ci: ci for deployement of SILL and add workflow to update the project… #43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI - CD | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| validations: | |
| runs-on: ubuntu-latest | |
| env: | |
| DATABASE_URL: postgresql://catalogi:pg_password@localhost:5432/db | |
| services: | |
| postgres: | |
| image: postgres:16-alpine | |
| env: | |
| POSTGRES_USER: catalogi | |
| POSTGRES_PASSWORD: pg_password | |
| POSTGRES_DB: db | |
| ports: | |
| - 5432:5432 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: "22" | |
| - uses: bahmutov/npm-install@v1 | |
| - name: Build back | |
| run: cd api && yarn build | |
| - name: Migrate db | |
| run: cd api && yarn migrate latest | |
| - name: Fullcheck | |
| run: yarn fullcheck | |
| check_if_version_upgraded: | |
| name: Check if version upgrade | |
| if: github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| needs: validations | |
| outputs: | |
| is_upgraded_in_preprod: ${{ steps.check_version.outputs.is_upgraded_in_preprod }} | |
| is_upgraded_version: ${{ steps.check_version.outputs.is_upgraded_version }} | |
| to_version: ${{ steps.check_version.outputs.to_version }} | |
| from_version: ${{ steps.check_version.outputs.from_version }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Check version upgrade | |
| id: check_version | |
| run: | | |
| # Get current version from package.json | |
| CURRENT_VERSION=$(jq -r '.version' package.json) | |
| echo "Version in package.json: $CURRENT_VERSION" | |
| # Get deployed version from preprod API | |
| PRE_PROD_DEPLOYED_VERSION=$(curl -s "https://code.gouv.fr/sill-preprod/api/getApiVersion" | jq -r '.result.data.json') | |
| PROD_DEPLOYED_VERSION=$(curl -s "https://code.gouv.fr/sill/api/getApiVersion" | jq -r '.result.data.json') | |
| echo "Deployed version in preprod: $PRE_PROD_DEPLOYED_VERSION" | |
| echo "Deployed version in prod: $PROD_DEPLOYED_VERSION" | |
| # Simple comparison: check if versions are different | |
| if [ "$CURRENT_VERSION" != "$PRE_PROD_DEPLOYED_VERSION" ]; then | |
| IS_UPGRADED_IN_PRE_PROD="true" | |
| IS_UPGRADED="true" | |
| echo "✅ Version different from preprod ($PRE_PROD_DEPLOYED_VERSION), should deploy: $CURRENT_VERSION" | |
| elif [ "$CURRENT_VERSION" != "$PROD_DEPLOYED_VERSION" ]; then | |
| IS_UPGRADED="true" | |
| echo "✅ Version different from prod ($PROD_DEPLOYED_VERSION), should deploy: $CURRENT_VERSION" | |
| else | |
| IS_UPGRADED="false" | |
| echo "ℹ️ Version unchanged: $CURRENT_VERSION" | |
| fi | |
| echo "Is version upgraded: $IS_UPGRADED" | |
| # Set outputs | |
| echo "is_upgraded_version=$IS_UPGRADED" >> $GITHUB_OUTPUT | |
| echo "is_upgraded_in_preprod=$IS_UPGRADED_IN_PRE_PROD" >> $GITHUB_OUTPUT | |
| echo "to_version=$CURRENT_VERSION" >> $GITHUB_OUTPUT | |
| echo "from_version=$PRE_PROD_DEPLOYED_VERSION" >> $GITHUB_OUTPUT | |
| trigger_pre_production_deploy: | |
| name: "Trigger pre-production deploy" | |
| runs-on: ubuntu-latest | |
| concurrency: | |
| group: deploy-to-pre-production | |
| cancel-in-progress: true | |
| needs: | |
| - check_if_version_upgraded | |
| if: needs.check_if_version_upgraded.outputs.is_upgraded_in_preprod == 'true' | |
| env: | |
| TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} | |
| steps: | |
| - run: echo "Triggering pre-production deploy" | |
| - name: Set up SSH, update repo and restart docker-compose | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519 | |
| chmod 600 ~/.ssh/id_ed25519 | |
| ssh-keyscan code.gouv.fr >> ~/.ssh/known_hosts | |
| ssh -o StrictHostKeyChecking=no [email protected] "bash -c 'eval \"\$(ssh-agent -s)\" && ssh-add ~/.ssh/sill-data && ./update-sill-preprod.sh v${{ env.TO_VERSION }}'" | |
| env: | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
| trigger_production_deploy: | |
| name: "Trigger production deploy" | |
| runs-on: ubuntu-latest | |
| environment: production | |
| concurrency: | |
| group: deploy-to-production | |
| cancel-in-progress: true | |
| needs: | |
| - trigger_pre_production_deploy | |
| - check_if_version_upgraded | |
| if: always() && needs.check_if_version_upgraded.outputs.is_upgraded_version == 'true' && (needs.trigger_pre_production_deploy.result == 'success' || needs.trigger_pre_production_deploy.result == 'skipped') | |
| env: | |
| TO_VERSION: ${{ needs.check_if_version_upgraded.outputs.to_version }} | |
| steps: | |
| - run: echo "Triggering production deploy" | |
| - name: Set up SSH, update repo and restart docker-compose | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519 | |
| chmod 600 ~/.ssh/id_ed25519 | |
| ssh-keyscan code.gouv.fr >> ~/.ssh/known_hosts | |
| ssh -o StrictHostKeyChecking=no [email protected] "bash -c 'eval \"\$(ssh-agent -s)\" && ssh-add ~/.ssh/sill-data && ./update-sill-docker-compose.sh v${{ env.TO_VERSION }}'" | |
| env: | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |