Skip to content

feat(auth): no "unknown_account" email message when random password r… #456

feat(auth): no "unknown_account" email message when random password r…

feat(auth): no "unknown_account" email message when random password r… #456

Workflow file for this run

name: Deploy to cluster
on:
push:
branches:
- main
- develop
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
build:
name: Build images
runs-on: ubuntu-latest
outputs:
image_tag: ${{ steps.meta.outputs.image_tag }}
release_version: ${{ steps.meta.outputs.release_version }}
steps:
-
name: Checkout
uses: actions/checkout@v3
- name: Prepare references and release
id: meta
run: |
echo "image_tag=sha-`echo ${GITHUB_SHA} | cut -c1-7`" >> $GITHUB_OUTPUT
echo "release_version=${GITHUB_SHA}" >> $GITHUB_OUTPUT
- name: Invalidate wiki content
run: |
date > wiki/.ts
- name: Prepare Sentry release
uses: getsentry/action-release@v1
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
with:
environment: production
finalize: false
version: ${{ secrets.SENTRY_PROJECT }}@${{ steps.meta.outputs.release_version }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: nologin
password: ${{ secrets.SCW_SECRET_KEY }}
registry: ${{ secrets.SCW_REGISTRY_ENDPOINT }}
- name: Prepare web image metadata
id: webMeta
uses: docker/metadata-action@v4
with:
# list of Docker images to use as base name for tags
images: |
${{ secrets.SCW_REGISTRY_ENDPOINT }}/web
# generate Docker tags based on the following events/attributes
tags: |
type=ref,event=branch
type=ref,event=tag
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
-
name: Build and push web
uses: docker/build-push-action@v4
with:
context: .
file: Dockerfile
push: true
target: web-stable
# TODO: ends with 400
# cache-from: type=registry,ref=${{ secrets.SCW_REGISTRY_ENDPOINT }}/web:buildcache
# cache-to: type=registry,ref=${{ secrets.SCW_REGISTRY_ENDPOINT }}/web:buildcache,mode=max
cache-from: type=gha
cache-to: type=gha,mode=max
tags: ${{ steps.webMeta.outputs.tags }}
labels: ${{ steps.webMeta.outputs.labels }}
build-args: |
SENTRY_RELEASE_ENVIRONMENT=production
SENTRY_RELEASE_NAME=${{ secrets.SENTRY_PROJECT }}@${{ steps.meta.outputs.release_version }}
DJANGO_RELEASE_NAME=${{ secrets.SENTRY_PROJECT }}@${{ steps.meta.outputs.release_version }}
secrets: |
SENTRY_ORG=${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT=${{ secrets.SENTRY_PROJECT }}
SENTRY_WEBPACK_AUTH_TOKEN=${{ secrets.SENTRY_WEBPACK_AUTH_TOKEN }}
- name: Prepare image metadata
id: proxyMeta
uses: docker/metadata-action@v4
with:
# list of Docker images to use as base name for tags
images: |
${{ secrets.SCW_REGISTRY_ENDPOINT }}/proxy
# generate Docker tags based on the following events/attributes
tags: |
type=ref,event=branch
type=ref,event=tag
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
-
name: Build and push proxy
uses: docker/build-push-action@v4
with:
context: .
file: Dockerfile
push: true
target: proxy-stable
# TODO: ends with 400
# cache-from: type=registry,ref=${{ secrets.SCW_REGISTRY_ENDPOINT }}/web:buildcache
# cache-to: type=registry,ref=${{ secrets.SCW_REGISTRY_ENDPOINT }}/web:buildcache,mode=max
cache-from: type=gha
cache-to: type=gha,mode=max
tags: ${{ steps.proxyMeta.outputs.tags }}
labels: ${{ steps.proxyMeta.outputs.labels }}
build-args: |
SENTRY_RELEASE_ENVIRONMENT=production
SENTRY_RELEASE_NAME=${{ secrets.SENTRY_PROJECT }}@${{ steps.meta.outputs.release_version }}
secrets: |
SENTRY_ORG=${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT=${{ secrets.SENTRY_PROJECT }}
SENTRY_WEBPACK_AUTH_TOKEN=${{ secrets.SENTRY_WEBPACK_AUTH_TOKEN }}
deploy:
name: Deploy to cluster
runs-on: ubuntu-latest
concurrency: deploy
environment:
name: production
url: https://fiesta.plus
needs:
- build
steps:
- uses: actions/checkout@v1
- name: Setup k8s context
run: |
echo "${{ secrets.KUBECONFIG }}" > kubeconfig.yaml
- name: Deploy
uses: 'vimeda/helm@v1.7.0'
with:
release: 'fiesta'
namespace: 'fiesta'
chart: 'charts'
token: '${{ github.token }}'
timeout: 120s
values: >-
web:
repository: ${{ secrets.SCW_REGISTRY_ENDPOINT }}/web
tag: ${{ needs.build.outputs.image_tag }}
proxy:
repository: ${{ secrets.SCW_REGISTRY_ENDPOINT }}/proxy
tag: ${{ needs.build.outputs.image_tag }}
ingress:
certContactEmail: ${{ secrets.CERT_CONTACT_EMAIL }}
secrets:
databaseUrl: ${{ secrets.DATABASE_URL }}
s3:
keyId: ${{ secrets.S3_KEY_ID }}
accessKey: ${{ secrets.S3_ACCESS_KEY }}
regionName: ${{ secrets.S3_REGION_NAME }}
bucketName: ${{ secrets.S3_BUCKET_NAME }}
dnsWebhook:
accessKey: ${{ secrets.SCW_DNS_ACCESS_KEY }}
secretKey: ${{ secrets.SCW_DNS_SECRET_KEY }}
sentry:
dsn: ${{ secrets.SENTRY_DSN }}
jsLoaderUrl: ${{ secrets.SENTRY_JS_LOADER_URL }}
recaptcha:
siteKey: ${{ secrets.RECAPTCHA_SITE_KEY }}
secretKey: ${{ secrets.RECAPTCHA_SECRET_KEY }}
mailer:
primary:
host: ${{ secrets.DJANGO_MAILER_PRIMARY_HOST }}
port: "${{ secrets.DJANGO_MAILER_PRIMARY_HOST_PORT }}"
user: ${{ secrets.DJANGO_MAILER_PRIMARY_HOST_USER }}
password: ${{ secrets.DJANGO_MAILER_PRIMARY_HOST_PASSWORD }}
value-files: >-
[
"charts/values.yaml"
]
env:
KUBECONFIG_FILE: '${{ secrets.KUBECONFIG }}'
announce-on-telegram:
name: Announce Deploy on Telegram
runs-on: ubuntu-latest
needs:
- deploy
steps:
- name: Announce deploy to Telegram
run: |
message="
👨‍💻 ${{ github.actor }} deployed:
🌐 [production](https://fiesta.plus)
📝 \`${{ github.event.commits[0].message }}\`
🔗 [see commit](https://github.com/${{ github.repository }}/commit/${{github.sha}})
"
curl -s \
-X POST \
'https://api.telegram.org/bot${{ secrets.ANNOUNCE_TELEGRAM_TOKEN }}/sendMessage' \
--data-urlencode "chat_id=${{ secrets.ANNOUNCE_TELEGRAM_CHAT }}" \
--data-urlencode "text=${message}" \
--data-urlencode "reply_to_message_id=${{ secrets.ANNOUNCE_TELEGRAM_TOPIC }}" \
--data-urlencode "disable_notification=true" \
--data-urlencode "silent=true" \
--data-urlencode "no_webpage=true" \
--data-urlencode "disable_web_page_preview=true" \
--data-urlencode "parse_mode=MarkdownV2"
finalize-sentry-release:
name: Finalize Sentry deploy
runs-on: ubuntu-latest
needs: [build, deploy]
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Finalize Sentry release
uses: getsentry/action-release@v1
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
with:
environment: production
finalize: true
version: ${{ secrets.SENTRY_PROJECT }}@${{ needs.build.outputs.release_version }}