diff --git a/backend/workflows/ci.yml b/.github/workflows/backend.yml similarity index 72% rename from backend/workflows/ci.yml rename to .github/workflows/backend.yml index 83ec576a..214954e2 100644 --- a/backend/workflows/ci.yml +++ b/.github/workflows/backend.yml @@ -10,8 +10,13 @@ on: - main jobs: - ci: + backend-ci: runs-on: ubuntu-latest + defaults: + run: + working-directory: backend + env: + backend_path: ${{ github.workspace }}/backend steps: - uses: actions/checkout@v4 - run: pipx install poetry==1.7.1 @@ -19,23 +24,23 @@ jobs: with: python-version: '3.11' cache: 'poetry' + cache-dependency-path: backend/poetry.lock - run: | poetry env use python3.11 - poetry install - - name: Install library - run: poetry install - - uses: actions/setup-node@v3 + poetry install --sync + - uses: actions/setup-node@v4 with: - node-version: '18' + node-version: '20' cache: 'npm' - cache-dependency-path: ${{ github.workspace }}/authpage/package-lock.json + cache-dependency-path: authpage/package-lock.json - name: Cache authpage id: cached-authpage uses: actions/cache@v3 with: - key: authpage-${{ hashFiles('${{ github.workspace }}/authpage') }} - path: ${{ github.workspace }}/src/apiserver/resources/static/credentials + key: authpage-${{ hashFiles('authpage') }} + path: backend/src/apiserver/resources/static/credentials - name: Build credentials + if: ${{ steps.cached-authpage.outputs.cache-hit != 'true' }} run: | npm install npm run build @@ -54,8 +59,8 @@ jobs: postgres: image: ghcr.io/dsav-dodeka/postgres:localdev credentials: - username: ${{ secrets.GH_DODEKACOMCOM_USER }} - password: ${{ secrets.GH_DODEKACOMCOM_TOKEN }} + username: ${{ github.actor }} + password: ${{ github.token }} # These values must align with the config used by the tests in the repo # The port is set in the image env: @@ -71,8 +76,8 @@ jobs: redis: image: ghcr.io/dsav-dodeka/redis:localdev credentials: - username: ${{ secrets.GH_DODEKACOMCOM_USER }} - password: ${{ secrets.GH_DODEKACOMCOM_TOKEN }} + username: ${{ github.actor }} + password: ${{ github.token }} # These values must align with the config used by the tests in the repo # The port is set in the image env: diff --git a/deploy/workflows/ci.yml b/.github/workflows/ci.yml similarity index 66% rename from deploy/workflows/ci.yml rename to .github/workflows/ci.yml index a28774e7..1c80a742 100644 --- a/deploy/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,19 +7,26 @@ on: release: types: [ published ] +permissions: + packages: write + jobs: + backend-ci: + uses: DSAV-Dodeka/dodeka/.github/workflows/backend.yml@main + config-deploy: runs-on: ubuntu-latest - + defaults: + run: + working-directory: deploy steps: - - uses: actions/checkout@v3 - with: - ref: ${{ github.head_ref }} - - run: pipx install poetry==1.6.1 + - uses: actions/checkout@v4 + - run: pipx install poetry==1.7.1 - uses: actions/setup-python@v4 with: python-version: '3.11' cache: 'poetry' + cache-dependency-path: deploy/poetry.lock - run: poetry install # Build config using tiptenbrink/confspawn - name: Config @@ -29,14 +36,18 @@ jobs: poetry run confrecipe -r build/deploy/production/production.toml -e production poetry run confrecipe -r build/data_sync/data_sync.toml -e production poetry run confrecipe -r build/deploy/repl/repl.toml -e production - - uses: stefanzweifel/git-auto-commit-action@v4 + - uses: stefanzweifel/git-auto-commit-action@v5 + id: auto-commit-action if: github.event_name != 'pull_request' with: commit_message: Config build (automated) - file_pattern: use/ + file_pattern: deploy/use/ + - name: "Run if changes have been detected" + if: steps.auto-commit-action.outputs.changes_detected == 'true' + run: exit 1 - build_db: - # if: ${{ false }} + build-db: + needs: [backend-ci, config-deploy] strategy: matrix: target: ['localdev', 'staging', 'production' ] @@ -44,19 +55,17 @@ jobs: with: env: ${{ matrix.target }} - build_server: - # if: ${{ false }} + build-server: + needs: [backend-ci, config-deploy] strategy: matrix: target: ['localdev', 'staging', 'production' ] uses: DSAV-Dodeka/dodeka/.github/workflows/server.yml@main with: env: ${{ matrix.target }} - secrets: - GH_DODEKACOMCOM_TOKEN: ${{ secrets.GH_DODEKACOMCOM_TOKEN }} - build_kv: - # if: ${{ false }} + build-kv: + needs: [backend-ci, config-deploy] strategy: matrix: target: ['localdev', 'staging', 'production' ] diff --git a/deploy/workflows/db.yml b/.github/workflows/db.yml similarity index 86% rename from deploy/workflows/db.yml rename to .github/workflows/db.yml index 83560c03..26bf9b84 100644 --- a/deploy/workflows/db.yml +++ b/.github/workflows/db.yml @@ -8,22 +8,27 @@ on: type: string jobs: - build_db: + build-db: runs-on: ubuntu-latest - + # In case of production only run when it is a non-prerelease release + if: ${{ inputs.env != 'production' }} || ${{ github.event_name == 'release' && !github.event.release.prerelease }} + defaults: + run: + working-directory: deploy steps: - - uses: actions/checkout@v3 - - run: pipx install poetry==1.4.2 + - uses: actions/checkout@v4 + - run: pipx install poetry==1.7.1 - uses: actions/setup-python@v4 with: - python-version: '3.11' + python-version: '3.10' cache: 'poetry' + cache-dependency-path: deploy/poetry.lock - run: poetry install - name: Config run: | poetry run confspawn -c config.toml -s ./build/container/db -t ./context -e ${{ inputs.env }} - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io # We use the repo/action token, which has specified access to the package @@ -31,7 +36,7 @@ jobs: password: ${{ github.token }} # Set up buildx for later build-push-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 # ************************************************* # ************** SET CONTAINER TAGS *************** @@ -71,7 +76,7 @@ jobs: - name: Build and push uses: docker/build-push-action@v3 with: - context: ${{ github.workspace }}/context + context: deploy/context # Dockerfile tag tags: ${{ env.IMAGE_TAG }} cache-from: type=gha diff --git a/deploy/workflows/kv.yml b/.github/workflows/kv.yml similarity index 90% rename from deploy/workflows/kv.yml rename to .github/workflows/kv.yml index 229ed01d..9e835dd9 100644 --- a/deploy/workflows/kv.yml +++ b/.github/workflows/kv.yml @@ -10,14 +10,16 @@ on: jobs: build-kv: runs-on: ubuntu-latest - + # In case of production only run when it is a non-prerelease release + if: ${{ inputs.env != 'production' }} || ${{ github.event_name == 'release' && !github.event.release.prerelease }} steps: - - uses: actions/checkout@v3 - - run: pipx install poetry==1.4.2 + - uses: actions/checkout@v4 + - run: pipx install poetry==1.7.1 - uses: actions/setup-python@v4 with: - python-version: '3.11' + python-version: '3.10' cache: 'poetry' + cache-dependency-path: deploy/poetry.lock - run: poetry install # Build config using tiptenbrink/confspawn - name: Config @@ -44,7 +46,7 @@ jobs: echo "${{ github.token }}" | gh auth login --with-token ./contextlibrejson/build_librejson.sh - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io # We use the repo/action token, which has specified access to the package @@ -52,7 +54,7 @@ jobs: password: ${{ github.token }} # Set up buildx for later build-push-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-2buildx-action@v3 # ************************************************* # ************** SET CONTAINER TAGS *************** @@ -92,7 +94,7 @@ jobs: - name: Build and push uses: docker/build-push-action@v3 with: - context: ${{ github.workspace }}/context + context: deploy/context # Dockerfile tag tags: ${{ env.IMAGE_TAG }} cache-from: type=gha diff --git a/deploy/workflows/server.yml b/.github/workflows/server.yml similarity index 72% rename from deploy/workflows/server.yml rename to .github/workflows/server.yml index 46622efa..faae68b0 100644 --- a/deploy/workflows/server.yml +++ b/.github/workflows/server.yml @@ -6,36 +6,26 @@ on: env: required: true type: string - secrets: - GH_DODEKACOMCOM_TOKEN: - required: true jobs: - build_server: + build-server: runs-on: ubuntu-latest - env: - # The place the configuration repo will be placed at temporarily - SERVER_REPO_PATH: 'dodekabackend' - + # In case of production only run when it is a non-prerelease release + if: ${{ inputs.env != 'production' }} || ${{ github.event_name == 'release' && !github.event.release.prerelease }} steps: - - uses: actions/checkout@v3 - - uses: actions/checkout@v3 - with: - repository: 'DSAV-Dodeka/backend' - ref: 'main' - token: ${{ secrets.GH_DODEKACOMCOM_TOKEN }} - # Relative to ${{ github.workspace }} - path: ${{ env.SERVER_REPO_PATH }} - - run: pipx install poetry==1.4.2 + - uses: actions/checkout@v4 + - run: pipx install poetry==1.7.1 - uses: actions/setup-python@v4 with: - python-version: '3.11' + python-version: '3.10' cache: 'poetry' + cache-dependency-path: deploy/poetry.lock - run: poetry install - name: Config run: | poetry run confspawn -c config.toml -s ./build/container/server -t ./context -e ${{ inputs.env }} poetry run confspawn -c config.toml -s ./build/container/authpage -t ./contextauthpage -e ${{ inputs.env }} + # First the lock file and project declaration are moved # Then the source is moved # Then the context for building authpage is prepared @@ -43,32 +33,32 @@ jobs: # Finally configuration files for building authpage is moved (TEMP until confspawn option) - name: Move source run: | - mv ${{ github.workspace }}/${{ env.SERVER_REPO_PATH }}/poetry.lock ${{ github.workspace }}/context - mv ${{ github.workspace }}/${{ env.SERVER_REPO_PATH }}/pyproject.toml ${{ github.workspace }}/context - mv ${{ github.workspace }}/${{ env.SERVER_REPO_PATH }}/src ${{ github.workspace }}/context/src - mv ${{ github.workspace }}/${{ env.SERVER_REPO_PATH }}/authpage ${{ github.workspace }}/context/authpage + mv backend/poetry.lock deploy/context + mv backend//pyproject.toml deploy/context + mv backend/src deploy/context/src + mv authpage deploy/context/authpage shopt -s dotglob - mv ${{ github.workspace }}/contextauthpage/* ${{ github.workspace }}/context/authpage + mv deploy/contextauthpage/* deploy/context/authpage - name: Cache authpage id: cached-authpage uses: actions/cache@v3 with: - key: authpage-${{ hashFiles(format('{0}/context/authpage', github.workspace)) }} - path: ${{ github.workspace }}/context/src/apiserver/resources/static/credentials + key: authpage-${{ hashFiles('deploy/context/authpage') }} + path: deploy/context/src/apiserver/resources/static/credentials - uses: actions/setup-node@v3 if: steps.cached-authpage.outputs.cache-hit != 'true' with: - node-version: '18' + node-version: '20' cache: 'npm' - cache-dependency-path: ${{ github.workspace }}/context/authpage/package-lock.json + cache-dependency-path: deploy/context/authpage/package-lock.json - name: Build credentials if: ${{ (github.event_name == 'release' && github.event.action == 'published') || steps.cached-authpage.outputs.cache-hit != 'true' }} run: | npm install npm run build-mode -- --mode ${{ inputs.env }} - working-directory: ${{ github.workspace }}/context/authpage + working-directory: deploy/context/authpage - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ghcr.io # We use the repo/action token, which has specified access to the package @@ -76,7 +66,7 @@ jobs: password: ${{ github.token }} # Set up buildx for later build-push-action - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@v3 # ************************************************* # ************** SET CONTAINER TAGS *************** @@ -116,9 +106,9 @@ jobs: - name: Build and push uses: docker/build-push-action@v3 with: - context: ${{ github.workspace }}/context + context: deploy/context # Dockerfile tag - file: ${{ github.workspace }}/context/server.Dockerfile + file: deploy/context/server.Dockerfile tags: ${{ env.IMAGE_TAG }} cache-from: type=gha cache-to: type=gha, mode=max