Skip to content
CI - CD

Update dependency csv-parse to v5.5.6 #259

Sign in to view logs

Update dependency csv-parse to v5.5.6

Update dependency csv-parse to v5.5.6 #259

Workflow file for this run

.github/workflows/ci.yaml at e10c95c
name: CI - CD
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
validations:
runs-on: ubuntu-latest
env:
DATABASE_URL: postgresql://sill:pg_password@localhost:5432/sill
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_USER: sill
POSTGRES_PASSWORD: pg_password
POSTGRES_DB: sill
ports:
- 5432:5432
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "20"
- uses: bahmutov/npm-install@v1
- name: Build back
run: cd api && yarn build
- name: Migrate db
run: cd api && yarn migrate latest
- name: Fullcheck
run: yarn fullcheck
#
check_if_version_upgraded:
name: Check if version upgrade
if: github.event_name == 'push'
runs-on: ubuntu-latest
needs: validations
outputs:
from_version: ${{ steps.step1.outputs.from_version }}
to_version: ${{ steps.step1.outputs.to_version }}
is_upgraded_version: ${{ steps.step1.outputs.is_upgraded_version }}
steps:
- uses: garronej/[email protected]
id: step1
with:
action_name: is_package_json_version_upgraded
create_tag:
name: Create version tag
runs-on: ubuntu-latest
needs:
- check_if_version_upgraded
if: needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true'
env:
TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Create tag
run: |
git config --local user.email "[email protected]"
git config --local user.name "GitHub Actions"
git tag -a v${{ env.TO_VERSION }} -m "Deployment tag for v${{ env.TO_VERSION }}"
git push --tags
pre-release:
runs-on: ubuntu-latest
needs:
- check_if_version_upgraded
- create_tag
permissions:
contents: write
env:
PRE_RELEASE_TAG: v${{ needs.check_if_version_upgraded.outputs.to_version }}-rc
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: "20"
- uses: bahmutov/npm-install@v1
- run: cd web
- name: Build
run: yarn build
- name: Keycloakify
run: cd web && npx keycloakify && cd ..
env:
XDG_CACHE_HOME: "/home/runner/.cache/yarn"
- run: mv web/build_keycloak/target/retrocompat-*.jar retrocompat-keycloak-theme.jar
- run: mv web/build_keycloak/target/*.jar keycloak-theme.jar
- name: "Generate release candidate on github"
uses: softprops/action-gh-release@v2
with:
name: Release candidate ${{ env.PRE_RELEASE_TAG }}
prerelease: true
tag_name: ${{ env.PRE_RELEASE_TAG }}
generate_release_notes: true
token: ${{ secrets.GITHUB_TOKEN }}
files: |
retrocompat-keycloak-theme.jar
keycloak-theme.jar
- name: Delete old prereleases
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
const excludeTagName = '${{ env.PRE_RELEASE_TAG }}';
const releases = await github.request(`GET /repos/${{ github.repository }}/releases`);
const oldPrereleases = releases.data
.filter(release => release.prerelease && release.tag_name !== excludeTagName);
console.log(`Found ${oldPrereleases.length} old prereleases`);
for (const release of oldPrereleases) {
console.log(`Deleting prerelease: ${release.tag_name} and the corresponding tag`);
await github.request(`DELETE /repos/${{ github.repository }}/releases/${release.id}`);
await github.request(`DELETE /repos/${{ github.repository }}/git/refs/tags/${release.tag_name}`);
}
docker:
runs-on: ubuntu-latest
needs:
- check_if_version_upgraded
- create_tag
- pre-release
steps:
- uses: actions/checkout@v4
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Computing Docker image tags
id: step1
env:
TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
run: |
OUT_API=$GITHUB_REPOSITORY-api:$TO_VERSION,$GITHUB_REPOSITORY-api:latest
OUT_API=$(echo "$OUT_API" | awk '{print tolower($0)}')
echo ::set-output name=docker_api_tags::$OUT_API
OUT_WEB=$GITHUB_REPOSITORY-web:$TO_VERSION,$GITHUB_REPOSITORY-web:latest
OUT_WEB=$(echo "$OUT_WEB" | awk '{print tolower($0)}')
echo ::set-output name=docker_web_tags::$OUT_WEB
- uses: docker/build-push-action@v5
with:
push: true
context: .
file: ./Dockerfile.api
tags: ${{ steps.step1.outputs.docker_api_tags }}
- uses: docker/build-push-action@v5
with:
push: true
context: .
file: ./Dockerfile.web
tags: ${{ steps.step1.outputs.docker_web_tags }}
poke_gitops:
name: "Poke gitops"
runs-on: ubuntu-latest
needs:
- docker
steps:
- uses: peter-evans/repository-dispatch@v3
with:
token: ${{ secrets.PAT_PRIVATE_REPO_DISPATCH }}
event-type: update_sill
repository: codegouvfr/paris-sspcloud
trigger_production_deploy:
name: "Trigger production deploy"
runs-on: ubuntu-latest
environment: production
concurrency:
group: deploy-to-production
cancel-in-progress: true
needs:
- docker
- poke_gitops
- check_if_version_upgraded
env:
TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
steps:
- run: echo "Triggering production deploy"
- name: Set up SSH
run: |
mkdir -p ~/.ssh
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
ssh-keyscan code.gouv.fr >> ~/.ssh/known_hosts
ssh -o StrictHostKeyChecking=no [email protected] "bash -c 'eval \"\$(ssh-agent -s)\" && ssh-add ~/.ssh/sill-data && ./update-sill-docker-compose.sh v${{ env.TO_VERSION }}'"
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
create_github_release:
name: "Create release notes"
runs-on: ubuntu-latest
needs:
- trigger_production_deploy
- check_if_version_upgraded
- create_tag
if: |
needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' && github.event_name == 'push'
# We create a release only when all of the above are validated:
# - we are on default branch
# - version has been upgraded
# - we have pushed to production
env:
TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }}
steps:
- name: "Generate release candidate on github"
uses: softprops/action-gh-release@v2
with:
name: Release v${{ env.TO_VERSION }}
prerelease: false
tag_name: v${{ env.TO_VERSION }}
generate_release_notes: true
token: ${{ secrets.GITHUB_TOKEN }}