diff options
| -rw-r--r-- | .github/workflows/build-deploy.yaml | 70 | ||||
| -rw-r--r-- | .github/workflows/lint-test.yaml (renamed from .github/workflows/lint-test-deploy.yaml) | 80 |
2 files changed, 83 insertions, 67 deletions
diff --git a/.github/workflows/build-deploy.yaml b/.github/workflows/build-deploy.yaml new file mode 100644 index 00000000..668927e0 --- /dev/null +++ b/.github/workflows/build-deploy.yaml @@ -0,0 +1,70 @@ +name: Build & Deploy + +on: + workflow_run: + workflows: ["Lint & Test"] + branches: + - master + types: + - completed + + build-and-deploy: + name: Build and Deploy to Kubernetes + needs: lint-test + if: github.event.workflow_run.conclusion == 'success' + runs-on: ubuntu-latest + + steps: + # Create a commit SHA-based tag for the container repositories + - name: Create SHA Container Tag + id: sha_tag + run: | + tag=$(cut -c 1-7 <<< $GITHUB_SHA) + echo "::set-output name=tag::$tag" + + - name: Checkout code + uses: actions/checkout@v2 + + # The current version (v2) of Docker's build-push action uses + # buildx, which comes with BuildKit features that help us speed + # up our builds using additional cache features. Buildx also + # has a lot of other features that are not as relevant to us. + # + # See https://github.com/docker/build-push-action + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to Github Container Registry + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ secrets.GHCR_USER }} + password: ${{ secrets.GHCR_TOKEN }} + + # Build the container, including an inline cache manifest to + # allow us to use the registry as a cache source. + - name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + file: ./Dockerfile + push: true + cache-from: type=registry,ref=ghcr.io/python-discord/site:latest + cache-to: type=inline + tags: | + ghcr.io/python-discord/site:latest + ghcr.io/python-discord/site:${{ steps.sha_tag.outputs.tag }} + + - name: Authenticate with Kubernetes + uses: azure/k8s-set-context@v1 + with: + method: kubeconfig + kubeconfig: ${{ secrets.KUBECONFIG }} + + - name: Deploy to Kubernetes + uses: Azure/k8s-deploy@v1 + with: + manifests: | + deployment.yaml + images: 'ghcr.io/python-discord/site:${{ steps.sha_tag.outputs.tag }}' + kubectl-version: 'latest' diff --git a/.github/workflows/lint-test-deploy.yaml b/.github/workflows/lint-test.yaml index 7369a3b8..80305322 100644 --- a/.github/workflows/lint-test-deploy.yaml +++ b/.github/workflows/lint-test.yaml @@ -1,13 +1,10 @@ -name: Lint, Test & Deploy +name: Lint & Test on: push: branches: - master - # We use pull_request_target as we get PRs from - # forks, but need to be able to add annotations - # for our flake8 step. - pull_request_target: + pull_request: jobs: @@ -34,12 +31,8 @@ jobs: - name: Add custom PYTHONUSERBASE to PATH run: echo '${{ env.PYTHONUSERBASE }}/bin/' >> $GITHUB_PATH - # We don't want to persist credentials, as our GitHub Action - # may be run when a PR is made from a fork. - name: Checkout repository uses: actions/checkout@v2 - with: - persist-credentials: false - name: Setup python id: python @@ -86,14 +79,18 @@ jobs: - name: Run pre-commit hooks run: export PIP_USER=0; SKIP=flake8 pre-commit run --all-files - # This step requires `pull_request_target`, as adding annotations - # requires "write" permissions to the repo. + # Run flake8 and have it format the linting errors in the format of + # the GitHub Workflow command to register error annotations. This + # means that our flake8 output is automatically added as an error + # annotation to both the run result and in the "Files" tab of a + # pull request. + # + # Format used: + # ::error file={filename},line={line},col={col}::{message} - name: Run flake8 - uses: julianwachholz/flake8-action@v1 - with: - checkName: lint-test - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: "flake8 \ + --format='::error file=%(path)s,line=%(row)d,col=%(col)d::\ + [flake8] %(code)s: %(text)s'" - name: Run database using docker-compose run: docker-compose run -d -p 7777:5432 --name pydis_web postgres @@ -119,54 +116,3 @@ jobs: - name: Tear down docker-compose containers run: docker-compose stop if: ${{ always() }} - - build-and-deploy: - name: Build and Deploy to Kubernetes - needs: lint-test - if: github.event_name != 'pull_request_target' && github.ref == 'refs/heads/master' - runs-on: ubuntu-latest - - steps: - # Create a commit SHA-based tag for the container repositories - - name: Create SHA Container Tag - id: sha_tag - run: | - tag=$(cut -c 1-7 <<< $GITHUB_SHA) - echo "::set-output name=tag::$tag" - - name: Checkout code - uses: actions/checkout@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to Github Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ secrets.GHCR_USER }} - password: ${{ secrets.GHCR_TOKEN }} - - - name: Build and push - uses: docker/build-push-action@v2 - with: - context: . - file: ./Dockerfile - push: true - cache-from: type=registry,ref=ghcr.io/python-discord/site:latest - tags: | - ghcr.io/python-discord/site:latest - ghcr.io/python-discord/site:${{ steps.sha_tag.outputs.tag }} - - - name: Authenticate with Kubernetes - uses: azure/k8s-set-context@v1 - with: - method: kubeconfig - kubeconfig: ${{ secrets.KUBECONFIG }} - - - name: Deploy to Kubernetes - uses: Azure/k8s-deploy@v1 - with: - manifests: | - deployment.yaml - images: 'ghcr.io/python-discord/site:${{ steps.sha_tag.outputs.tag }}' - kubectl-version: 'latest' |