ci: create deploy wokflow (#5090)

monicahq · Apr 24, 2021 · 45b02da · 45b02da
1 parent f808704
commit 45b02da
Show file tree

Hide file tree

Showing 17 changed files with 440 additions and 133 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -12,7 +12,7 @@ on:
     types: [completed]
 
 env:
-  php-version: 7.4
+  php-version: '8.0'
   node-version: 15
 
 jobs:

diff --git a/.github/workflows/cypress.yml b/.github/workflows/cypress.yml
@@ -84,7 +84,7 @@ jobs:
       - name: Prepare environment
         run: |
           cp scripts/ci/.env.mysql .env
-          touch config/.version config/.release .sentry-release .sentry-commit
+          touch config/.version config/.release config/.commit
           mkdir -p results/coverage
           echo "REQUIRES_SUBSCRIPTION=true" >> .env
 

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,235 @@
+name: Deploy
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches-ignore: ['l10n_master*']
+  release:
+    types: [created]
+
+  workflow_run:
+    workflows: ['Compress images']
+    types: [completed]
+
+  workflow_dispatch:
+
+env:
+  php-version: '8.0'
+  node-version: 15
+
+jobs:
+  #############
+  # Build
+  #############
+  build:
+    runs-on: ubuntu-latest
+    name: Build assets
+    outputs:
+      version: ${{ steps.version.outputs.version }}
+
+    strategy:
+      fail-fast: false
+
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Setup PHP ${{ env.php-version }}
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ env.php-version }}
+          extensions: imagick, redis
+          coverage: none
+      - name: Check PHP Version
+        run: php -v
+      - name: Check Composer Version
+        run: composer -V
+      - name: Check PHP Extensions
+        run: php -m
+
+    # Composer
+      - name: Validate composer.json and composer.lock
+        run: composer validate
+
+      - name: Get Composer Cache Directory
+        id: composer-cache
+        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+      - name: Cache composer files
+        uses: actions/cache@v2.1.5
+        with:
+          path: ${{ steps.composer-cache.outputs.dir }}
+          key: ${{ runner.os }}-composer-${{ env.php-version }}-${{ hashFiles('**/composer.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-composer-${{ env.php-version }}-${{ hashFiles('**/composer.lock') }}
+            ${{ runner.os }}-composer-${{ env.php-version }}
+            ${{ runner.os }}-composer-
+
+      - name: Install composer dependencies
+        run: composer install --no-progress --no-interaction --prefer-dist --optimize-autoloader
+
+    # Yarn
+      - name: Setup Node.js
+        uses: actions/setup-node@v2
+        with:
+          node-version: ${{ env.node-version }}
+      - name: Get yarn cache directory path
+        id: yarn-cache
+        run: echo "::set-output name=dir::$(yarn cache dir)"
+      - name: Cache yarn files
+        uses: actions/cache@v2.1.5
+        with:
+          path: ${{ steps.yarn-cache.outputs.dir }}
+          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
+            ${{ runner.os }}-yarn-
+
+      - name: Install yarn dependencies
+        run: yarn inst
+      - name: Lint files
+        run: yarn run lint:fix
+
+      - name: Check if there is any file update needed
+        id: check
+        run: |
+          status=$(git status --porcelain)
+          if [ -z "$status" ]; then
+            echo "Nothing to push, already up to date."
+          else
+            echo -e "Waiting modifications:\n$status"
+            echo "::error::Resources are not up to date. Please rebuild with: 'yarn run lint:all' and 'yarn run prod'."
+            exit -1
+          fi
+
+      - name: Get version or revision
+        id: version
+        run: echo "::set-output name=version::$(git describe --abbrev=0 --tags --exact-match $GITHUB_SHA 2>/dev/null || git log --pretty="%h" -n1 $GITHUB_SHA)"
+
+      - name: Prepare environment
+        run: |
+          { \
+            echo "MIX_PROD_SOURCE_MAPS=true"; \
+            echo "MIX_SENTRY_RELEASE=${{ steps.version.outputs.version }}"; \
+          } | tee .env
+
+      - name: Build assets
+        run: yarn run production
+
+      - name: Store assets
+        uses: actions/upload-artifact@v2
+        with:
+          name: assets
+          path: |
+            public/mix-manifest.json
+            public/js
+            public/css
+            !public/**/*.map
+
+      - name: Store source maps
+        uses: actions/upload-artifact@v2
+        with:
+          name: sourcemaps
+          path: |
+            public/**/*.map
+
+
+  ######################
+  # Deploy on fortrabbit
+  ######################
+  deploy:
+    runs-on: ubuntu-latest
+    name: Deploy
+    needs: build
+    if: github.event_name != 'pull_request'
+
+    environment: fortrabbit
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - uses: webfactory/ssh-agent@v0.5.2
+        with:
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+
+      - name: Download assets
+        uses: actions/download-artifact@v2
+        with:
+          name: assets
+          path: public
+
+      - name: Configure Git
+        run: |
+          git config user.email $GIT_EMAIL
+          git config user.name $GIT_USERNAME
+        env:
+          GIT_EMAIL: ${{ secrets.GIT_EMAIL }}
+          GIT_USERNAME: ${{ secrets.GIT_USERNAME }}
+
+      - name: Create release files
+        run: |
+          echo ${{ needs.build.outputs.version }} > config/.release
+          echo $GITHUB_SHA > config/.commit
+
+      - name: Update .htaccess
+        run: cp -f scripts/.htaccess_production public/.htaccess
+
+      - name: Commit everything
+        run: |
+          git add -A --force public config
+          git commit -m "Build $($CURRENT_DATE_TIME)"
+        env:
+          CURRENT_DATE_TIME: "date +%Y-%m-%d:%H-%M"
+
+      - name: Deploy
+        run: |
+          git remote add deploy $REPO_URL
+          git push deploy --force
+        env:
+          # This avoids a failure when the client does not know the SSH Host already
+          GIT_SSH_COMMAND: "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
+          REPO_URL: ${{ secrets.REPO_URL }}
+
+
+  ############################
+  # Create a release on sentry
+  ############################
+  sentry:
+    runs-on: ubuntu-latest
+    name: Sentry release
+    needs: build
+    if: github.event_name != 'pull_request'
+
+    environment: sentry
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Download assets
+        uses: actions/download-artifact@v2
+        with:
+          name: assets
+          path: public
+
+      - name: Download source maps
+        uses: actions/download-artifact@v2
+        with:
+          name: sourcemaps
+          path: public
+
+      - name: Create Sentry release
+        uses: getsentry/action-release@v1
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+          SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
+        with:
+          environment: ${{ secrets.SENTRY_ENVIRONMENT }}
+          sourcemaps: public/js/app.js public/js/app.js.map
+          version: ${{ needs.build.outputs.version }}
+          url_prefix: ~/js
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -8,9 +8,10 @@ on:
 jobs:
   docker-run:
     runs-on: ubuntu-latest
+    name: Docker build master
+
     strategy:
       fail-fast: false
-    name: Docker build master
 
     steps:
       - name: Checkout sources

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -11,7 +11,7 @@ on:
   workflow_dispatch:
 
 env:
-  php-version: 7.4
+  php-version: '8.0'
   node-version: 15
 
 
@@ -111,31 +111,21 @@ jobs:
             ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
             ${{ runner.os }}-yarn-
 
-      - name: Create package
-        id: package
-        run: scripts/ci/package.sh 'v${{ needs.semantic.outputs.new_release_version }}'
-
       - name: Import key
         run: echo -e "$GPG_KEY" | gpg --batch --yes --import -
         env:
           GPG_KEY: ${{ secrets.GPG_KEY }}
 
-      - name: Sign package
-        run: |
-          sha512sum '${{ steps.package.outputs.package }}' > '${{ steps.package.outputs.package }}.sha512'
-          sha512sum '${{ steps.package.outputs.assets }}' > '${{ steps.package.outputs.assets }}.sha512'
-          for f in '${{ steps.package.outputs.package }}{,.sha512}' '${{ steps.package.outputs.assets }}{,.sha512}'; do
-            echo "Signing '$f'..."
-            echo "$GPG_PASSPHRASE" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode=loopback --local-user $GPG_FINGERPRINT --sign --armor --detach-sig --output "$f.asc" "$f"
-            echo -e "\nSigned with key fingerprint $GPG_FINGERPRINT" >> "$f.asc"
-          done
+      - name: Create package
+        id: package
+        run: scripts/ci/package.sh 'v${{ needs.semantic.outputs.new_release_version }}' $GITHUB_SHA
         env:
           GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
           GPG_FINGERPRINT: ${{ secrets.GPG_FINGERPRINT }}
 
       - name: Publish package
         run: |
-          for f in '${{ steps.package.outputs.package }}{,.asc,.sha512,.sha512.asc}' '${{ steps.package.outputs.assets }}{,.asc,.sha512,.sha512.asc}'; do
+          for f in '{${{ steps.package.outputs.package }},${{ steps.package.outputs.assets }}}{,.asc,.sha512,.sha512.asc}'; do
             echo "Uploading release file '$f'..."
             gh release upload 'v${{ needs.semantic.outputs.new_release_version }}' "$f" --clobber
           done
@@ -147,6 +137,7 @@ jobs:
         with:
           name: package
           path: ${{ steps.package.outputs.package }}
+
       - name: Store assets
         uses: actions/upload-artifact@v2
         with:

diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml
@@ -9,7 +9,7 @@ on:
     types: [completed]
 
 env:
-  php-version: 7.4
+  php-version: '8.0'
 
 
 jobs:

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -14,7 +14,7 @@ on:
     types: [completed]
 
 env:
-  default-php-version: 7.4
+  default-php-version: '7.4'
   node-version: 15
 
 
@@ -74,7 +74,7 @@ jobs:
       - name: Prepare environment
         run: |
           cp scripts/ci/.env.${{ matrix.connection }} .env
-          touch config/.version config/.release .sentry-release .sentry-commit
+          touch config/.version config/.release config/.commit
           mkdir -p public/js public/css results/coverage
           {\
             echo "{"; \
@@ -210,7 +210,7 @@ jobs:
       - name: Prepare environment
         run: |
           cp scripts/ci/.env.${{ matrix.connection }} .env
-          touch config/.version config/.release .sentry-release .sentry-commit
+          touch config/.version config/.release config/.commit
           mkdir -p results/coverage results/cov results/console
           chmod -R 777 storage bootstrap/cache
 

diff --git a/.gitignore b/.gitignore
@@ -19,7 +19,6 @@ yarn-error.log
 php-extensions-*.tar.bz2
 monicadump.sql
 .scannerwork/
-.sentry-release
 .phpunit.result.cache
 .composer
 .idea
diff --git a/app/Console/Commands/SentryRelease.php b/app/Console/Commands/SentryRelease.php
@@ -20,7 +20,7 @@ class SentryRelease extends Command
     protected $signature = 'sentry:release
                             {--force : Force the operation to run when in production.}
                             {--release= : release version for sentry.}
-                            {--store-release : store release version in .sentry-release file.}
+                            {--store-release : store release version in config/.release file.}
                             {--commit= : commit associated with this release.}
                             {--environment= : sentry environment.}';
 
@@ -91,8 +91,8 @@ public function handle()
 
             if ($this->option('store-release')) {
                 // Set sentry release
-                $this->line('Store release in .sentry-release file', null, OutputInterface::VERBOSITY_VERBOSE);
-                file_put_contents(__DIR__.'/../../../.sentry-release', $release);
+                $this->line('Store release in config/.release file', null, OutputInterface::VERBOSITY_VERBOSE);
+                file_put_contents(__DIR__.'/../../../config/.release', $release);
             }
         }
     }

diff --git a/config/monica.php b/config/monica.php
@@ -12,7 +12,7 @@
     | bad things will happen.
     |
     */
-    'app_version' => trim(is_file(__DIR__.'/.version') ? file_get_contents(__DIR__.'/.version') : (is_dir(__DIR__.'/../.git') ? exec('git describe --abbrev=0 --tags') : ''), 'v \t\n\r'),
+    'app_version' => trim(is_file(__DIR__.'/.version') ? file_get_contents(__DIR__.'/.version') : (is_dir(__DIR__.'/../.git') ? exec('git --git-dir '.base_path('.git').' describe --abbrev=0 --tags') : ''), 'v \t\n\r'),
 
     /*
     |--------------------------------------------------------------------------