Merge pull request #689 from SpaceCowMedia/dependabot/pip/bot/telegra… #2331
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | |
on: | |
pull_request: | |
push: | |
branches: | |
- "**" | |
tags: | |
- "*" | |
paths-ignore: | |
- 'docs/**' | |
workflow_dispatch: | |
defaults: | |
run: | |
shell: bash | |
permissions: {} | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
env: | |
SECRET_KEY: ci_build_secret_key | |
outputs: | |
version: ${{ steps.semver.outputs.version }} | |
should-release: ${{ steps.semver.outputs.should-release }} | |
is-prerelease: ${{ steps.semver.outputs.is-github-prerelease }} | |
steps: | |
- name: Setup Docker Buildx 🐳 | |
uses: docker/setup-buildx-action@v3 | |
- id: semver | |
name: Checkout 🛎️ | |
uses: EasyDesk/action-semver-checkout@v1 | |
- name: Build and export image 🏗️ | |
uses: docker/build-push-action@v6 | |
with: | |
push: false | |
load: true | |
file: backend/Dockerfile | |
context: . | |
tags: spellbook-backend:latest | |
target: production | |
build-args: VERSION=${{ steps.semver.outputs.version }} | |
outputs: type=docker,dest=/tmp/spellbook-backend.tar | |
- name: Upload image artifact 📦 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: spellbook-backend | |
path: /tmp/spellbook-backend.tar | |
- name: Upload migration artifatcs 📦 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: spellbook-backend-migrations | |
path: backend/.kubernetes/migration | |
lint: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: | |
- '3.13' | |
- '3.12' | |
- '3.11' | |
- '3.10' | |
steps: | |
- name: Checkout 🛎️ | |
uses: actions/checkout@v4 | |
- name: Setup Python 🐍 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: pip | |
- name: Install Linter 🧴 | |
run: pip install flake8 | |
- name: Lint backend 🧹 | |
working-directory: backend | |
run: flake8 . | |
- name: Lint common 🧹 | |
working-directory: common | |
run: flake8 . | |
- name: Lint bots 🧹 | |
if: ${{ matrix.python-version == '3.12' }} | |
working-directory: bot | |
run: flake8 . | |
test: | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: | |
- '3.13' | |
- '3.12' | |
- '3.11' | |
- 'pypy3.10' | |
os: | |
- ubuntu-latest | |
- windows-latest | |
- macos-latest | |
runs-on: ${{ matrix.os }} | |
defaults: | |
run: | |
shell: bash | |
steps: | |
- name: Checkout 🛎️ | |
uses: actions/checkout@v4 | |
- name: Setup Python 🐍 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: pip | |
- name: Install dependencies 🧶 | |
run: pip install --no-cache-dir --no-deps tblib $(grep -ivE "#|cryptography|cffi" requirements.txt) | |
working-directory: backend | |
- name: Print Django version 🐍 | |
run: python manage.py version | |
working-directory: backend | |
- name: Unit Test 🧪 | |
run: python -Wd manage.py test --no-input ${{ !startsWith(matrix.python-version, 'pypy') && '--parallel auto' || '' }} --pythonpath ../common | |
working-directory: backend | |
integration-test: | |
runs-on: ubuntu-latest | |
needs: [build, bot-discord, bot-reddit, bot-telegram] | |
steps: | |
- name: Checkout 🛎️ | |
uses: actions/checkout@v4 | |
- name: Setup Docker Buildx 🐳 | |
uses: docker/setup-buildx-action@v3 | |
- name: Download backend image artifact ⬇ | |
uses: actions/download-artifact@v4 | |
with: | |
name: spellbook-backend | |
path: /tmp | |
- name: Download discord bot image artifact ⬇ | |
uses: actions/download-artifact@v4 | |
with: | |
name: spellbook-discord-bot | |
path: /tmp | |
- name: Download reddit bot image artifact ⬇ | |
uses: actions/download-artifact@v4 | |
with: | |
name: spellbook-reddit-bot | |
path: /tmp | |
- name: Download telegram bot image artifact ⬇ | |
uses: actions/download-artifact@v4 | |
with: | |
name: spellbook-telegram-bot | |
path: /tmp | |
- name: Load docker image 🐳 | |
run: | | |
docker load --input /tmp/spellbook-backend.tar | |
docker load --input /tmp/spellbook-discord-bot.tar | |
docker load --input /tmp/spellbook-reddit-bot.tar | |
docker load --input /tmp/spellbook-telegram-bot.tar | |
docker image ls -a | |
- name: Docker compose up 🧫 | |
run: docker compose -f docker-compose.yml up -d --no-build | |
- name: Unit test inside container 🧪 | |
run: docker exec -e CI=true -i commander-spellbook-backend-web-1 python manage.py test --no-input --parallel 1 --settings=backend.production_settings | |
release: | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
- lint | |
- test | |
- integration-test | |
- client-python | |
- client-typescript | |
- bot-discord | |
- bot-reddit | |
- bot-telegram | |
if: needs.build.outputs.should-release == 'true' | |
concurrency: release | |
permissions: | |
contents: write | |
packages: write | |
steps: | |
- name: Download backend image artifact ⬇ | |
uses: actions/download-artifact@v4 | |
with: | |
name: spellbook-backend | |
path: release | |
- name: Download discord bot image artifact ⬇ | |
uses: actions/download-artifact@v4 | |
with: | |
name: spellbook-discord-bot | |
path: release | |
- name: Download reddit bot image artifact ⬇ | |
uses: actions/download-artifact@v4 | |
with: | |
name: spellbook-reddit-bot | |
path: release | |
- name: Download telegram bot image artifact ⬇ | |
uses: actions/download-artifact@v4 | |
with: | |
name: spellbook-telegram-bot | |
path: release | |
- name: Download typescript client ⬇ | |
uses: actions/download-artifact@v4 | |
with: | |
name: spellbook-client-typescript | |
path: publish/client/typescript | |
- name: Seup Node.js 🟩 | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20.x | |
registry-url: https://npm.pkg.github.com | |
- name: Publish typescript client 📤 | |
working-directory: publish/client/typescript | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
npm version ${{ needs.build.outputs.version }} | |
npm ci | |
npm run build | |
npm publish --access public | |
- name: Release 📧 | |
uses: EasyDesk/action-semver-release@v1 | |
with: | |
version: ${{ needs.build.outputs.version }} | |
prerelease: ${{ needs.build.outputs.is-prerelease }} | |
prefix: CSB | |
files: | | |
release/* | |
deploy: | |
runs-on: ubuntu-latest | |
needs: [build, release] | |
concurrency: | |
group: production | |
cancel-in-progress: false | |
environment: scm-production | |
permissions: | |
id-token: write | |
env: | |
KUBECTL_TIMEOUT: 1800 | |
steps: | |
- name: SetupDocker Buildx 🐳 | |
uses: docker/setup-buildx-action@v3 | |
- name: Configure AWS credentials 🛠 | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::083767677168:role/spellbook-deploy | |
role-session-name: github-actions | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Login to Amazon ECR 📦 | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
mask-password: true | |
- name: Download backend image artifact ⬇ | |
uses: actions/download-artifact@v4 | |
with: | |
name: spellbook-backend | |
path: /tmp | |
- name: Download discord bot image artifact ⬇ | |
uses: actions/download-artifact@v4 | |
with: | |
name: spellbook-discord-bot | |
path: /tmp | |
- name: Download reddit bot image artifact ⬇ | |
uses: actions/download-artifact@v4 | |
with: | |
name: spellbook-reddit-bot | |
path: /tmp | |
- name: Download telegram bot image artifact ⬇ | |
uses: actions/download-artifact@v4 | |
with: | |
name: spellbook-telegram-bot | |
path: /tmp | |
- name: Load image from artifact 🐳 | |
run: | | |
docker load --input /tmp/spellbook-backend.tar | |
docker load --input /tmp/spellbook-discord-bot.tar | |
docker load --input /tmp/spellbook-reddit-bot.tar | |
docker load --input /tmp/spellbook-telegram-bot.tar | |
docker image ls -a | |
- name: Push versioned image to Amazon ECR 📦 | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: ${{ secrets.AWS_ECR_REPO_NAME }} | |
IMAGE_TAG: ${{ needs.build.outputs.version }} | |
run: | | |
docker tag spellbook-backend:latest $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
- name: Download migration artifacts ⬇ | |
id: migration-artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: spellbook-backend-migrations | |
path: /tmp/migrations | |
- name: Configure kubernetes 🐙 | |
working-directory: ${{ steps.migration-artifacts.outputs.download-path }} | |
run: aws eks --region ${{ secrets.AWS_REGION }} update-kubeconfig --name spellbook-prod-cluster --kubeconfig spellbookkubeconfig.yaml | |
- name: Install and configure kubectl 🐙 | |
uses: azure/setup-kubectl@v4 | |
- name: Setup Kustomize 🛠 | |
uses: imranismail/setup-kustomize@v2 | |
- name: Run Kustomize to set image to sha 🛠 | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: ${{ secrets.AWS_ECR_REPO_NAME }} | |
IMAGE_TAG: ${{ needs.build.outputs.version }} | |
working-directory: ${{ steps.migration-artifacts.outputs.download-path }} | |
run: | | |
kustomize edit set image $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
- name: Run migrations 🚶♂️ | |
working-directory: ${{ steps.migration-artifacts.outputs.download-path }} | |
run: | | |
export KUBECONFIG=spellbookkubeconfig.yaml | |
kubectl delete job spellbook-migration -n spellbook || true | |
kubectl apply -k . | |
kubectl wait --timeout=${KUBECTL_TIMEOUT}s --for=condition=complete job/spellbook-migration -n spellbook & | |
completion_pid=$! | |
kubectl wait --timeout=${KUBECTL_TIMEOUT}s --for=condition=failed job/spellbook-migration -n spellbook && exit 1 & | |
failure_pid=$! | |
exit_code=0 | |
if wait -n $completion_pid $failure_pid; then | |
echo "Job completed successfully" | |
else | |
echo "Job failed" | |
exit_code=1 | |
fi | |
echo "Job logs:" | |
kubectl logs job/spellbook-migration -n spellbook | |
echo "Deleting job..." | |
kubectl delete job/spellbook-migration -n spellbook | |
exit $exit_code | |
- name: Push image to Amazon ECR 📦 | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: ${{ secrets.AWS_ECR_REPO_NAME }} | |
IMAGE_TAG: latest | |
run: | | |
docker tag spellbook-backend:latest $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
- name: Push Discord bot image to Amazon ECR 📦 | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: ${{ secrets.AWS_DISCORD_ECR_REPO_NAME }} | |
IMAGE_TAG: latest | |
run: | | |
docker tag spellbook-discord-bot:latest $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
- name: Rollout pods 🚀 | |
working-directory: ${{ steps.migration-artifacts.outputs.download-path }} | |
run: | | |
export KUBECONFIG=spellbookkubeconfig.yaml | |
declare -a deployments=("spellbook-api" "spellbook-discord-bot") | |
for deployment in "${deployments[@]}"; do | |
kubectl rollout restart deployment/$deployment -n spellbook | |
timeout ${KUBECTL_TIMEOUT} kubectl rollout status deployment/$deployment -n spellbook | |
done | |
open-api: | |
runs-on: ubuntu-latest | |
needs: build | |
defaults: | |
run: | |
shell: bash | |
working-directory: client | |
steps: | |
- name: Checkout 🛎️ | |
uses: actions/checkout@v4 | |
- name: Setup Python 🐍 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.12 | |
cache: pip | |
- name: Install spectacular dependencies 🧶 | |
run: pip install --no-cache-dir --no-deps -r requirements.txt | |
working-directory: backend | |
- name: Chmod scripts 👑 | |
run: chmod +x *.sh | |
- name: Generate OpenApi 🧬 | |
env: | |
VERSION: ${{ needs.build.outputs.version }} | |
run: ./generate-openapi.sh | |
- name: Upload OpenApi artifact 📦 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: spellbook-openapi | |
path: client/openapi.* | |
if-no-files-found: error | |
client-python: | |
runs-on: ubuntu-latest | |
needs: open-api | |
defaults: | |
run: | |
shell: bash | |
working-directory: client | |
steps: | |
- name: Checkout 🛎️ | |
uses: actions/checkout@v4 | |
- name: Setup Python 🐍 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.12 | |
cache: pip | |
- name: Chmod scripts 👑 | |
run: chmod +x *.sh | |
- name: Download OpenApi artifact ⬇ | |
uses: actions/download-artifact@v4 | |
with: | |
name: spellbook-openapi | |
path: client | |
- name: Generate client 🏗️ | |
run: ./generate-client-python.sh | |
- name: Install client dependencies 🧶 | |
# It is important to not use --no-deps here, otherwise httpcore will raise an error during the tests | |
run: pip install --no-cache-dir -r requirements.txt | |
working-directory: client/python | |
- name: Install test dependencies 🧶 | |
run: pip install --no-cache-dir --no-deps -r requirements.txt | |
working-directory: backend | |
- name: Run python tests 🧪 | |
run: python backend/manage.py test client/python/tests/ --no-input --parallel auto | |
working-directory: . | |
- name: Upload client artifact 📦 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: spellbook-client-python | |
path: client/python/spellbook_client | |
client-typescript: | |
runs-on: ubuntu-latest | |
needs: open-api | |
defaults: | |
run: | |
shell: bash | |
working-directory: client | |
steps: | |
- name: Checkout 🛎️ | |
uses: actions/checkout@v4 | |
- name: Chmod scripts 👑 | |
run: chmod +x *.sh | |
- name: Download OpenApi artifact ⬇ | |
uses: actions/download-artifact@v4 | |
with: | |
name: spellbook-openapi | |
path: client | |
- name: Generate client 🏗️ | |
run: ./generate-client-typescript.sh | |
- name: Upload client artifact 📦 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: spellbook-client-typescript | |
path: client/typescript | |
bot-discord: | |
runs-on: ubuntu-latest | |
needs: client-python | |
defaults: | |
run: | |
shell: bash | |
working-directory: bot/discord | |
steps: | |
- name: Setup Docker Buildx 🐳 | |
uses: docker/setup-buildx-action@v3 | |
- name: Checkout 🛎️ | |
uses: actions/checkout@v4 | |
- name: Download client artifact ⬇ | |
uses: actions/download-artifact@v4 | |
with: | |
name: spellbook-client-python | |
path: client/python/spellbook_client | |
- name: Build and export image 🏗️ | |
uses: docker/build-push-action@v6 | |
with: | |
push: false | |
load: true | |
file: bot/discord/Dockerfile | |
context: . | |
tags: spellbook-discord-bot:latest | |
outputs: type=docker,dest=/tmp/spellbook-discord-bot.tar | |
- name: Upload image artifact 📦 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: spellbook-discord-bot | |
path: /tmp/spellbook-discord-bot.tar | |
bot-reddit: | |
runs-on: ubuntu-latest | |
needs: client-python | |
defaults: | |
run: | |
shell: bash | |
working-directory: bot/reddit | |
steps: | |
- name: Setup Docker Buildx 🐳 | |
uses: docker/setup-buildx-action@v3 | |
- name: Checkout 🛎️ | |
uses: actions/checkout@v4 | |
- name: Build and export image 🏗️ | |
uses: docker/build-push-action@v6 | |
with: | |
push: false | |
load: true | |
file: bot/reddit/Dockerfile | |
context: . | |
tags: spellbook-reddit-bot:latest | |
outputs: type=docker,dest=/tmp/spellbook-reddit-bot.tar | |
- name: Upload image artifact 📦 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: spellbook-reddit-bot | |
path: /tmp/spellbook-reddit-bot.tar | |
bot-telegram: | |
runs-on: ubuntu-latest | |
needs: client-python | |
defaults: | |
run: | |
shell: bash | |
working-directory: bot/telegram | |
steps: | |
- name: Setup Docker Buildx 🐳 | |
uses: docker/setup-buildx-action@v3 | |
- name: Checkout 🛎️ | |
uses: actions/checkout@v4 | |
- name: Build and export image 🏗️ | |
uses: docker/build-push-action@v6 | |
with: | |
push: false | |
load: true | |
file: bot/telegram/Dockerfile | |
context: . | |
tags: spellbook-telegram-bot:latest | |
outputs: type=docker,dest=/tmp/spellbook-telegram-bot.tar | |
- name: Upload image artifact 📦 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: spellbook-telegram-bot | |
path: /tmp/spellbook-telegram-bot.tar |