feat: update imports #222
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Kubernetes' | |
| on: | |
| push: | |
| branches: ['master'] | |
| env: | |
| REGISTRY: ghcr.io | |
| BASE_SERVER_IMAGE_NAME: ${{ github.repository }}-authorizer-base-server | |
| BUILDER_IMAGE_NAME: ${{ github.repository }}-authorizer-builder | |
| MIGRATIONS_IMAGE_NAME: ${{ github.repository }}-authorizer-migrations | |
| SERVER_IMAGE_NAME: ${{ github.repository }}-authorizer-server | |
| NGINX_IMAGE_NAME: ${{ github.repository }}-authorizer-nginx | |
| E2E_TESTS_IMAGE_NAME: ${{ github.repository }}-authorizer-e2e-tests | |
| COMPOSE_INTERACTIVE_NO_CLI: 1 | |
| NX_DAEMON: false | |
| NX_PARALLEL: 1 | |
| NX_SKIP_NX_CACHE: true | |
| DISABLE_SERVE_STATIC: true | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # to be able to publish a GitHub release | |
| issues: write # to be able to comment on released issues | |
| pull-requests: write # to be able to comment on released pull requests | |
| id-token: write # to enable use of OIDC for npm provenance | |
| steps: | |
| - uses: actions/checkout@v4 | |
| if: ${{ !contains(github.event.head_commit.message, '[skip release]') }} | |
| - run: yarn install | |
| if: ${{ !contains(github.event.head_commit.message, '[skip release]') }} | |
| - run: echo '' > .env && npm run generate -- --verbose | |
| if: ${{ !contains(github.event.head_commit.message, '[skip release]') }} | |
| - run: npm run nx -- run-many --target=semantic-release -p server-authorizer client-authorizer --parallel=1 --excludeTaskDependencies=true | |
| if: ${{ !contains(github.event.head_commit.message, '[skip release]') }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.NESTJS_MOD_ACCESS_TOKEN_DOCKER }} | |
| - name: Set root_version | |
| id: root_version | |
| run: | | |
| git fetch | |
| echo "root_version="$(npm pkg get version --workspaces=false | tr -d \") >> "$GITHUB_OUTPUT" | |
| - name: Set server_version | |
| id: server_version | |
| run: | | |
| git fetch | |
| echo "server_version="$(cd ./apps/server-authorizer && npm pkg get version --workspaces=false | tr -d \") >> "$GITHUB_OUTPUT" | |
| - name: Set client_version | |
| id: client_version | |
| run: | | |
| git fetch | |
| echo "client_version="$(cd ./apps/client-authorizer && npm pkg get version --workspaces=false | tr -d \") >> "$GITHUB_OUTPUT" | |
| outputs: | |
| root_version: ${{ steps.root_version.outputs.root_version }} | |
| server_version: ${{ steps.server_version.outputs.server_version }} | |
| client_version: ${{ steps.client_version.outputs.client_version }} | |
| check-base-server-image: | |
| runs-on: ubuntu-latest | |
| needs: [release] | |
| continue-on-error: true | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Check exists docker image | |
| id: check-exists | |
| run: | | |
| export TOKEN=$(curl -u ${{ github.actor }}:${{ secrets.NESTJS_MOD_ACCESS_TOKEN_DOCKER }} https://${{ env.REGISTRY }}/token\?scope\="repository:${{ env.BASE_SERVER_IMAGE_NAME}}:pull" | jq -r .token) | |
| curl --head --fail -H "Authorization: Bearer $TOKEN" https://${{ env.REGISTRY }}/v2/${{ env.BASE_SERVER_IMAGE_NAME}}/manifests/${{ needs.release.outputs.root_version }} | |
| - name: Store result of check exists docker image | |
| id: store-check-exists | |
| if: ${{ !contains(needs.check-exists.outputs.result, 'HTTP/2 404') }} | |
| run: | | |
| echo "conclusion=success" >> "$GITHUB_OUTPUT" | |
| outputs: | |
| result: ${{ steps.store-check-exists.outputs.conclusion }} | |
| check-builder-image: | |
| runs-on: ubuntu-latest | |
| needs: [release] | |
| continue-on-error: true | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Check exists docker image | |
| id: check-exists | |
| run: | | |
| export TOKEN=$(curl -u ${{ github.actor }}:${{ secrets.NESTJS_MOD_ACCESS_TOKEN_DOCKER }} https://${{ env.REGISTRY }}/token\?scope\="repository:${{ env.BUILDER_IMAGE_NAME}}:pull" | jq -r .token) | |
| curl --head --fail -H "Authorization: Bearer $TOKEN" https://${{ env.REGISTRY }}/v2/${{ env.BUILDER_IMAGE_NAME}}/manifests/${{ needs.release.outputs.root_version }} | |
| - name: Store result of check exists docker image | |
| id: store-check-exists | |
| if: ${{ !contains(needs.check-exists.outputs.result, 'HTTP/2 404') }} | |
| run: | | |
| echo "conclusion=success" >> "$GITHUB_OUTPUT" | |
| outputs: | |
| result: ${{ steps.store-check-exists.outputs.conclusion }} | |
| check-migrations-image: | |
| runs-on: ubuntu-latest | |
| needs: [release] | |
| continue-on-error: true | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Check exists docker image | |
| id: check-exists | |
| run: | | |
| export TOKEN=$(curl -u ${{ github.actor }}:${{ secrets.NESTJS_MOD_ACCESS_TOKEN_DOCKER }} https://${{ env.REGISTRY }}/token\?scope\="repository:${{ env.MIGRATIONS_IMAGE_NAME}}:pull" | jq -r .token) | |
| curl --head --fail -H "Authorization: Bearer $TOKEN" https://${{ env.REGISTRY }}/v2/${{ env.MIGRATIONS_IMAGE_NAME}}/manifests/${{ needs.release.outputs.root_version }} | |
| - name: Store result of check exists docker image | |
| id: store-check-exists | |
| if: ${{ !contains(needs.check-exists.outputs.result, 'HTTP/2 404') }} | |
| run: | | |
| echo "conclusion=success" >> "$GITHUB_OUTPUT" | |
| outputs: | |
| result: ${{ steps.store-check-exists.outputs.conclusion }} | |
| check-server-image: | |
| runs-on: ubuntu-latest | |
| needs: [release] | |
| continue-on-error: true | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Check exists docker image | |
| id: check-exists | |
| run: | | |
| export TOKEN=$(curl -u ${{ github.actor }}:${{ secrets.NESTJS_MOD_ACCESS_TOKEN_DOCKER }} https://${{ env.REGISTRY }}/token\?scope\="repository:${{ env.SERVER_IMAGE_NAME}}:pull" | jq -r .token) | |
| curl --head --fail -H "Authorization: Bearer $TOKEN" https://${{ env.REGISTRY }}/v2/${{ env.SERVER_IMAGE_NAME}}/manifests/${{ needs.release.outputs.server_version }} | |
| - name: Store result of check exists docker image | |
| id: store-check-exists | |
| if: ${{ !contains(needs.check-exists.outputs.result, 'HTTP/2 404') }} | |
| run: | | |
| echo "conclusion=success" >> "$GITHUB_OUTPUT" | |
| outputs: | |
| result: ${{ steps.store-check-exists.outputs.conclusion }} | |
| check-nginx-image: | |
| runs-on: ubuntu-latest | |
| needs: [release] | |
| continue-on-error: true | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Check exists docker image | |
| id: check-exists | |
| run: | | |
| export TOKEN=$(curl -u ${{ github.actor }}:${{ secrets.NESTJS_MOD_ACCESS_TOKEN_DOCKER }} https://${{ env.REGISTRY }}/token\?scope\="repository:${{ env.NGINX_IMAGE_NAME}}:pull" | jq -r .token) | |
| curl --head --fail -H "Authorization: Bearer $TOKEN" https://${{ env.REGISTRY }}/v2/${{ env.NGINX_IMAGE_NAME}}/manifests/${{ needs.release.outputs.client_version }} | |
| - name: Store result of check exists docker image | |
| id: store-check-exists | |
| if: ${{ !contains(needs.check-exists.outputs.result, 'HTTP/2 404') }} | |
| run: | | |
| echo "conclusion=success" >> "$GITHUB_OUTPUT" | |
| outputs: | |
| result: ${{ steps.store-check-exists.outputs.conclusion }} | |
| check-e2e-tests-image: | |
| runs-on: ubuntu-latest | |
| needs: [release] | |
| continue-on-error: true | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Check exists docker image | |
| id: check-exists | |
| run: | | |
| export TOKEN=$(curl -u ${{ github.actor }}:${{ secrets.NESTJS_MOD_ACCESS_TOKEN_DOCKER }} https://${{ env.REGISTRY }}/token\?scope\="repository:${{ env.E2E_TESTS_IMAGE_NAME}}:pull" | jq -r .token) | |
| curl --head --fail -H "Authorization: Bearer $TOKEN" https://${{ env.REGISTRY }}/v2/${{ env.E2E_TESTS_IMAGE_NAME}}/manifests/${{ needs.release.outputs.root_version }} | |
| - name: Store result of check exists docker image | |
| id: store-check-exists | |
| if: ${{ !contains(github.event.head_commit.message, '[skip e2e cache]') && !contains(needs.check-exists.outputs.result, 'HTTP/2 404') }} | |
| run: | | |
| echo "conclusion=success" >> "$GITHUB_OUTPUT" | |
| outputs: | |
| result: ${{ steps.store-check-exists.outputs.conclusion }} | |
| build-and-push-base-server-image: | |
| runs-on: ubuntu-latest | |
| needs: [release, check-base-server-image] | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| if: ${{ needs.check-base-server-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') }} | |
| uses: actions/checkout@v4 | |
| - name: Log in to the Container registry | |
| if: ${{ needs.check-base-server-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') }} | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.NESTJS_MOD_ACCESS_TOKEN_DOCKER }} | |
| - name: Build and push Docker image | |
| if: ${{ needs.check-base-server-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') }} | |
| id: push | |
| uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 | |
| with: | |
| context: . | |
| push: true | |
| file: ./.docker/base-server.Dockerfile | |
| tags: ${{ env.REGISTRY}}/${{ env.BASE_SERVER_IMAGE_NAME}}:${{ needs.release.outputs.root_version }},${{ env.REGISTRY}}/${{ env.BASE_SERVER_IMAGE_NAME}}:latest | |
| cache-from: type=registry,ref=${{ env.REGISTRY}}/${{ env.BASE_SERVER_IMAGE_NAME}}:${{ needs.release.outputs.root_version }} | |
| cache-to: type=inline | |
| - name: Generate artifact attestation | |
| continue-on-error: true | |
| if: ${{ needs.check-base-server-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') }} | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.BASE_SERVER_IMAGE_NAME}} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true | |
| build-and-push-migrations-image: | |
| runs-on: ubuntu-latest | |
| needs: [release, check-migrations-image] | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| if: ${{ needs.check-migrations-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip migrations cache]') }} | |
| uses: actions/checkout@v4 | |
| - name: Log in to the Container registry | |
| if: ${{ needs.check-migrations-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip migrations cache]') }} | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.NESTJS_MOD_ACCESS_TOKEN_DOCKER }} | |
| - name: Build Docker image | |
| if: ${{ needs.check-migrations-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip migrations cache]') }} | |
| id: push | |
| uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 | |
| with: | |
| context: . | |
| push: true | |
| file: ./.docker/migrations.Dockerfile | |
| tags: ${{ env.REGISTRY}}/${{ env.MIGRATIONS_IMAGE_NAME}}:${{ needs.release.outputs.root_version }},${{ env.REGISTRY}}/${{ env.MIGRATIONS_IMAGE_NAME}}:latest | |
| cache-from: type=registry,ref=${{ env.REGISTRY}}/${{ env.MIGRATIONS_IMAGE_NAME}}:${{ needs.release.outputs.root_version }} | |
| cache-to: type=inline | |
| - name: Generate artifact attestation | |
| continue-on-error: true | |
| if: ${{ (needs.check-migrations-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip migrations cache]')) }} | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.MIGRATIONS_IMAGE_NAME}} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true | |
| build-and-push-builder-image: | |
| runs-on: ubuntu-latest | |
| needs: [release, check-builder-image] | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| if: ${{ needs.check-builder-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') }} | |
| uses: actions/checkout@v4 | |
| - name: Log in to the Container registry | |
| if: ${{ needs.check-builder-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') }} | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.NESTJS_MOD_ACCESS_TOKEN_DOCKER }} | |
| - name: Build Docker image | |
| if: ${{ needs.check-builder-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') }} | |
| id: push | |
| uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 | |
| with: | |
| context: . | |
| push: true | |
| file: ./.docker/builder.Dockerfile | |
| tags: ${{ env.REGISTRY}}/${{ env.BUILDER_IMAGE_NAME}}:${{ needs.release.outputs.root_version }},${{ env.REGISTRY}}/${{ env.BUILDER_IMAGE_NAME}}:latest | |
| cache-from: type=registry,ref=${{ env.REGISTRY}}/${{ env.BUILDER_IMAGE_NAME}}:${{ needs.release.outputs.root_version }} | |
| cache-to: type=inline | |
| - name: Generate artifact attestation | |
| continue-on-error: true | |
| if: ${{ needs.check-builder-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') }} | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.BUILDER_IMAGE_NAME}} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true | |
| build-and-push-server-image: | |
| runs-on: ubuntu-latest | |
| needs: | |
| [ | |
| release, | |
| build-and-push-builder-image, | |
| build-and-push-base-server-image, | |
| check-server-image, | |
| ] | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| if: ${{ needs.check-server-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip server cache]') }} | |
| uses: actions/checkout@v4 | |
| - name: Log in to the Container registry | |
| if: ${{ needs.check-server-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip server cache]') }} | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.NESTJS_MOD_ACCESS_TOKEN_DOCKER }} | |
| - name: Generate and build production code | |
| if: ${{ needs.check-server-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip server cache]') }} | |
| run: | | |
| mkdir -p dist | |
| docker run -v ./dist:/usr/src/app/dist -v ./apps:/usr/src/app/apps -v ./libs:/usr/src/app/libs ${{ env.REGISTRY}}/${{ env.BUILDER_IMAGE_NAME}}:${{ needs.release.outputs.root_version }} | |
| - name: Build and push Docker image | |
| if: ${{ needs.check-server-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip server cache]') }} | |
| id: push | |
| uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 | |
| with: | |
| context: . | |
| push: true | |
| file: ./.docker/server.Dockerfile | |
| build-args: BASE_SERVER_IMAGE_TAG=${{ needs.release.outputs.root_version }} | |
| tags: ${{ env.REGISTRY}}/${{ env.SERVER_IMAGE_NAME}}:${{ needs.release.outputs.server_version }},${{ env.REGISTRY}}/${{ env.SERVER_IMAGE_NAME}}:latest | |
| cache-from: type=registry,ref=${{ env.REGISTRY}}/${{ env.SERVER_IMAGE_NAME}}:${{ needs.release.outputs.server_version }} | |
| cache-to: type=inline | |
| - name: Generate artifact attestation | |
| continue-on-error: true | |
| if: ${{ needs.check-server-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip server cache]') }} | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.SERVER_IMAGE_NAME}} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true | |
| build-and-push-nginx-image: | |
| runs-on: ubuntu-latest | |
| needs: [release, build-and-push-builder-image, check-nginx-image] | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| steps: | |
| - name: Checkout repository | |
| if: ${{ needs.check-nginx-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip nginx cache]') }} | |
| uses: actions/checkout@v4 | |
| - name: Log in to the Container registry | |
| if: ${{ needs.check-nginx-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip nginx cache]') }} | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.NESTJS_MOD_ACCESS_TOKEN_DOCKER }} | |
| - name: Generate and build production code | |
| if: ${{ needs.check-nginx-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip nginx cache]') }} | |
| run: | | |
| mkdir -p dist | |
| docker run -v ./dist:/usr/src/app/dist -v ./apps:/usr/src/app/apps -v ./libs:/usr/src/app/libs ${{ env.REGISTRY}}/${{ env.BUILDER_IMAGE_NAME}}:${{ needs.release.outputs.root_version }} | |
| - name: Build and push Docker image | |
| if: ${{ needs.check-nginx-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip nginx cache]') }} | |
| id: push | |
| uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 | |
| with: | |
| context: . | |
| push: true | |
| file: ./.docker/nginx.Dockerfile | |
| tags: ${{ env.REGISTRY}}/${{ env.NGINX_IMAGE_NAME}}:${{ needs.release.outputs.client_version }},${{ env.REGISTRY}}/${{ env.NGINX_IMAGE_NAME}}:latest | |
| cache-from: type=registry,ref=${{ env.REGISTRY}}/${{ env.NGINX_IMAGE_NAME}}:${{ needs.release.outputs.client_version }} | |
| cache-to: type=inline | |
| - name: Generate artifact attestation | |
| continue-on-error: true | |
| if: ${{ needs.check-nginx-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip nginx cache]') }} | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.NGINX_IMAGE_NAME}} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true | |
| build-and-push-e2e-tests-image: | |
| runs-on: ubuntu-latest | |
| needs: [release, check-e2e-tests-image] | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| env: | |
| ROOT_VERSION: ${{ needs.release.outputs.root_version }} | |
| SERVER_VERSION: ${{ needs.release.outputs.server_version }} | |
| CLIENT_VERSION: ${{ needs.release.outputs.client_version }} | |
| steps: | |
| - name: Checkout repository | |
| if: ${{ needs.check-e2e-tests-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip e2e cache]') }} | |
| uses: actions/checkout@v4 | |
| - name: Log in to the Container registry | |
| if: ${{ needs.check-e2e-tests-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip e2e cache]') }} | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.NESTJS_MOD_ACCESS_TOKEN_DOCKER }} | |
| - name: Build and push Docker image | |
| if: ${{ needs.check-e2e-tests-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip e2e cache]') }} | |
| id: push | |
| uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 | |
| with: | |
| context: . | |
| push: true | |
| file: ./.docker/e2e-tests.Dockerfile | |
| tags: ${{ env.REGISTRY}}/${{ env.E2E_TESTS_IMAGE_NAME}}:${{ needs.release.outputs.root_version }},${{ env.REGISTRY}}/${{ env.E2E_TESTS_IMAGE_NAME}}:latest | |
| cache-from: type=registry,ref=${{ env.REGISTRY}}/${{ env.E2E_TESTS_IMAGE_NAME}}:${{ needs.release.outputs.root_version }} | |
| cache-to: type=inline | |
| - name: Generate artifact attestation | |
| continue-on-error: true | |
| if: ${{ needs.check-e2e-tests-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip e2e cache]') }} | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.E2E_TESTS_IMAGE_NAME}} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true | |
| deploy: | |
| environment: kubernetes | |
| needs: | |
| [ | |
| release, | |
| check-server-image, | |
| build-and-push-migrations-image, | |
| build-and-push-server-image, | |
| build-and-push-nginx-image, | |
| build-and-push-e2e-tests-image, | |
| ] | |
| runs-on: [self-hosted] | |
| env: | |
| ROOT_VERSION: ${{ needs.release.outputs.root_version }} | |
| SERVER_VERSION: ${{ needs.release.outputs.server_version }} | |
| CLIENT_VERSION: ${{ needs.release.outputs.client_version }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| # We must fetch at least the immediate parents so that if this is | |
| # a pull request then we can checkout the head. | |
| fetch-depth: 2 | |
| # WE DO NOT LAUNCH IT BECAUSE THE SERVER IS THE SAME AS IN THE REPOSITORY https://github.com/nestjs-mod/nestjs-mod-sso | |
| # THIS COMMAND WAS ALREADY LAUNCHED | |
| # - name: Deploy infrastructure | |
| # if: ${{ needs.check-server-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip infrastructure]') }} | |
| # env: | |
| # SERVER_APP_DATABASE_NAME: ${{ secrets.SERVER_APP_DATABASE_NAME }} | |
| # SERVER_APP_DATABASE_PASSWORD: ${{ secrets.SERVER_APP_DATABASE_PASSWORD }} | |
| # SERVER_APP_DATABASE_USERNAME: ${{ secrets.SERVER_APP_DATABASE_USERNAME }} | |
| # SERVER_POSTGRE_SQL_POSTGRESQL_DATABASE: ${{ secrets.ROOT_POSTGRES_DATABASE }} | |
| # SERVER_POSTGRE_SQL_POSTGRESQL_PASSWORD: ${{ secrets.ROOT_POSTGRES_PASSWORD }} | |
| # SERVER_POSTGRE_SQL_POSTGRESQL_USERNAME: ${{ secrets.ROOT_POSTGRES_USER }} | |
| # SERVER_WEBHOOK_DATABASE_NAME: ${{ secrets.SERVER_WEBHOOK_DATABASE_NAME }} | |
| # SERVER_WEBHOOK_DATABASE_PASSWORD: ${{ secrets.SERVER_WEBHOOK_DATABASE_PASSWORD }} | |
| # SERVER_WEBHOOK_DATABASE_USERNAME: ${{ secrets.SERVER_WEBHOOK_DATABASE_USERNAME }} | |
| # SERVER_AUTH_DATABASE_NAME: ${{ secrets.SERVER_AUTH_DATABASE_NAME }} | |
| # SERVER_AUTH_DATABASE_PASSWORD: ${{ secrets.SERVER_AUTH_DATABASE_PASSWORD }} | |
| # SERVER_AUTH_DATABASE_USERNAME: ${{ secrets.SERVER_AUTH_DATABASE_USERNAME }} | |
| # SERVER_AUTHORIZER_ADMIN_SECRET: ${{ secrets.SERVER_AUTHORIZER_ADMIN_SECRET }} | |
| # SERVER_AUTH_ADMIN_PASSWORD: ${{ secrets.SERVER_AUTH_ADMIN_PASSWORD }} | |
| # SERVER_MINIO_MINIO_ROOT_USER: ${{ secrets.SERVER_MINIO_MINIO_ROOT_USER }} | |
| # SERVER_MINIO_MINIO_ROOT_PASSWORD: ${{ secrets.SERVER_MINIO_MINIO_ROOT_PASSWORD }} | |
| # SERVER_REDIS_REDIS_PASSWORD: ${{ secrets.SERVER_REDIS_REDIS_PASSWORD }} | |
| # run: | | |
| # rm -rf ./.kubernetes/generated | |
| # . .kubernetes/set-env.sh && npx -y rucken copy-paste --find=templates --replace=generated --replace-plural=generated --path=./.kubernetes/templates --replace-envs=true | |
| # docker compose -f ./.kubernetes/generated/docker-compose-infra.yml --compatibility down || echo 'docker-compose-infra not started' | |
| # docker compose -f ./.kubernetes/generated/docker-compose-infra.yml --compatibility up -d | |
| - name: Deploy applications | |
| # if: ${{ needs.check-server-image.outputs.result != 'success' || contains(github.event.head_commit.message, '[skip cache]') || contains(github.event.head_commit.message, '[skip applications]') }} | |
| env: | |
| DOCKER_SERVER: ${{ env.REGISTRY }} | |
| DOCKER_USERNAME: ${{ github.actor }} | |
| DOCKER_PASSWORD: ${{ secrets.NESTJS_MOD_ACCESS_TOKEN_DOCKER }} | |
| SERVER_DOMAIN: ${{ secrets.SERVER_DOMAIN }} | |
| SERVER_PORT: 8080 | |
| SERVER_APP_DATABASE_NAME: ${{ secrets.SERVER_APP_DATABASE_NAME }} | |
| SERVER_APP_DATABASE_PASSWORD: ${{ secrets.SERVER_APP_DATABASE_PASSWORD }} | |
| SERVER_APP_DATABASE_USERNAME: ${{ secrets.SERVER_APP_DATABASE_USERNAME }} | |
| SERVER_POSTGRE_SQL_POSTGRESQL_DATABASE: ${{ secrets.ROOT_POSTGRES_DATABASE }} | |
| SERVER_POSTGRE_SQL_POSTGRESQL_PASSWORD: ${{ secrets.ROOT_POSTGRES_PASSWORD }} | |
| SERVER_POSTGRE_SQL_POSTGRESQL_USERNAME: ${{ secrets.ROOT_POSTGRES_USER }} | |
| SERVER_WEBHOOK_DATABASE_NAME: ${{ secrets.SERVER_WEBHOOK_DATABASE_NAME }} | |
| SERVER_WEBHOOK_DATABASE_PASSWORD: ${{ secrets.SERVER_WEBHOOK_DATABASE_PASSWORD }} | |
| SERVER_WEBHOOK_DATABASE_USERNAME: ${{ secrets.SERVER_WEBHOOK_DATABASE_USERNAME }} | |
| SERVER_AUTH_DATABASE_NAME: ${{ secrets.SERVER_AUTH_DATABASE_NAME }} | |
| SERVER_AUTH_DATABASE_PASSWORD: ${{ secrets.SERVER_AUTH_DATABASE_PASSWORD }} | |
| SERVER_AUTH_DATABASE_USERNAME: ${{ secrets.SERVER_AUTH_DATABASE_USERNAME }} | |
| SERVER_AUTHORIZER_ADMIN_SECRET: ${{ secrets.SERVER_AUTHORIZER_ADMIN_SECRET }} | |
| SERVER_AUTH_ADMIN_PASSWORD: ${{ secrets.SERVER_AUTH_ADMIN_PASSWORD }} | |
| SERVER_MINIO_MINIO_ROOT_USER: ${{ secrets.SERVER_MINIO_MINIO_ROOT_USER }} | |
| SERVER_MINIO_MINIO_ROOT_PASSWORD: ${{ secrets.SERVER_MINIO_MINIO_ROOT_PASSWORD }} | |
| SERVER_REDIS_REDIS_PASSWORD: ${{ secrets.SERVER_REDIS_REDIS_PASSWORD }} | |
| run: | | |
| echo 'Start' | |
| rm -rf ./.kubernetes/generated | |
| . .kubernetes/set-env.sh && npx -y rucken copy-paste --find=templates --replace=generated --replace-plural=generated --path=./.kubernetes/templates --replace-envs=true | |
| echo 'Check k8s' | |
| sudo microk8s status --wait-ready | echo 'Skip error' | |
| echo 'Start apply k8s' | |
| chmod +x .kubernetes/generated/install.sh | |
| .kubernetes/generated/install.sh > /dev/null 2>&1 | |
| echo 'End' | |
| e2e-tests: | |
| environment: kubernetes | |
| runs-on: ubuntu-latest | |
| needs: [release, deploy] | |
| permissions: | |
| contents: read | |
| packages: read | |
| id-token: write | |
| env: | |
| ROOT_VERSION: ${{ needs.release.outputs.root_version }} | |
| SERVER_VERSION: ${{ needs.release.outputs.server_version }} | |
| CLIENT_VERSION: ${{ needs.release.outputs.client_version }} | |
| steps: | |
| - name: Checkout repository | |
| if: ${{ !contains(github.event.head_commit.message, '[skip e2e]') }} | |
| uses: actions/checkout@v4 | |
| - name: Log in to the Container registry | |
| if: ${{ !contains(github.event.head_commit.message, '[skip e2e]') }} | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.NESTJS_MOD_ACCESS_TOKEN_DOCKER }} | |
| - name: Run E2E-tests | |
| if: ${{ !contains(github.event.head_commit.message, '[skip e2e]') }} | |
| env: | |
| SERVER_DOMAIN: ${{ secrets.SERVER_DOMAIN }} | |
| SERVER_AUTH_ADMIN_PASSWORD: ${{ secrets.SERVER_AUTH_ADMIN_PASSWORD }} | |
| SERVER_AUTHORIZER_ADMIN_SECRET: ${{ secrets.SERVER_AUTHORIZER_ADMIN_SECRET }} | |
| run: | | |
| rm -rf ./.kubernetes/generated | |
| . .kubernetes/set-env.sh && npx -y rucken copy-paste --find=templates --replace=generated --replace-plural=generated --path=./.kubernetes/templates --replace-envs=true | |
| npx -y wait-on --log https://$SERVER_DOMAIN/api/health --log https://$SERVER_DOMAIN | |
| docker compose -f ./.kubernetes/generated/docker-compose-e2e-tests.yml --compatibility up | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: e2e-tests-videos | |
| path: apps/client-authorizer-e2e/src/video/ |