Test, build and deploy #345
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test, build and deploy | |
# Controls when the action will run. Triggers the workflow on manual trigger or push | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- staging | |
- master | |
- test | |
paths-ignore: | |
- '**.md' | |
- '.github/workflows/health-test.yml' | |
- '.github/health_test_src/**' | |
- '**.dev.yml' | |
jobs: | |
test-build-deploy: | |
name: Runs unit tests, builds docker image and deploys image | |
runs-on: ubuntu-latest | |
env: | |
DB_HOST: 127.0.0.1 | |
KPAS_DOMAIN: kpas-lti-staging-kpas.azurewebsites.net #NB! must match certificate in .github/kpas_ssl_certs | |
CANVAS_DOMAIN: bibsys.instructure.com | |
CANVAS_ACCOUNT_ID: 99 | |
KPAS_LTI_GIT_COMMIT: 7274efb45554b025d3b9800ab4e915003fe81fb0 #Exactly which state in the KPAS-LTI git repository should be used as dependency during our tests | |
DJANGO_SECRET_KEY: not_secret_key | |
#CA_FILE_NAME: ca.crt | |
AZURE_CONTAINER_REGISTRY: udirkpas.azurecr.io | |
AZURE_RESOURCE_GROUP: laravel | |
AZURE_APP_NAME: statistics-api | |
WEBSITES_PORT: 8000 | |
steps: | |
# GitHub repository checkout | |
- name: GitHub repository checkout | |
uses: actions/checkout@v1 | |
- name: Log in to Azure | |
run: | | |
az login --service-principal --username 50d27170-f4e0-4185-ac88-27d0348a5dc5 --password ${{ secrets.AZURE_CLIENT_SECRET }} --tenant 8cd185d3-3aa6-4594-833d-a058dabb5b6d | |
- name: Log in to Docker | |
run: | | |
az acr login --username 50d27170-f4e0-4185-ac88-27d0348a5dc5 --password ${{ secrets.AZURE_CLIENT_SECRET }} --name udirkpas.azurecr.io | |
- name: Start MySQL service | |
run: | | |
sudo bash -c 'echo "[mysqld]" >> /etc/mysql/my.cnf' | |
sudo bash -c 'echo "port = 3307" >> /etc/mysql/my.cnf' | |
sudo bash -c 'echo "bind-address = 0.0.0.0" >> /etc/mysql/my.cnf' | |
sudo systemctl start mysql.service | |
- name: Install python depedencies | |
run: | | |
sudo apt-get install python3-setuptools | |
python3 -m pip install -r requirements.txt | |
- name: Run Django migrations | |
run: | | |
mysql --port=3307 --protocol=tcp --host=127.0.0.1 -uroot -proot -e 'CREATE DATABASE `canvas-api`;' | |
DB_DATABASE=canvas-api DB_USERNAME=root DB_PASSWORD=root DB_PORT=3307 PYTHONPATH="${GITHUB_WORKSPACE}" python3 manage.py makemigrations | |
DB_DATABASE=canvas-api DB_USERNAME=root DB_PASSWORD=root DB_PORT=3307 PYTHONPATH="${GITHUB_WORKSPACE}" python3 manage.py migrate | |
- name: Run Django unit tests | |
run: | | |
DJANGO_DEBUG=True CANVAS_ACCESS_KEY=${{ secrets.CANVAS_ACCESS_KEY }} DJANGO_SETTINGS_MODULE=statistics_api.tests.test_settings DB_DATABASE=canvas-api DB_USERNAME=root DB_PASSWORD=root DB_PORT=3307 PYTHONPATH="${GITHUB_WORKSPACE}" python3 manage.py test --settings statistics_api.tests.test_settings --verbosity=3 | |
# Checking that only the issue is the SECURE_HSTS_SECONDS warning | |
- name: Run manage.py check --deploy | |
run: | | |
DB_DATABASE=canvas-api DB_USERNAME=root DB_PASSWORD=root DB_PORT=3307 DJANGO_SECRET_KEY=notasecretkeyExfvXUyFFA9iAH7BYwsL1nN3XIbBcX7djoBSque6bOLXmnf7GD PYTHONPATH="${GITHUB_WORKSPACE}" python3 manage.py check --deploy | |
if [ `DB_DATABASE=canvas-api DB_USERNAME=root DB_PASSWORD=root DB_PORT=3307 DJANGO_SECRET_KEY=notasecretkeyExfvXUyFFA9iAH7BYwsL1nN3XIbBcX7djoBSque6bOLXmnf7GD PYTHONPATH="${GITHUB_WORKSPACE}" python3 manage.py check --deploy 2>&1 | grep -E "System check identified [0-9]+ issue" | grep -E -o [0-9]+ | head -1` -lt 2 ] | |
then | |
exit 0 | |
else | |
exit 1 | |
fi | |
- name: Build and push Docker image to registry, triggering new deployment | |
run: | | |
if [ "$GITHUB_REF" = "refs/heads/staging" ] | |
then | |
docker build --build-arg WEBSITES_PORT=$WEBSITES_PORT . -f Dockerfile -t $AZURE_CONTAINER_REGISTRY/statistics-api-staging | |
az webapp config appsettings set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} -g $AZURE_RESOURCE_GROUP -n $AZURE_APP_NAME --slot staging --settings \ | |
"CANVAS_ACCESS_KEY=${{ secrets.CANVAS_ACCESS_KEY }}" \ | |
"DB_PASSWORD=${{ secrets.STAGING_DB_PASSWORD }}" \ | |
"DB_USERNAME=${{ secrets.STAGING_DB_USERNAME }}" \ | |
"DJANGO_SECRET_KEY=${{ secrets.STAGING_DJANGO_SECRET_KEY }}" \ | |
"DOCKER_REGISTRY_SERVER_PASSWORD=${{ secrets.DOCKER_REGISTRY_SERVER_PASSWORD }}" \ | |
"KPAS_API_ACCESS_TOKEN=${{ secrets.STAGING_KPAS_API_ACCESS_TOKEN }}" \ | |
"WEBSITES_PORT=$WEBSITES_PORT" \ | |
"DOCKER_REGISTRY_SERVER_URL=https://$AZURE_CONTAINER_REGISTRY" \ | |
"GIT_COMMIT=${GITHUB_SHA}" \ | |
@"${GITHUB_WORKSPACE}/.github/app_service_config/staging_app_service_config.json" | |
docker push $AZURE_CONTAINER_REGISTRY/statistics-api-staging | |
elif [ "$GITHUB_REF" = "refs/heads/master" ] | |
then | |
docker build --build-arg WEBSITES_PORT=$WEBSITES_PORT . -f Dockerfile -t $AZURE_CONTAINER_REGISTRY/statistics-api | |
az webapp config appsettings set --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} -g $AZURE_RESOURCE_GROUP -n $AZURE_APP_NAME --settings \ | |
"CANVAS_ACCESS_KEY=${{ secrets.CANVAS_ACCESS_KEY }}" \ | |
"DB_PASSWORD=${{ secrets.DB_PASSWORD }}" \ | |
"DB_USERNAME=${{ secrets.DB_USERNAME }}" \ | |
"DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }}" \ | |
"DOCKER_REGISTRY_SERVER_PASSWORD=${{ secrets.DOCKER_REGISTRY_SERVER_PASSWORD }}" \ | |
"KPAS_API_ACCESS_TOKEN=${{ secrets.KPAS_API_ACCESS_TOKEN }}" \ | |
"WEBSITES_PORT=$WEBSITES_PORT" \ | |
"DOCKER_REGISTRY_SERVER_URL=https://$AZURE_CONTAINER_REGISTRY" \ | |
"GIT_COMMIT=${GITHUB_SHA}" \ | |
@"${GITHUB_WORKSPACE}/.github/app_service_config/app_service_config.json" | |
docker push $AZURE_CONTAINER_REGISTRY/statistics-api | |
fi |