Build #64
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| preview: | |
| required: true | |
| description: Deploy to the preview site when true. | |
| default: '1' | |
| # strict: | |
| # required: true | |
| # description: Post build checks must pass (or not). Only allowed in preview. | |
| # default: '1' | |
| jobs: | |
| # NOTE: See [the example](https://github.com/marketplace/actions/build-and-push-docker-images). | |
| build: | |
| name: Build Server | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout. | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Setup Docker Buildx. | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build Server Image. | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./docker/dockerfile | |
| target: production | |
| tags: | | |
| acederberg/blog:${{ github.ref_name }} | |
| acederberg/blog:${{ github.sha }} | |
| acederberg/blog:latest | |
| push: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| load: true | |
| secrets: | | |
| kaggle_json=${{ secrets.KAGGLE_JSON }} | |
| google_tracking_id=${{ secrets.GOOGLE_TRACKING_ID }} | |
| build-args: | | |
| ACERERBERG_IO_PREVIEW=${ github.event.inputs.preview } | |
| ACEDERBERG_IO_BUILD_GIT_COMMIT=${{ github.sha }} | |
| ACEDERBERG_IO_BUILD_GIT_REF=${{ github.ref_name }} | |
| ACEDERBERG_IO_GOOGLE_TRACKING_ID=${{ secrets.GOOGLE_TRACKING_ID }} | |
| # - name: Run Server Image. | |
| # if: ${{ github.event.inputs.strict }} == '1' || ${{ github.event.inputs.preview }} == '0' | |
| # run: | | |
| # echo "strict = ${{ github.event.inputs.strict }}" >> $GITHUB_STEP_SUMMARY | |
| # echo "preview = ${{ github.event.inputs.preview }}" >> $GITHUB_STEP_SUMMARY | |
| # echo ACEDERBERG_IO_SERVER_VERSION='latest' > .env | |
| # # echo ACEDERBERG_IO_GIT_COMMIT="${{ github.sha }}" >> .env | |
| # # echo ACEDERBERG_IO_GIT_REF="${{ github.ref_name }}" >> .env | |
| # # echo ACEDERBERG_IO_GOOGLE_TRACKING_ID="${{ secrets.GOOGLE_TRACKING_ID }}" >> .env | |
| # docker compose \ | |
| # --env-file .env \ | |
| # --file docker/compose.prod.yaml \ | |
| # up --detach | |
| # docker compose \ | |
| # --file docker/compose.prod.yaml \ | |
| # cp server:/app/build blog/build | |
| # | |
| # - uses: actions/setup-python@v5 | |
| # if: ${{ github.event.inputs.strict }} != '0' || ${{ github.event.inputs.preview }} == '0' | |
| # with: | |
| # python-version: '3.11' | |
| # - name: Cache Virtual Environment. | |
| # if: ${{ github.event.inputs.strict }} != '0' || ${{ github.event.inputs.preview }} == '0' | |
| # uses: actions/cache@v3 | |
| # id: venv | |
| # with: | |
| # path: .venv | |
| # key: ${{ runner.os }}-venv-${{ hashFiles('poetry.lock') }} | |
| # - name: Venv and Setup . | |
| # if: ${{ github.event.inputs.strict }} != '0' || ${{ github.event.inputs.preview }} == '0' | |
| # run: | | |
| # python -m venv .venv | |
| # source .venv/bin/activate | |
| # python -m pip install poetry meta-tags-parser | |
| # poetry install | |
| # - name: Check MetaTags. | |
| # if: ${{ github.event.inputs.strict }} != '0' || ${{ github.event.inputs.preview }} == '0' | |
| # id: metatags | |
| # continue-on-error: true | |
| # run: | | |
| # source .venv/bin/activate | |
| # echo -e "## MetaTags Report\n\n~~~yaml" >> $GITHUB_STEP_SUMMARY | |
| # poetry run python -m acederbergio.meta >> $GITHUB_STEP_SUMMARY | |
| # echo -e "~~~\n" >> $GITHUB_STEP_SUMMARY | |
| # - if: ${{ github.event.inputs.strict }} != '0' || ${{ github.event.inputs.preview }} == '0' | |
| # run: | | |
| # if ( \ | |
| # [ "${{ steps.metatags.outcome }}" != 'success' ] | |
| # ); then | |
| # echo "One or more checks failed. See the summary for details." | |
| # exit 1 | |
| # fi | |
| # - if: ${{ github.event.inputs.strict }} == '1' || ${{ github.event.inputs.preview }} == '0' | |
| # run: docker compose --file docker/compose.yaml down | |
| # NOTE: Read [this](https://nicwortel.nl/blog/2022/continuous-deployment-to-kubernetes-with-github-actions). | |
| kube: | |
| name: Deploy to Kubernetes | |
| needs: [build] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| actions: read | |
| steps: | |
| - name: Checkout. | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| # NOTE: It is required to apply ``./docker/manifests/sa.yaml`` and then | |
| # set the secret to the output of ``kubectl get secrets -o yaml | |
| # blog-gh-act-token``. | |
| - uses: azure/k8s-set-context@v1 | |
| with: | |
| method: service-account | |
| k8s-url: ${{ secrets.K8S_URL }} | |
| k8s-secret: ${{ secrets.K8S_SECRET }} | |
| id: setcontext | |
| - name: Determine Deploy Enivornment. | |
| run: | | |
| if [[ '${{ github.event.inputs.preview }}' == '0' ]]; then | |
| echo "MANIFEST_USED=ci.yaml" >> $GITHUB_ENV | |
| else | |
| echo "MANIFEST_USED=ci.preview.yaml" >> $GITHUB_ENV | |
| fi | |
| # NOTE: Correct imagePullPolicy is necessary for this step to work. | |
| # Specifying the image version requires special permissions so that | |
| # the action can modify workflow files, thus the latest tag is | |
| # used. | |
| - uses: Azure/k8s-deploy@v5 | |
| with: | |
| namespace: blog | |
| manifests: | | |
| docker/manifests/${{ env.MANIFEST_USED }} | |
| images: |- | |
| acederberg/blog:${{ github.sha }} |