.github/workflows/deployment.yaml

name: Build images and deploy

on:
  push:
    branches: [develop, gp4btc-stg, gp4btc-release]
    paths-ignore:
      - 'devops/**'
  workflow_dispatch:

jobs:
  cancel-previous:
    name: 'Cancel Previous Runs'
    runs-on: ubuntu-latest
    timeout-minutes: 3
    steps:
      - uses: styfle/cancel-workflow-action@0.10.0
        with:
          access_token: ${{ github.token }}
  unique_id:
    runs-on: ubuntu-latest
    steps:
      - name: Generate unique id
        id: unique_id
        run: echo "::set-output name=id::$(uuidgen)"
    outputs:
      unique_id: ${{ steps.unique_id.outputs.id }}
  install-build-and-push:
    runs-on: ubuntu-latest
    needs: [cancel-previous, unique_id]
    steps:
      - name: Get GHA environment name
        id: env_vars
        run: |
          echo "Running on branch ${{ github.ref }}"
          if [ "${{ github.ref }}" = "refs/heads/develop" ]; then
            echo "::set-output name=aws_access_key_id::${{ secrets.DEV_AWS_ACCESS_KEY_ID }}"
            echo "::set-output name=aws_secret_key::${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}"
            echo "::set-output name=aws_region::${{ secrets.DEV_AWS_REGION }}"
            echo "::set-output name=aws_ecr_repository::${{ secrets.DEV_ECR_REPOSITORY }}"
            echo "::set-output name=argocd_url::${{ secrets.DEV_ARGOCD_URL }}"
            echo "::set-output name=argocd_username::${{ secrets.DEV_ARGOCD_USERNAME }}"
            echo "::set-output name=argocd_password::${{ secrets.DEV_ARGOCD_PASS }}"
          elif [ "${{ github.ref }}" = "refs/heads/gp4btc-stg" ]; then
            echo "::set-output name=aws_access_key_id::${{ secrets.STAGING_AWS_ACCESS_KEY_ID }}"
            echo "::set-output name=aws_secret_key::${{ secrets.STAGING_AWS_SECRET_ACCESS_KEY }}"
            echo "::set-output name=aws_region::${{ secrets.STAGING_AWS_REGION }}"
            echo "::set-output name=aws_ecr_repository::${{ secrets.STAGING_ECR_REPOSITORY }}"
            echo "::set-output name=argocd_url::${{ secrets.STAGING_ARGOCD_URL }}"
            echo "::set-output name=argocd_username::${{ secrets.STAGING_ARGOCD_USERNAME }}"
            echo "::set-output name=argocd_password::${{ secrets.STAGING_ARGOCD_PASS }}"
          elif [ "${{ github.ref }}" = "refs/heads/gp4btc-release" ]; then
            echo "::set-output name=aws_access_key_id::${{ secrets.PROD_AWS_ACCESS_KEY_ID }}"
            echo "::set-output name=aws_secret_key::${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}"
            echo "::set-output name=aws_region::${{ secrets.PROD_AWS_REGION }}"
            echo "::set-output name=aws_ecr_repository::${{ secrets.PROD_ECR_REPOSITORY }}"
            echo "::set-output name=argocd_url::${{ secrets.PROD_ARGOCD_URL }}"
            echo "::set-output name=argocd_username::${{ secrets.PROD_ARGOCD_USERNAME }}"
            echo "::set-output name=argocd_password::${{ secrets.PROD_ARGOCD_PASS }}"
          else
            echo "Branch ${{ github.ref }} is not configured for deployment"
            exit 1
          fi
      - uses: actions/checkout@v3

      - name: Setup app dependencies
        uses: actions/setup-node@v3
        with:
          node-version-file: '.nvmrc'

      - uses: actions/cache@v3
        id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
        with:
          path: |
            authorization-server/node_modules
            backend-server/node_modules
            generate-identity-cli/node_modules

          key: ${{ runner.os }}-node_modules-${{ hashFiles('**/yarn.lock') }}

      - name: Install dependencies
        run: yarn install

      - name: Check linting
        run: yarn lint

      - name: Build project
        run: yarn build

      - name: Test project
        env:
          LOG_LEVEL: 'error'
          SELF_BASE_URL: http://127.0.0.1:3000
          RPC_URL: 'https://volta-rpc-vkn5r5zx4ke71f9hcu0c.energyweb.org/'
          CACHE_SERVER_URL: 'https://identitycache-dev.energyweb.org/v1'
          CACHE_SERVER_LOGIN_PRVKEY: 'eab5e5ccb983fad7bf7f5cb6b475a7aea95eff0c6523291b0c0ae38b5855459c'
          DID_REGISTRY_ADDRESS: '0xc15d5a57a8eb0e1dcbe5d88b8f9a82017e5cc4af'
          ENS_REGISTRY_ADDRESS: '0xd7CeF70Ba7efc2035256d828d5287e2D285CD1ac'
          ENS_RESOLVER_ADDRESS: '0xcf72f16Ab886776232bea2fcf3689761a0b74EfE'
          IPFS_PROTOCOL: https
          IPFS_HOST: ipfs.infura.io
          IPFS_PORT: 5001
          IPFS_PROJECTID: ${{ secrets.IPFS_PROJECTID }}
          IPFS_PROJECTSECRET: ${{ secrets.IPFS_PROJECTSECRET }}
          REDIS_HOST: 'localhost'
          REDIS_PORT: 61379
          JWT_SECRET: 'asecret'
          JWT_ACCESS_TTL: 60
          JWT_REFRESH_TTL: 600
          SIWE_NONCE_TTL: 120
          FAIL_ON_REDIS_UNAVAILABLE: true
          AUTH_COOKIE_ENABLED: true
          IDENTITY_TOKEN: ${{ secrets.IDENTITY_TOKEN }}
          BLOCKNUM_AUTH_ENABLED: true
          ACCEPTED_ROLES: ''
          INCLUDE_ALL_ROLES: false
        run: yarn test

      - name: Get the tag version

        id: get_version
        run: echo ::set-output name=VERSION::${GITHUB_REF#refs/tags/}

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ steps.env_vars.outputs.aws_access_key_id }}
          aws-secret-access-key: ${{ steps.env_vars.outputs.aws_secret_key }}
          aws-region: ${{ steps.env_vars.outputs.aws_region }}

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1

      - name: Build & push docker images (AWS)
        env:
          BUILD_ID: ${{needs.unique_id.outputs.unique_id}}
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        run: |
          docker build --build-arg GIT_SHA=${{ github.sha }} -t $ECR_REGISTRY/${{ steps.env_vars.outputs.aws_ecr_repository }}:$BUILD_ID -f authorization-server/Dockerfile ./authorization-server
          docker push $ECR_REGISTRY/${{ steps.env_vars.outputs.aws_ecr_repository }}:$BUILD_ID
          docker tag $ECR_REGISTRY/${{ steps.env_vars.outputs.aws_ecr_repository }}:$BUILD_ID $ECR_REGISTRY/${{ steps.env_vars.outputs.aws_ecr_repository }}:latest
          docker push $ECR_REGISTRY/${{ steps.env_vars.outputs.aws_ecr_repository }}:latest

      - name: Logout of Amazon ECR
        if: always()
        run: docker logout ${{ steps.login-ecr.outputs.registry }}

      - name: ArgoCD login
        uses: clowdhaus/argo-cd-action/@v1.12.1
        id: argocd_login
        with:
          command: login ${{ steps.env_vars.outputs.argocd_url }}
          options: --insecure --password ${{ steps.env_vars.outputs.argocd_password }} --username ${{ steps.env_vars.outputs.argocd_username }}

      - name: ArgoCD overvrite HELM values.yaml
        uses: clowdhaus/argo-cd-action/@v1.12.1
        id: argocd_image_helm_tag_overwrite
        if: ${{ github.ref == 'refs/heads/develop' }}
        with:
          command: app set did-auth-proxy
          options: -p did-auth-proxy-helm.image.tag=${{needs.unique_id.outputs.unique_id}}

      - name: ArgoCD overvrite IAM-DID-AUTH-PROXY values.yaml
        uses: clowdhaus/argo-cd-action/@v1.12.1
        id: argocd_image_helm_tag_overwrite_iam
        with:
          command: app set iam-did-auth-proxy
          options: -p did-auth-proxy-helm.image.tag=${{needs.unique_id.outputs.unique_id}}