Merge pull request #28 from interflux-electronics/feature/confirmatio… #309
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Continuous Deployment | |
| on: | |
| push: | |
| branches: | |
| - "production" | |
| jobs: | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:11 | |
| ports: ["5432:5432"] | |
| env: | |
| POSTGRES_USER: bot | |
| POSTGRES_DB: interflux_test | |
| POSTGRES_PASSWORD: password | |
| env: | |
| RAILS_ENV: test | |
| PG_HOST: localhost | |
| PG_USER: bot | |
| PG_DATABASE: interflux_test | |
| PG_PASSWORD: password | |
| JWT_SECRET: ${{ secrets.TEST_JWT_SECRET }} | |
| IP_GEO_API_KEY: ${{ secrets.TEST_IP_GEO_API_KEY }} | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| - run: bin/rails db:create | |
| - run: bin/rails db:schema:load | |
| - run: bin/rails test --verbose | |
| deploy: | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| needs: test | |
| env: | |
| SSH: ${{ secrets.FRANKFURT_SSH }} | |
| URL: [email protected] | |
| ROOT: /var/www/rails.api.interflux.com | |
| steps: | |
| # Clone the repo to the worker server | |
| - uses: actions/checkout@v2 | |
| # Create directory for SSH | |
| - run: mkdir ~/.ssh | |
| # Add the private key of the restricted bot user on the remote server | |
| - run: 'echo "$SSH" > ~/.ssh/$URL' | |
| # Configure SSH to always use the custom key, so we don't have to do ssh -i | |
| - run: 'echo "IdentityFile ~/.ssh/$URL" > ~/.ssh/config' | |
| # Add the remote server to trusted hosts | |
| - run: ssh-keyscan -H frankfurt.server.interflux.com > ~/.ssh/known_hosts | |
| # Set all SSH file permissions | |
| - run: chmod 0755 ~/.ssh/; chmod 600 ~/.ssh/$URL; chmod 644 ~/.ssh/known_hosts | |
| # Create time stamp | |
| - run: echo "TIMESTAMP=$(date -u +"%Y-%m-%d-%H%M%S")-UTC" >> $GITHUB_ENV | |
| # Back up the database | |
| - run: ssh $URL "cd $ROOT; bin/rails db:data:dump_dir dir=backups/production-$TIMESTAMP" | |
| # Pull the latest production code | |
| - run: ssh $URL "cd $ROOT; git checkout production; git pull" | |
| # Install Ruby | |
| - run: ssh $URL "cd $ROOT; rbenv install --skip-existing" | |
| # Install Bundler | |
| - run: ssh $URL "cd $ROOT; gem install bundler -v \"$(grep -A 1 "BUNDLED WITH" Gemfile.lock | tail -n 1)\"" | |
| # Install gems | |
| - run: ssh $URL "cd $ROOT; bundle install" | |
| # Migrate database | |
| - run: ssh $URL "cd $ROOT; bin/rails db:migrate" | |
| # Restart Puma | |
| - run: ssh $URL "cd $ROOT; bin/pumactl -F config/puma/production.rb -T '12345' stop; bin/pumactl -F config/puma/production.rb -T '12345' start" | |
| # Hit the sanity endpoint of the Interflux backend and interpret the data sent back | |
| - run: 'echo "JSON=$(curl --silent https://rails.api.interflux.com/sanity-check -H ''Content-Type: application/vnd.api+json'')" >> $GITHUB_ENV' | |
| - run: echo "STATUS=${{ fromJson(env.JSON).status }}" >> $GITHUB_ENV | |
| - run: echo "REMOTE_REVISION=${{ fromJson(env.JSON).build.git.revision }}" >> $GITHUB_ENV | |
| - run: echo "LOCAL_REVISION=$(echo $GITHUB_SHA | cut -c 1-7)" >> $GITHUB_ENV | |
| # Fail the work flow, something is wrong. | |
| - name: "Sanity check: FAIL" | |
| if: env.REMOTE_REVISION != env.LOCAL_REVISION || env.STATUS != 200 | |
| run: exit -1 | |
| # All green, deploy was successful! | |
| - name: "Sanity check: PASS" | |
| if: env.REMOTE_REVISION == env.LOCAL_REVISION && env.STATUS == 200 | |
| run: exit 0 |