web/app: scan bsky #337
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Golang | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
workflow_dispatch: | |
deployment: | |
release: | |
types: [published] | |
jobs: | |
golang: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.23" | |
- name: Lint | |
uses: golangci/golangci-lint-action@v6 | |
with: | |
version: v1.61.0 | |
- name: Set up gotestfmt | |
uses: gotesttools/gotestfmt-action@v2 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Test | |
run: | | |
set -euo pipefail | |
go test -json -v -race -count 1 ./... 2>&1 | tee /tmp/gotest.log | gotestfmt | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: nicolasparada | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Build and push | |
id: docker_build | |
uses: docker/build-push-action@v6 | |
with: | |
context: ./ | |
file: ./Dockerfile | |
push: true | |
tags: nicolasparada/nakama:latest | |
cache-from: type=registry,ref=user/app:latest | |
cache-to: type=inline | |
build-args: VAPID_PUBLIC_KEY=${{ secrets.VAPID_PUBLIC_KEY }} | |
- name: Secure copy | |
uses: appleboy/[email protected] | |
with: | |
host: ${{ secrets.REMOTE_HOST }} | |
username: ${{ secrets.REMOTE_USER }} | |
key: ${{ secrets.SSH_PRIVATE_KEY }} | |
source: prometheus.yml,docker-compose.yaml | |
target: ./ | |
- name: SSH & docker-compose up | |
uses: appleboy/[email protected] | |
with: | |
host: ${{ secrets.REMOTE_HOST }} | |
username: ${{ secrets.REMOTE_USER }} | |
key: ${{ secrets.SSH_PRIVATE_KEY }} | |
# TODO: docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions | |
script: | | |
echo "TOKEN_KEY=${{ secrets.TOKEN_KEY }}" >| .env \ | |
&& echo "SENDGRID_API_KEY=${{ secrets.SENDGRID_API_KEY }}" >> .env \ | |
&& echo "TRAEFIK_PILOT_TOKEN=${{ secrets.TRAEFIK_PILOT_TOKEN }}" >> .env \ | |
&& echo "S3_SECURE=true" >> .env \ | |
&& echo "S3_ENDPOINT=${{ secrets.S3_ENDPOINT }}" >> .env \ | |
&& echo "S3_REGION=${{ secrets.S3_REGION }}" >> .env \ | |
&& echo "S3_ACCESS_KEY=${{ secrets.S3_ACCESS_KEY }}" >> .env \ | |
&& echo "S3_SECRET_KEY=${{ secrets.S3_SECRET_KEY }}" >> .env \ | |
&& echo "GITHUB_CLIENT_SECRET=${{ secrets.OAUTH_GITHUB_CLIENT_SECRET }}" >> .env \ | |
&& echo "GITHUB_CLIENT_ID=${{ secrets.OAUTH_GITHUB_CLIENT_ID }}" >> .env \ | |
&& echo "GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }}" >> .env \ | |
&& echo "GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }}" >> .env \ | |
&& echo "VAPID_PRIVATE_KEY=${{ secrets.VAPID_PRIVATE_KEY }}" >> .env \ | |
&& echo "VAPID_PUBLIC_KEY=${{ secrets.VAPID_PUBLIC_KEY }}" >> .env \ | |
&& docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions || true \ | |
&& docker plugin disable loki --force \ | |
&& docker plugin upgrade loki grafana/loki-docker-driver:latest --grant-all-permissions \ | |
&& docker-compose pull \ | |
&& docker-compose down \ | |
&& docker plugin enable loki \ | |
&& docker-compose up -d |