infra: TODO: add a dummy deployment workflow,

naxa-developers · Nov 15, 2024 · e1b1529 · e1b1529
1 parent 81ab51c
commit e1b1529
Show file tree

Hide file tree

Showing 3 changed files with 127 additions and 16 deletions.
diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml
@@ -35,6 +35,8 @@ jobs:
   frontend-build:
     uses: naxa-developers/tasking-manager/.github/workflows/frontend-build.yml@ci-gh-workflows
     secrets: inherit
+    needs:
+      - frontend-test
     with:
       node-version: 16.x
       context: ./frontend
@@ -54,16 +56,28 @@ jobs:
         with:
           name: ${{ needs.frontend-build.outputs.artifact-name }}
           path: ./build
-
+      #TODO: Handle Auth and upload to respective s3 bucket & do a cloudfront invalidation
       - name: Debug check files
         run: |
           ls -alh
           ls -alh build
 
+  backend-build:
+    uses: hotosm/gh-workflows/.github/workflows/[email protected]
+    with:
+      context: .
+      build_target: prod
+      image_name: ghcr.io/${{ github.repository }}/backend:$GITHUB_SHA
+      dockerfile: Dockerfile
+      scan_image: false
+    secrets: inherit
+
   backend-test:
+    needs: 
+      - backend-build
     uses: naxa-developers/tasking-manager/.github/workflows/test_compose.yml@ci-gh-workflows
     with:
-      image_name: ghcr.io/${{ github.repository }}/backend
+      image_name: ghcr.io/${{ github.repository }}/backend:$GITHUB_SHA
       pre_command: |
         docker compose --file docker-compose.yml up -d
         sleep 15
@@ -73,31 +87,22 @@ jobs:
       # TODO: Compose command to be updated once dev have test setup running. For now just a simple curl command.
       compose_command: curl -i http://localhost:5000/api/v2/
       tag_override: ci-${{ github.ref_name }}
-      # coverage: true
+      run_tests: true
+      coverage: false
       example_env_file_path: example.env
       env_file_path: tasking-manager.env
     secrets: inherit
-
-  backend-build:
-    uses: hotosm/gh-workflows/.github/workflows/[email protected]
-    with:
-      context: .
-      build_target: prod
-      image_name: ghcr.io/${{ github.repository }}/backend
-      dockerfile: Dockerfile
-      scan_image: false
-    secrets: inherit
-
+
   backup-database:
     runs-on: ubuntu-latest
     needs: 
-      - backend-build
       - backend-test
     name: Backup Database before deployment
     steps:
       - name: Create Snapshot
         run:
           echo " TODO Database backup Steps; See CircleCI"
+          # See https://app.circleci.com/pipelines/github/hotosm/tasking-manager/11487/workflows/e98ba643-5812-4b2a-a09f-cc499285b3cc/jobs/23599
     #TODO: Check circleci for references
 
   backend_deploy_to_vm:

diff --git a/.github/workflows/remote_deploy_compose.yml b/.github/workflows/remote_deploy_compose.yml
@@ -0,0 +1,100 @@
+# Note: variables: SSH_HOST and SSH_USER must be set for your environment.
+# Note: secrets: SSH_PRIVATE_KEY must be set for your environment.
+
+name: Remote Deploy (Compose)
+
+on:
+  workflow_call:
+    inputs:
+      environment:
+        description: "The Github environment to get variables from. Default repository vars."
+        required: false
+        type: string
+      docker_compose_file:
+        description: "Path to docker compose file to deploy."
+        required: true
+        type: string
+      example_env_file_path:
+        description: "Path to example dotenv file to substitute variables for."
+        type: string
+        default: .env.example
+      env_file_path:
+        description: "Path to write dotenv file"
+        type: string
+        default: .env
+
+jobs:
+  remote-deploy:
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Vars and Secrets to Env
+        env:
+          GIT_BRANCH: ${{ github.ref_name }}
+          VARS_CONTEXT: ${{ toJson(vars) }}
+          SECRETS_CONTEXT: ${{ toJson(secrets) }}
+        run: |
+          # Random delimeter string for security
+          delim=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
+
+          # Parse JSON with multiline strings, using delimeter (Github specific)
+          to_envs() { jq -r "to_entries[] | \"\(.key)<<$delim\n\(.value)\n$delim\n\""; }
+
+          # Set vars to env for next step
+          echo "GIT_BRANCH=${GIT_BRANCH}" >> $GITHUB_ENV
+          echo "TAG_OVERRIDE=${TAG_OVERRIDE}" >> $GITHUB_ENV
+
+          # Set VARS_CONTEXT if not null
+          if [ "${VARS_CONTEXT}" != "null" ]; then
+            echo "${VARS_CONTEXT}" | to_envs >> $GITHUB_ENV
+          fi
+
+          # Set SECRETS_CONTEXT if not null
+          if [ "${SECRETS_CONTEXT}" != "null" ]; then
+            echo "${SECRETS_CONTEXT}" | to_envs >> $GITHUB_ENV
+          fi
+
+      - name: Create .env file
+        env:
+          EXAMPLE_DOTENV: ${{ inputs.example_env_file_path }}
+        run: |
+          echo "Checking if ${EXAMPLE_DOTENV} exists"
+          if [ -f ${EXAMPLE_DOTENV} ]; then
+            # Get a8m/envsubst (required for default vals syntax ${VAR:-default})
+            echo "Downloading envsubst"
+            curl -L https://github.com/a8m/envsubst/releases/download/v1.2.0/envsubst-`uname -s`-`uname -m` -o envsubst
+            if [ $? -ne 0 ]; then
+                echo "Failed to download envsubst"
+                exit 1
+            fi
+            chmod +x envsubst
+            echo "Substituting variables from ${EXAMPLE_DOTENV} --> ${{ inputs.env_file_path }}"
+            ./envsubst < "${EXAMPLE_DOTENV}" > ${{ inputs.env_file_path }}
+          else
+            echo "${EXAMPLE_DOTENV} not found, creating empty ${{ inputs.env_file_path }}"
+            touch ${{ inputs.env_file_path }}
+          fi
+
+          echo "GIT_BRANCH=${GIT_BRANCH}" >> ${{ inputs.env_file_path }}
+          echo "TAG_OVERRIDE=${TAG_OVERRIDE}" >> ${{ inputs.env_file_path }}
+      
+      # TODO: Add step to force new deployment here: also update image_tag accordingly in terraform vars.
+      # - uses: webfactory/[email protected]
+      #   with:
+      #     ssh-private-key: "${{ secrets.SSH_PRIVATE_KEY }}"
+
+      # - name: Add host keys to known_hosts
+      #   run: |
+      #     ssh-keyscan "${{ vars.SSH_HOST }}" >> ~/.ssh/known_hosts
+
+      # - name: Deploy
+      #   run: |
+      #     docker compose --file ${{ inputs.docker_compose_file }} pull
+      #     docker compose --file ${{ inputs.docker_compose_file }} up \
+      #       --detach --remove-orphans --force-recreate
+      #   env:
+      #     DOCKER_HOST: "ssh://${{ vars.SSH_USER }}@${{ vars.SSH_HOST }}"
diff --git a/.github/workflows/test_compose.yml b/.github/workflows/test_compose.yml
@@ -67,6 +67,11 @@ on:
         description: "Path to example dotenv file to substitute variables for."
         type: string
         default: .env.example
+      run_tests:
+        description: "If to run python tests."
+        required: false
+        type: boolean
+        default: false
       coverage:
         description: "Generate a coverage HTML report (requires coverage.py installed)."
         required: false
@@ -273,10 +278,11 @@ jobs:
       # Run the tests via a pre-configured docker compose service
       # For --no-TTY explanation, see: https://github.com/actions/runner-images/issues/5022
       - name: Run Tests
-        if: ${{ ! inputs.coverage && ! inputs.playwright }}
+        if: ${{ ! inputs.run_tests }}
         run: |
           ${{ inputs.pre_command }}
           
+          # Docker compose command to run tests.
           docker compose --file ${{ inputs.compose_file }} \
             exec -i ${{ inputs.compose_service }} ${{ inputs.compose_command }}