-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Configure l'import automatique des données Litteralis MEL
- Loading branch information
1 parent
cc18fb3
commit 154c8cb
Showing
5 changed files
with
137 additions
and
39 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
name: MEL Litteralis Import | ||
|
||
on: | ||
workflow_dispatch: | ||
schedule: | ||
- cron: '0 16 * * 1' # Voir https://crontab.guru/ : tous les lundis à 16h00 | ||
# temp | ||
push: | ||
branches: | ||
- feat/litteralis-auto | ||
|
||
jobs: | ||
mel_import: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- uses: actions/checkout@v1 | ||
|
||
- name: Setup PHP with PECL extension | ||
uses: shivammathur/setup-php@v2 | ||
with: | ||
php-version: '8.2' | ||
|
||
- name: Get Composer Cache Directory | ||
id: composer-cache | ||
run: | | ||
echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT | ||
- uses: actions/cache@v3 | ||
with: | ||
path: ${{ steps.composer-cache.outputs.dir }} | ||
key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }} | ||
restore-keys: | | ||
${{ runner.os }}-composer- | ||
- name: Install Scalingo CLI | ||
run: curl -O https://cli-dl.scalingo.com/install && bash install | ||
|
||
- name: Install SSH key | ||
# Credit: https://stackoverflow.com/a/69234389 | ||
run: | | ||
mkdir -p ~/.ssh | ||
install -m 600 -D /dev/null ~/.ssh/id_rsa | ||
echo "${{ secrets.GH_SCALINGO_SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa | ||
- name: Add Scalingo as a known host | ||
run: | | ||
ssh-keyscan -H ssh.osc-fr1.scalingo.com >> ~/.ssh/known_hosts | ||
- name: Init environment variables | ||
run: | | ||
echo "DATABASE_URL=${{ secrets.APP_MEL_IMPORT_DATABASE_URL }}" >> .env.local | ||
echo "BDTOPO_DATABASE_URL=${{ secrets.BDTOPO_DATABASE_URL }}" >> .env.local | ||
echo "APP_MEL_LITTERALIS_CREDENTIALS=${{ secrets.APP_MEL_LITTERALIS_CREDENTIALS }}"" >> .env.local | ||
echo "APP_MEL_ORG_ID=${{ vars.APP_MEL_ORG_ID }}" >> .env.local | ||
- name: Run import | ||
run: make ci_mel_import BIN_PHP="php" BIN_CONSOLE="php bin/console" BIN_COMPOSER="composer" | ||
env: | ||
APP_MEL_IMPORT_APP: ${{ vars.APP_MEL_IMPORT_APP }} | ||
|
||
- name: Get log file path | ||
id: logfile | ||
if: ${{ !cancelled() }} | ||
run: | ||
echo "path=$(find log/litteralis -type f -name '*.log' | head -n 1)" >> $GITHUB_OUTPUT | ||
|
||
- uses: actions/upload-artifact@v3 | ||
if: ${{ !cancelled() }} | ||
with: | ||
name: litteralis_logfile | ||
path: ${{ steps.logfile.outputs.path }} | ||
retention-days: 21 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
# GitHub Actions | ||
|
||
GitHub Actions est utilisé dans ce projet pour la CI, mais aussi pour l'exécution automatique des intégrations de données. | ||
|
||
## Clés SSH pour les imports automatiques | ||
|
||
GitHub Actions a besoin d'un accès SSH à Scalingo pour accéder à la base de données de façon sécurisée. | ||
|
||
Pour cela des clés SSH ont été générées comme suit : | ||
|
||
```bash | ||
ssh-keygen -t ed25519 -q -N "" -f ~/.ssh/id_dialog_gh_scalingo | ||
``` | ||
|
||
La clé publique `~/.ssh/id_dialog_gh_scalingo.pub` ainsi générée a été enregistrée sur Scalingo dans la section [Mes clés SSH](https://dashboard.scalingo.com/account/keys) du compte Scalingo professionnel de @florimondmanca. | ||
|
||
> 💡 Pour renouveler les clés, ou en cas de perte, de nouvelles clés peuvent être régénérées en utilisant la méthode ci-dessus, puis rattachées au compte de toute personne ayant un accès "Collaborator" sur l'app Scalingo `dialog`. | ||
La clé privée a été ajoutée comme secret `GH_SCALINGO_SSH_PRIVATE_KEY` au dépôt GitHub et est utilisée par la GitHub Action. | ||
|
||
### Accès de GitHub Actions à la base de données sur Scalingo | ||
|
||
L'accès à la base de données lors d'un import se fait via un [tunnel chiffré Scalingo](https://doc.scalingo.com/platform/databases/access#encrypted-tunnel). | ||
|
||
Le workflow de l'intégration doit faire en sorte qu'une `DATABASE_URL` appropriée soit configurée pour l'application. | ||
|
||
Pour obtenir automatiquement cette URL pour l'application `APP`, exécutez : | ||
|
||
```bash | ||
./tools/scalingodbtunnel APP --host-url | ||
# Exemple pour la prod : | ||
./tools/scalingodbtunnel dialog --host-url | ||
``` | ||
|
||
Et recopiez l'URL qui s'affiche. | ||
|
||
> Cette commande nécessite le CLI Scalingo, voir [Utiliser une DB Scalingo en local](./db.md#utiliser-une-db-scalingo-en-local). | ||
Sinon il vous faut récupérer la `DATABASE_URL` dans l'interface web Scalingo. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters