feat: config system #435
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Lint, Test & Build | |
on: | |
workflow_dispatch: | |
pull_request: | |
branches: | |
- main | |
- feature/* | |
push: | |
branches: | |
- main | |
- feature/* | |
concurrency: | |
group: lint-test-build-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
should_run: | |
name: Should run? | |
runs-on: ubuntu-latest | |
outputs: | |
should-run: "${{ (github.event_name == 'workflow_dispatch' || steps.regex-match.outputs.match != 'ci: skip') && (github.event_name != 'pull_request' || !github.event.pull_request.draft || steps.regex-match.outputs.match == 'ci: force') }}" | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Get last commit message | |
run: | | |
git log -1 --no-merges --pretty=format:"%B" -n 1 HEAD | tee commit_message.txt | |
COMMIT_MSG=$(cat commit_message.txt) | |
echo "COMMIT_MSG<<EOF" >> $GITHUB_ENV | |
echo "$COMMIT_MSG" >> $GITHUB_ENV | |
echo "EOF" >> $GITHUB_ENV | |
- uses: actions-ecosystem/action-regex-match@v2 | |
id: regex-match | |
with: | |
text: ${{ env.COMMIT_MSG }} | |
regex: '\bci: (force|skip)\b' | |
lint-test: | |
name: Run Lint + Test | |
runs-on: ubuntu-latest | |
container: ghcr.io/scuffletv/build:latest | |
needs: [should_run] | |
if: ${{ needs.should_run.outputs.should-run == 'true' }} | |
environment: ${{ (github.ref != 'refs/heads/main' && github.ref != 'refs/heads/feature/*' && github.event_name != 'workflow_dispatch') && 'lint-test-build' || '' }} | |
services: | |
cockroach: | |
image: ghcr.io/scuffletv/cockroach:latest | |
ports: | |
- 26257:26257 | |
rmq: | |
image: bitnami/rabbitmq:latest | |
ports: | |
- 5672:5672 | |
env: | |
RABBITMQ_USERNAME: rabbitmq | |
RABBITMQ_PASSWORD: rabbitmq | |
RABBITMQ_VHOSTS: scuffle | |
redis: | |
image: redis:latest | |
ports: | |
- 6379:6379 | |
env: | |
DATABASE_URL: postgres://root@cockroach:26257/scuffle | |
RMQ_URL: amqp://rabbitmq:rabbitmq@rmq:5672/scuffle | |
REDIS_URL: redis://redis:6379 | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: pnpm/action-setup@v2 | |
with: | |
version: latest | |
- name: Install Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: "pnpm" | |
node-version: 18 | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v2 | |
- name: Cargo Cache | |
uses: Swatinem/rust-cache@v2 | |
continue-on-error: false | |
with: | |
prefix-key: lint-test | |
- name: Install dependencies | |
run: mask bootstrap --no-db --no-docker --no-env --no-rust | |
- name: Run migrations | |
run: mask db migrate | |
- name: Run Lint | |
run: mask lint | |
- name: Run Test Rust | |
run: mask test --no-js --ci | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v3 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: lcov.info | |
fail_ci_if_error: true | |
- name: Install Playwright Dependencies | |
run: pnpm --filter website exec playwright install-deps | |
- name: Run Test JavaScript | |
run: mask test --no-rust | |
build: | |
name: Run Build | |
runs-on: ubuntu-latest | |
container: ghcr.io/scuffletv/build:latest | |
needs: [lint-test] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: pnpm/action-setup@v2 | |
with: | |
version: latest | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
cache: "pnpm" | |
node-version: 18 | |
- name: Cargo Cache | |
uses: Swatinem/rust-cache@v2 | |
continue-on-error: false | |
with: | |
prefix-key: build | |
- name: Install dependencies | |
run: mask bootstrap --no-db --no-docker --no-env --no-js-tests --no-rust | |
- name: Run Build | |
run: mask build | |
- name: Upload build artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: build | |
path: | | |
target/x86_64-unknown-linux-gnu/release/api | |
target/x86_64-unknown-linux-gnu/release/edge | |
target/x86_64-unknown-linux-gnu/release/ingest | |
target/x86_64-unknown-linux-gnu/release/edge | |
target/x86_64-unknown-linux-gnu/release/transcoder | |
frontend/website/build | |
frontend/player/dist | |
frontend/player/pkg | |
frontend/player/demo-dist | |
docker: | |
name: Build docker images | |
runs-on: ubuntu-latest | |
needs: [build] | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Download build artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: build | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Login to GitHub Container Registry | |
uses: docker/[email protected] | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push API image | |
id: docker_build_api | |
uses: docker/[email protected] | |
with: | |
context: . | |
file: ./docker/api.Dockerfile | |
load: true | |
tags: ghcr.io/scuffletv/api:${{ github.sha }} | |
- name: Build and push Edge image | |
id: docker_build_edge | |
uses: docker/[email protected] | |
with: | |
context: . | |
file: ./docker/edge.Dockerfile | |
load: true | |
tags: ghcr.io/scuffletv/edge:${{ github.sha }} | |
- name: Build and push Ingest image | |
id: docker_build_ingest | |
uses: docker/[email protected] | |
with: | |
context: . | |
file: ./docker/ingest.Dockerfile | |
load: true | |
tags: ghcr.io/scuffletv/ingest:${{ github.sha }} | |
- name: Build and push Transcoder image | |
id: docker_build_transcoder | |
uses: docker/[email protected] | |
with: | |
context: . | |
file: ./docker/transcoder.Dockerfile | |
load: true | |
tags: ghcr.io/scuffletv/transcoder:${{ github.sha }} | |
- name: Build and push Website image | |
id: docker_build_website | |
uses: docker/[email protected] | |
with: | |
context: . | |
file: ./docker/website.Dockerfile | |
load: true | |
tags: ghcr.io/scuffletv/website:${{ github.sha }} | |
- name: Scan API image | |
uses: aquasecurity/trivy-action@master | |
if: ${{ always() && steps.docker_build_api.outcome == 'success' }} | |
with: | |
image-ref: ghcr.io/scuffletv/api:${{ github.sha }} | |
format: "table" | |
exit-code: "1" | |
ignore-unfixed: true | |
vuln-type: "os,library" | |
severity: "CRITICAL,HIGH" | |
- name: Scan Edge image | |
uses: aquasecurity/trivy-action@master | |
if: ${{ always() && steps.docker_build_edge.outcome == 'success' }} | |
with: | |
image-ref: ghcr.io/scuffletv/edge:${{ github.sha }} | |
format: "table" | |
exit-code: "1" | |
ignore-unfixed: true | |
vuln-type: "os,library" | |
severity: "CRITICAL,HIGH" | |
- name: Scan Ingest image | |
uses: aquasecurity/trivy-action@master | |
if: ${{ always() && steps.docker_build_ingest.outcome == 'success' }} | |
with: | |
image-ref: ghcr.io/scuffletv/ingest:${{ github.sha }} | |
format: "table" | |
exit-code: "1" | |
ignore-unfixed: true | |
vuln-type: "os,library" | |
severity: "CRITICAL,HIGH" | |
- name: Scan Transcoder image | |
uses: aquasecurity/trivy-action@master | |
if: ${{ always() && steps.docker_build_transcoder.outcome == 'success' }} | |
with: | |
image-ref: ghcr.io/scuffletv/transcoder:${{ github.sha }} | |
format: "table" | |
exit-code: "1" | |
ignore-unfixed: true | |
vuln-type: "os,library" | |
severity: "CRITICAL,HIGH" | |
- name: Scan Website image | |
uses: aquasecurity/trivy-action@master | |
if: ${{ always() && steps.docker_build_website.outcome == 'success' }} | |
with: | |
image-ref: ghcr.io/scuffletv/website:${{ github.sha }} | |
format: "table" | |
exit-code: "1" | |
ignore-unfixed: true | |
vuln-type: "os,library" | |
severity: "CRITICAL,HIGH" | |
- name: Tag images and push | |
if: ${{ (github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/feature/'))) || github.event_name == 'workflow_dispatch' }} | |
# If the push is to the main branch, tag the image as latest | |
# If the workflow is triggered by a workflow_dispatch event, tag the image as workflow_dispatch | |
# Otherwise, tag the image with the branch name, in the format of feature-branch-name | |
env: | |
TAG: ${{ github.ref == 'refs/heads/main' && 'latest' || github.event_name == 'workflow_dispatch' && 'workflow_dispatch' || github.ref_name }} | |
run: | | |
# We need to replace the / in the branch name with a - so that it can be used as a tag | |
TAG="${TAG//\//-}" | |
docker tag ghcr.io/scuffletv/api:${{ github.sha }} ghcr.io/scuffletv/api:$TAG | |
docker tag ghcr.io/scuffletv/edge:${{ github.sha }} ghcr.io/scuffletv/edge:$TAG | |
docker tag ghcr.io/scuffletv/ingest:${{ github.sha }} ghcr.io/scuffletv/ingest:$TAG | |
docker tag ghcr.io/scuffletv/transcoder:${{ github.sha }} ghcr.io/scuffletv/transcoder:$TAG | |
docker tag ghcr.io/scuffletv/website:${{ github.sha }} ghcr.io/scuffletv/website:$TAG | |
docker push ghcr.io/scuffletv/api:${{ github.sha }} | |
docker push ghcr.io/scuffletv/api:$TAG | |
docker push ghcr.io/scuffletv/edge:${{ github.sha }} | |
docker push ghcr.io/scuffletv/edge:$TAG | |
docker push ghcr.io/scuffletv/ingest:${{ github.sha }} | |
docker push ghcr.io/scuffletv/ingest:$TAG | |
docker push ghcr.io/scuffletv/transcoder:${{ github.sha }} | |
docker push ghcr.io/scuffletv/transcoder:$TAG | |
docker push ghcr.io/scuffletv/website:${{ github.sha }} | |
docker push ghcr.io/scuffletv/website:$TAG | |
deploy: | |
name: Deploy to Production | |
runs-on: ubuntu-latest | |
needs: [docker] | |
environment: prod | |
if: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'workflow_dispatch' }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v2 | |
with: | |
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} | |
- name: Run Terraform Apply | |
run: | | |
terraform -chdir=terraform init | |
terraform -chdir=terraform workspace select prod | |
cat > terraform/terraform.tfvars <<EOT | |
api_docker_image = "ghcr.io/scuffletv/api:${{ github.sha }}" | |
edge_docker_image = "ghcr.io/scuffletv/edge:${{ github.sha }}" | |
ingest_docker_image = "ghcr.io/scuffletv/ingest:${{ github.sha }}" | |
transcoder_docker_image = "ghcr.io/scuffletv/transcoder:${{ github.sha }}" | |
website_docker_image = "ghcr.io/scuffletv/website:${{ github.sha }}" | |
EOT | |
terraform -chdir=terraform apply |