blob: 80c53d67dcfb17446d829308026f0309ecd201b1 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
name: Forms Backend
on:
push:
branches:
- main
pull_request:
jobs:
lint:
name: Linting
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Setup Python
id: python
uses: actions/setup-python@v2
with:
python-version: '3.9'
- name: Setup Poetry
uses: snok/[email protected]
with:
virtualenvs-create: true
virtualenvs-in-project: true
# When same context exists in cache already, restore this environment.
- name: Poetry Environment Caching
uses: actions/cache@v2
id: python_cache
with:
path: .venv
key: "venv-${{ runner.os }}-${{ steps.python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}"
# Only install dependencies when cache didn't hit.
- name: Install dependencies
if: steps.python_cache.outputs.cache-hit != 'true'
run: |
poetry install
# Use this formatting to show them as GH Actions annotations.
- name: Run flake8
run: "poetry run flake8 --format='::error file=%(path)s,line=%(row)d,col=%(col)d::[flake8] %(code)s: %(text)s'"
# Prepare the Pull Request Payload artifact. If this fails, we
# we fail silently using the `continue-on-error` option. It's
# nice if this succeeds, but if it fails for any reason, it
# does not mean that our lint-test checks failed.
- name: Prepare Pull Request Payload artifact
id: prepare-artifact
if: always() && github.event_name == 'pull_request'
continue-on-error: true
run: cat $GITHUB_EVENT_PATH | jq '.pull_request' > pull_request_payload.json
# This only makes sense if the previous step succeeded. To
# get the original outcome of the previous step before the
# `continue-on-error` conclusion is applied, we use the
# `.outcome` value. This step also fails silently.
- name: Upload a Build Artifact
if: always() && steps.prepare-artifact.outcome == 'success'
continue-on-error: true
uses: actions/upload-artifact@v2
with:
name: pull-request-payload
path: pull_request_payload.json
build:
name: Build & Push
runs-on: ubuntu-latest
needs: [lint]
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
steps:
- name: Create SHA Container Tag
id: sha_tag
run: |
tag=$(cut -c 1-7 <<< $GITHUB_SHA)
echo "::set-output name=tag::$tag"
- name: Checkout repository
uses: actions/checkout@v2
- name: Setup Docker BuildX
uses: docker/setup-buildx-action@v1
- name: Login to Github Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ secrets.GHCR_USER }}
password: ${{ secrets.GHCR_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v2
with:
context: .
file: ./Dockerfile
push: true
cache-from: type=registry,ref=ghcr.io/python-discord/forms-backend:latest
cache-to: type=inline
tags: |
ghcr.io/python-discord/forms-backend:latest
ghcr.io/python-discord/forms-backend:${{ steps.sha_tag.outputs.tag }}
build-args: |
git_sha=${{ github.sha }}
deploy:
name: Deployment
runs-on: ubuntu-latest
needs: [build]
steps:
- name: Create SHA Container Tag
id: sha_tag
run: |
tag=$(cut -c 1-7 <<< $GITHUB_SHA)
echo "::set-output name=tag::$tag"
- name: Checkout repository
uses: actions/checkout@v2
- name: Authenticate with Kubernetes
uses: azure/k8s-set-context@v1
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Deploy to Kubernetes
uses: Azure/k8s-deploy@v1
with:
manifests: |
deployment.yaml
images: 'ghcr.io/python-discord/forms-backend:${{ steps.sha_tag.outputs.tag }}'
kubectl-version: 'latest'
|
