-
Notifications
You must be signed in to change notification settings - Fork 16
196 lines (168 loc) Β· 6.97 KB
/
default.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
name: π· Monorepo Pipeline
on:
push:
branches:
- main
pull_request:
env:
AWS_REGION: us-west-2
AWS_ACCOUNT_ID: 174477281453
ASSUMED_ROLE: arn:aws:iam::174477281453:role/github-actions-oidc-role
ECR_REGISTRY: 174477281453.dkr.ecr.us-west-2.amazonaws.com
COMPOSE_FILE: docker-compose.yml:docker-compose-ci.yml
jobs:
BuildTestDeploy:
runs-on: ubuntu-latest
permissions:
actions: read # Required to find the last successful workflow run
contents: read # Required for actions/checkout
id-token: write # Required for requesting the JWT
pull-requests: read
checks: write # Required for graphql inspector
steps:
- name: π¦ Turnstyle
uses: softprops/turnstyle@master
if: github.ref == 'refs/heads/main'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: π Check out repo
uses: actions/checkout@v4
with:
fetch-depth: 0 # Checks out all branches and tags. Maybe we can make this better in the future?
# This line is needed for nx affected to work when CI is running on a PR
- name: π Track main if PR
if: github.ref != 'refs/heads/main'
run: git branch --track main origin/main
- name: π§ Configure NX SHAs
uses: nrwl/nx-set-shas@v4
- name: π§ Set Environment Variables
run: |
RAW_BRANCH_NAME=${{ github.head_ref || github.ref_name }}
SHORT_SHA=$(echo $GITHUB_SHA | cut -c 1-7)
# Sanitize branch name by replacing '/' with '-' and removing any other invalid characters
BRANCH_NAME=$(echo $RAW_BRANCH_NAME | sed 's|/|-|g' | sed 's|[^a-zA-Z0-9_.-]||g')
if [ "$BRANCH_NAME" == "main" ]; then
IMAGE_TAG_PREFIX="main"
else
IMAGE_TAG_PREFIX="dev-$BRANCH_NAME"
fi
DOCKER_TAG="$IMAGE_TAG_PREFIX-$SHORT_SHA"
echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV
echo "SHORT_SHA=$SHORT_SHA" >> $GITHUB_ENV
echo "IMAGE_TAG_PREFIX=$IMAGE_TAG_PREFIX" >> $GITHUB_ENV
echo "DOCKER_TAG=$DOCKER_TAG" >> $GITHUB_ENV
echo "MONOREPO_IMAGE=${{ env.ECR_REGISTRY }}/monorepo" >> $GITHUB_ENV
- name: π³ Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: π³ Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
if: ${{ env.BRANCH_NAME == 'main' }}
with:
role-to-assume: ${{ env.ASSUMED_ROLE }}
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ env.AWS_REGION }}
- name: π³ Login to Amazon ECR
uses: aws-actions/amazon-ecr-login@v2
if: ${{ env.BRANCH_NAME == 'main' }}
# Build and Push Monorepo Image for each commit using GitHub Actions cache
- name: ποΈ Build Monorepo Docker image
uses: docker/build-push-action@v6
with:
file: Dockerfile
load: true
push: ${{ env.BRANCH_NAME == 'main' }}
tags: |
${{ env.MONOREPO_IMAGE }}:${{ env.DOCKER_TAG }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: π Prep Container Permissions
run: |
sudo chown -R 1000:1000 .git
sudo setfacl --modify user:1000:rw /var/run/docker.sock
sudo setfacl -Rm u:1000:rwX,d:u:1000:rwX $HOME/.docker
- name: π Spin up monorepo environment
run: |
docker compose up -d
- name: π§Ή Lint
run: |
docker compose run better-angels bash <<'EOF'
yarn nx affected -t lint
EOF
- name: π΅οΈ Check for missing Django migrations
run: |
docker compose run better-angels bash <<'EOF'
yarn nx affected -t check-migrations
STATUS=$?
if [ $STATUS -ne 0 ]; then
echo "Error: Missing Django migrations! Make sure you have run 'python manage.py makemigrations <app_name>' locally and committed the changes."
exit 1
else
echo "Success: No missing Django migrations!"
fi
EOF
- name: π Make sure GraphQL Schema is up to date
# TODO: Upon graphql mismatch, a github action could commit the changes and push into the branch
run: |
docker compose run better-angels bash <<'EOF'
yarn nx affected -t validate-graphql-schema
STATUS=$?
if [ $STATUS -ne 0 ]; then
echo "Error: The GraphQL schemas do not match! Make sure you have run 'yarn nx affected -t generate-graphql-schema' locally and committed the changes."
exit 1
else
echo "Success: The GraphQL schemas match!"
fi
yarn nx affected -t generate-graphql-types
TYPE_GEN_STATUS=$?
git diff --exit-code '**/gql-types/*';
DIFF_STATUS=$?
if [ $TYPE_GEN_STATUS -ne 0 ] || [ $DIFF_STATUS -ne 0 ]; then
echo "Error: The GraphQL types do not match or generation failed! Make sure you have run 'yarn nx affected -t generate-graphql-types' locally and committed the changes."
exit 1
else
echo "Success: The GraphQL types match!"
fi
EOF
- name: π΅π»ββοΈ GraphQL Inspector
uses: kamilkisiela/graphql-inspector@master
# Warning: This now skips schema breaking checks in forked repositories.
# Resolve in: https://betterangels.atlassian.net/browse/DEV-690
if: ${{ github.event.pull_request.head.repo.fork == false }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
schema: main:apps/betterangels-backend/schema.graphql
fail-on-breaking: true
approve-label: graphql-inspector:approved-breaking-change
- name: π¬ Typecheck
run: |
docker compose run better-angels bash <<'EOF'
yarn nx affected -t typecheck
EOF
- name: π§ͺ Test
run: |
docker compose run better-angels bash <<'EOF'
# Exclude Betterangels Frontend Given its CI is not setup yet
yarn nx affected -t test
EOF
- name: π οΈ Build and Push Artifacts
if: ${{ env.BRANCH_NAME == 'main' }}
run: |
docker compose run better-angels bash <<'EOF'
# Exclude Betterangels Frontend Given its CI is not setup yet
yarn nx affected -t build --exclude=betterangels,shelter
EOF
env:
AWS_ACCOUNT_ID: ${{ env.AWS_ACCOUNT_ID }}
INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: π Deploy Changes
if: ${{ env.BRANCH_NAME == 'main' }}
run: |
docker compose run better-angels bash <<'EOF'
# Exclude Betterangels Frontend Given its CI is not setup yet
yarn nx affected -t deploy --exclude=betterangels,shelter
EOF
- name: βΉοΈ Spin down monorepo environment
if: always()
run: |
docker compose down
sudo chown -R 1001:1001 .git