Skip to content

[Snyk] Fix for 2 vulnerabilities #52

[Snyk] Fix for 2 vulnerabilities

[Snyk] Fix for 2 vulnerabilities #52

Workflow file for this run

name: Craiglist app CI/CD
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
env:
WEB_IMAGE: ghcr.io/$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')/craiglist_web
NGINX_IMAGE: ghcr.io/$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')/craiglist_nginx
jobs:
test:
name: Run tests
runs-on: ubuntu-latest
steps:
- name: Checkout code source
uses: actions/checkout@v3
- name: Add environment variables to .env
run: |
echo DEBUG=0 >> .env
echo POSTGRES_DB=${{ secrets.SQL_DATABASE }} >> .env
echo SECRET_KEY=${{ secrets.SECRET_KEY }} >> .env
echo POSTGRES_USER=${{ secrets.SQL_USER }} >> .env
echo POSTGRES_PASSWORD=${{ secrets.SQL_PASSWORD }} >> .env
echo POSTGRES_HOST=${{ secrets.SQL_HOST }} >> .env
echo POSTGRES_PORT=${{ secrets.SQL_PORT }} >> .env
echo HOST_IP=${{ secrets.DIGITAL_OCEAN_IP_ADDRESS }} >> .env
- name: Set up Python version
uses: actions/setup-python@v3
with:
python-version: 3.9
- name: Install Dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Lint with Flake8
run: flake8 .
- name: Run Tests
run: python manage.py test
build:
name: Build docker images
runs-on: ubuntu-latest
needs: test
steps:
- name: Checkout code source
uses: actions/checkout@v3
- name: Add environment variables to .env
run: |
echo DEBUG=0 >> .env
echo POSTGRES_DB=${{ secrets.SQL_DATABASE }} >> .env
echo SECRET_KEY=${{ secrets.SECRET_KEY }} >> .env
echo POSTGRES_USER=${{ secrets.SQL_USER }} >> .env
echo POSTGRES_PASSWORD=${{ secrets.SQL_PASSWORD }} >> .env
echo POSTGRES_HOST=${{ secrets.SQL_HOST }} >> .env
echo POSTGRES_PORT=${{ secrets.SQL_PORT }} >> .env
echo HOST_IP=${{ secrets.DIGITAL_OCEAN_IP_ADDRESS }} >> .env
- name: Set environnement variables
run: |
echo "WEB_IMAGE=$(echo ${{env.WEB_IMAGE}} )" >> $GITHUB_ENV
echo "NGINX_IMAGE=$(echo ${{env.NGINX_IMAGE}} )" >> $GITHUB_ENV
- name: Log in to GitHub Packages
run: echo ${GH_PERSONAL_ACCESS_TOKEN} | docker login ghcr.io -u ${{ secrets.GH_USERNAME }} --password-stdin
env:
GH_PERSONAL_ACCESS_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
- name: Pull images
run: |
docker pull ${{ env.WEB_IMAGE }} || true
docker pull ${{ env.NGINX_IMAGE }} || true
- name: Build images
if: ${{ !env.ACT }}
run: docker-compose -f docker-compose-ci.yml build
- name: Push images
run: |
docker push ${{ env.WEB_IMAGE }}
docker push ${{ env.NGINX_IMAGE }}
deploy:
name: Deploy to production
runs-on: ubuntu-latest
needs: build
if: github.ref == 'refs/heads/main'
steps:
- name: Checkout main
uses: actions/checkout@v2
- name: Add environment variables to .env
run: |
echo DEBUG=0 >> .env
echo SQL_ENGINE=django.db.backends.postgresql >> .env
echo SECRET_KEY=${{ secrets.SECRET_KEY }} >> .env
echo SQL_DATABASE=${{ secrets.SQL_DATABASE }} >> .env
echo SQL_USER=${{ secrets.SQL_USER }} >> .env
echo SQL_PASSWORD=${{ secrets.SQL_PASSWORD }} >> .env
echo SQL_HOST=${{ secrets.SQL_HOST }} >> .env
echo SQL_PORT=${{ secrets.SQL_PORT }} >> .env
echo WEB_IMAGE=${{ env.WEB_IMAGE }} >> .env
echo NGINX_IMAGE=${{ env.NGINX_IMAGE }} >> .env
echo GH_USERNAME=${{ secrets.GH_USERNAME }} >> .env
echo GH_PERSONAL_ACCESS_TOKEN=${{ secrets.GH_PERSONAL_ACCESS_TOKEN }} >> .env
echo HOST_IP=${{ secrets.DIGITAL_OCEAN_IP_ADDRESS }} >> .env
- name: Add the private SSH key to the ssh-agent
if: ${{ !env.ACT }}
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
run: |
mkdir -p ~/.ssh
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-keyscan ${{ secrets.DIGITAL_OCEAN_IP_ADDRESS }} >> ~/.ssh/known_hosts
ssh-add - <<< "${{ secrets.SSH_PRIVATE_KEY }}"
- name: Build and deploy images on DigitalOcean
if: ${{ !env.ACT }}
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
run: |
scp -o StrictHostKeyChecking=no -r ./.env ./docker-compose-prod.yml root@${{ secrets.DIGITAL_OCEAN_IP_ADDRESS }}:/app
ssh -o StrictHostKeyChecking=no root@${{ secrets.DIGITAL_OCEAN_IP_ADDRESS }} << 'ENDSSH'
cd /app
source .env
docker login ghcr.io -u $GH_USERNAME -p $GH_PERSONAL_ACCESS_TOKEN
docker pull $WEB_IMAGE
docker pull $NGINX_IMAGE
docker-compose -f docker-compose-prod.yml up -d
docker-compose -f docker-compose-prod.yml exec -T craiglist_web python manage.py migrate
docker-compose -f docker-compose-prod.yml exec -T craiglist_web python manage.py collectstatic --no-input
docker-compose -f docker-compose-prod.yml exec -T craiglist_web cp -a /app/static/. /usr/src/app/static/
ENDSSH