Skip to content

Let people log into the server with their github accounts. #19

Let people log into the server with their github accounts.

Let people log into the server with their github accounts. #19

Workflow file for this run

name: Continuous Integration
on:
pull_request:
push:
branches: ["main"]
# These are the IDs for https://github.com/organizations/w3ctag/settings/apps/w3c-tag-bot.
# They're captured at build time and aren't configurable on the server.
env:
APP_ID: "1013567"
CLIENT_ID: "Iv23liXTAsX4IYm9H6lc"
jobs:
test:
runs-on: ubuntu-latest
env:
DATABASE_URL: file:./test.db
steps:
- uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version-file: "package.json"
cache: pnpm
- run: pnpm install
- run: pnpm prisma db push
- name: Make a private key for testing.
run: openssl genrsa -traditional -out testkey.pem
- name: Run tests
run: PRIVATE_KEY=$(cat testkey.pem) pnpm test
env:
# Generated just for this file and never used elsewhere.
CLIENT_SECRET: 6d5e528bb01faa2de86ef59dacbdca0b4a406e09
WEBHOOK_SECRET: 37651a9cf25c2d370308aee98ce0b7c9a6bfc30c
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version-file: "package.json"
cache: pnpm
- run: pnpm install
- run: pnpm build
- run: rm -rf node_modules
- run: pnpm install --prod
- run: pnpm prisma generate
- run: tar -cf built-server.tar package.json dist node_modules prisma
- uses: actions/upload-artifact@v4
with:
name: built-server
path: built-server.tar
if-no-files-found: error
deploy:
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
needs: [test, build]
environment:
name: "tag-github-bot.w3"
url: "https://tag-github-bot.w3.org/"
concurrency:
group: production
runs-on: ubuntu-latest
env:
SSH_USER: ${{ vars.SSH_USER }}
SSH_HOST: ${{ secrets.SSH_HOST }}
SSH_PROXY: ${{ secrets.SSH_PROXY }}
steps:
- uses: actions/download-artifact@v4
with:
name: built-server
- name: Extract the built server
run: |
mkdir built-server
tar -xf built-server.tar -C built-server
- name: Store ssh private key and host key
run: |
umask 077
mkdir ~/.ssh
echo "$SSH_KEY" > ~/.ssh/id_ed25519
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
env:
SSH_KEY: ${{ secrets.SSH_KEY }}
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
- name: Upload
run: rsync -e "ssh -o ProxyJump=$SSH_USER@$SSH_PROXY" -azv --safe-links --hard-links --progress --delete built-server/ "$SSH_USER@$SSH_HOST:$DEPLOY_PATH"
env:
DEPLOY_PATH: ${{ vars.DEPLOY_PATH }}
- name: Update and Restart
run: 'ssh -o ProxyJump=$SSH_USER@$SSH_PROXY "$SSH_USER@$SSH_HOST" "cd $DEPLOY_PATH && node_modules/.bin/prisma generate && sudo /usr/bin/systemctl restart w3ctagbot"'
env:
DEPLOY_PATH: ${{ vars.DEPLOY_PATH }}