From 881df174262d226f40b9bfb0a929696ea999364f Mon Sep 17 00:00:00 2001 From: Clemence Kyara Date: Mon, 7 Oct 2024 15:55:31 +0300 Subject: [PATCH 01/17] Make CI a callable workflow --- .github/workflows/{ci.yml => _ci.yaml} | 53 +++++++++----------------- 1 file changed, 17 insertions(+), 36 deletions(-) rename .github/workflows/{ci.yml => _ci.yaml} (52%) diff --git a/.github/workflows/ci.yml b/.github/workflows/_ci.yaml similarity index 52% rename from .github/workflows/ci.yml rename to .github/workflows/_ci.yaml index 36c99ab94..a165d9d6f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/_ci.yaml @@ -1,74 +1,55 @@ -name: CI +name: Continuous Integration on: - push: - branches: ["main"] - pull_request: - types: [opened, synchronize] - -# This allows a subsequently queued workflow run to interrupt previous runs -concurrency: - group: "${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}" - cancel-in-progress: true + workflow_call: jobs: - build: - name: Build and Test - timeout-minutes: 15 + ci: + name: Format, Lint and Test runs-on: ${{ matrix.os }} - env: - GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }} - MONGO_URL: ${{ secrets.MONGO_URL }} - PROMISE_TRACKER_SENTRY_DSN: ${{ secrets.PROMISE_TRACKER_SENTRY_DSN }} - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - TURBO_TEAM: ${{ secrets.TURBO_TEAM }} - TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }} strategy: matrix: - node-version: [20.16] os: [ubuntu-latest] steps: - - name: Checkout + - name: Checkout code uses: actions/checkout@v4 - with: - fetch-depth: 2 # https://github.com/pnpm/action-setup#use-cache-to-reduce-installation-time - - name: Install pnpm + - name: Setup PNPM [Install] uses: pnpm/action-setup@v4 id: pnpm-install with: run_install: false - - name: Get pnpm store directory - id: pnpm-cache + - name: Setup PNPM [Path] + id: pnpm-path shell: bash run: | echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT - - name: Setup pnpm cache + - name: Setup PNPM [Cache] uses: actions/cache@v4 with: - path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} + path: ${{ steps.pnpm-path.outputs.STORE_PATH }} key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} restore-keys: | ${{ runner.os }}-pnpm-store- # Looks like to use pnpm cache, setup-node must run after pnpm/action-setup # https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#caching-packages-data - - name: Install Node.js + - name: Setup node uses: actions/setup-node@v4 with: - node-version: ${{ matrix.node-version }} cache: "pnpm" + node-version-file: "package.json" - - name: Confirm pnpm version + - name: Setup PNPM [Confirm] run: pnpm --version - - name: Install dependencies + - name: Setup dependencies run: pnpm install - - name: Install Playwright browsers + - name: Setup dependencies [Playwright browsers] run: npx playwright install --with-deps - name: Format @@ -77,7 +58,7 @@ jobs: - name: Lint run: pnpm lint-check - - name: Jest + - name: "Test [unit: Jest]" run: pnpm jest # PromiseTracker seems to build success but then "hang". @@ -85,5 +66,5 @@ jobs: - name: Build run: pnpm build --filter=promisetracker^... - - name: Playwright + - name: "Test [integration: Playwright]" run: pnpm playwright --filter=promisetracker^... From cdaa77f8937b3f9e64850dc2ec004ef2e455e128 Mon Sep 17 00:00:00 2001 From: Clemence Kyara Date: Mon, 7 Oct 2024 15:56:24 +0300 Subject: [PATCH 02/17] Remove unused workflow --- .github/workflows/dependabot_lint_format.yml | 79 -------------------- 1 file changed, 79 deletions(-) delete mode 100644 .github/workflows/dependabot_lint_format.yml diff --git a/.github/workflows/dependabot_lint_format.yml b/.github/workflows/dependabot_lint_format.yml deleted file mode 100644 index ff7acaa15..000000000 --- a/.github/workflows/dependabot_lint_format.yml +++ /dev/null @@ -1,79 +0,0 @@ -# When dependabot bumps dependencies versions, a new pnpm-lock.yml file -# is generated. This file needs to be formatted -# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions - -name: Dependabot lint-format -on: pull_request - -permissions: - contents: write - -jobs: - dependabot: - runs-on: ${{ matrix.os }} - strategy: - matrix: - node-version: [20.16] - os: [ubuntu-latest] - if: ${{ github.actor == 'dependabot[bot]' }} - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - ref: ${{ github.head_ref }} - - # https://github.com/pnpm/action-setup#use-cache-to-reduce-installation-time - - name: Install pnpm - uses: pnpm/action-setup@v4 - id: pnpm-install - with: - run_install: false - - - name: Get pnpm store directory - id: pnpm-cache - shell: bash - run: | - echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT - - - name: Setup pnpm cache - uses: actions/cache@v4 - with: - path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} - key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} - restore-keys: | - ${{ runner.os }}-pnpm-store- - - # Looks like to use pnpm cache, setup-node must run after pnpm/action-setup - # https://github.com/actions/setup-node/blob/main/docs/advanced-usage.md#caching-packages-data - - name: Install Node.js - uses: actions/setup-node@v4 - with: - node-version: ${{ matrix.node-version }} - cache: "pnpm" - - - name: Confirm pnpm version - run: pnpm --version - - - name: Install dependencies - run: pnpm install - - - name: Format pnpm-lock.yaml - run: pnpm prettier --write './pnpm-lock.yaml' - - - name: Commit changes - uses: stefanzweifel/git-auto-commit-action@v4 - with: - commit_message: Format & lint pnpm-lock.yaml - file_pattern: "./pnpm-lock.yaml" - - - name: "Run lint (If there are changes)" - if: steps.auto-commit-action.outputs.changes_detected == 'true' - run: pnpm lint-check - - - name: "Run test (If there are changes)" - if: steps.auto-commit-action.outputs.changes_detected == 'true' - run: pnpm test - - - name: "Run build (If there are changes)" - if: steps.auto-commit-action.outputs.changes_detected == 'true' - run: pnpm build --filter=promisetracker^... From 6f73e6742bec47a9f6b10746a61e59f038682e80 Mon Sep 17 00:00:00 2001 From: Clemence Kyara Date: Mon, 7 Oct 2024 15:56:42 +0300 Subject: [PATCH 03/17] Add a PR workflow Uses callable workflows --- .github/workflows/pr.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/pr.yaml diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml new file mode 100644 index 000000000..8c7d0286d --- /dev/null +++ b/.github/workflows/pr.yaml @@ -0,0 +1,22 @@ +name: CI [Pull Request] + +on: + pull_request: + branches: # PRs to the following branches will trigger the workflow + - main + paths: + - ".github/workflows/**" + - "apps/**" + - "packages/**" + +# This allows a subsequently queued workflow run to interrupt previous runs +concurrency: + group: "${{ github.workflow }} @ ${{ github.ref }}" + cancel-in-progress: true + +jobs: + ci: + name: CI + uses: ./.github/workflows/_ci.yaml + + # TODO: deploy Dokku preview apps here From 89d41551ac2da2399b453470c62ef90954198ccf Mon Sep 17 00:00:00 2001 From: Clemence Kyara Date: Mon, 7 Oct 2024 15:57:19 +0300 Subject: [PATCH 04/17] Add callable workflow to change for changes in apps --- .github/workflows/_app-path-filter.yaml | 89 +++++++++++++++++++++++ .github/workflows/_app-version-check.yaml | 47 ++++++++++++ 2 files changed, 136 insertions(+) create mode 100644 .github/workflows/_app-path-filter.yaml create mode 100644 .github/workflows/_app-version-check.yaml diff --git a/.github/workflows/_app-path-filter.yaml b/.github/workflows/_app-path-filter.yaml new file mode 100644 index 000000000..dcbd4d59e --- /dev/null +++ b/.github/workflows/_app-path-filter.yaml @@ -0,0 +1,89 @@ +name: App Path Filter + +on: + workflow_call: + outputs: + apps: + description: "Indicates if there are changes in apps files folder" + value: ${{ jobs.app-path-filter.outputs.apps }} + charterafrica: + description: "Indicates if charterafrica app files have changed" + value: ${{ jobs.app-path-filter.outputs.charterafrica }} + civicsignalblog: + description: "Indicates if civicsignalblog app files have changed" + value: ${{ jobs.app-path-filter.outputs.civicsignalblog }} + climatemappedafrica: + description: "Indicates if climatemappedafrica app files have changed" + value: ${{ jobs.app-path-filter.outputs.climatemappedafrica }} + codeforafrica: + description: "Indicates if codeforafrica app files have changed" + value: ${{ jobs.app-path-filter.outputs.codeforafrica }} + pesayetu: + description: "Indicates if pesayetu app files have changed" + value: ${{ jobs.app-path-filter.outputs.pesayetu }} + roboshield: + description: "Indicates if roboshield app files have changed" + value: ${{ jobs.app-path-filter.outputs.roboshield }} + techlabblog: + description: "Indicates if techlabblog app files have changed" + value: ${{ jobs.app-path-filter.outputs.techlabblog }} + vpnmanager: + description: "Indicates if vpnmanager app files have changed" + value: ${{ jobs.app-path-filter.outputs.vpnmanager }} + +jobs: + app-path-filter: + name: App Path Filter + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-latest] + outputs: + apps: ${{ steps.path-filter.outputs.apps }} + charterafrica: ${{ steps.path-filter.outputs.charterafrica }} + civicsignalblog: ${{ steps.path-filter.outputs.civicsignalblog }} + climatemappedafrica: ${{ steps.path-filter.outputs.climatemappedafrica }} + codeforafrica: ${{ steps.path-filter.outputs.codeforafrica }} + pesayetu: ${{ steps.path-filter.outputs.pesayetu }} + roboshield: ${{ steps.path-filter.outputs.roboshield }} + techlabblog: ${{ steps.path-filter.outputs.techlabblog }} + vpnmanager: ${{ steps.path-filter.outputs.vpnmanager }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Filter paths + uses: dorny/paths-filter@v3 + id: path-filter + with: + filters: | + shared: &shared + - Dockerfile + - packages/** + apps: + - *shared + - "apps/**" + charterafrica: + - *shared + - "apps/charterafrica/**" + civicsignalblog: + - *shared + - "apps/civicsignalblog/**" + climatemappedafrica: + - *shared + - "apps/climatemappedafrica/**" + codeforafrica: + - *shared + - "apps/codeforafrica/**" + pesayetu: + - *shared + - "apps/pesayetu/**" + roboshield: + - *shared + - "apps/roboshield/**" + techlabblog: + - *shared + - "apps/techlabblog/**" + vpnmanager: + - *shared + - "apps/vpnmanager/**" diff --git a/.github/workflows/_app-version-check.yaml b/.github/workflows/_app-version-check.yaml new file mode 100644 index 000000000..8989328b7 --- /dev/null +++ b/.github/workflows/_app-version-check.yaml @@ -0,0 +1,47 @@ +name: App Version Check + +on: + workflow_call: + inputs: + file-name: + required: true + type: string + description: "App name as it appears in 'apps' folder" + outputs: + changed: + description: "Either 'true' or 'false', indicates whether the version has changed" + value: ${{ jobs.app-version-check.outputs.changed }} + version: + description: "If the version has changed, it shows the version number" + value: ${{ jobs.app-version-check.outputs.version }} + +jobs: + app-version-check: + name: App Version Check + runs-on: ${{ matrix.os }} + strategy: + matrix: + os: [ubuntu-latest] + outputs: + changed: ${{ steps.version-check.outputs.changed }} + version: ${{ steps.version-check.outputs.version }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup node + uses: actions/setup-node@v4 + with: + node-version-file: "package.json" + + - name: Check version + id: version-check + uses: EndBug/version-check@v2 + with: + # Whether to search in every commit's diff. + # This is useful if you often do change the version without saying it + # in the commit message. If you always include the semver of the new + # version in your commit message when you bump versions then you can + # omit this. + diff-search: true + file-name: "${{ inputs.file-name }}" From 2662c5de37d4f3f3e31af059d8f2f8aacfdb001f Mon Sep 17 00:00:00 2001 From: Clemence Kyara Date: Mon, 7 Oct 2024 15:58:20 +0300 Subject: [PATCH 05/17] Fix Dockerfile name + descriptions --- .github/workflows/push-to-dokku.yml | 4 ++-- .github/workflows/vpnmanager-deploy-dev.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/push-to-dokku.yml b/.github/workflows/push-to-dokku.yml index 0e81a7cf1..e257ec20e 100644 --- a/.github/workflows/push-to-dokku.yml +++ b/.github/workflows/push-to-dokku.yml @@ -6,11 +6,11 @@ on: git_remote_url: required: true type: string - description: "The remote URL to push to" + description: "The dokku app's git repository url in SSH format" deploy_docker_image: required: true type: string - description: "The name of the image to push" + description: "A docker image to deploy via git:from-image" jobs: push: diff --git a/.github/workflows/vpnmanager-deploy-dev.yml b/.github/workflows/vpnmanager-deploy-dev.yml index a157f58d5..6f67a7b26 100644 --- a/.github/workflows/vpnmanager-deploy-dev.yml +++ b/.github/workflows/vpnmanager-deploy-dev.yml @@ -5,7 +5,7 @@ on: branches: [main] paths: - "apps/vpnmanager/**" - - "Dockerfile.vpnmanager" + - "Dockerfile" - ".github/workflows/vpnmanager-deploy-dev.yml" # This allows a subsequently queued workflow run to interrupt previous runs From 82ffb7274f6b533cafd0a564f3f4af27ef4ec659 Mon Sep 17 00:00:00 2001 From: Clemence Kyara Date: Mon, 7 Oct 2024 15:58:52 +0300 Subject: [PATCH 06/17] Add callable workflow to build: 1. codeforafrica 2. charterafrica --- .github/workflows/_cd-charterafrica.yaml | 53 +++++++++++++++++++++++ .github/workflows/_cd-codeforafrica.yaml | 54 ++++++++++++++++++++++++ 2 files changed, 107 insertions(+) create mode 100644 .github/workflows/_cd-charterafrica.yaml create mode 100644 .github/workflows/_cd-codeforafrica.yaml diff --git a/.github/workflows/_cd-charterafrica.yaml b/.github/workflows/_cd-charterafrica.yaml new file mode 100644 index 000000000..dc782fda4 --- /dev/null +++ b/.github/workflows/_cd-charterafrica.yaml @@ -0,0 +1,53 @@ +name: CD | charterafrica + +on: + workflow_call: + inputs: + app_url: + required: true + type: string + description: "App final URL" + NODE_ENV: + required: true + type: string + description: "development|production" + build_args: + required: false + type: string + description: "List of build-time variables" + tags: + required: true + type: string + description: "List of tags" + git_remote_url: + required: true + type: string + description: "The dokku app's git repository url in SSH format" + +jobs: + build-docker-image: + name: Build Docker Image + uses: ./.github/workflows/build-docker-image.yml + secrets: inherit + with: + build_args: | + ${{ inputs.build_args }} + MONGO_URL=${{ secrets.CHARTERAFRICA_MONGO_URL }} + NEXT_PUBLIC_APP_URL=${{ inputs.app_url }} + NEXT_PUBLIC_SENTRY_DSN=${{ secrets.CHARTERAFRICA_SENTRY_DSN }} + NODE_ENV=${{ inputs.NODE_ENV }} + PAYLOAD_SECRET_KEY=${{ secrets.CHARTERAFRICA_PAYLOAD_SECRET_KEY }} + SENTRY_ENVIRONMENT=${{ inputs.NODE_ENV }} + SENTRY_ORG=${{ secrets.SENTRY_ORG }} + SENTRY_PROJECT=${{ secrets.CHARTERAFRICA_SENTRY_PROJECT }} + tags: ${{ inputs.tags }} + target: charterafrica-runner + + push-to-dokku: + name: Push to Dokku + needs: [build-docker-image] + uses: ./.github/workflows/push-to-dokku.yml + secrets: inherit + with: + git_remote_url: ${{ inputs.git_remote_url }} + deploy_docker_image: ${{ inputs.tags }} diff --git a/.github/workflows/_cd-codeforafrica.yaml b/.github/workflows/_cd-codeforafrica.yaml new file mode 100644 index 000000000..aa2e1b01e --- /dev/null +++ b/.github/workflows/_cd-codeforafrica.yaml @@ -0,0 +1,54 @@ +name: CD | codeforafrica + +on: + workflow_call: + inputs: + app_url: + required: true + type: string + description: "App final URL" + NODE_ENV: + required: true + type: string + description: "development|production" + build_args: + required: false + type: string + description: "List of build-time variables" + tags: + required: true + type: string + description: "List of tags" + git_remote_url: + required: true + type: string + description: "The dokku app's git repository url in SSH format" + +jobs: + build-docker-image: + name: Build Docker Image + uses: ./.github/workflows/build-docker-image.yml + with: + build_args: | + ${{ inputs.build_args }} + MONGODB_URL=${{ secrets.CODEFORAFRICA_MONGODB_URL }} + NEXT_PUBLIC_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }} + NEXT_PUBLIC_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }} + NEXT_PUBLIC_APP_URL=${{ inputs.app_url }} + NODE_ENV=${{ inputs.NODE_ENV }} + PAYLOAD_SECRET=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }} + SENTRY_ENVIRONMENT=${{ inputs.NODE_ENV }} + SENTRY_PROJECT=${{ secrets.CODEFORAFRICA_SENTRY_PROJECT }} + SENTRY_DSN: ${{ vars.TECHLABBLOG_SENTRY_DSN }} + tags: ${{ inputs.tags }} + target: "codeforafrica-runner" + secrets: inherit + + push-to-dokku: + name: Push to Dokku + needs: [build-docker-image] + uses: ./.github/workflows/push-to-dokku.yml + with: + git_remote_url: ${{ inputs.git_remote_url }} + deploy_docker_image: ${{ inputs.tags }} + secrets: inherit From 9ac5eff5a3a1eccb4a58b0a64f2797d914f34661 Mon Sep 17 00:00:00 2001 From: Clemence Kyara Date: Mon, 7 Oct 2024 15:59:48 +0300 Subject: [PATCH 07/17] Add callable workflows to build apps in dev and prod --- .github/workflows/_cd-dev.yaml | 33 +++++++++++++++++++++++++ .github/workflows/_cd-prod.yaml | 43 +++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+) create mode 100644 .github/workflows/_cd-dev.yaml create mode 100644 .github/workflows/_cd-prod.yaml diff --git a/.github/workflows/_cd-dev.yaml b/.github/workflows/_cd-dev.yaml new file mode 100644 index 000000000..52dc8ba0a --- /dev/null +++ b/.github/workflows/_cd-dev.yaml @@ -0,0 +1,33 @@ +name: DEV | CD + +on: + workflow_call: + +jobs: + apps-path-filter: + name: + uses: ./.github/workflows/_app-path-filter.yaml + + cd-dev-charterafrica: + needs: + - apps-path-filter + if: ${{ needs.apps-path-filter.outputs.charterafrica == 'true' }} + uses: ./.github/workflows/_cd-codeforafrica.yaml + with: + NODE_ENV: "development" + app_url: "https://charterafrica.dev.codeforafrica.org" + git_remote_url: "ssh://azureuser@ui-1.dev.codeforafrica.org/charterafrica-ui" + tags: "codeforafrica/charterafrica-ui:${{ github.sha }}" + secrets: inherit + + cd-dev-codeforafrica: + needs: + - apps-path-filter + if: ${{ needs.apps-path-filter.outputs.codeforafrica == 'true' }} + uses: ./.github/workflows/_cd-codeforafrica.yaml + with: + NODE_ENV: "development" + app_url: "https://codeforafrica-ui.dev.codeforafrica.org" + git_remote_url: "ssh://azureuser@ui-1.dev.codeforafrica.org/codeofrafrica-ui" + tags: "codeforafrica/codeforafrica-ui:${{ github.sha }}" + secrets: inherit diff --git a/.github/workflows/_cd-prod.yaml b/.github/workflows/_cd-prod.yaml new file mode 100644 index 000000000..87966c628 --- /dev/null +++ b/.github/workflows/_cd-prod.yaml @@ -0,0 +1,43 @@ +name: PROD | CD + +on: + workflow_call: + +jobs: + version-check-charterafrica: + name: Version Check | charterafrica + uses: ./.github/workflows/_app-version-check.yaml + with: + file-name: "./apps/charterafrica/package.json" + + version-check-codeforafrica: + name: Version Check | codeforafrica + uses: ./.github/workflows/_app-version-check.yaml + with: + file-name: "./apps/codeforafrica/package.json" + + prod-cd-charterafrica: + name: Deploy | charterafrica + needs: + - version-check-charterafrica + if: ${{ needs.version-check-charterafrica.outputs.changed == 'true' }} + uses: ./.github/workflows/_cd-charterafrica.yaml + with: + NODE_ENV: production + app_url: https://charter.africa + git_remote_url: ssh://dokku@ui-1.prod.codeforafrica.org/charterafrica-ui + tags: "codeforafrica/charterafrica-ui:${{ needs.version-check-charterafrica.outputs.version }}" + secrets: inherit + + prod-cd-codeforafrica: + name: Deploy | charterafrica + needs: + - version-check-codeforafrica + if: ${{ needs.version-check-codeforafrica.outputs.changed == 'true' }} + uses: ./.github/workflows/_cd-codeforafrica.yaml + with: + NODE_ENV: production + app_url: https://cfa.dev.codeforafrica.org + git_remote_url: ssh://dokku@ui-1.prod.codeforafrica.org/codeforafrica-ui + tags: "codeforafrica/codeforafrica-ui:${{ needs.version-check-codeforafrica.outputs.version }}" + secrets: inherit From 89c810164c725dfcf7f5c8031c04121b52386b5e Mon Sep 17 00:00:00 2001 From: Clemence Kyara Date: Mon, 7 Oct 2024 16:00:09 +0300 Subject: [PATCH 08/17] Add workflow to handle merging to main --- .github/workflows/main.yaml | 41 +++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/main.yaml diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml new file mode 100644 index 000000000..dadae1bdf --- /dev/null +++ b/.github/workflows/main.yaml @@ -0,0 +1,41 @@ +name: CI/CD [Main] + +on: + push: + branches: + - main + paths: + - ".github/workflows/**" + - "Dockerfile" + - "apps/**" + - "packages/**" + +# This allows a subsequently queued workflow run to interrupt previous runs +concurrency: + group: "${{ github.workflow }} @ ${{ github.ref }}" + cancel-in-progress: true + +jobs: + ci: + name: CI + uses: ./.github/workflows/_ci.yaml + + apps-path-filter: + needs: + - ci + name: + uses: ./.github/workflows/_app-path-filter.yaml + + cd-dev: + needs: + - apps-path-filter + if: ${{ needs.apps-path-filter.outputs.apps == 'true' }} + uses: ./.github/workflows/_cd-dev.yaml + secrets: inherit + + cd-prod: + needs: + - apps-path-filter + if: ${{ needs.apps-path-filter.outputs.apps == 'true' }} + uses: ./.github/workflows/_cd-prod.yaml + secrets: inherit From 06338d7c8b8c5c7219099899c4d02ed45099306d Mon Sep 17 00:00:00 2001 From: Clemence Kyara Date: Mon, 7 Oct 2024 16:22:16 +0300 Subject: [PATCH 09/17] Enable main workflow on current branch (testing) --- .github/workflows/main.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index dadae1bdf..19718b150 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -4,6 +4,7 @@ on: push: branches: - main + - chore/ui_callable_workflows paths: - ".github/workflows/**" - "Dockerfile" From 1793384de6fa611f91305e7d57c092770591391e Mon Sep 17 00:00:00 2001 From: Clemence Kyara Date: Mon, 7 Oct 2024 16:56:54 +0300 Subject: [PATCH 10/17] Disable PR (temporarily) --- .github/workflows/pr.yaml | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 8c7d0286d..6348eea1e 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -1,22 +1,22 @@ -name: CI [Pull Request] +# name: CI [Pull Request] -on: - pull_request: - branches: # PRs to the following branches will trigger the workflow - - main - paths: - - ".github/workflows/**" - - "apps/**" - - "packages/**" +# on: +# pull_request: +# branches: # PRs to the following branches will trigger the workflow +# - main +# paths: +# - ".github/workflows/**" +# - "apps/**" +# - "packages/**" -# This allows a subsequently queued workflow run to interrupt previous runs -concurrency: - group: "${{ github.workflow }} @ ${{ github.ref }}" - cancel-in-progress: true +# # This allows a subsequently queued workflow run to interrupt previous runs +# concurrency: +# group: "${{ github.workflow }} @ ${{ github.ref }}" +# cancel-in-progress: true -jobs: - ci: - name: CI - uses: ./.github/workflows/_ci.yaml +# jobs: +# ci: +# name: CI +# uses: ./.github/workflows/_ci.yaml - # TODO: deploy Dokku preview apps here +# # TODO: deploy Dokku preview apps here From ed323c20abf1a291f60c20f4ff65b1dc0486d366 Mon Sep 17 00:00:00 2001 From: Clemence Kyara Date: Mon, 7 Oct 2024 16:57:43 +0300 Subject: [PATCH 11/17] Bump + add changes for testing --- apps/charterafrica/README.md | 4 ++-- apps/charterafrica/package.json | 2 +- apps/codeforafrica/README.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/apps/charterafrica/README.md b/apps/charterafrica/README.md index 7afec94b6..a2e4602fa 100644 --- a/apps/charterafrica/README.md +++ b/apps/charterafrica/README.md @@ -1,6 +1,6 @@ # Charter Africa -This is the official code for https://charter.africa site +This is the official code for site ## Getting Started @@ -12,7 +12,7 @@ cp env.template .env.local and modify the `.env.local` file according to your needs. -#### Note +### Note The default `.env` file is for the publicly visible environment variables. **DO NOT** include any secrets in it. All secrets should go into `env.local`. diff --git a/apps/charterafrica/package.json b/apps/charterafrica/package.json index ef297b0ce..05646df36 100644 --- a/apps/charterafrica/package.json +++ b/apps/charterafrica/package.json @@ -1,6 +1,6 @@ { "name": "charterafrica", - "version": "0.1.33", + "version": "0.1.33+202410071657", "private": true, "author": "Code for Africa ", "description": "This is the official code for https://charter.africa site", diff --git a/apps/codeforafrica/README.md b/apps/codeforafrica/README.md index 0790cac81..8f065f21b 100644 --- a/apps/codeforafrica/README.md +++ b/apps/codeforafrica/README.md @@ -12,7 +12,7 @@ cp env.template .env.local and modify the `.env.local` file according to your needs. -#### Note +### Note The default `.env` file is for the 'Publicly' visible environment variables. From fb0064e3a728f6f1fa98b65c965fb0fa38147b2a Mon Sep 17 00:00:00 2001 From: Clemence Kyara Date: Mon, 7 Oct 2024 17:00:59 +0300 Subject: [PATCH 12/17] Disable reusable apps action --- .../codeforafrica-deploy-review-app.yml | 184 +++++++++--------- 1 file changed, 92 insertions(+), 92 deletions(-) diff --git a/.github/workflows/codeforafrica-deploy-review-app.yml b/.github/workflows/codeforafrica-deploy-review-app.yml index d4045028d..54eec759b 100644 --- a/.github/workflows/codeforafrica-deploy-review-app.yml +++ b/.github/workflows/codeforafrica-deploy-review-app.yml @@ -1,102 +1,102 @@ -name: Code for Africa | Deploy | REVIEW APP +# name: Code for Africa | Deploy | REVIEW APP -on: - pull_request: - paths: - - "apps/codeforafrica/**" - - "Dockerfile" - - ".github/workflows/codeforafrica-deploy-review-app.yml" - # By default, a workflow only runs when a pull_request event's activity - # type is opened, synchronize, or reopened. We need at least closed to - # be able to destroy preview app - types: [opened, reopened, closed, synchronize] -concurrency: - group: "${{ github.workflow }} @ ${{ github.ref }}" - cancel-in-progress: false +# on: +# pull_request: +# paths: +# - "apps/codeforafrica/**" +# - "Dockerfile" +# - ".github/workflows/codeforafrica-deploy-review-app.yml" +# # By default, a workflow only runs when a pull_request event's activity +# # type is opened, synchronize, or reopened. We need at least closed to +# # be able to destroy preview app +# types: [opened, reopened, closed, synchronize] +# concurrency: +# group: "${{ github.workflow }} @ ${{ github.ref }}" +# cancel-in-progress: false -env: - DOKKU_REMOTE_BRANCH: "master" - DOKKU_REMOTE_URL: "ssh://azureuser@ui-1.dev.codeforafrica.org" - IMAGE_NAME: "codeforafrica/codeforafrica-ui" - ORIGINAL_APP_NAME: "codeforafrica-ui" - NEXT_PUBLIC_APP_URL: "https://codeforafrica-ui-pr-${{github.event.pull_request.number}}.dev.codeforafrica.org" - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - APP_NAME: codeforafrica-ui-pr-${{ github.event.pull_request.number }} +# env: +# DOKKU_REMOTE_BRANCH: "master" +# DOKKU_REMOTE_URL: "ssh://azureuser@ui-1.dev.codeforafrica.org" +# IMAGE_NAME: "codeforafrica/codeforafrica-ui" +# ORIGINAL_APP_NAME: "codeforafrica-ui" +# NEXT_PUBLIC_APP_URL: "https://codeforafrica-ui-pr-${{github.event.pull_request.number}}.dev.codeforafrica.org" +# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} +# APP_NAME: codeforafrica-ui-pr-${{ github.event.pull_request.number }} -jobs: - deploy_review_app: - runs-on: ${{ matrix.os }} - strategy: - matrix: - node-version: [20.16] - os: [ubuntu-latest] - if: github.event_name == 'pull_request' && github.event.action != 'closed' - steps: - - name: Cloning repo - uses: actions/checkout@v4 - with: - fetch-depth: 0 +# jobs: +# deploy_review_app: +# runs-on: ${{ matrix.os }} +# strategy: +# matrix: +# node-version: [20.16] +# os: [ubuntu-latest] +# if: github.event_name == 'pull_request' && github.event.action != 'closed' +# steps: +# - name: Cloning repo +# uses: actions/checkout@v4 +# with: +# fetch-depth: 0 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 +# - name: Set up Docker Buildx +# uses: docker/setup-buildx-action@v3 - - name: Cache Docker layers - uses: actions/cache@v4 - with: - key: ${{ runner.os }}-buildx-${{ github.sha }} - path: /tmp/.buildx-cache - restore-keys: | - ${{ runner.os }}-buildx- +# - name: Cache Docker layers +# uses: actions/cache@v4 +# with: +# key: ${{ runner.os }}-buildx-${{ github.sha }} +# path: /tmp/.buildx-cache +# restore-keys: | +# ${{ runner.os }}-buildx- - - name: Login to DockerHub - uses: docker/login-action@v3 - with: - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - username: ${{ secrets.DOCKER_HUB_USERNAME }} +# - name: Login to DockerHub +# uses: docker/login-action@v3 +# with: +# password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} +# username: ${{ secrets.DOCKER_HUB_USERNAME }} - - name: Build Docker image - uses: docker/build-push-action@v5 - with: - build-args: | - MONGODB_URL=${{ secrets.CODEFORAFRICA_MONGO_URL }}/${{ env.APP_NAME }} - NEXT_PUBLIC_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }} - NEXT_PUBLIC_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }} - NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }} - PAYLOAD_SECRET=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache-new - context: . - target: codeforafrica-runner - push: true - tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}" +# - name: Build Docker image +# uses: docker/build-push-action@v5 +# with: +# build-args: | +# MONGODB_URL=${{ secrets.CODEFORAFRICA_MONGO_URL }}/${{ env.APP_NAME }} +# NEXT_PUBLIC_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }} +# NEXT_PUBLIC_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }} +# NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }} +# PAYLOAD_SECRET=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }} +# cache-from: type=local,src=/tmp/.buildx-cache +# cache-to: type=local,dest=/tmp/.buildx-cache-new +# context: . +# target: codeforafrica-runner +# push: true +# tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}" - - name: Push to dokku - uses: dokku/github-action@master - with: - command: review-apps:create - git_remote_url: ${{ env.DOKKU_REMOTE_URL }}/codeforafrica-ui - review_app_name: ${{ env.APP_NAME }} - ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }} - deploy_docker_image: ${{ env.IMAGE_NAME }}:${{ github.sha }} +# - name: Push to dokku +# uses: dokku/github-action@master +# with: +# command: review-apps:create +# git_remote_url: ${{ env.DOKKU_REMOTE_URL }}/codeforafrica-ui +# review_app_name: ${{ env.APP_NAME }} +# ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }} +# deploy_docker_image: ${{ env.IMAGE_NAME }}:${{ github.sha }} - - name: Update Preview URL - run: (gh pr comment ${{ env.issue-number }} --edit-last --body='${{ env.body }}' || gh pr comment ${{ env.issue-number }} --body='${{ env.body }}') - env: - issue-number: ${{ github.event.pull_request.number }} - body: | - Latest updated Preview URL - | Name | Review | - |-------|--------| - | ${{ env.APP_NAME }} | [Visit](https://${{ env.APP_NAME }}.dev.codeforafrica.org) | +# - name: Update Preview URL +# run: (gh pr comment ${{ env.issue-number }} --edit-last --body='${{ env.body }}' || gh pr comment ${{ env.issue-number }} --body='${{ env.body }}') +# env: +# issue-number: ${{ github.event.pull_request.number }} +# body: | +# Latest updated Preview URL +# | Name | Review | +# |-------|--------| +# | ${{ env.APP_NAME }} | [Visit](https://${{ env.APP_NAME }}.dev.codeforafrica.org) | - destroy_review_app: - runs-on: ubuntu-latest - if: github.event_name == 'pull_request' && github.event.action == 'closed' - steps: - - name: Destroy review app - uses: dokku/github-action@master - with: - command: review-apps:destroy - git_remote_url: ${{ env.DOKKU_REMOTE_URL }}/codeforafrica-ui - review_app_name: ${{ env.APP_NAME }} - ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }} +# destroy_review_app: +# runs-on: ubuntu-latest +# if: github.event_name == 'pull_request' && github.event.action == 'closed' +# steps: +# - name: Destroy review app +# uses: dokku/github-action@master +# with: +# command: review-apps:destroy +# git_remote_url: ${{ env.DOKKU_REMOTE_URL }}/codeforafrica-ui +# review_app_name: ${{ env.APP_NAME }} +# ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }} From 1a9ad497e0db6cf4d6939b17cc6dd7672216c178 Mon Sep 17 00:00:00 2001 From: Clemence Kyara Date: Mon, 7 Oct 2024 17:05:23 +0300 Subject: [PATCH 13/17] Run on PR --- .github/workflows/main.yaml | 3 +-- .github/workflows/pr.yaml | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 19718b150..31df392b2 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -1,9 +1,8 @@ name: CI/CD [Main] on: - push: + pull_request: branches: - - main - chore/ui_callable_workflows paths: - ".github/workflows/**" diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 6348eea1e..ed0bb8fa7 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -1,4 +1,4 @@ -# name: CI [Pull Request] +# name: CI [PR] # on: # pull_request: From 9a9aea99f9f91913f8036ecf9e049d14f66d78dc Mon Sep 17 00:00:00 2001 From: Clemence Kyara Date: Mon, 7 Oct 2024 17:06:31 +0300 Subject: [PATCH 14/17] Ensure PR targeting main --- .github/workflows/main.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 31df392b2..ccb635227 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -2,8 +2,8 @@ name: CI/CD [Main] on: pull_request: - branches: - - chore/ui_callable_workflows + branches: # PRs to the following branches will trigger the workflow + - main paths: - ".github/workflows/**" - "Dockerfile" From 2cfa53f48def2ce96fc593c246dfff9b694b11c8 Mon Sep 17 00:00:00 2001 From: Clemence Kyara Date: Mon, 7 Oct 2024 17:08:18 +0300 Subject: [PATCH 15/17] Change jobs order --- .github/workflows/main.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index ccb635227..660b61de8 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -21,13 +21,12 @@ jobs: uses: ./.github/workflows/_ci.yaml apps-path-filter: - needs: - - ci name: uses: ./.github/workflows/_app-path-filter.yaml cd-dev: needs: + - ci - apps-path-filter if: ${{ needs.apps-path-filter.outputs.apps == 'true' }} uses: ./.github/workflows/_cd-dev.yaml @@ -35,6 +34,7 @@ jobs: cd-prod: needs: + - ci - apps-path-filter if: ${{ needs.apps-path-filter.outputs.apps == 'true' }} uses: ./.github/workflows/_cd-prod.yaml From 074968df923b2e44d61e15dc45ae8e7b54b5f91b Mon Sep 17 00:00:00 2001 From: Clemence Kyara Date: Tue, 8 Oct 2024 09:09:37 +0300 Subject: [PATCH 16/17] Use outputs instead of secrets in `with` --- .github/workflows/_cd-charterafrica.yaml | 49 +++++++++++++++++++----- .github/workflows/_cd-codeforafrica.yaml | 37 +++++++++++++++--- .github/workflows/_cd-dev.yaml | 9 +++-- .github/workflows/_cd-prod.yaml | 7 +++- .github/workflows/main.yaml | 1 + 5 files changed, 82 insertions(+), 21 deletions(-) diff --git a/.github/workflows/_cd-charterafrica.yaml b/.github/workflows/_cd-charterafrica.yaml index dc782fda4..9634bed79 100644 --- a/.github/workflows/_cd-charterafrica.yaml +++ b/.github/workflows/_cd-charterafrica.yaml @@ -3,14 +3,18 @@ name: CD | charterafrica on: workflow_call: inputs: + NODE_ENV: + required: true + type: string + description: "development|production" app_url: required: true type: string description: "App final URL" - NODE_ENV: + seo_disabled: required: true type: string - description: "development|production" + description: "false|true" build_args: required: false type: string @@ -25,29 +29,56 @@ on: description: "The dokku app's git repository url in SSH format" jobs: + # This seem to be needed because GitHub doesn't support access `secrets` in a `with` clause + # https://github.com/github/roadmap/issues/636 + secrets: + runs-on: ubuntu-latest + outputs: + MONGO_URL: ${{ steps.output-secrets.outputs.test.CHARTERAFRICA_MONGO_URL }} + NEXT_PUBLIC_APP_LOGO_URL: ${{ steps.output-secrets.outputs.test.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }} + NEXT_PUBLIC_APP_NAME: ${{ steps.output-secrets.outputs.test.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }} + NEXT_PUBLIC_GA_MEASUREMENT_ID: ${{ steps.output-secrets.outputs.test.CHARTERAFRICA_GA_MEASUREMENT_ID }} + NEXT_PUBLIC_SENTRY_DSN: ${{ steps.output-secrets.outputs.test.CHARTERAFRICA_SENTRY_DSN }} + PAYLOAD_SECRET: ${{ steps.output-secrets.outputs.test.CHARTERAFRICA_PAYLOAD_SECRET_KEY }} + SENTRY_PROJECT: ${{ steps.output-secrets.outputs.test.CODEFORAFRICA_SENTRY_PROJECT }} + steps: + - id: output-secrets + run: | + echo "CHARTERAFRICA_GA_MEASUREMENT_ID=${{ secrets.CHARTERAFRICA_GA_MEASUREMENT_ID }}" >> "$GITHUB_OUTPUT" + echo "CHARTERAFRICA_MONGO_URL=${{ secrets.CHARTERAFRICA_MONGO_URL }}" >> "$GITHUB_OUTPUT" + echo "CHARTERAFRICA_SENTRY_DSN=${{ secrets.CHARTERAFRICA_SENTRY_DSN }}" >> "$GITHUB_OUTPUT" + echo "NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }}" >> "$GITHUB_OUTPUT" + echo "NEXT_PUBLIC_CODEFORAFRICA_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }}" >> "$GITHUB_OUTPUT" + echo "CHARTERAFRICA_PAYLOAD_SECRET_KEY=${{ secrets.CHARTERAFRICA_PAYLOAD_SECRET_KEY }}" >> "$GITHUB_OUTPUT" + echo "CHARTERAFRICA_SENTRY_PROJECT=${{ secrets.CHARTERAFRICA_SENTRY_PROJECT }}" >> "$GITHUB_OUTPUT" + build-docker-image: name: Build Docker Image + needs: + - secrets uses: ./.github/workflows/build-docker-image.yml - secrets: inherit with: build_args: | ${{ inputs.build_args }} - MONGO_URL=${{ secrets.CHARTERAFRICA_MONGO_URL }} + MONGO_URL=${{ needs.secrets.outputs.MONGO_URL }} NEXT_PUBLIC_APP_URL=${{ inputs.app_url }} - NEXT_PUBLIC_SENTRY_DSN=${{ secrets.CHARTERAFRICA_SENTRY_DSN }} + NEXT_PUBLIC_GA_MEASUREMENT_ID=${{ needs.secrets.outputs.NEXT_PUBLIC_GA_MEASUREMENT_ID }} + NEXT_PUBLIC_SENTRY_DSN=${{ needs.secrets.outputs.NEXT_PUBLIC_SENTRY_DSN }} + NEXT_PUBLIC_SEO_DISABLED=${{ inputs.seo_disabled }} NODE_ENV=${{ inputs.NODE_ENV }} - PAYLOAD_SECRET_KEY=${{ secrets.CHARTERAFRICA_PAYLOAD_SECRET_KEY }} + PAYLOAD_SECRET_KEY=${{ needs.secrets.outputs.PAYLOAD_SECRET }} SENTRY_ENVIRONMENT=${{ inputs.NODE_ENV }} - SENTRY_ORG=${{ secrets.SENTRY_ORG }} - SENTRY_PROJECT=${{ secrets.CHARTERAFRICA_SENTRY_PROJECT }} + SENTRY_ORG=${{ vars.SENTRY_ORG }} + SENTRY_PROJECT=${{ needs.secrets.outputs.SENTRY_PROJECT }} tags: ${{ inputs.tags }} target: charterafrica-runner + secrets: inherit push-to-dokku: name: Push to Dokku needs: [build-docker-image] uses: ./.github/workflows/push-to-dokku.yml - secrets: inherit with: git_remote_url: ${{ inputs.git_remote_url }} deploy_docker_image: ${{ inputs.tags }} + secrets: inherit diff --git a/.github/workflows/_cd-codeforafrica.yaml b/.github/workflows/_cd-codeforafrica.yaml index aa2e1b01e..18387820b 100644 --- a/.github/workflows/_cd-codeforafrica.yaml +++ b/.github/workflows/_cd-codeforafrica.yaml @@ -23,23 +23,48 @@ on: required: true type: string description: "The dokku app's git repository url in SSH format" + secrets: + CODEFORAFRICA_MONGODB_URL: + required: true + NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL: + required: false jobs: + # This seem to be needed because GitHub doesn't support access `secrets` in a `with` clause + # https://github.com/github/roadmap/issues/636 + secrets: + runs-on: ubuntu-latest + outputs: + MONGODB_URL: ${{ steps.output-secrets.outputs.test.CODEFORAFRICA_MONGODB_URL }} + NEXT_PUBLIC_APP_LOGO_URL: ${{ steps.output-secrets.outputs.test.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }} + NEXT_PUBLIC_APP_NAME: ${{ steps.output-secrets.outputs.test.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }} + PAYLOAD_SECRET: ${{ steps.output-secrets.outputs.test.CODEFORAFRICA_PAYLOAD_SECRET }} + SENTRY_PROJECT: ${{ steps.output-secrets.outputs.test.CODEFORAFRICA_SENTRY_PROJECT }} + steps: + - id: output-secrets + run: | + echo "CODEFORAFRICA_MONGODB_URL=${{ secrets.CODEFORAFRICA_MONGODB_URL }}" >> "$GITHUB_OUTPUT" + echo "NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }}" >> "$GITHUB_OUTPUT" + echo "NEXT_PUBLIC_CODEFORAFRICA_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }}" >> "$GITHUB_OUTPUT" + echo "CODEFORAFRICA_PAYLOAD_SECRET=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }}" >> "$GITHUB_OUTPUT" + echo "CODEFORAFRICA_SENTRY_PROJECT=${{ secrets.CODEFORAFRICA_SENTRY_PROJECT }}" >> "$GITHUB_OUTPUT" + build-docker-image: name: Build Docker Image + needs: + - secrets uses: ./.github/workflows/build-docker-image.yml with: build_args: | ${{ inputs.build_args }} - MONGODB_URL=${{ secrets.CODEFORAFRICA_MONGODB_URL }} - NEXT_PUBLIC_APP_LOGO_URL=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }} - NEXT_PUBLIC_APP_NAME=${{ secrets.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }} + MONGODB_URL=${{ needs.secrets.outputs.MONGODB_URL }} + NEXT_PUBLIC_APP_LOGO_URL=${{ needs.secrets.outputs.NEXT_PUBLIC_APP_LOGO_URL }} + NEXT_PUBLIC_APP_NAME=${{ needs.secrets.outputs.NEXT_PUBLIC_APP_NAME }} NEXT_PUBLIC_APP_URL=${{ inputs.app_url }} NODE_ENV=${{ inputs.NODE_ENV }} - PAYLOAD_SECRET=${{ secrets.CODEFORAFRICA_PAYLOAD_SECRET }} + PAYLOAD_SECRET=${{ needs.secrets.outputs.PAYLOAD_SECRET }} SENTRY_ENVIRONMENT=${{ inputs.NODE_ENV }} - SENTRY_PROJECT=${{ secrets.CODEFORAFRICA_SENTRY_PROJECT }} - SENTRY_DSN: ${{ vars.TECHLABBLOG_SENTRY_DSN }} + SENTRY_PROJECT=${{ needs.secrets.outputs.SENTRY_PROJECT }} tags: ${{ inputs.tags }} target: "codeforafrica-runner" secrets: inherit diff --git a/.github/workflows/_cd-dev.yaml b/.github/workflows/_cd-dev.yaml index 52dc8ba0a..4789f06b8 100644 --- a/.github/workflows/_cd-dev.yaml +++ b/.github/workflows/_cd-dev.yaml @@ -12,12 +12,13 @@ jobs: needs: - apps-path-filter if: ${{ needs.apps-path-filter.outputs.charterafrica == 'true' }} - uses: ./.github/workflows/_cd-codeforafrica.yaml + uses: ./.github/workflows/_cd-charterafrica.yaml with: - NODE_ENV: "development" + NODE_ENV: development app_url: "https://charterafrica.dev.codeforafrica.org" - git_remote_url: "ssh://azureuser@ui-1.dev.codeforafrica.org/charterafrica-ui" + seo_disabled: true tags: "codeforafrica/charterafrica-ui:${{ github.sha }}" + git_remote_url: "ssh://azureuser@ui-1.dev.codeforafrica.org/charterafrica-ui" secrets: inherit cd-dev-codeforafrica: @@ -28,6 +29,6 @@ jobs: with: NODE_ENV: "development" app_url: "https://codeforafrica-ui.dev.codeforafrica.org" - git_remote_url: "ssh://azureuser@ui-1.dev.codeforafrica.org/codeofrafrica-ui" tags: "codeforafrica/codeforafrica-ui:${{ github.sha }}" + git_remote_url: "ssh://azureuser@ui-1.dev.codeforafrica.org/codeofrafrica-ui" secrets: inherit diff --git a/.github/workflows/_cd-prod.yaml b/.github/workflows/_cd-prod.yaml index 87966c628..1bf38adc2 100644 --- a/.github/workflows/_cd-prod.yaml +++ b/.github/workflows/_cd-prod.yaml @@ -9,12 +9,14 @@ jobs: uses: ./.github/workflows/_app-version-check.yaml with: file-name: "./apps/charterafrica/package.json" + secrets: inherit version-check-codeforafrica: name: Version Check | codeforafrica uses: ./.github/workflows/_app-version-check.yaml with: file-name: "./apps/codeforafrica/package.json" + secrets: inherit prod-cd-charterafrica: name: Deploy | charterafrica @@ -25,8 +27,9 @@ jobs: with: NODE_ENV: production app_url: https://charter.africa - git_remote_url: ssh://dokku@ui-1.prod.codeforafrica.org/charterafrica-ui + seo_disabled: false tags: "codeforafrica/charterafrica-ui:${{ needs.version-check-charterafrica.outputs.version }}" + git_remote_url: ssh://dokku@ui-1.prod.codeforafrica.org/charterafrica-ui secrets: inherit prod-cd-codeforafrica: @@ -38,6 +41,6 @@ jobs: with: NODE_ENV: production app_url: https://cfa.dev.codeforafrica.org - git_remote_url: ssh://dokku@ui-1.prod.codeforafrica.org/codeforafrica-ui tags: "codeforafrica/codeforafrica-ui:${{ needs.version-check-codeforafrica.outputs.version }}" + git_remote_url: ssh://dokku@ui-1.prod.codeforafrica.org/codeforafrica-ui secrets: inherit diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 660b61de8..51c304a47 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -23,6 +23,7 @@ jobs: apps-path-filter: name: uses: ./.github/workflows/_app-path-filter.yaml + secrets: inherit cd-dev: needs: From e870028549ae5f78ddc2aa243b3f28ab701840dd Mon Sep 17 00:00:00 2001 From: Clemence Kyara Date: Tue, 8 Oct 2024 09:32:02 +0300 Subject: [PATCH 17/17] Clean up --- .github/workflows/_cd-charterafrica.yaml | 15 +++++----- .github/workflows/_cd-codeforafrica.yaml | 11 +++---- .github/workflows/main.yaml | 5 ++-- .github/workflows/pr.yaml | 37 ++++++++++++------------ 4 files changed, 34 insertions(+), 34 deletions(-) diff --git a/.github/workflows/_cd-charterafrica.yaml b/.github/workflows/_cd-charterafrica.yaml index 9634bed79..3029b3158 100644 --- a/.github/workflows/_cd-charterafrica.yaml +++ b/.github/workflows/_cd-charterafrica.yaml @@ -30,17 +30,18 @@ on: jobs: # This seem to be needed because GitHub doesn't support access `secrets` in a `with` clause + # when calling reusable workflows # https://github.com/github/roadmap/issues/636 secrets: runs-on: ubuntu-latest outputs: - MONGO_URL: ${{ steps.output-secrets.outputs.test.CHARTERAFRICA_MONGO_URL }} - NEXT_PUBLIC_APP_LOGO_URL: ${{ steps.output-secrets.outputs.test.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }} - NEXT_PUBLIC_APP_NAME: ${{ steps.output-secrets.outputs.test.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }} - NEXT_PUBLIC_GA_MEASUREMENT_ID: ${{ steps.output-secrets.outputs.test.CHARTERAFRICA_GA_MEASUREMENT_ID }} - NEXT_PUBLIC_SENTRY_DSN: ${{ steps.output-secrets.outputs.test.CHARTERAFRICA_SENTRY_DSN }} - PAYLOAD_SECRET: ${{ steps.output-secrets.outputs.test.CHARTERAFRICA_PAYLOAD_SECRET_KEY }} - SENTRY_PROJECT: ${{ steps.output-secrets.outputs.test.CODEFORAFRICA_SENTRY_PROJECT }} + MONGO_URL: ${{ steps.output-secrets.outputs.CHARTERAFRICA_MONGO_URL }} + NEXT_PUBLIC_APP_LOGO_URL: ${{ steps.output-secrets.outputs.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }} + NEXT_PUBLIC_APP_NAME: ${{ steps.output-secrets.outputs.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }} + NEXT_PUBLIC_GA_MEASUREMENT_ID: ${{ steps.output-secrets.outputs.CHARTERAFRICA_GA_MEASUREMENT_ID }} + NEXT_PUBLIC_SENTRY_DSN: ${{ steps.output-secrets.outputs.CHARTERAFRICA_SENTRY_DSN }} + PAYLOAD_SECRET: ${{ steps.output-secrets.outputs.CHARTERAFRICA_PAYLOAD_SECRET_KEY }} + SENTRY_PROJECT: ${{ steps.output-secrets.outputs.CODEFORAFRICA_SENTRY_PROJECT }} steps: - id: output-secrets run: | diff --git a/.github/workflows/_cd-codeforafrica.yaml b/.github/workflows/_cd-codeforafrica.yaml index 18387820b..dd76dd3fb 100644 --- a/.github/workflows/_cd-codeforafrica.yaml +++ b/.github/workflows/_cd-codeforafrica.yaml @@ -31,15 +31,16 @@ on: jobs: # This seem to be needed because GitHub doesn't support access `secrets` in a `with` clause + # when calling reusable workflows # https://github.com/github/roadmap/issues/636 secrets: runs-on: ubuntu-latest outputs: - MONGODB_URL: ${{ steps.output-secrets.outputs.test.CODEFORAFRICA_MONGODB_URL }} - NEXT_PUBLIC_APP_LOGO_URL: ${{ steps.output-secrets.outputs.test.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }} - NEXT_PUBLIC_APP_NAME: ${{ steps.output-secrets.outputs.test.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }} - PAYLOAD_SECRET: ${{ steps.output-secrets.outputs.test.CODEFORAFRICA_PAYLOAD_SECRET }} - SENTRY_PROJECT: ${{ steps.output-secrets.outputs.test.CODEFORAFRICA_SENTRY_PROJECT }} + MONGODB_URL: ${{ steps.output-secrets.outputs.CODEFORAFRICA_MONGODB_URL }} + NEXT_PUBLIC_APP_LOGO_URL: ${{ steps.output-secrets.outputs.NEXT_PUBLIC_CODEFORAFRICA_APP_LOGO_URL }} + NEXT_PUBLIC_APP_NAME: ${{ steps.output-secrets.outputs.NEXT_PUBLIC_CODEFORAFRICA_APP_NAME }} + PAYLOAD_SECRET: ${{ steps.output-secrets.outputs.CODEFORAFRICA_PAYLOAD_SECRET }} + SENTRY_PROJECT: ${{ steps.output-secrets.outputs.CODEFORAFRICA_SENTRY_PROJECT }} steps: - id: output-secrets run: | diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 51c304a47..fe4f7c8ce 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -1,8 +1,8 @@ name: CI/CD [Main] on: - pull_request: - branches: # PRs to the following branches will trigger the workflow + push: + branches: - main paths: - ".github/workflows/**" @@ -21,7 +21,6 @@ jobs: uses: ./.github/workflows/_ci.yaml apps-path-filter: - name: uses: ./.github/workflows/_app-path-filter.yaml secrets: inherit diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index ed0bb8fa7..043768625 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -1,22 +1,21 @@ -# name: CI [PR] +name: CI/CD [PR] -# on: -# pull_request: -# branches: # PRs to the following branches will trigger the workflow -# - main -# paths: -# - ".github/workflows/**" -# - "apps/**" -# - "packages/**" +on: + pull_request: + branches: # PRs to the following branches will trigger the workflow + - main + paths: + - ".github/workflows/**" + - "apps/**" + - "packages/**" -# # This allows a subsequently queued workflow run to interrupt previous runs -# concurrency: -# group: "${{ github.workflow }} @ ${{ github.ref }}" -# cancel-in-progress: true +# This allows a subsequently queued workflow run to interrupt previous runs +concurrency: + group: "${{ github.workflow }} @ ${{ github.ref }}" + cancel-in-progress: true -# jobs: -# ci: -# name: CI -# uses: ./.github/workflows/_ci.yaml - -# # TODO: deploy Dokku preview apps here +jobs: + ci: + name: CI + uses: ./.github/workflows/_ci.yaml +# TODO: deploy Dokku preview apps here