Preparation for complete sunsetting #959

Workflow file for this run

.github/workflows/ci-review.yml at 09eaa0a

	name: Setup review environment

	on:
	# run it during pull request
	pull_request:
	branches: [ master, stable ]

	jobs:
	build-and-test:
	name: Build and Test

	# run only when code is compiling and tests are passing
	runs-on: ubuntu-latest

	outputs:
	dockerTag: ${{ steps.compute.outputs.docker_tag }}

	services:
	# Label used to access the service container
	postgres:
	# Docker Hub image
	image: postgres:11.5
	# Provide the password for postgres
	env:
	POSTGRES_DB: testdb
	# Set health checks to wait until postgres has started
	options: >-
	--health-cmd pg_isready
	--health-interval 10s
	--health-timeout 5s
	--health-retries 5
	ports:
	# Maps tcp port 5432 on service container to the host
	- 5432:5432

	redis:
	image: redis
	# Set health checks to wait until redis has started
	options: >-
	--health-cmd "redis-cli ping"
	--health-interval 10s
	--health-timeout 5s
	--health-retries 5
	ports:
	- 6379:6379

	env:
	DJANGO_SETTINGS_MODULE: app.settings
	SUPRESS_DEBUG_TOOLBAR: 1
	GITCOIN_API_USER: ${{ secrets.GITCOIN_API_USER }}
	GITHUB_API_TOKEN: ${{ secrets.GITCOIN_API_TOKEN }}
	POLYGONSCAN_API_KEY: ${{ secrets.POLYGONSCAN_API_KEY }}

	# steps to perform in job
	steps:
	- name: Checkout code
	uses: actions/checkout@v2

	- name: Use Node.js 14
	uses: actions/setup-node@v2
	with:
	node-version: 14
	cache: "yarn"

	- name: Use Python 3.7
	uses: "actions/setup-python@v2"
	with:
	python-version: 3.7
	cache: "pip"

	- name: Setup Env
	run: \|
	echo "PYTHONPATH=/home/runner/work/web/web/app" >> $GITHUB_ENV
	cp app/app/ci.env app/app/.env
	pip install pip==20.0.2 setuptools wheel --upgrade

	- name: Fetch and Install GeoIP database files
	run: \|
	sudo apt-get update && sudo apt-get install -y libmaxminddb-dev libsodium-dev libsecp256k1-dev
	cp dist/*.gz ./
	gunzip GeoLite2-City.mmdb.tar.gz && gunzip GeoLite2-Country.mmdb.tar.gz
	tar -xvf GeoLite2-City.mmdb.tar && tar -xvf GeoLite2-Country.mmdb.tar
	sudo mkdir -p /opt/GeoIP/
	sudo mv GeoLite2-City_20200128/*.mmdb /opt/GeoIP/
	sudo mv GeoLite2-Country_20200128/*.mmdb /opt/GeoIP/

	- name: Install libvips, Node, and Python dependencies
	run: \|
	sudo apt-get install -y libvips libvips-dev
	node --version
	yarn install
	pip install -r requirements/test.txt
	yarn run eslint
	yarn run stylelint
	(cd app; python ./manage.py collectstatic --noinput --disable-collectfast)

	- name: Run management commands
	run: \|
	python app/manage.py migrate
	python app/manage.py fetch_gas_prices

	- name: Run Python and UI tests
	run: \|
	pytest -p no:ethereum -p no:warnings
	bin/ci/cypress-run

	- name: Deploy to Github Pages 🚀
	uses: peaceiris/actions-gh-pages@v3
	if: github.ref == 'refs/heads/master'
	with:
	github_token: ${{ secrets.GITHUB_TOKEN }}
	publish_dir: _build/site
	cname: docs.gitcoin.coind

	- name: Compute some values
	id: compute
	run: \|
	echo "::set-output name=docker_tag::gitcoin/web:${GITHUB_SHA: -10}"

	- name: Login to Docker Hub
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}

	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@v1

	- name: Deploy to Docker Hub 🚀
	uses: docker/build-push-action@v2
	with:
	context: ./
	file: ./Dockerfile
	builder: ${{ steps.buildx.outputs.name }}
	push: true
	tags: ${{ steps.compute.outputs.docker_tag }}
	cache-from: type=registry,ref=${{ secrets.DOCKER_USERNAME }}/web:buildcache
	cache-to: type=registry,ref=${{ secrets.DOCKER_USERNAME }}/web:buildcache,mode=max

	- uses: actions/github-script@v6
	with:
	script: \|
	console.log("Context", context)
	github.rest.issues.createComment({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	body: `The new docker image for has been pushed to: \`${{ steps.compute.outputs.docker_tag }}\``
	})

	deploy:
	name: Deploy
	needs: build-and-test
	environment: review
	runs-on: ubuntu-latest

	steps:

	- name: Checkout code
	uses: actions/checkout@v2

	- name: Compute some values
	id: compute
	run: \|
	echo "::set-output name=pulumi_stack::gitcoin/review/review-${{ github.event.number }}"
	echo "::set-output name=review_domain::review-${{ github.event.number }}.review.gitcoin.co"

	#########################################################################
	# Provision the shared ressources for the review environment
	#########################################################################
	- name: Use Node.js
	uses: actions/setup-node@v2
	with:
	cache: "npm"
	cache-dependency-path: infra/review-env/package-lock.json

	# Install pulumi dependencies
	# Select the new pulumi stack
	- run: \|
	npm install
	pulumi stack select -c gitcoin/review-env/review
	pulumi config -s gitcoin/review-env/review set aws:region us-west-2 --non-interactive
	working-directory: infra/review-env
	env:
	PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}

	# Run pulumi actions
	- uses: pulumi/actions@v3
	id: pulumi-env
	name: Ensure the pulumi review environment shared ressources
	with:
	command: up
	stack-name: gitcoin/review-env/review
	upsert: true
	work-dir: infra/review-env
	env:
	PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
	PULUMI_CONFIG_PASSPHRASE:
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	AWS_REGION: ${{ secrets.AWS_REGION }}


	#########################################################################
	# Provision the PR specific ressources for the review environment
	#########################################################################
	- name: Use Node.js
	uses: actions/setup-node@v2
	with:
	cache: "npm"
	cache-dependency-path: infra/review-pr/package-lock.json

	# Install pulumi dependencies
	# Select the new pulumi stack
	- run: \|
	npm install
	pulumi stack select -c ${{ steps.compute.outputs.pulumi_stack }}
	pulumi config -s ${{ steps.compute.outputs.pulumi_stack }} set aws:region us-west-2 --non-interactive
	working-directory: infra/review-pr
	env:
	PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}

	# Run pulumi actions
	- uses: pulumi/actions@v3
	id: pulumi
	name: Create the environment specific for this PR
	with:
	command: up
	stack-name: ${{ steps.compute.outputs.pulumi_stack }}
	upsert: true
	work-dir: infra/review-pr
	env:
	PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
	PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_CONFIG_PASSPHRASE }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	AWS_REGION: ${{ secrets.AWS_REGION }}
	DB_NAME: ${{ secrets.DB_NAME }}
	DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
	DB_USER: ${{ secrets.DB_USER }}
	DOCKER_GTC_WEB_IMAGE: ${{ needs.build-and-test.outputs.dockerTag }}
	GITHUB_API_USER: ${{ secrets.REVIEW_GITHUB_API_USER }}
	GITHUB_API_TOKEN: ${{ secrets.REVIEW_GITHUB_API_TOKEN }}
	GITHUB_APP_NAME: ${{ secrets.GTC_GITHUB_APP_NAME }}
	GITHUB_CLIENT_ID: ${{ secrets.GTC_GITHUB_CLIENT_ID }}
	GITHUB_CLIENT_SECRET: ${{ secrets.GTC_GITHUB_CLIENT_SECRET }}


	# Pass in the outputs from the generic environment, we will deploy our ressources in the VPC
	# and subnet that where created there
	REVIEW_ENV_VPC_ID: ${{ steps.pulumi-env.outputs.vpcID }}
	REVIEW_ENV_PRIVATE_SUBNET_1: ${{ steps.pulumi-env.outputs.vpcPrivateSubnetId1 }}
	REVIEW_ENV_PRIVATE_SUBNET_2: ${{ steps.pulumi-env.outputs.vpcPrivateSubnetId2 }}
	REVIEW_ENV_PUBLIC_SUBNET_1: ${{ steps.pulumi-env.outputs.vpcPublicSubnetId1 }}
	REVIEW_ENV_PUBLIC_SUBNET_2: ${{ steps.pulumi-env.outputs.vpcPublicSubnetId2 }}

	REVIEW_ENV_ROUTE53_ZONE_ID: ${{ secrets.ROUTE53_ZONE_ID }}
	REVIEW_ENV_DOMAIN: ${{ steps.compute.outputs.review_domain }}
	REVIEW_ENV_NAME: ${{ github.event.number }}


	- name: Start migration task
	run: \|
	aws ecs run-task --launch-type FARGATE --task-definition ${{ steps.pulumi.outputs.taskDefinition }} --cluster ${{ steps.pulumi.outputs.clusterId }} --network-configuration "awsvpcConfiguration={subnets=[${{ steps.pulumi-env.outputs.vpcPrivateSubnetId1 }}],securityGroups=[${{ steps.pulumi.outputs.securityGroupForTaskDefinition }}],assignPublicIp=ENABLED}"
	env:
	# We need AWS_EC2_METADATA_DISABLED, because: https://github.com/actions/checkout/issues/440
	AWS_EC2_METADATA_DISABLED: true
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	AWS_DEFAULT_REGION: us-west-2

	- name: Copy static files to bucket
	run: \|
	mkdir static_files_to_deploy
	mkdir docker_bin

	cat <<EOT >> docker_bin/static_files.sh
	#!/bin/bash
	python3.7 manage.py bundle
	python3.7 manage.py collectstatic --disable-collectfast
	EOT

	docker run -v $(pwd)/static_files_to_deploy:/code/app/static -v $(pwd)/docker_bin:/code/app/bin -e DATABASE_URL=${{ steps.pulumi.outputs.rdsConnectionUrl }} -e BUNDLE_USE_CHECKSUM=${BUNDLE_USE_CHECKSUM} ${{ needs.build-and-test.outputs.dockerTag }} sh /code/app/bin/static_files.sh

	echo "Syncing to bucket: ${{ steps.pulumi.outputs.bucketName }}"
	echo "Source folder: $(pwd)/static_files_to_deploy"

	aws s3 sync $(pwd)/static_files_to_deploy s3://${{ steps.pulumi.outputs.bucketName }}/static --acl public-read --delete
	env:
	# We need AWS_EC2_METADATA_DISABLED, because: https://github.com/actions/checkout/issues/440
	AWS_EC2_METADATA_DISABLED: true
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	BUNDLE_USE_CHECKSUM: 'false'

	- uses: actions/github-script@v6
	with:
	script: \|
	github.rest.issues.createComment({
	issue_number: context.issue.number,
	owner: context.repo.owner,
	repo: context.repo.repo,
	body: `Test your commit here: \n\
	- [${{ steps.pulumi.outputs.frontendURL }}](${{ steps.pulumi.outputs.frontendURL }}) \n\
	- [https://${{ steps.compute.outputs.review_domain }}](https://${{ steps.compute.outputs.review_domain }}) \n\
	`
	})

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Preparation for complete sunsetting #959

Workflow file

Preparation for complete sunsetting #959

Jobs

Run details

Workflow file for this run