update docker-compose.yml to use pre-built images from GHCR #236
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Deploy | |
| on: | |
| push: | |
| branches: [ master, develop ] | |
| workflow_dispatch: | |
| env: | |
| IMAGE_REGISTRY: ghcr.io | |
| NOMAD_VERSION: "1.2.2" | |
| jobs: | |
| test: | |
| runs-on: ubuntu-latest | |
| env: | |
| MIX_ENV: test | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: erlef/[email protected] | |
| with: | |
| otp-version: "26" | |
| elixir-version: "1.15" | |
| - uses: actions/cache@v3 | |
| with: | |
| path: | | |
| deps | |
| _build | |
| key: ${{ runner.os }}-mix-${{ hashFiles('mix.lock') }} | |
| restore-keys: ${{ runner.os }}-mix- | |
| - uses: actions/cache@v3 | |
| with: | |
| path: tmp/live-timing-cache | |
| key: live-timing-data-cache | |
| - run: mix deps.get | |
| - run: mix compile --warnings-as-errors | |
| - run: mix test | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - test | |
| steps: | |
| - name: Set environment variables | |
| run: | | |
| # Lowercases GITHUB_REGISTRY, docker build breaks with tags that contain uppercase letters | |
| echo "IMAGE_ID=${IMAGE_REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} | |
| - uses: actions/checkout@v3 | |
| - uses: actions/cache@v3 | |
| with: | |
| path: /tmp/buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: ${{ runner.os }}-buildx | |
| - name: Set up Docker Buildx | |
| uses: docker/[email protected] | |
| - name: Login to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| registry: ${{ env.IMAGE_REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push | |
| id: docker_build | |
| uses: docker/[email protected] | |
| with: | |
| push: true | |
| tags: "${{env.IMAGE_ID}}:latest,${{env.IMAGE_ID}}:${{ github.sha }},${{env.IMAGE_ID}}:${{ github.ref_name }}" | |
| cache-from: type=local,src=/tmp/buildx-cache | |
| cache-to: type=local,mode=max,dest=/tmp/buildx-cache | |
| deploy: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| if: contains(fromJson('["refs/heads/master", "refs/heads/develop"]'), github.ref) | |
| defaults: | |
| run: | |
| shell: bash | |
| env: | |
| NOMAD_CACERT: "/tmp/ca.pem" | |
| NOMAD_CLIENT_CERT: "/tmp/client.pem" | |
| NOMAD_CLIENT_KEY: "/tmp/client-key.pem" | |
| steps: | |
| - name: Set environment variables | |
| run: | | |
| # Lowercases GITHUB_REGISTRY, docker build breaks with tags that contain uppercase letters | |
| echo "IMAGE_ID=${IMAGE_REGISTRY}/${GITHUB_REPOSITORY,,}" >> ${GITHUB_ENV} | |
| - uses: actions/checkout@v3 | |
| - name: Set up WireGuard | |
| uses: egor-tensin/[email protected] | |
| with: | |
| endpoint: ${{ secrets.WG_ENDPOINT }} | |
| endpoint_public_key: ${{ secrets.WG_ENDPOINT_PUBLIC_KEY }} | |
| ips: ${{ secrets.WG_IPS }} | |
| allowed_ips: ${{ secrets.WG_ALLOWED_IPS }} | |
| private_key: ${{ secrets.WG_PRIVATE_KEY }} | |
| - | |
| name: Download Nomad | |
| run: | | |
| cd /usr/local/bin && \ | |
| wget --quiet "https://releases.hashicorp.com/nomad/${NOMAD_VERSION}/nomad_${NOMAD_VERSION}_linux_amd64.zip" && \ | |
| unzip "nomad_${NOMAD_VERSION}_linux_amd64.zip" && \ | |
| chmod +x nomad | |
| - | |
| name: Populate cert files | |
| run: | | |
| echo "$SECRET_NOMAD_CA_CERT" >> "$NOMAD_CACERT" && \ | |
| echo "$SECRET_NOMAD_CLIENT_CERT" >> "$NOMAD_CLIENT_CERT" && \ | |
| echo "$SECRET_NOMAD_CLIENT_KEY" >> "$NOMAD_CLIENT_KEY" | |
| env: | |
| SECRET_NOMAD_CA_CERT: ${{ secrets.NOMAD_CA_CERT }} | |
| SECRET_NOMAD_CLIENT_CERT: ${{ secrets.NOMAD_CLIENT_CERT }} | |
| SECRET_NOMAD_CLIENT_KEY: ${{ secrets.NOMAD_CLIENT_KEY }} | |
| # - name: Debugging with ssh | |
| # uses: lhotari/action-upterm@v1 | |
| # with: | |
| # limit-access-to-users: ${{ env.GITHUB_REPOSITORY_OWNER }} | |
| - | |
| name: Deploy Nomad job | |
| run: | | |
| sed 's/____INSERT_ENV_HERE____/${{ github.ref_name }}/g' f1bot.nomad.hcl >> f1bot-baked.nomad.hcl | |
| run_output=$(nomad job run -verbose \ | |
| -var "image_version=${{ github.sha }}" \ | |
| -var "environment=${{ github.ref_name }}" \ | |
| -var "ghcr_password=$GHCR_PASSWORD" \ | |
| -var "image_id=$IMAGE_ID" \ | |
| -detach f1bot-baked.nomad.hcl) | |
| ./scripts/check-nomad-deployment.sh "$run_output" | |
| env: | |
| NOMAD_TOKEN: "${{ secrets.NOMAD_TOKEN }}" | |
| NOMAD_ADDR: "${{ secrets.NOMAD_URL }}" | |
| NOMAD_TLS_SERVER_NAME: "server.global.nomad" | |
| GHCR_PASSWORD: "${{ secrets.GHCR_PASSWORD }}" | |
| - | |
| name: Shred credentials | |
| if: always() | |
| run: | | |
| echo -e "[BEFORE SHREDDING]\n\n" | |
| ls -lh "$NOMAD_CACERT" "$NOMAD_CLIENT_CERT" "$NOMAD_CLIENT_KEY" | |
| echo -e "\n[SHREDDING]" | |
| shred "$NOMAD_CACERT" | |
| shred "$NOMAD_CLIENT_CERT" | |
| shred "$NOMAD_CLIENT_KEY" | |
| echo -e "\n[AFTER SHREDDING]\n\n" | |
| ls -lh "$NOMAD_CACERT" "$NOMAD_CLIENT_CERT" "$NOMAD_CLIENT_KEY" | |
| docs: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| if: github.ref == 'refs/heads/master' | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: erlef/[email protected] | |
| with: | |
| otp-version: "25" | |
| elixir-version: "1.14" | |
| - uses: actions/cache@v3 | |
| with: | |
| path: | | |
| deps | |
| _build | |
| key: ${{ runner.os }}-mix-${{ hashFiles('mix.lock') }} | |
| restore-keys: ${{ runner.os }}-mix- | |
| - run: mix deps.get | |
| - run: mix docs | |
| - name: Deploy | |
| uses: JamesIves/[email protected] | |
| with: | |
| branch: gh-pages | |
| folder: doc |