more robust URL verification using HEAD requests #18
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD pipeline | |
| on: [push] | |
| env: | |
| APP_VERSION: ${{ github.ref_name }} | |
| jobs: | |
| lint-and-test: | |
| name: Run linting, typecheck, and tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install -r test/requirements.txt | |
| - name: Linting | |
| run: | | |
| flake8 -v | |
| pylint metadata_extract src diff test *.py | |
| - name: Type-check | |
| run: mypy metadata_extract src diff main.py | |
| - name: Running tests | |
| run: python -m pytest --cov=metadata_extract | |
| build-and-publish: | |
| name: Create and push Docker image | |
| needs: lint-and-test | |
| if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: nationallibraryofnorway/meteor | |
| tags: | | |
| type=semver,pattern={{version}} | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| - name: Build image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| push: true | |
| context: . | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| file: Dockerfile | |
| build-args: | | |
| USE_GIELLA=true | |
| - name: Docker Hub Description | |
| uses: peter-evans/dockerhub-description@v4 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| repository: nationallibraryofnorway/meteor | |
| short-description: ${{ github.event.repository.description }} | |
| readme-filepath: ./README.md | |
| deploy-to-stage: | |
| name: Deploy to kubernetes stage environment | |
| needs: build-and-publish | |
| runs-on: [self-hosted] | |
| if: github.ref == 'refs/heads/main' | |
| environment: stage | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Import secrets | |
| id: import-secrets | |
| uses: hashicorp/vault-action@v3 | |
| with: | |
| url: ${{ secrets.VAULT_URL }} | |
| method: approle | |
| roleId: ${{ secrets.VAULT_ROLE_ID }} | |
| secretId: ${{ secrets.VAULT_SECRET_ID }} | |
| secrets: | | |
| kv/team/text/data/harvestk8s-text-stage * | |
| - name: Setup Kubectl | |
| uses: azure/setup-kubectl@v4 | |
| with: | |
| version: 'v1.26.5' | |
| - name: Deploy to k8s | |
| run: | | |
| echo "Deploy version ${{ env.APP_VERSION }}" to stage | |
| kubectl config set-cluster k8s --server="${{ steps.import-secrets.outputs.K8S_STAGE_SERVER }}" | |
| kubectl config set clusters.k8s.certificate-authority-data ${{ steps.import-secrets.outputs.K8S_STAGE_NB_NO_CA }} | |
| kubectl config set-credentials ${{ steps.import-secrets.outputs.K8S_STAGE_USER }} --token=${{ steps.import-secrets.outputs.K8S_STAGE_NB_NO_TOKEN }} | |
| kubectl config set-context meteor --cluster=k8s --user=${{ steps.import-secrets.outputs.K8S_STAGE_USER }} --namespace=tekst-stage | |
| kubectl config use-context meteor | |
| kubectl config view | |
| kubectl version | |
| sed -i "s/<pvc_claim_name>/dimo-fileserver-pvc/g" k8s/meteor.yml | |
| sed -i "s/<version>/${{ env.APP_VERSION }}/g" k8s/meteor.yml | |
| sed -i "s/<host_url>/${{ steps.import-secrets.outputs.K8S_HOST_URL }}/g" k8s/meteor.yml | |
| kubectl apply -f k8s/meteor.yml | |
| kubectl rollout restart deploy/meteor | |
| deploy-to-prod: | |
| name: Deploy to kubernetes prod environment | |
| needs: build-and-publish | |
| runs-on: [self-hosted] | |
| if: startsWith(github.event.ref, 'refs/tags/v') | |
| environment: prod | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Import secrets | |
| id: import-secrets | |
| uses: hashicorp/vault-action@v3 | |
| with: | |
| url: ${{ secrets.VAULT_URL }} | |
| method: approle | |
| roleId: ${{ secrets.VAULT_ROLE_ID }} | |
| secretId: ${{ secrets.VAULT_SECRET_ID }} | |
| secrets: | | |
| kv/team/text/data/harvestk8s-text-prod * | |
| - name: Setup Kubectl | |
| uses: azure/setup-kubectl@v4 | |
| with: | |
| version: 'v1.26.5' | |
| - name: Set Version | |
| uses: actions/github-script@v7 | |
| id: set_version | |
| with: | |
| script: | | |
| const no_v = context.ref.replace('refs/tags/v', '') | |
| core.setOutput('img_version', no_v) | |
| - name: Deploy to k8s | |
| run: | | |
| echo "Deploy version ${{ env.APP_VERSION }}" to prod | |
| kubectl config set-cluster k8s --server="${{ steps.import-secrets.outputs.K8S_SERVER }}" | |
| kubectl config set clusters.k8s.certificate-authority-data ${{ steps.import-secrets.outputs.K8S_NB_NO_CA }} | |
| kubectl config set-credentials ${{ steps.import-secrets.outputs.K8S_USER }} --token=${{ steps.import-secrets.outputs.K8S_NB_NO_TOKEN }} | |
| kubectl config set-context meteor --cluster=k8s --user=${{ steps.import-secrets.outputs.K8S_USER }} --namespace=tekst-prod | |
| kubectl config use-context meteor | |
| kubectl config view | |
| kubectl version | |
| sed -i "s/<pvc_claim_name>/dimo-file-server-pvc/g" k8s/meteor.yml | |
| sed -i "s/<version>/${{ steps.set_version.outputs.img_version }}/g" k8s/meteor.yml | |
| sed -i "s/<host_url>/${{ steps.import-secrets.outputs.K8S_HOST_URL }}/g" k8s/meteor.yml | |
| kubectl apply -f k8s/meteor.yml | |
| kubectl rollout restart deploy/meteor |