-
Notifications
You must be signed in to change notification settings - Fork 3
170 lines (168 loc) · 7.96 KB
/
push.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
name: Deploy (push)
on:
repository_dispatch:
types: [data-update]
workflow_dispatch:
push:
branches:
- dev
- master
jobs:
build:
name: 🐳 Build docker image
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: extract branch name
shell: bash
run: |
if [ -z "${GIT_BRANCH_REF}" ]; then
echo "##[set-output name=branch;]$(echo ${GITHUB_REF} | sed 's|^refs/heads/||;' | sed 's/[^a-zA-Z0-9]/-/g')";
else
git checkout ${GIT_BRANCH_REF};
echo "##[set-output name=branch;]${GIT_BRANCH_REF}";
fi
id: extract_branch
env:
GIT_BRANCH_REF: ${{ github.event.client_payload.ref }}
- name: config
run: echo "GIT_BRANCH=${GIT_BRANCH}" && make version config
env:
GIT_BRANCH: ${{ steps.extract_branch.outputs.branch }}
- name: build
if: success()
run: make docker-check || make build
env:
GIT_BRANCH: ${{ steps.extract_branch.outputs.branch }}
- name: test
if: success()
run: make deploy-local backend-test
env:
FILES_TO_PROCESS: deces-2020-m01.txt.gz
REPOSITORY_BUCKET: fichier-des-personnes-decedees-elasticsearch-dev
API_SEARCH_LIMIT_RATE: 10r/s
GIT_BRANCH: ${{ steps.extract_branch.outputs.branch }}
GOOGLE_ANALYTICS_ID: ${{ secrets.GOOGLE_ANALYTICS_ID }}
GOOGLE_ADSENSE_ID: ${{ secrets.GOOGLE_ADSENSE_ID }}
STORAGE_ACCESS_KEY: ${{ secrets.STORAGE_ACCESS_KEY }}
STORAGE_SECRET_KEY: ${{ secrets.STORAGE_SECRET_KEY }}
TOOLS_STORAGE_ACCESS_KEY: ${{ secrets.TOOLS_STORAGE_ACCESS_KEY }}
TOOLS_STORAGE_SECRET_KEY: ${{ secrets.TOOLS_STORAGE_SECRET_KEY }}
LOG_BUCKET: ${{ secrets.LOG_BUCKET }}
LOG_DB_BUCKET: ${{ secrets.LOG_DB_BUCKET }}
STATS_BUCKET: ${{ secrets.STATS_BUCKET }}
PROOFS_BUCKET: ${{ secrets.PROOFS_BUCKET }}
MONITOR_BUCKET: ${{ secrets.MONITOR_BUCKET }}
BACKEND_TOKEN_KEY: ${{ secrets.BACKEND_TOKEN_KEY }}
BACKEND_TOKEN_PASSWORD: ${{ secrets.BACKEND_TOKEN_PASSWORD }}
- name: publish
if: success()
run: make docker-push GIT_BRANCH=$GIT_BRANCH;
env:
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
GIT_BRANCH: ${{ steps.extract_branch.outputs.branch }}
deploy:
name: 🚀 Deploy
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: extract branch name
shell: bash
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
id: extract_branch
- name: deploy-key
if: success()
run: |
mkdir -p ~/.ssh/;
ssh-agent -a $SSH_AUTH_SOCK > /dev/null;
echo "$SSHENC" | base64 -d | gpg -d --passphrase $SSHPWD --batch > /tmp/id_rsa_matchID;
chmod 600 /tmp/id_rsa_matchID;
ssh-add /tmp/id_rsa_matchID;
echo "$SSHPUB" > ~/.ssh/id_rsa_matchID.pub;
echo "Host * !""$BASTION_HOST" > ~/.ssh/config;
echo " ProxyCommand ssh -o StrictHostKeyChecking=no $BASTION_USER@$BASTION_HOST nc %h %p" >> ~/.ssh/config;
cat ~/.ssh/config;
env:
GIT_BRANCH: ${{ steps.extract_branch.outputs.branch }}
BASTION_HOST: ${{ secrets.BASTION_HOST }}
BASTION_USER: ${{ secrets.BASTION_USER }}
SSHENC: ${{ secrets.SSHENC }}
SSHPWD: ${{ secrets.SSHPWD }}
SSHPUB: ${{ secrets.SSHPUB }}
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
- name: deploy
if: success()
run: |
if [[ ( "$GIT_BRANCH" == "dev" ) ]]; then
make deploy-remote \
GIT_BRANCH=$GIT_BRANCH \
FILES_TO_PROCESS=$FILES_TO_PROCESS_DEV REPOSITORY_BUCKET=$REPOSITORY_BUCKET_DEV \
NGINX_USER=$NGINX_USER NGINX_HOST=$NGINX_HOST \
SMTP_TLS_SELFSIGNED=$SMTP_TLS_SELFSIGNED SMTP_HOST=$SMTP_HOST SMTP_PORT=$SMTP_PORT SMTP_USER=$SMTP_USER SMTP_PWD=$SMTP_PWD\
remote_http_proxy=$remote_http_proxy remote_https_proxy=$remote_https_proxy remote_no_proxy=$remote_no_proxy \
GOOGLE_ANALYTICS_ID=$GOOGLE_ANALYTICS_ID GOOGLE_ADSENSE_ID=$GOOGLE_ADSENSE_ID \
LOG_BAN_IP=$LOG_BAN_IP \
MMDB_TOKEN=$MMDB_TOKEN \
NEW_RELIC_API_KEY=${NEW_RELIC_API_KEY} NEW_RELIC_ACCOUNT_ID=${NEW_RELIC_ACCOUNT_ID} NEW_RELIC_INGEST_KEY=${NEW_RELIC_INGEST_KEY};
fi;
if [[ ( "$GIT_BRANCH" == "master" ) ]]; then
make deploy-remote \
GIT_BACKEND_BRANCH=master GIT_BRANCH=$GIT_BRANCH \
BACKEND_CONCURRENCY=$BACKEND_CONCURRENCY_MASTER \
ES_MEM=$ES_MEM_MASTER \
SCW_FLAVOR=$SCW_FLAVOR_MASTER SCW_VOLUME_SIZE=$SCW_VOLUME_SIZE_MASTER SCW_VOLUME_TYPE=$SCW_VOLUME_TYPE_MASTER \
NGINX_USER=$NGINX_USER NGINX_HOST=$NGINX_HOST \
SMTP_TLS_SELFSIGNED=$SMTP_TLS_SELFSIGNED SMTP_HOST=$SMTP_HOST SMTP_PORT=$SMTP_PORT SMTP_USER=$SMTP_USER SMTP_PWD=$SMTP_PWD\
remote_http_proxy=$remote_http_proxy remote_https_proxy=$remote_https_proxy remote_no_proxy=$remote_no_proxy \
GOOGLE_ANALYTICS_ID=$GOOGLE_ANALYTICS_ID GOOGLE_ADSENSE_ID=$GOOGLE_ADSENSE_ID \
LOG_BAN_IP=$LOG_BAN_IP \
MMDB_TOKEN=$MMDB_TOKEN \
NEW_RELIC_API_KEY=${NEW_RELIC_API_KEY} NEW_RELIC_ACCOUNT_ID=${NEW_RELIC_ACCOUNT_ID} NEW_RELIC_INGEST_KEY=${NEW_RELIC_INGEST_KEY};
fi;
env:
FILES_TO_PROCESS_DEV: deces-2020-m[0-1][0-9].txt.gz
REPOSITORY_BUCKET_DEV: fichier-des-personnes-decedees-elasticsearch-dev
BACKEND_CONCURRENCY_MASTER: 4
ES_MEM_MASTER: 8192m
SCW_FLAVOR_MASTER: GP1-XS
SCW_VOLUME_SIZE_MASTER: 60000000000
SCW_VOLUME_TYPE_MASTER: l_ssd
GOOGLE_ANALYTICS_ID: ${{ secrets.GOOGLE_ANALYTICS_ID }}
GOOGLE_ADSENSE_ID: ${{ secrets.GOOGLE_ADSENSE_ID }}
NGINX_USER: ${{ secrets.NGINX_USER }}
NGINX_HOST: ${{ secrets.NGINX_HOST }}
NEW_RELIC_API_KEY: ${{ secrets.NEW_RELIC_API_KEY }}
NEW_RELIC_ACCOUNT_ID: ${{ secrets.NEW_RELIC_ACCOUNT_ID }}
NEW_RELIC_INGEST_KEY: ${{ secrets.NEW_RELIC_INGEST_KEY }}
GIT_BRANCH: ${{ steps.extract_branch.outputs.branch }}
remote_http_proxy: ${{ secrets.remote_http_proxy }}
remote_https_proxy: ${{ secrets.remote_https_proxy }}
remote_no_proxy: localhost
SCW_ORGANIZATION_ID: ${{ secrets.SCW_ORGANIZATION_ID }}
SCW_PROJECT_ID: ${{ secrets.SCW_PROJECT_ID }}
SCW_SECRET_TOKEN: ${{ secrets.SCW_SECRET_TOKEN }}
SCW_SERVER_OPTS: ${{ secrets.SCW_SERVER_OPTS }}
SCW_PRIVATE_NETWORK_ID: ${{ secrets.SCW_PRIVATE_NETWORK_ID }}
STORAGE_ACCESS_KEY: ${{ secrets.STORAGE_ACCESS_KEY }}
STORAGE_SECRET_KEY: ${{ secrets.STORAGE_SECRET_KEY }}
TOOLS_STORAGE_ACCESS_KEY: ${{ secrets.TOOLS_STORAGE_ACCESS_KEY }}
TOOLS_STORAGE_SECRET_KEY: ${{ secrets.TOOLS_STORAGE_SECRET_KEY }}
LOG_BUCKET: ${{ secrets.LOG_BUCKET }}
LOG_DB_BUCKET: ${{ secrets.LOG_DB_BUCKET }}
STATS_BUCKET: ${{ secrets.STATS_BUCKET }}
PROOFS_BUCKET: ${{ secrets.PROOFS_BUCKET }}
MONITOR_BUCKET: ${{ secrets.MONITOR_BUCKET }}
BLOCK_DEPLOY: ${{ secrets.BLOCK_DEPLOY }}
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
BACKEND_TOKEN_KEY: ${{ secrets.BACKEND_TOKEN_KEY }}
BACKEND_TOKEN_PASSWORD: ${{ secrets.BACKEND_TOKEN_PASSWORD }}
SMTP_TLS_SELFSIGNED: ${{ secrets.SMTP_TLS_SELFSIGNED }}
SMTP_HOST: ${{ secrets.SMTP_HOST }}
SMTP_PORT: ${{ secrets.SMTP_PORT }}
SMTP_USER: ${{ secrets.SMTP_USER }}
SMTP_PWD: ${{ secrets.SMTP_PWD }}
LOG_BAN_IP: ${{ secrets.LOG_BAN_IP }}
MMDB_TOKEN: ${{ secrets.MMDB_TOKEN }}
CDN_ZONE_ID: ${{ secrets.CDN_ZONE_ID }}
CDN_TOKEN: ${{ secrets.CDN_TOKEN }}