Publish API to Production #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish API to Production | |
| on: | |
| workflow_call: | |
| secrets: | |
| GH_PACKAGES: | |
| required: true | |
| workflow_dispatch: | |
| jobs: | |
| publish_prod_api: | |
| if: "!contains(github.event.head_commit.message, 'ci skip')" | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 80 | |
| permissions: | |
| contents: read | |
| packages: write | |
| deployments: write | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - uses: actions/checkout@v2 | |
| - name: Setup kernel for react native, increase watchers | |
| run: echo fs.inotify.max_user_watches=524288 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p | |
| - uses: actions/setup-node@v2 | |
| with: | |
| node-version: '20.13.1' | |
| - name: Start MongoDB | |
| uses: supercharge/mongodb-github-action@1.3.0 | |
| with: | |
| mongodb-version: 4.2.8 | |
| - name: Cache pnpm modules | |
| uses: actions/cache@v2 | |
| with: | |
| path: ~/.pnpm-store | |
| key: ${{ runner.os }}-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}- | |
| - uses: pnpm/action-setup@v2.0.1 | |
| env: | |
| CI: false | |
| with: | |
| version: 8.9.0 | |
| run_install: true | |
| - name: Build, tag, and push image to Github Container Registry | |
| id: build-image | |
| env: | |
| REGISTERY_OWNER: implerhq | |
| DOCKER_NAME: impler/api | |
| IMAGE_TAG: ${{ github.sha }} | |
| GH_ACTOR: implerhq | |
| GH_PASSWORD: ${{ secrets.GH_PACKAGES }} | |
| run: | | |
| [ -z "$GH_PASSWORD" ] && { echo "Error: GH_PASSWORD is not set"; exit 1; } | |
| echo $GH_PASSWORD | docker login ghcr.io -u $GH_ACTOR --password-stdin | |
| docker build -t ghcr.io/$REGISTERY_OWNER/$DOCKER_NAME:$IMAGE_TAG -f apps/api/Dockerfile . | |
| docker tag ghcr.io/$REGISTERY_OWNER/$DOCKER_NAME:$IMAGE_TAG ghcr.io/$REGISTERY_OWNER/$DOCKER_NAME:latest | |
| docker tag ghcr.io/$REGISTERY_OWNER/$DOCKER_NAME:$IMAGE_TAG ghcr.io/$REGISTERY_OWNER/$DOCKER_NAME:prod | |
| docker run --network=host --name api -dit --env NODE_ENV=test --env JWT_SECRET=impler --env COOKIE_DOMAIN=impler ghcr.io/$REGISTERY_OWNER/$DOCKER_NAME:$IMAGE_TAG | |
| docker run --network=host appropriate/curl --retry 10 --retry-delay 5 --retry-connrefused http://localhost:3000/v1/health-check | grep 'ok' | |
| docker push ghcr.io/$REGISTERY_OWNER/$DOCKER_NAME:prod | |
| docker push ghcr.io/$REGISTERY_OWNER/$DOCKER_NAME:latest | |
| docker push ghcr.io/$REGISTERY_OWNER/$DOCKER_NAME:$IMAGE_TAG | |
| echo "::set-output name=IMAGE::ghcr.io/$REGISTERY_OWNER/$DOCKER_NAME:$IMAGE_TAG" |