-
Notifications
You must be signed in to change notification settings - Fork 0
270 lines (233 loc) · 9.78 KB
/
release-v2.yml
File metadata and controls
270 lines (233 loc) · 9.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
name: Release
on:
workflow_dispatch:
inputs:
imageTag:
description: 'Docker image tag (default: latest for main or branch name for other branches)'
required: false
skipGhRelease:
description: 'Skip creating a GitHub release'
required: false
default: false
env:
HOST_GATEWAY_IP: "172.17.0.1"
REGISTRY: ghcr.io
IMAGE_NAME: kattbot
COMPOSE_PROJECT_NAME: kattbot
COMPOSE_FILE_PATH_SRC: docker/docker-compose.prod.yml
COMPOSE_FILE_NAME: docker-compose.prod.yml
DB_NAME: kattbot
DB_BACKUP_SCRIPT: kattbot-backup-db.sh
DB_MIGRATION_SCRIPT: database_migration.sql
jobs:
setup:
runs-on: ubuntu-latest
outputs:
imageTag: ${{ steps.setup-vars.outputs.IMAGE_TAG }}
needsSemver: ${{ steps.setup-vars.outputs.NEEDS_SEMVER }}
repositoryOwnerLC: ${{ steps.setup-vars.outputs.REPOSITORY_OWNER_LC }}
repositoryName: ${{ steps.setup-vars.outputs.REPOSITORY_NAME }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up environment variables
id: setup-vars
run: |
BRANCH_NAME_DASH=$(echo "${GITHUB_REF#refs/heads/}" | tr '/' '-')
# Set the image tag based on the branch name. If the branch is main, use "latest".
# If the image tag is provided as an input, use that instead.
if [ -z "$IMAGE_TAG_OVERRIDE" ]; then
if [ "$GITHUB_REF" = "refs/heads/main" ]; then
IMAGE_TAG=latest
else
IMAGE_TAG="$BRANCH_NAME_DASH"
fi
else
IMAGE_TAG="$IMAGE_TAG_OVERRIDE"
fi
echo "IMAGE_TAG=$IMAGE_TAG" >> "$GITHUB_OUTPUT"
# If the image tag is "latest" or the branch name, flag it as needing semver.
if [ "$IMAGE_TAG" = "latest" ]; then
NEEDS_SEMVER=true
elif [ "$IMAGE_TAG" = "$BRANCH_NAME_DASH" ]; then
NEEDS_SEMVER=true
fi
echo "NEEDS_SEMVER: $NEEDS_SEMVER"
echo "NEEDS_SEMVER=$NEEDS_SEMVER" >> "$GITHUB_OUTPUT"
# Set the repository name to lowercase
REPOSITORY_OWNER_LC=$(echo $REPOSITORY_OWNER | tr '[:upper:]' '[:lower:]');
echo "REPOSITORY_OWNER_LC=$REPOSITORY_OWNER_LC" >> "$GITHUB_OUTPUT"
# Extract the repository name from the repository env i.e. selfdocumentingcode/kattbot => kattbot
REPOSITORY_NAME=${REPOSITORY##*/}
echo "REPOSITORY_NAME=$REPOSITORY_NAME" >> "$GITHUB_OUTPUT"
env:
IMAGE_TAG_OVERRIDE: ${{ inputs.imageTag }}
REPOSITORY_OWNER: ${{ github.repository_owner }}
REPOSITORY: ${{ github.repository }}
release:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
needs: setup
env:
IMAGE_TAG: ${{ needs.setup.outputs.imageTag }}
REPOSITORY_OWNER_LC: ${{ needs.setup.outputs.repositoryOwnerLC }}
steps:
- uses: actions/checkout@v4
with:
sparse-checkout: |
${{ env.COMPOSE_FILE_PATH_SRC }}
sparse-checkout-cone-mode: false
- name: Upload compose.yml
uses: appleboy/scp-action@v0.1.7
with:
host: ${{secrets.VPS_HOST}}
port: ${{secrets.VPS_PORT}}
username: ${{secrets.KATTBOT_USER}}
key: ${{secrets.KATTBOT_KEY}}
passphrase: ${{secrets.KATTBOT_PASSPHRASE}}
source: ${{ env.COMPOSE_FILE_PATH_SRC }}
target: "$HOME/"
strip_components: 1
overwrite: true
- name: Release
uses: appleboy/ssh-action@v1.0.3
env:
GHCR_USERNAME: ${{ github.actor }}
GHCR_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
DB_CONNECTION_STRING: ${{secrets.DB_CONNECTION_STRING}}
BOT_TOKEN: ${{secrets.BOT_TOKEN}}
OPENAI_API_KEY: ${{secrets.OPENAI_API_KEY}}
with:
host: ${{secrets.VPS_HOST}}
port: ${{secrets.VPS_PORT}}
username: ${{secrets.KATTBOT_USER}}
key: ${{secrets.KATTBOT_KEY}}
passphrase: ${{secrets.KATTBOT_PASSPHRASE}}
debug: ${{vars.ACTIONS_RUNNER_DEBUG}}
script_stop: true
script: |
FULL_IMAGE_NAME="$REGISTRY/$REPOSITORY_OWNER_LC/$IMAGE_NAME:$IMAGE_TAG"
echo "Full image name: $FULL_IMAGE_NAME"
MIGRATIONS_CONTAINER_NAME="$COMPOSE_PROJECT_NAME-migrations"
# Pull the image from the registry
echo $GHCR_PASSWORD | docker login $REGISTRY -u $GHCR_USERNAME --password-stdin
docker pull $FULL_IMAGE_NAME
# Create a temporary container to extract the migration files
docker create --name $MIGRATIONS_CONTAINER_NAME --add-host=host.docker.internal:$HOST_GATEWAY_IP $FULL_IMAGE_NAME
# Extract the migration files into a temporary directory
TMP_MIGRATIONS_DIR=$(mktemp -d -t "$MIGRATIONS_CONTAINER_NAME-XXXXXX")
docker cp $MIGRATIONS_CONTAINER_NAME:/app/migrations/. $TMP_MIGRATIONS_DIR
# Remove the temporary container
docker rm $MIGRATIONS_CONTAINER_NAME
# Stop the running compose project, if it exists
docker compose -p $COMPOSE_PROJECT_NAME stop -t 30 || true
# Copy the database backup script, if newer, to home directory and run it
cp -u "$TMP_MIGRATIONS_DIR/$DB_BACKUP_SCRIPT" ~
chmod +x "$HOME/$DB_BACKUP_SCRIPT"
"$HOME/$DB_BACKUP_SCRIPT"
# Run the database migration script
psql -d $DB_NAME -q -f "$TMP_MIGRATIONS_DIR/$DB_MIGRATION_SCRIPT"
# Remove the temporary directory
rm -rf $TMP_MIGRATIONS_DIR
# Take down the old compose project, if it exists
docker compose -p $COMPOSE_PROJECT_NAME down || true
# Start the new compose project
docker compose -p $COMPOSE_PROJECT_NAME -f "$HOME/$COMPOSE_FILE_NAME" up -d
# Prune untagged images
docker image prune -f
envs: >-
HOST_GATEWAY_IP,
REGISTRY,
REPOSITORY_OWNER_LC,
IMAGE_NAME,
IMAGE_TAG,
COMPOSE_PROJECT_NAME,
COMPOSE_FILE_NAME,
DB_NAME,
DB_BACKUP_SCRIPT,
DB_MIGRATION_SCRIPT,
GHCR_USERNAME,
GHCR_PASSWORD,
BOT_TOKEN,
OPENAI_API_KEY,
DB_CONNECTION_STRING
create-release:
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/main' && inputs.skipGhRelease != 'true' }}
permissions:
packages: read
contents: read
needs: [setup, release]
env:
IMAGE_TAG: ${{ needs.setup.outputs.imageTag }}
NEEDS_SEMVER: ${{ needs.setup.outputs.needsSemver }}
REPOSITORY_NAME: ${{ needs.setup.outputs.repositoryName }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: GitHub Packages Admin
id: package-info
uses: selfdocumentingcode/ghaction-package-admin@v1.1
with:
ghtoken: ${{ github.token }}
operation: listPackageVersions
user: ${{ github.repository_owner }}
package_type: container
package_name: ${{ env.REPOSITORY_NAME }}
include: metadata.container.tags[*] ${{ env.IMAGE_TAG }}
slice: __NONE__ 1 # get the first item only
- name: Get container tags
run: |
echo "IMAGE_TAG: $IMAGE_TAG"
echo "NEEDS_SEMVER: $NEEDS_SEMVER"
TAG_LIST=$(echo "$PACKAGE_INFO" | jq --raw-output '.[0].metadata.container.tags')
echo "TAG_LIST: $TAG_LIST"
SHA_TAG=$(echo "$PACKAGE_INFO" | jq --raw-output '.[0].metadata.container.tags | map(select(startswith("sha"))) | .[0]')
echo "SHA_TAG: $SHA_TAG"
# Exclude "sha-" prefix from SHA_TAG
COMMIT_SHA=${SHA_TAG#"sha-"}
echo "COMMIT_SHA: $COMMIT_SHA"
echo "COMMIT_SHA=$COMMIT_SHA" >> $GITHUB_ENV
if [ "${NEEDS_SEMVER}" == "true" ]; then
SEMVER_TAG=$(echo "$PACKAGE_INFO" | jq --raw-output '.[0].metadata.container.tags | map(select((startswith("sha") | not) and . != "${IMAGE_TAG}")) | .[0]')
else
SEMVER_TAG=${IMAGE_TAG}
fi
echo "SEMVER_TAG: $SEMVER_TAG"
echo "SEMVER_TAG=$SEMVER_TAG" >> $GITHUB_ENV
env:
PACKAGE_INFO: ${{ steps.package-info.outputs.result_json_output }}
- name: Check if commit exists on current branch
id: check_commit
run: |
BRANCH_NAME=${GITHUB_REF#refs/heads/}
echo "BRANCH_NAME: $BRANCH_NAME"
if git branch --contains "$COMMIT_SHA" | grep -q "$BRANCH_NAME"; then
echo "Commit $COMMIT_SHA exists on branch $BRANCH_NAME."
else
echo "Commit $COMMIT_SHA does not exist on $BRANCH_NAME."
exit 1
fi
env:
COMMIT_SHA: ${{ env.COMMIT_SHA }}
# Generate a token with "create release" permission (the default token has no such permission)
- uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ secrets.GH_APP_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
- name: Create Release
run: |
gh release create $SEMVER_TAG \
--target $COMMIT_SHA \
--title $SEMVER_TAG \
--repo $REPOSITORY
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
REPOSITORY: ${{ github.repository }}
SEMVER_TAG: ${{ env.SEMVER_TAG }}
COMMIT_SHA: ${{ env.COMMIT_SHA }}