Skip to content

Merge pull request #99 from imperial/fix-auth-callbackurl-redirect #196

Merge pull request #99 from imperial/fix-auth-callbackurl-redirect

Merge pull request #99 from imperial/fix-auth-callbackurl-redirect #196

Workflow file for this run

# This workflow will do a clean installation of node dependencies, cache/restore them, build the source code and run tests across different versions of node
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/https://github.com/imperial/cpp-connect/tree/mainbuilding-and-testing-nodejs
name: Node.js CI
# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
IMPAAS_APP_NAME: cpp-connect
IMPAAS_DEPLOY_TOKEN: ${{ secrets.IMPAAS_DEPLOY_TOKEN }}
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Use Node.js 20.x
uses: actions/setup-node@v4
with:
node-version: 20.x
cache: "npm"
- uses: actions/cache@v4 # From https://nextjs.org/docs/pages/building-your-application/deploying/ci-build-caching#github-actions
with:
# See here for caching with `yarn` https://github.com/actions/cache/blob/main/examples.md#node---yarn or you can leverage caching with actions/setup-node https://github.com/actions/setup-node
path: |
${{ github.workspace }}/.next/cache
# Generate a new cache whenever packages or source files change.
key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx') }}
# If source files changed but packages didn't, rebuild from a prior cache.
restore-keys: |
${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-
- run: npm ci
- run: npm run lint
format-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Use Node.js 20.x
uses: actions/setup-node@v4
with:
node-version: 20.x
cache: "npm"
- uses: actions/cache@v4 # From https://nextjs.org/docs/pages/building-your-application/deploying/ci-build-caching#github-actions
with:
# See here for caching with `yarn` https://github.com/actions/cache/blob/main/examples.md#node---yarn or you can leverage caching with actions/setup-node https://github.com/actions/setup-node
path: |
${{ github.workspace }}/.next/cache
# Generate a new cache whenever packages or source files change.
key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-${{ hashFiles('**/*.js', '**/*.jsx', '**/*.ts', '**/*.tsx') }}
# If source files changed but packages didn't, rebuild from a prior cache.
restore-keys: |
${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json') }}-
- run: npm ci
- run: npm run format -- --check
# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
build-and-push-image:
needs:
- lint
- format-check
runs-on: ubuntu-latest
# Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
permissions:
contents: read
packages: write
attestations: write
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# Uses the `docker/login-action` action to log in to the Container registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=sha
type=raw,value=latest,enable={{is_default_branch}}
# This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
# It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
# It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
- name: Build and push Docker image
id: push
uses: docker/build-push-action@v6
with:
context: .
# pushes regardless; only main tagged with latest
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
no-cache: true
# Deploy!
deploy-impaas:
needs:
- build-and-push-image
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
env:
TSURU_TOKEN: ${{ secrets.IMPAAS_DEPLOY_TOKEN }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install ImPaaS CLI
run: |
curl -fsSL "https://tsuru.io/get" | bash
- name: Setup ImPaaS CLI
run: |
tsuru target add impaas https://impaas.uk -s
- name: Deploy to ImPaaS
run: |
tsuru app deploy -i ghcr.io/imperial/cpp-connect:latest -a cpp-connect
- name: Run migrations
run: |
tsuru app run "DATABASE_URL=postgres://\$PGUSER:\$PGPASSWORD@\$PGHOST:\$PGPORT/\$PGDATABASE npm exec prisma migrate deploy" -a cpp-connect
- name: Set environment variables
run: |
tsuru env set -a cpp-connect NEXTAUTH_URL=${{ vars.NEXTAUTH_URL }} EMAIL_SERVER_USER=${{ secrets.EMAIL_SERVER_USER }} EMAIL_SERVER_PASSWORD=${{ secrets.EMAIL_SERVER_PASSWORD }} EMAIL_SERVER_HOST=${{ secrets.EMAIL_SERVER_HOST }} EMAIL_SERVER_PORT=${{ secrets.EMAIL_SERVER_PORT }} EMAIL_FROM=${{ secrets.EMAIL_FROM }} AUTH_SECRET=${{ secrets.AUTH_SECRET }} AUTH_TRUST_HOST=true