codeforjapan · ayuki-joto · Nov 9, 2023 · Nov 7, 2023 · Nov 7, 2023 · Nov 7, 2023
diff --git a/.github/workflows/_build.yaml b/.github/workflows/_build.yaml
@@ -0,0 +1,56 @@
+name: build image
+
+on:
+  workflow_call:
+    inputs:
+      image-tags:
+        type: string
+        required: true
+        description: "comma separated container image tags"
+      role-to-assume:
+        description: "role arn to be assumed"
+        default: 'arn:aws:iam::887442827229:role/GithubActions_decidim-cfj-cdk-deploy'
+        type: string
+        required: false
+      deploy-env:
+        type: string
+        required: false
+        description: "target environment"
+        default: staging
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-region: "ap-northeast-1"
+          role-duration-seconds: 1200
+          role-to-assume: "${{ inputs.role-to-assume }}"
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Docker Build
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          builder: ${{ steps.buildx.outputs.name }}
+          tags: ${{ steps.login-ecr.outputs.registry }}/${{ secrets.AWS_ECR_REPO_NAME }}:${{ inputs.deploy-env }}-${{ inputs.image-tags }}
+          file: ./Dockerfile
+          context: ./
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+
+
diff --git a/.github/workflows/_check.yaml b/.github/workflows/_check.yaml
@@ -0,0 +1,119 @@
+name: Check
+
+on:
+  workflow_call:
+    inputs:
+      ruby-version:
+        type: string
+        required: false
+        default: 3.0.6
+
+jobs:
+  rubocop:
+    name: Rubocop
+    permissions:
+      actions: write
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ inputs.ruby-version }}
+          bundler-cache: true
+
+      - name: Lint by RuboCop
+        run: |
+          bundle exec rubocop --parallel
+
+  unittest:
+    name: Unit Test
+    runs-on: ubuntu-latest
+    env:
+      DATABASE_HOST: 127.0.0.1
+      DATABASE_PORT: 5432
+      DATABASE_USERNAME: postgres
+      DATABASE_PASSWORD: postgres
+      RAILS_ENV: test
+      IMAGEMAGICK_SRC: 7.1.0-50.tar.gz
+      SLACK_API_TOKEN: xoxb-dummy
+      SLACK_MESSAGE_CHANNEL: '#test'
+    services:
+      db:
+        image: postgres:12.14
+        ports:
+          - 5432:5432
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+      redis:
+        image: redis
+        ports:
+          - 6379/tcp
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+
+      - name: apt-get
+        run: |
+          sudo apt-get update -y
+          sudo apt-get -yqq install libpq-dev postgresql-client libfuse2  
+
+      - name: check imagemagick
+        run: |
+          export PATH=${GITHUB_WORKSPACE}/vendor/imagemagick7/bin:${PATH}
+          which convert
+          convert -version
+
+      - name: Set up Ruby 3.0.6
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 3.0.6
+          bundler-cache: true
+
+      - name: setup Node
+        uses: actions/setup-node@v3
+        with:
+          node-version: 16.13.0
+          cache: 'yarn'
+
+      - name: install yarn
+        run: |
+          npm i -g [email protected]
+          yarn install --frozen-lockfile
+
+      - name: create assets precompile cache key
+        run: |
+          # use newest commit hash of precompile target files
+          git rev-parse $(git log --oneline -n 1 app/packs lib/assets Gemfile.lock yarn.lock | awk '{print $1}') > ASSETS_VERSION
+
+      - name: asset cache
+        uses: actions/cache@v3
+        with:
+          path: |
+            public/packs
+            public/assets
+            tmp/cache/assets
+            public/packs-test
+          key: asset-precompile-cache-${{ hashFiles('ASSETS_VERSION') }}
+          restore-keys: |
+            asset-precompile-cache-${{ hashFiles('ASSETS_VERSION') }}
+            asset-precompile-cache-
+
+      - name: Migrate DB
+        run: |
+          bundle exec rails db:create db:migrate
+
+      - name: Precompile assets
+        run: bundle exec rails assets:precompile
+      - name: Test with RSpec
+        run: |
+          bundle exec rails spec
diff --git a/.github/workflows/_deploy.yaml b/.github/workflows/_deploy.yaml
@@ -0,0 +1,95 @@
+name: Deploy to ecs
+
+on:
+  workflow_call:
+    inputs:
+      role-to-assume:
+        type: string
+        required: false
+        default: arn:aws:iam::887442827229:role/GithubActions_decidim-cfj-cdk-deploy
+      image-tag:
+        type: string
+        required: true
+      deploy-env:
+        type: string
+        required: false
+        description: "target environment"
+        default: staging
+
+permissions:
+  actions: write
+  contents: read
+  id-token: write
+
+jobs:
+  deploy:
+    name: aws cdk
+    runs-on: ubuntu-latest
+    timeout-minutes: 1800
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ inputs.role-to-assume }}
+          aws-region: ap-northeast-1
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Check if ECR Image exists with tag
+        if: contains(github.ref, 'tags/v')
+        env:
+          IMAGE_TAG: ${{ inputs.image-tag }}
+          ECR_REPOSITORY: ${{ secrets.AWS_ECR_REPO_NAME }}
+        run: |
+          EXIT_CODE=0
+          aws ecr describe-images --repository-name=$ECR_REPOSITORY --image-ids=imageTag=$IMAGE_TAG 2> /dev/null || EXIT_CODE=$?
+
+          if [[ $EXIT_CODE != 0 ]]; then
+              echo "${IMAGE_TAG} image tag not found"
+              exit 1
+          fi
+
+      - name: Checkout decidim-cfj cdk
+        uses: actions/checkout@v3
+        with:
+          repository: codeforjapan/decidim-cfj-cdk
+          path: decidim-cfj-cdk
+
+      - name: Setup Node
+        uses: actions/setup-node@v1
+        with:
+          node-version: '18'
+
+      - name: Cache node modules
+        id: cache-npm
+        uses: actions/cache@v3
+        env:
+          cache-name: cache-node-modules
+        with:
+          # npm cache files are stored in `~/.npm` on Linux/macOS
+          path: ~/.npm
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+
+      - name: Install dependencies
+        run: npm install
+        working-directory: decidim-cfj-cdk
+
+      - name: Install dependencies
+        run: npm install -g aws-cdk
+        working-directory: decidim-cfj-cdk
+
+      - name: cdk deploy
+        run: cdk -c stage=$DEPLOY_ENV -c tag=$IMAGE_TAG deploy --all --require-approval never
+        working-directory: decidim-cfj-cdk
+        env:
+          AWS_DEFAULT_REGION: 'ap-northeast-1'
+          DEPLOY_ENV: ${{ inputs.deploy-env }}
+          IMAGE_TAG: ${{ inputs.deploy-env }}-${{ inputs.image-tag }}
diff --git a/.github/workflows/_release.yaml b/.github/workflows/_release.yaml
@@ -0,0 +1,35 @@
+name: Release
+
+permissions: write-all
+
+on:
+  workflow_call:
+    outputs:
+      tag_name:
+        description: image tag name
+        value: ${{ jobs.release.outputs.tag_name }}
+      created:
+        description: whether release is created or not
+        value: ${{ jobs.release.outputs.created }}
+
+jobs:
+  release:
+    name: Release Please
+    runs-on: ubuntu-latest
+    outputs:
+      created: ${{ steps.release.outputs.release_created }}
+      tag_name: ${{ env.IMAGE_TAG }}
+    steps:
+      - uses: google-github-actions/release-please-action@v3
+        id: release
+        with:
+          release-type: ruby
+      - name: Export Released Version for Image Tag
+        if: ${{ steps.release.outputs.release_created }}
+        run: |
+          echo "IMAGE_TAG=${{ steps.release.outputs.tag_name }}" >> $GITHUB_ENV
+      - name: Export Commit SHA for Image Tag
+        if: ${{ !steps.release.outputs.release_created }}
+        run: |
+          sha=$(echo "${{ github.sha }}" | cut -c1-7)
+          echo "IMAGE_TAG=$sha" >> $GITHUB_ENV
diff --git a/.github/workflows/branch.yaml b/.github/workflows/branch.yaml
@@ -0,0 +1,12 @@
+name: Pull request Check & test
+
+permissions: write-all
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  check:
+    name: Check
+    uses: ./.github/workflows/_check.yaml