Remove gudelines version and variant from protocol #601
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: dev | |
on: | |
push: | |
branches: | |
- dev | |
jobs: | |
preinstall-client: | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
node-version: [16] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: pnpm/action-setup@v2 | |
with: | |
version: 8 | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'pnpm' | |
cache-dependency-path: packages/client/pnpm-lock.yaml | |
- name: Get pnpm store directory | |
id: pnpm-cache | |
shell: bash | |
run: | | |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT | |
- uses: actions/cache@v3 | |
name: Setup pnpm cache | |
with: | |
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} | |
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('packages/client/pnpm-lock.yaml') }} | |
restore-keys: | | |
${{ runner.os }}-pnpm-store- | |
- name: Install dependencies | |
run: | | |
cd packages/client | |
pnpm install --frozen-lockfile | |
build-client-staging: | |
needs: [preinstall-client] | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
node-version: [16] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: pnpm/action-setup@v2 | |
with: | |
version: 8 | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'pnpm' | |
cache-dependency-path: packages/client/pnpm-lock.yaml | |
- name: Get pnpm store directory | |
id: pnpm-cache | |
shell: bash | |
run: | | |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT | |
- uses: actions/cache@v3 | |
name: Setup pnpm cache | |
with: | |
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} | |
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('packages/client/pnpm-lock.yaml') }} | |
restore-keys: | | |
${{ runner.os }}-pnpm-store- | |
- name: Install dependencies | |
run: | | |
cd packages/client | |
pnpm install --frozen-lockfile | |
- name: Create env file for client | |
run: | | |
touch packages/client/env/.env.staging | |
echo "$CLIENT_ENV" >> packages/client/env/.env.staging | |
env: | |
CLIENT_ENV: ${{secrets.CLIENT_ENV}} | |
- name: Set current date as env variable | |
run: echo "BUILD_TIMESTAMP=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV | |
- name: Build | |
run: | | |
cd packages/client | |
pnpm build:staging | |
- uses: actions/cache@v3 | |
with: | |
path: packages/client/dist | |
key: client-staging-${{ github.sha }} | |
build-client-data-import: | |
needs: [preinstall-client] | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
node-version: [16] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: pnpm/action-setup@v2 | |
with: | |
version: 8 | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'pnpm' | |
cache-dependency-path: packages/client/pnpm-lock.yaml | |
- name: Get pnpm store directory | |
id: pnpm-cache | |
shell: bash | |
run: | | |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT | |
- uses: actions/cache@v3 | |
name: Setup pnpm cache | |
with: | |
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} | |
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('packages/client/pnpm-lock.yaml') }} | |
restore-keys: | | |
${{ runner.os }}-pnpm-store- | |
- name: Install dependencies | |
run: | | |
cd packages/client | |
pnpm install --frozen-lockfile | |
- name: Create env file for client | |
run: | | |
touch packages/client/env/.env.data-import | |
echo "$CLIENT_ENV" >> packages/client/env/.env.data-import | |
env: | |
CLIENT_ENV: ${{secrets.CLIENT_ENV_DATAIMPORT}} | |
- name: Set current date as env variable | |
run: echo "BUILD_TIMESTAMP=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV | |
- name: Build | |
run: | | |
cd packages/client | |
pnpm build:data-import | |
- uses: actions/cache@v3 | |
with: | |
path: packages/client/dist | |
key: client-data-import-${{ github.sha }} | |
build-client-sandbox: | |
needs: [preinstall-client] | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
node-version: [16] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: pnpm/action-setup@v2 | |
with: | |
version: 8 | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'pnpm' | |
cache-dependency-path: packages/client/pnpm-lock.yaml | |
- name: Get pnpm store directory | |
id: pnpm-cache | |
shell: bash | |
run: | | |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT | |
- uses: actions/cache@v3 | |
name: Setup pnpm cache | |
with: | |
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} | |
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('packages/client/pnpm-lock.yaml') }} | |
restore-keys: | | |
${{ runner.os }}-pnpm-store- | |
- name: Install dependencies | |
run: | | |
cd packages/client | |
pnpm install --frozen-lockfile | |
- name: Create env file for client | |
run: | | |
touch packages/client/env/.env.sandbox | |
echo "$CLIENT_ENV" >> packages/client/env/.env.sandbox | |
env: | |
CLIENT_ENV: ${{secrets.CLIENT_ENV_SANDBOX}} | |
- name: Set current date as env variable | |
run: echo "BUILD_TIMESTAMP=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV | |
- name: Build | |
run: | | |
cd packages/client | |
pnpm build:sandbox | |
- uses: actions/cache@v3 | |
with: | |
path: packages/client/dist | |
key: client-sandbox-${{ github.sha }} | |
build-staging: | |
needs: [build-client-staging] | |
name: Build the staging docker image | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- uses: actions/cache@v3 | |
with: | |
path: packages/client/dist | |
key: client-staging-${{ github.sha }} | |
- name: Generate certificates | |
run: | | |
mkdir -p ./packages/server/secret | |
openssl req -x509 -newkey rsa:2048 -nodes -out ./packages/server/secret/cert.pem -keyout ./packages/server/secret/key.pem -days 365 -subj "/C=FR/O=krkr/OU=Domain Control Validated/CN=*" | |
- name: Run docker build task | |
run: docker build -f Dockerfile.cached -t inkvisitor:staging . | |
- name: Save docker-compose stack | |
run: docker save inkvisitor:staging | gzip > inkvisitor-staging.tar.gz | |
- name: Cache image.tar | |
uses: actions/cache@v2 | |
with: | |
path: inkvisitor-staging.tar.gz | |
key: inkvisitor-staging-${{ github.sha }}.tar.gz | |
build-data-import: | |
needs: [build-client-data-import] | |
name: Build the data-import docker image | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- uses: actions/cache@v3 | |
with: | |
path: packages/client/dist | |
key: client-data-import-${{ github.sha }} | |
- name: Generate certificates | |
run: | | |
mkdir -p ./packages/server/secret | |
openssl req -x509 -newkey rsa:2048 -nodes -out ./packages/server/secret/cert.pem -keyout ./packages/server/secret/key.pem -days 365 -subj "/C=FR/O=krkr/OU=Domain Control Validated/CN=*" | |
- name: Run docker build task | |
run: docker build -f Dockerfile.cached -t inkvisitor:data-import . | |
- name: Save docker-compose stack | |
run: docker save inkvisitor:data-import | gzip > inkvisitor-data-import.tar.gz | |
- name: Cache image.tar | |
uses: actions/cache@v2 | |
with: | |
path: inkvisitor-data-import.tar.gz | |
key: inkvisitor-data-import-${{ github.sha }}.tar.gz | |
build-sandbox: | |
needs: [build-client-sandbox] | |
name: Build the sandbox docker image | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- uses: actions/cache@v3 | |
with: | |
path: packages/client/dist | |
key: client-sandbox-${{ github.sha }} | |
- name: Generate certificates | |
run: | | |
mkdir -p ./packages/server/secret | |
openssl req -x509 -newkey rsa:2048 -nodes -out ./packages/server/secret/cert.pem -keyout ./packages/server/secret/key.pem -days 365 -subj "/C=FR/O=krkr/OU=Domain Control Validated/CN=*" | |
- name: Run docker build task | |
run: docker build -f Dockerfile.cached -t inkvisitor:sandbox . | |
- name: Save docker-compose stack | |
run: docker save inkvisitor:sandbox | gzip > inkvisitor-sandbox.tar.gz | |
- name: Cache image.tar | |
uses: actions/cache@v2 | |
with: | |
path: inkvisitor-sandbox.tar.gz | |
key: inkvisitor-sandbox-${{ github.sha }}.tar.gz | |
deploy: | |
needs: [build-staging, build-data-import, build-sandbox] | |
name: Deploy | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- name: Checkout InkVisitor | |
uses: actions/checkout@v2 | |
- name: Restore cached staging | |
uses: actions/cache@v2 | |
with: | |
path: inkvisitor-staging.tar.gz | |
key: inkvisitor-staging-${{ github.sha }}.tar.gz | |
- name: Restore cached data-import | |
uses: actions/cache@v2 | |
with: | |
path: inkvisitor-data-import.tar.gz | |
key: inkvisitor-data-import-${{ github.sha }}.tar.gz | |
- name: Restore cached sandbox | |
uses: actions/cache@v2 | |
with: | |
path: inkvisitor-sandbox.tar.gz | |
key: inkvisitor-sandbox-${{ github.sha }}.tar.gz | |
- name: Install SSH Key | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: ${{ secrets.SSH_PRIVATE_KEY }} | |
known_hosts: ${{ secrets.KNOWN_HOSTS }} | |
- name: Update packages | |
run: | | |
sudo apt-get update | |
- name: Install OpenVPN | |
run: | | |
sudo apt install -y openvpn openvpn-systemd-resolved | |
- name: Prepare OpenVPN creds file | |
run: | | |
touch pass.txt | |
echo ${{ secrets.VPN_USER }} >> pass.txt | |
echo ${{ secrets.VPN_PASS }} >> pass.txt | |
- name: Pull OpenVPN Config | |
run: curl https://it.muni.cz/media/3404274/muni-main-linux.ovpn -o muni-linux.ovpn | |
- name: Connect to VPN and deploy | |
run: sudo openvpn --config muni-linux.ovpn --auth-user-pass pass.txt --daemon | |
- name: Wait for a VPN connection | |
timeout-minutes: 5 | |
run: until ping -w 5 ${{ secrets.SSH_HOST }}; do sleep 2; done | |
- name: Upload image staging | |
run: scp inkvisitor-staging.tar.gz ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:/var/www/html/apps | |
- name: Upload image data-import | |
run: scp inkvisitor-data-import.tar.gz ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:/var/www/html/apps | |
- name: Upload image sandbox | |
run: scp inkvisitor-sandbox.tar.gz ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:/var/www/html/apps | |
- name: Restart containers | |
run: | | |
ssh -tt ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} -- "sh -c ' | |
podman container prune -f && | |
podman image prune -f && | |
rm -rf /var/tmp/docker-tar* && | |
podman rm inkvisitor-staging --force || true && | |
podman rm inkvisitor-data-import --force || true && | |
podman rm inkvisitor-sandbox --force || true && | |
podman load -i /var/www/html/apps/inkvisitor-staging.tar.gz && | |
podman load -i /var/www/html/apps/inkvisitor-data-import.tar.gz && | |
podman load -i /var/www/html/apps/inkvisitor-sandbox.tar.gz && | |
podman-compose -f /var/www/html/apps/docker-compose.yml up -d inkvisitor-staging && | |
podman-compose -f /var/www/html/apps/docker-compose.yml up -d inkvisitor-data-import && | |
podman-compose -f /var/www/html/apps/docker-compose.yml up -d inkvisitor-sandbox | |
'" |