Skip to content

chore: maintenance october 2024 (#191) #72

chore: maintenance october 2024 (#191)

chore: maintenance october 2024 (#191) #72

name: Main System
on:
push:
branches:
- master
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
auth:
name: Auth
runs-on: ubuntu-latest
container: rust:1.81
timeout-minutes: 30
defaults:
run:
working-directory: ./auth
services:
db:
image: redis:7-bookworm
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Build
run: cargo build --release
rce:
name: RCE
runs-on: ubuntu-latest
container: node:20.17
timeout-minutes: 30
defaults:
run:
working-directory: ./rce
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup packages && nosocket
run: >
apt-get update &&
apt-get install -y coreutils binutils build-essential libseccomp-dev gcc apt-utils &&
make -C ./nosocket/ all && make -C ./nosocket/ install
- name: Install other language packages
run: >
apt-get install -y python3 sqlite3 lua5.4
- name: Setup directory
run: mkdir -p /code/$(whoami)
- name: Install dependencies
run: npm ci
- name: Lint
run: npx biome ci
- name: Build
run: npm run build
- name: Test & coverage
run: npm run test
env:
LANGUAGE_JAVASCRIPT: true
LANGUAGE_C: true
LANGUAGE_LUA: true
LANGUAGE_PYTHON: true
LANGUAGE_SQLITE: true
- name: Codecov
uses: codecov/codecov-action@v3
with:
flags: rce
landing:
name: Landing
runs-on: ubuntu-latest
container: node:20.17
timeout-minutes: 30
defaults:
run:
working-directory: ./landing
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install pnpm
uses: pnpm/action-setup@v2
with:
version: latest
- name: Install dependencies
run: pnpm install
- name: Check formatting
run: pnpm fmt:check
- name: Build
run: pnpm build
registration:
name: Registration
runs-on: ubuntu-latest
container: rust:1.81
timeout-minutes: 30
defaults:
run:
working-directory: ./registration
services:
db:
image: redis:7-bookworm
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Build
run: cargo build --release
build-database:
name: Build Database
runs-on: ubuntu-latest
timeout-minutes: 30
needs:
- auth
- rce
- landing
- registration
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-redis
flavor: |
latest=false
tags: |
type=edge
type=sha
- name: Build and push Docker image
uses: docker/build-push-action@v4
with:
context: "{{defaultContext}}:redis"
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-auth:
name: Build Auth
runs-on: ubuntu-latest
timeout-minutes: 30
needs:
- auth
- rce
- landing
- registration
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-auth
flavor: |
latest=false
tags: |
type=edge
type=sha
- name: Build and push Docker image
uses: docker/build-push-action@v4
with:
context: "{{defaultContext}}:auth"
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Create Sentry release
uses: getsentry/action-release@v1
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: pesto-auth
with:
environment: production
ignore_empty: true
build-landing:
name: Build Landing
runs-on: ubuntu-latest
timeout-minutes: 30
needs:
- auth
- rce
- landing
- registration
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-landing
flavor: |
latest=false
tags: |
type=edge
type=sha
- name: Build and push Docker image
uses: docker/build-push-action@v4
with:
context: "{{defaultContext}}:landing"
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-rce:
name: Build RCE
runs-on: ubuntu-latest
timeout-minutes: 720
needs:
- auth
- rce
- landing
- registration
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-rce
flavor: |
latest=false
tags: |
type=edge
type=sha
- name: Build and push Docker image
uses: docker/build-push-action@v4
with:
context: "{{defaultContext}}:rce"
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Create Sentry release
uses: getsentry/action-release@v1
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: pesto-rce
with:
environment: production
ignore_empty: true
build-registration:
name: Build Registration
runs-on: ubuntu-latest
timeout-minutes: 30
needs:
- auth
- rce
- landing
- registration
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-registration
flavor: |
latest=false
tags: |
type=edge
type=sha
- name: Build and push Docker image
uses: docker/build-push-action@v4
with:
context: "{{defaultContext}}:registration"
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Create Sentry release
uses: getsentry/action-release@v1
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: pesto-registration
with:
environment: production
ignore_empty: true
dogfood:
name: Dogfood Integration Tests
runs-on: ubuntu-latest
timeout-minutes: 60
needs:
- build-rce
- rce
services:
pesto_rce:
image: ghcr.io/teknologi-umum/pesto-rce:edge
env:
PORT: 50051
ENVIRONMENT: production
ports:
- 50051:50051
options: >-
--health-cmd "curl -f http://localhost:50051/healthz"
--health-interval 30s
--health-timeout 15s
--health-retries 10
--health-start-period 90s
steps:
- name: Checkout code
uses: actions/checkout@v4
- uses: actions/setup-node@v3
with:
node-version: latest
check-latest: true
- name: Run tests
run: >
npm ci &&
node --test
working-directory: ./dogfood
env:
PESTO_URL: http://localhost:50051/