Let people log into the server with their github accounts. #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration | |
on: | |
pull_request: | |
push: | |
branches: ["main"] | |
# These are the IDs for https://github.com/organizations/w3ctag/settings/apps/w3c-tag-bot. | |
# They're captured at build time and aren't configurable on the server. | |
env: | |
APP_ID: "1013567" | |
CLIENT_ID: "Iv23liXTAsX4IYm9H6lc" | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
env: | |
DATABASE_URL: file:./test.db | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup pnpm | |
uses: pnpm/action-setup@v4 | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: "package.json" | |
cache: pnpm | |
- run: pnpm install | |
- run: pnpm prisma db push | |
- name: Make a private key for testing. | |
run: openssl genrsa -traditional -out testkey.pem | |
- name: Run tests | |
run: PRIVATE_KEY=$(cat testkey.pem) pnpm test | |
env: | |
# Generated just for this file and never used elsewhere. | |
CLIENT_SECRET: 6d5e528bb01faa2de86ef59dacbdca0b4a406e09 | |
WEBHOOK_SECRET: 37651a9cf25c2d370308aee98ce0b7c9a6bfc30c | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup pnpm | |
uses: pnpm/action-setup@v4 | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: "package.json" | |
cache: pnpm | |
- run: pnpm install | |
- run: pnpm build | |
- run: rm -rf node_modules | |
- run: pnpm install --prod | |
- run: pnpm prisma generate | |
- run: tar -cf built-server.tar package.json dist node_modules prisma | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: built-server | |
path: built-server.tar | |
if-no-files-found: error | |
deploy: | |
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} | |
needs: [test, build] | |
environment: | |
name: "tag-github-bot.w3" | |
url: "https://tag-github-bot.w3.org/" | |
concurrency: | |
group: production | |
runs-on: ubuntu-latest | |
env: | |
SSH_USER: ${{ vars.SSH_USER }} | |
SSH_HOST: ${{ secrets.SSH_HOST }} | |
SSH_PROXY: ${{ secrets.SSH_PROXY }} | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: built-server | |
- name: Extract the built server | |
run: | | |
mkdir built-server | |
tar -xf built-server.tar -C built-server | |
- name: Store ssh private key and host key | |
run: | | |
umask 077 | |
mkdir ~/.ssh | |
echo "$SSH_KEY" > ~/.ssh/id_ed25519 | |
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts | |
env: | |
SSH_KEY: ${{ secrets.SSH_KEY }} | |
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }} | |
- name: Upload | |
run: rsync -e "ssh -o ProxyJump=$SSH_USER@$SSH_PROXY" -azv --safe-links --hard-links --progress --delete built-server/ "$SSH_USER@$SSH_HOST:$DEPLOY_PATH" | |
env: | |
DEPLOY_PATH: ${{ vars.DEPLOY_PATH }} | |
- name: Update and Restart | |
run: 'ssh -o ProxyJump=$SSH_USER@$SSH_PROXY "$SSH_USER@$SSH_HOST" "cd $DEPLOY_PATH && node_modules/.bin/prisma generate && sudo /usr/bin/systemctl restart w3ctagbot"' | |
env: | |
DEPLOY_PATH: ${{ vars.DEPLOY_PATH }} |