ci: add script to automatically update the project from upstream ever… #20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI - CD | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| validations: | |
| runs-on: ubuntu-latest | |
| env: | |
| DATABASE_URL: postgresql://catalogi:pg_password@localhost:5432/catalogi | |
| services: | |
| postgres: | |
| image: postgres:16-alpine | |
| env: | |
| POSTGRES_USER: catalogi | |
| POSTGRES_PASSWORD: pg_password | |
| POSTGRES_DB: catalogi | |
| ports: | |
| - 5432:5432 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22" | |
| - uses: bahmutov/npm-install@v1 | |
| - name: Build back | |
| run: cd api && yarn build | |
| - name: Migrate db | |
| run: cd api && yarn migrate latest | |
| - name: Fullcheck | |
| run: yarn fullcheck | |
| check_if_version_upgraded: | |
| name: Check if version upgrade | |
| if: github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| needs: validations | |
| outputs: | |
| is_upgraded_in_preprod: ${{ steps.check_version.outputs.is_upgraded_in_preprod }} | |
| is_upgraded_version: ${{ steps.check_version.outputs.is_upgraded_version }} | |
| to_version: ${{ steps.check_version.outputs.to_version }} | |
| from_version: ${{ steps.check_version.outputs.from_version }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Check version upgrade | |
| id: check_version | |
| run: | | |
| # Get current version from package.json | |
| CURRENT_VERSION=$(jq -r '.version' package.json) | |
| echo "Version in package.json: $CURRENT_VERSION" | |
| # Get deployed version from preprod API | |
| PRE_PROD_DEPLOYED_VERSION=$(curl -s "https://code.gouv.fr/sill-preprod/api/getApiVersion" | jq -r '.result.data.json') | |
| PROD_DEPLOYED_VERSION=$(curl -s "https://code.gouv.fr/sill/api/getApiVersion" | jq -r '.result.data.json') | |
| echo "Deployed version in preprod: $PRE_PROD_DEPLOYED_VERSION" | |
| echo "Deployed version in prod: $PROD_DEPLOYED_VERSION" | |
| # Simple comparison: check if versions are different | |
| if [ "$CURRENT_VERSION" != "$PRE_PROD_DEPLOYED_VERSION" ]; then | |
| IS_UPGRADED_IN_PRE_PROD="true" | |
| IS_UPGRADED="true" | |
| echo "✅ Version different from preprod ($PRE_PROD_DEPLOYED_VERSION), should deploy: $CURRENT_VERSION" | |
| elif [ "$CURRENT_VERSION" != "$PROD_DEPLOYED_VERSION" ]; then | |
| IS_UPGRADED="true" | |
| echo "✅ Version different from prod ($PROD_DEPLOYED_VERSION), should deploy: $CURRENT_VERSION" | |
| else | |
| IS_UPGRADED="false" | |
| echo "ℹ️ Version unchanged: $CURRENT_VERSION" | |
| fi | |
| echo "Is version upgraded: $IS_UPGRADED" | |
| # Set outputs | |
| echo "is_upgraded_version=$IS_UPGRADED" >> $GITHUB_OUTPUT | |
| echo "is_upgraded_in_preprod=$IS_UPGRADED_IN_PRE_PROD" >> $GITHUB_OUTPUT | |
| echo "to_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT | |
| echo "from_version=$PRE_PROD_DEPLOYED_VERSION" >> $GITHUB_OUTPUT | |
| trigger_pre_production_deploy: | |
| name: "Trigger pre-production deploy" | |
| runs-on: ubuntu-latest | |
| concurrency: | |
| group: deploy-to-pre-production | |
| cancel-in-progress: true | |
| needs: | |
| - check_if_version_upgraded | |
| if: needs.check_if_version_upgraded.outputs.is_upgraded_in_preprod == 'true' | |
| env: | |
| TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} | |
| steps: | |
| - run: echo "Triggering production deploy" | |
| - name: Set up SSH | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519 | |
| chmod 600 ~/.ssh/id_ed25519 | |
| ssh-keyscan code.gouv.fr >> ~/.ssh/known_hosts | |
| # Debug: Check key format | |
| echo "SSH key first line:" | |
| head -1 ~/.ssh/id_ed25519 | |
| echo "SSH key last line:" | |
| tail -1 ~/.ssh/id_ed25519 | |
| echo "SSH key line count:" | |
| wc -l ~/.ssh/id_ed25519 | |
| # Test SSH connection | |
| echo "Testing SSH connection..." | |
| ssh -o StrictHostKeyChecking=no -o ConnectTimeout=10 [email protected] "echo 'SSH connection successful'" | |
| # Run the actual command | |
| ssh -o StrictHostKeyChecking=no [email protected] "bash -c 'eval \"\$(ssh-agent -s)\" && ssh-add ~/.ssh/sill-data && ./update-sill-preprod.sh v${{ env.TO_VERSION }}'" | |
| env: | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
| trigger_production_deploy: | |
| name: "Trigger production deploy" | |
| runs-on: ubuntu-latest | |
| environment: production | |
| concurrency: | |
| group: deploy-to-production | |
| cancel-in-progress: true | |
| needs: | |
| - trigger_pre_production_deploy | |
| - check_if_version_upgraded | |
| if: needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' | |
| env: | |
| TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} | |
| steps: | |
| - run: echo "Triggering production deploy" | |
| - name: Set up SSH | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519 | |
| chmod 600 ~/.ssh/id_ed25519 | |
| ssh-keyscan code.gouv.fr >> ~/.ssh/known_hosts | |
| ssh -o StrictHostKeyChecking=no [email protected] "bash -c 'eval \"\$(ssh-agent -s)\" && ssh-add ~/.ssh/sill-data && ./update-sill-docker-compose.sh v${{ env.TO_VERSION }}'" | |
| env: | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |