name: Forms Backend on: push: branches: - main pull_request: jobs: lint: name: Linting runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v2 - name: Setup Python id: python uses: actions/setup-python@v2 with: python-version: '3.9' - name: Setup Poetry uses: snok/install-poetry@v1.1.1 with: virtualenvs-create: true virtualenvs-in-project: true # When same context exists in cache already, restore this environment. - name: Poetry Environment Caching uses: actions/cache@v2 id: python_cache with: path: .venv key: "venv-${{ runner.os }}-${{ steps.python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}" # Only install dependencies when cache didn't hit. - name: Install dependencies if: steps.python_cache.outputs.cache-hit != 'true' run: | poetry install # Use this formatting to show them as GH Actions annotations. - name: Run flake8 run: "poetry run flake8 --format='::error file=%(path)s,line=%(row)d,col=%(col)d::[flake8] %(code)s: %(text)s'" # Prepare the Pull Request Payload artifact. If this fails, we # we fail silently using the `continue-on-error` option. It's # nice if this succeeds, but if it fails for any reason, it # does not mean that our lint-test checks failed. - name: Prepare Pull Request Payload artifact id: prepare-artifact if: always() && github.event_name == 'pull_request' continue-on-error: true run: cat $GITHUB_EVENT_PATH | jq '.pull_request' > pull_request_payload.json # This only makes sense if the previous step succeeded. To # get the original outcome of the previous step before the # `continue-on-error` conclusion is applied, we use the # `.outcome` value. This step also fails silently. - name: Upload a Build Artifact if: always() && steps.prepare-artifact.outcome == 'success' continue-on-error: true uses: actions/upload-artifact@v2 with: name: pull-request-payload path: pull_request_payload.json build: name: Build & Push runs-on: ubuntu-latest needs: [lint] if: github.ref == 'refs/heads/main' && github.event_name == 'push' steps: - name: Create SHA Container Tag id: sha_tag run: | tag=$(cut -c 1-7 <<< $GITHUB_SHA) echo "::set-output name=tag::$tag" - name: Checkout repository uses: actions/checkout@v2 - name: Setup Docker BuildX uses: docker/setup-buildx-action@v1 - name: Login to Github Container Registry uses: docker/login-action@v1 with: registry: ghcr.io username: ${{ secrets.GHCR_USER }} password: ${{ secrets.GHCR_TOKEN }} - name: Build and push uses: docker/build-push-action@v2 with: context: . file: ./Dockerfile push: true cache-from: type=registry,ref=ghcr.io/python-discord/forms-backend:latest cache-to: type=inline tags: | ghcr.io/python-discord/forms-backend:latest ghcr.io/python-discord/forms-backend:${{ steps.sha_tag.outputs.tag }} build-args: | git_sha=${{ github.sha }} deploy: name: Deployment runs-on: ubuntu-latest needs: [build] steps: - name: Create SHA Container Tag id: sha_tag run: | tag=$(cut -c 1-7 <<< $GITHUB_SHA) echo "::set-output name=tag::$tag" - name: Checkout repository uses: actions/checkout@v2 - name: Authenticate with Kubernetes uses: azure/k8s-set-context@v1 with: method: kubeconfig kubeconfig: ${{ secrets.KUBECONFIG }} - name: Deploy to Kubernetes uses: Azure/k8s-deploy@v1 with: manifests: | deployment.yaml images: 'ghcr.io/python-discord/forms-backend:${{ steps.sha_tag.outputs.tag }}' kubectl-version: 'latest'