Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refact(ci): extract reusable workflow #1496

Closed
wants to merge 13 commits into from
Closed

refact(ci): extract reusable workflow #1496

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
938ff68
refact: rename job
gunar Feb 9, 2023
886201f
refact: extract pull-request/build-react into a reusable workflow
gunar Feb 23, 2023
a84e16e
fix(ci): env vars
gunar Feb 23, 2023
1ece378
wip: .env
gunar Feb 28, 2023
c127432
wip: remove dependency on github.event.number
gunar Feb 28, 2023
0a9cb50
wip: test conditional env
gunar Feb 28, 2023
285d20f
fix: env error
gunar Feb 28, 2023
56641bb
fix: get proper cache and fail on cache miss
gunar Feb 28, 2023
1fff077
fix: GOOGLE_OAUTH_OVERRIDE should only be set on pizzas
gunar Feb 28, 2023
f65876a
refact: DRY production react build
gunar Feb 28, 2023
9da0fb6
chore: simplify naming
gunar Feb 28, 2023
f976fdb
fix: cache key
gunar Feb 28, 2023
bf19af1
chore: remove comment
gunar Feb 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
75 changes: 75 additions & 0 deletions .github/workflows/build-react.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
on:
workflow_call:
inputs:
target:
required: true
type: string
environment:
required: true
type: string

jobs:
build_react:
name: Build
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v2
- uses: cardinalby/export-env-action@v2
with:
envFile: '.github/workflows/constants.env'
expand: true
expandWithJobEnv: true
- name: Cache build assets
id: cache-react-build-assets
uses: actions/cache@v3
with:
path: ./${{ env.EDITOR_DIRECTORY }}/build
key: ${{ runner.os }}-${{ hashFiles('editor.planx.uk/**') }}-${{ inputs.environment }}
- uses: pnpm/[email protected]
if: steps.cache-react-build-assets.outputs.cache-hit != 'true'
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v2
if: steps.cache-react-build-assets.outputs.cache-hit != 'true'
with:
node-version: ${{ env.NODE_VERSION }}
cache: "pnpm"
cache-dependency-path: "**/pnpm-lock.yaml"
- run: pnpm distribute ../${{ env.EDITOR_DIRECTORY }}
if: steps.cache-react-build-assets.outputs.cache-hit != 'true'
working-directory: core
- run: pnpm install --frozen-lockfile
if: steps.cache-react-build-assets.outputs.cache-hit != 'true'
working-directory: ${{ env.EDITOR_DIRECTORY }}
- run: pnpm build
if: steps.cache-react-build-assets.outputs.cache-hit != 'true'
env:
REACT_APP_AIRBRAKE_PROJECT_ID: ${{ secrets.AIRBRAKE_PROJECT_ID }}
REACT_APP_AIRBRAKE_PROJECT_KEY: ${{ secrets.AIRBRAKE_PROJECT_KEY }}
REACT_APP_API_URL: https://api.${{ inputs.target }}
REACT_APP_ENV: ${{ inputs.environment }}
REACT_APP_FEEDBACK_FISH_ID: 65f02de00b90d1
REACT_APP_HASURA_URL: https://hasura.${{ inputs.target }}/v1/graphql
REACT_APP_SHAREDB_URL: wss://sharedb.${{ inputs.target }}
# needed because there's no API to change google's allowed OAuth URLs
REACT_APP_GOOGLE_OAUTH_OVERRIDE: "${{ inputs.environment == 'pizza' && 'https://api.editor.planx.dev' || '' }}"
working-directory: ${{ env.EDITOR_DIRECTORY }}
- name: Upload Build Artifact
uses: actions/upload-artifact@v2
with:
name: build
path: ./editor.planx.uk/build
if-no-files-found: error
- run: pnpm build-storybook
if: steps.cache-react-build-assets.outputs.cache-hit != 'true'
working-directory: ${{ env.EDITOR_DIRECTORY }}
env:
# same env as above, if it's job.env it can't access existing env.[variable]
REACT_APP_AIRBRAKE_PROJECT_ID: ${{ secrets.AIRBRAKE_PROJECT_ID }}
REACT_APP_AIRBRAKE_PROJECT_KEY: ${{ secrets.AIRBRAKE_PROJECT_KEY }}
REACT_APP_API_URL: https://api.${{ github.event.number }}.${{ env.DOMAIN }}
REACT_APP_FEEDBACK_FISH_ID: 65f02de00b90d1
REACT_APP_HASURA_URL: https://hasura.${{ github.event.number }}.${{ env.DOMAIN }}/v1/graphql
REACT_APP_SHAREDB_URL: wss://sharedb.${{ github.event.number }}.${{ env.DOMAIN }}
REACT_APP_GOOGLE_OAUTH_OVERRIDE: https://api.editor.planx.dev
REACT_APP_ENV: ${{ inputs.environment }}
4 changes: 4 additions & 0 deletions .github/workflows/constants.env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
DOMAIN=planx.pizza
EDITOR_DIRECTORY=editor.planx.uk
PNPM_VERSION=7.8.0
NODE_VERSION=16.13.1 # 16.13.1 = LTS
115 changes: 33 additions & 82 deletions .github/workflows/pull-request.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,9 @@ on:

env:
DOMAIN: planx.pizza
FULL_DOMAIN: ${{ github.event.number }}.planx.pizza
PULLREQUEST_ID: ${{ github.event.number }}
EDITOR_DIRECTORY: editor.planx.uk
PNPM_VERSION: 7.8.0
NODE_VERSION: 16.13.1 # 16.13.1 = LTS
NODE_VERSION: 16.13.1 # 16.13.1 = LTS

jobs:
changes:
Expand Down Expand Up @@ -172,60 +170,13 @@ jobs:
working-directory: ${{ env.EDITOR_DIRECTORY }}

build_react_app:
name: Build React App
runs-on: ubuntu-22.04
name: React App
needs: [changes]
if: "${{ !contains(needs.changes.outputs.commit, '[skip pizza]') }}"
steps:
- uses: actions/checkout@v2
- name: Cache build assets
id: cache-react-build-assets
uses: actions/cache@v3
with:
path: ./${{ env.EDITOR_DIRECTORY }}/build
key: ${{ runner.os }}-${{ hashFiles('editor.planx.uk/**') }}
- uses: pnpm/[email protected]
if: steps.cache-react-build-assets.outputs.cache-hit != 'true'
with:
version: ${{ env.PNPM_VERSION }}
- uses: actions/setup-node@v2
if: steps.cache-react-build-assets.outputs.cache-hit != 'true'
with:
node-version: ${{ env.NODE_VERSION }}
cache: "pnpm"
cache-dependency-path: "**/pnpm-lock.yaml"
- run: pnpm distribute ../${{ env.EDITOR_DIRECTORY }}
if: steps.cache-react-build-assets.outputs.cache-hit != 'true'
working-directory: core
- run: pnpm install --frozen-lockfile
if: steps.cache-react-build-assets.outputs.cache-hit != 'true'
working-directory: ${{ env.EDITOR_DIRECTORY }}
- run: pnpm build
if: steps.cache-react-build-assets.outputs.cache-hit != 'true'
env:
REACT_APP_AIRBRAKE_PROJECT_ID: ${{ secrets.AIRBRAKE_PROJECT_ID }}
REACT_APP_AIRBRAKE_PROJECT_KEY: ${{ secrets.AIRBRAKE_PROJECT_KEY }}
REACT_APP_API_URL: https://api.${{ env.FULL_DOMAIN }}
REACT_APP_FEEDBACK_FISH_ID: 65f02de00b90d1
REACT_APP_HASURA_URL: https://hasura.${{ env.FULL_DOMAIN }}/v1/graphql
REACT_APP_SHAREDB_URL: wss://sharedb.${{ env.FULL_DOMAIN }}
# needed because there's no API to change google's allowed OAuth URLs
REACT_APP_GOOGLE_OAUTH_OVERRIDE: https://api.editor.planx.dev
REACT_APP_ENV: pizza
working-directory: ${{ env.EDITOR_DIRECTORY }}
- run: pnpm build-storybook
if: steps.cache-react-build-assets.outputs.cache-hit != 'true'
working-directory: ${{ env.EDITOR_DIRECTORY }}
env:
# same env as above, if it's job.env it can't access existing env.[variable]
REACT_APP_AIRBRAKE_PROJECT_ID: ${{ secrets.AIRBRAKE_PROJECT_ID }}
REACT_APP_AIRBRAKE_PROJECT_KEY: ${{ secrets.AIRBRAKE_PROJECT_KEY }}
REACT_APP_API_URL: https://api.${{ env.FULL_DOMAIN }}
REACT_APP_FEEDBACK_FISH_ID: 65f02de00b90d1
REACT_APP_HASURA_URL: https://hasura.${{ env.FULL_DOMAIN }}/v1/graphql
REACT_APP_SHAREDB_URL: wss://sharedb.${{ env.FULL_DOMAIN }}
REACT_APP_GOOGLE_OAUTH_OVERRIDE: https://api.editor.planx.dev
REACT_APP_ENV: pizza
uses: ./.github/workflows/build-react.yml
with:
target: "${{ github.event.number }}.planx.pizza"
environment: "pizza"

pulumi_preview:
name: Run Pulumi Preview
Expand All @@ -251,11 +202,11 @@ jobs:
- run: pnpm install --frozen-lockfile
working-directory: infrastructure/application
- name: Download React build assets
id: cache-react-build-assets
uses: actions/cache@v3
with:
fail-on-cache-miss: true
path: ./${{ env.EDITOR_DIRECTORY }}/build
key: ${{ runner.os }}-${{ hashFiles('editor.planx.uk/**', '!editor.planx/build/**') }}
key: ${{ runner.os }}-${{ hashFiles('editor.planx.uk/**', '!editor.planx/build/**') }}-pizza
- uses: pulumi/actions@v3
with:
command: preview
Expand All @@ -276,7 +227,7 @@ jobs:
id: hasura-change
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
hasura_endpoint: https://hasura.${{ env.FULL_DOMAIN }}
hasura_endpoint: https://hasura.${{ github.event.number }}.${{ env.DOMAIN }}
project_dir: ./hasura.planx.uk
- uses: marocchino/sticky-pull-request-comment@v2
if: ${{steps.hasura-change.outputs.change_html != ''}}
Expand Down Expand Up @@ -306,7 +257,7 @@ jobs:
domain: ${{ env.DOMAIN }}
os_id: 1743
plan: vc2-1c-1gb
pullrequest_id: ${{ env.PULLREQUEST_ID }}
pullrequest_id: ${{ github.event.number }}
region: lhr
tag: pullrequest

Expand All @@ -316,14 +267,14 @@ jobs:
name: Create commands
uses: appleboy/ssh-action@master
with:
host: ${{ env.FULL_DOMAIN }}
host: ${{ github.event.number }}.${{ env.DOMAIN }}
username: root
password: ${{ steps.create.outputs.default_password }}
command_timeout: 20m
script: |
git clone "${{ secrets.AUTHENTICATED_REPO_URL }}"
cd planx-new
git fetch origin "pull/${{ env.PULLREQUEST_ID }}/head" && git checkout FETCH_HEAD
git fetch origin "pull/${{ github.event.number }}/head" && git checkout FETCH_HEAD

apt-get install awscli -y
export AWS_ACCESS_KEY_ID=${{ secrets.PIZZA_AWS_ACCESS_KEY_ID }}
Expand All @@ -332,7 +283,7 @@ jobs:

./scripts/pull-secrets.sh

echo -e "\nROOT_DOMAIN=${{ env.FULL_DOMAIN }}\n" > .env.temp
echo -e "\nROOT_DOMAIN=${{ github.event.number }}.${{ env.DOMAIN }}\n" > .env.temp
cat .env .env.temp .env.staging > .env.pizza

SSH_PASSWORD=${{ secrets.SSH_PASSWORD }} ./scripts/pullrequest/create.sh
Expand All @@ -343,15 +294,15 @@ jobs:
name: Update commands
uses: appleboy/ssh-action@master
with:
host: ${{ env.FULL_DOMAIN }}
host: ${{ github.event.number }}.${{ env.DOMAIN }}
username: root
password: ${{ secrets.SSH_PASSWORD }}
command_timeout: 10m
script: |
git clone "${{ secrets.AUTHENTICATED_REPO_URL }}"
cd planx-new
git add . && git stash
git fetch origin "pull/${{ env.PULLREQUEST_ID }}/head" && git checkout FETCH_HEAD
git fetch origin "pull/${{ github.event.number }}/head" && git checkout FETCH_HEAD

apt-get install awscli -y
export AWS_ACCESS_KEY_ID=${{ secrets.PIZZA_AWS_ACCESS_KEY_ID }}
Expand All @@ -360,7 +311,7 @@ jobs:

./scripts/pull-secrets.sh

echo -e "\nROOT_DOMAIN=${{ env.FULL_DOMAIN }}\n" > .env.temp
echo -e "\nROOT_DOMAIN=${{ github.event.number }}.${{ env.DOMAIN }}\n" > .env.temp
cat .env .env.temp .env.staging > .env.pizza

./scripts/pullrequest/update.sh
Expand All @@ -369,15 +320,15 @@ jobs:

- uses: actions/checkout@v2
- name: Download React build assets
id: cache-react-build-assets
uses: actions/cache@v3
with:
fail-on-cache-miss: true
path: ./${{ env.EDITOR_DIRECTORY }}/build
key: ${{ runner.os }}-${{ hashFiles('editor.planx.uk/**', '!editor.planx/build/**') }}
key: ${{ runner.os }}-${{ hashFiles('editor.planx.uk/**', '!editor.planx/build/**') }}-pizza
- name: upload built editor
uses: appleboy/scp-action@master
with:
host: ${{ env.FULL_DOMAIN }}
host: ${{ github.event.number }}.${{ env.DOMAIN }}
username: root
password: ${{ secrets.SSH_PASSWORD }}
source: "./${{ env.EDITOR_DIRECTORY }}/build"
Expand All @@ -390,14 +341,14 @@ jobs:
message: |
## Pizza

Deployed ${{ github.sha }} to https://${{ env.FULL_DOMAIN }}.
Deployed ${{ github.sha }} to https://${{ github.event.number }}.${{ env.DOMAIN }}.

Useful links:
- [Editor](https://${{ env.FULL_DOMAIN }})
- [Storybook](https://storybook.${{ env.FULL_DOMAIN }})
- [Hasura](https://hasura.${{ env.FULL_DOMAIN }})
- [API](https://api.${{ env.FULL_DOMAIN }})
- [ShareDB](https://sharedb.${{ env.FULL_DOMAIN }})
- [Editor](https://${{ github.event.number }}.${{ env.DOMAIN }})
- [Storybook](https://storybook.${{ github.event.number }}.${{ env.DOMAIN }})
- [Hasura](https://hasura.${{ github.event.number }}.${{ env.DOMAIN }})
- [API](https://api.${{ github.event.number }}.${{ env.DOMAIN }})
- [ShareDB](https://sharedb.${{ github.event.number }}.${{ env.DOMAIN }})

healthcheck:
name: Run Healthcheck on Pizza Services
Expand All @@ -406,15 +357,15 @@ jobs:
steps:
- name: API healthcheck
run: |
timeout 150s bash -c "until curl --fail https://api.${{ env.FULL_DOMAIN }}; do sleep 1; done"
timeout 150s bash -c "until curl --fail https://api.${{ github.event.number }}.${{ env.DOMAIN }}; do sleep 1; done"

- name: Hasura healthcheck
run: |
timeout 150s bash -c "until curl --fail https://hasura.${{ env.FULL_DOMAIN }}/healthz; do sleep 1; done"
timeout 150s bash -c "until curl --fail https://hasura.${{ github.event.number }}.${{ env.DOMAIN }}/healthz; do sleep 1; done"

- name: Editor healthcheck
run: |
timeout 150s bash -c "until curl --fail https://${{ env.FULL_DOMAIN }}; do sleep 1; done"
timeout 150s bash -c "until curl --fail https://${{ github.event.number }}.${{ env.DOMAIN }}; do sleep 1; done"


lighthouse:
Expand All @@ -427,13 +378,13 @@ jobs:
uses: treosh/lighthouse-ci-action@v9
id: LHCIAction
with:
urls: |
urls: |
https://editor.planx.dev/buckinghamshire/find-out-if-you-need-planning-permission/preview
https://${{ env.FULL_DOMAIN }}/buckinghamshire/find-out-if-you-need-planning-permission/preview
https://${{ github.event.number }}.${{ env.DOMAIN }}/buckinghamshire/find-out-if-you-need-planning-permission/preview
https://editor.planx.dev/testing/lighthouse-canary-flow/unpublished
https://${{ env.FULL_DOMAIN }}/testing/lighthouse-canary-flow/unpublished
uploadArtifacts: true # save results as an action artifacts
temporaryPublicStorage: true # upload lighthouse report to the temporary storage
https://${{ github.event.number }}.${{ env.DOMAIN }}/testing/lighthouse-canary-flow/unpublished
uploadArtifacts: true # save results as an action artifacts
temporaryPublicStorage: true # upload lighthouse report to the temporary storage
- name: Interpolate comment text
id: text
uses: actions/github-script@v6
Expand Down
Loading