu-20.04
secrets:
SSH_PRIVATE_KEY:
required: true

jobs:
deploy:
name: Deploy
runs-on: ${{ inputs.runner }}
env:
BUNDLE_APP_CONFIG: ${{ inputs.bundle_app_config }}
if: ${{ github.event_name == 'workflow_dispatch' && contains(inputs.deployers, format('@{0}', github.actor)) || github.event.workflow_run.conclusion == 'success' }}
steps:
- uses: actions/checkout@v2
with:
ref: ${{ inputs.branch }}
- uses: ruby/setup-ruby@v1
with:
bundler-cache: true
- uses: webfactory/ssh-agent@v0.5.4
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- run: bin/deploy ${{ inputs.environment }}
16 changes: 16 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,22 @@ then run if needed:
rbenv global #{latest_ruby}
```

### GitHub Actions

This template uses GitHub Actions for CI/CD. In order for workflows to work properly some [secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) have to be set up.

For build workflow to work, the following secrets must exist (usually set up by DevOps):
- `VAULT_ADDR`
- `VAULT_AUTH_METHOD`
- `VAULT_AUTH_USER_ID`
- `VAULT_AUTH_APP_ID`

For deploy workflows, you need to generate private/public SSH key pairs for each environment. Public key should be added to the server to which you're deploying. Private key should be added as a secret to GitHub and named `SSH_PRIVATE_KEY_#{ENVIRONMENT}`, where `ENVIRONMENT` is replaced with an appropriate environment name (`STAGING`, `PRODUCTION`, etc.).

### Frontend

If your application will have a frontend (the template will ask you that), you must have Node installed on your machine. The template creates a `.node-version` file with the Node version set to the version you're currently running (check by executing `node -v`). Therefore, ensure that you have the latest [Active LTS](https://nodejs.org/en/about/releases/) version of Node running on your machine before using the template.

## Usage

```shell
Expand Down
17 changes: 17 additions & 0 deletions build.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: Build

on: [push]

jobs:
build:
name: Build
uses: infinum/default_rails_template/.github/workflows/build.yml@v1
with:
postgres_image: '13.2'
use_node: false
ci_steps: 'bin/audit bin/lint bin/test'
secrets:
VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
VAULT_AUTH_METHOD: ${{ secrets.VAULT_AUTH_METHOD }}
VAULT_AUTH_USER_ID: ${{ secrets.VAULT_AUTH_USER_ID }}
VAULT_AUTH_APP_ID: ${{ secrets.VAULT_AUTH_APP_ID }}
19 changes: 19 additions & 0 deletions deploy-production.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: Deploy production

on:
workflow_dispatch:
# workflow_run: # UNCOMMENT THIS IF YOU WANT AUTOMATIC PRODUCTION DEPLOYS
# workflows: [Build]
# branches: [master]
# types: [completed]

jobs:
deploy:
name: Deploy
uses: infinum/default_rails_template/.github/workflows/deploy.yml@v1
with:
environment: production
branch: master
deployers: 'DEPLOY USERS GO HERE' # Example: '@github_username1 @github_username2'
secrets:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY_PRODUCTION }}
19 changes: 19 additions & 0 deletions deploy-staging.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: Deploy staging

on:
workflow_dispatch:
workflow_run:
workflows: [Build]
branches: [staging]
types: [completed]

jobs:
deploy:
name: Deploy
uses: infinum/default_rails_template/.github/workflows/deploy.yml@v1
with:
environment: staging
branch: staging
deployers: 'DEPLOY USERS GO HERE' # Example: '@github_username1 @github_username2'
secrets:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY_STAGING }}
Loading

0 comments on commit 3802732

Please sign in to comment.