update dependencies #234
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build & Deploy | |
on: | |
push: | |
branches: [ master, develop ] | |
workflow_dispatch: | |
env: | |
IMAGE_REGISTRY: ghcr.io | |
NOMAD_VERSION: "1.2.2" | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
env: | |
MIX_ENV: test | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: erlef/setup-beam@v1.16.0 | |
with: | |
otp-version: "26" | |
elixir-version: "1.15" | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
deps | |
_build | |
key: ${{ runner.os }}-mix-${{ hashFiles('mix.lock') }} | |
restore-keys: ${{ runner.os }}-mix- | |
- uses: actions/cache@v3 | |
with: | |
path: tmp/live-timing-cache | |
key: live-timing-data-cache | |
- run: mix deps.get | |
- run: mix compile --warnings-as-errors | |
- run: mix test | |
build: | |
runs-on: ubuntu-latest | |
needs: | |
- test | |
steps: | |
- name: Set environment variables | |
run: | | |
# Lowercases GITHUB_REGISTRY, docker build breaks with tags that contain uppercase letters | |
echo "IMAGE_ID=${IMAGE_REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} | |
- uses: actions/checkout@v3 | |
- uses: actions/cache@v3 | |
with: | |
path: /tmp/buildx-cache | |
key: ${{ runner.os }}-buildx-${{ github.sha }} | |
restore-keys: ${{ runner.os }}-buildx | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2.5.0 | |
- name: Login to DockerHub | |
uses: docker/login-action@v2.1.0 | |
with: | |
registry: ${{ env.IMAGE_REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push | |
id: docker_build | |
uses: docker/build-push-action@v4.0.0 | |
with: | |
push: true | |
tags: "${{env.IMAGE_ID}}:latest,${{env.IMAGE_ID}}:${{ github.sha }},${{env.IMAGE_ID}}:${{ github.ref_name }}" | |
cache-from: type=local,src=/tmp/buildx-cache | |
cache-to: type=local,mode=max,dest=/tmp/buildx-cache | |
deploy: | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
if: contains(fromJson('["refs/heads/master", "refs/heads/develop"]'), github.ref) | |
defaults: | |
run: | |
shell: bash | |
env: | |
NOMAD_CACERT: "/tmp/ca.pem" | |
NOMAD_CLIENT_CERT: "/tmp/client.pem" | |
NOMAD_CLIENT_KEY: "/tmp/client-key.pem" | |
steps: | |
- name: Set environment variables | |
run: | | |
# Lowercases GITHUB_REGISTRY, docker build breaks with tags that contain uppercase letters | |
echo "IMAGE_ID=${IMAGE_REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} | |
- uses: actions/checkout@v3 | |
- name: Set up WireGuard | |
uses: egor-tensin/setup-wireguard@v1.2.0 | |
with: | |
endpoint: ${{ secrets.WG_ENDPOINT }} | |
endpoint_public_key: ${{ secrets.WG_ENDPOINT_PUBLIC_KEY }} | |
ips: ${{ secrets.WG_IPS }} | |
allowed_ips: ${{ secrets.WG_ALLOWED_IPS }} | |
private_key: ${{ secrets.WG_PRIVATE_KEY }} | |
- | |
name: Download Nomad | |
run: | | |
cd /usr/local/bin && \ | |
wget --quiet "https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip" && \ | |
unzip "nomad_${NOMAD_VERSION}_linux_amd64.zip" && \ | |
chmod +x nomad | |
- | |
name: Populate cert files | |
run: | | |
echo "$SECRET_NOMAD_CA_CERT" >> "$NOMAD_CACERT" && \ | |
echo "$SECRET_NOMAD_CLIENT_CERT" >> "$NOMAD_CLIENT_CERT" && \ | |
echo "$SECRET_NOMAD_CLIENT_KEY" >> "$NOMAD_CLIENT_KEY" | |
env: | |
SECRET_NOMAD_CA_CERT: ${{ secrets.NOMAD_CA_CERT }} | |
SECRET_NOMAD_CLIENT_CERT: ${{ secrets.NOMAD_CLIENT_CERT }} | |
SECRET_NOMAD_CLIENT_KEY: ${{ secrets.NOMAD_CLIENT_KEY }} | |
# - name: Debugging with ssh | |
# uses: lhotari/action-upterm@v1 | |
# with: | |
# limit-access-to-users: ${{ env.GITHUB_REPOSITORY_OWNER }} | |
- | |
name: Deploy Nomad job | |
run: | | |
sed 's/____INSERT_ENV_HERE____/${{ github.ref_name }}/g' f1bot.nomad.hcl >> f1bot-baked.nomad.hcl | |
run_output=$(nomad job run -verbose \ | |
-var "image_version=${{ github.sha }}" \ | |
-var "environment=${{ github.ref_name }}" \ | |
-var "ghcr_password=$GHCR_PASSWORD" \ | |
-var "image_id=$IMAGE_ID" \ | |
-detach f1bot-baked.nomad.hcl) | |
./scripts/check-nomad-deployment.sh "$run_output" | |
env: | |
NOMAD_TOKEN: "${{ secrets.NOMAD_TOKEN }}" | |
NOMAD_ADDR: "${{ secrets.NOMAD_URL }}" | |
NOMAD_TLS_SERVER_NAME: "server.global.nomad" | |
GHCR_PASSWORD: "${{ secrets.GHCR_PASSWORD }}" | |
- | |
name: Shred credentials | |
if: always() | |
run: | | |
echo -e "[BEFORE SHREDDING]\n\n" | |
ls -lh "$NOMAD_CACERT" "$NOMAD_CLIENT_CERT" "$NOMAD_CLIENT_KEY" | |
echo -e "\n[SHREDDING]" | |
shred "$NOMAD_CACERT" | |
shred "$NOMAD_CLIENT_CERT" | |
shred "$NOMAD_CLIENT_KEY" | |
echo -e "\n[AFTER SHREDDING]\n\n" | |
ls -lh "$NOMAD_CACERT" "$NOMAD_CLIENT_CERT" "$NOMAD_CLIENT_KEY" | |
docs: | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
if: github.ref == 'refs/heads/master' | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: erlef/setup-beam@v1.16.0 | |
with: | |
otp-version: "25" | |
elixir-version: "1.14" | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
deps | |
_build | |
key: ${{ runner.os }}-mix-${{ hashFiles('mix.lock') }} | |
restore-keys: ${{ runner.os }}-mix- | |
- run: mix deps.get | |
- run: mix docs | |
- name: Deploy | |
uses: JamesIves/github-pages-deploy-action@v4.3.3 | |
with: | |
branch: gh-pages | |
folder: doc |