From d6242c95a12724186e35136f0c8dc3e403b0ce88 Mon Sep 17 00:00:00 2001 From: Thomas COMES Date: Mon, 9 Sep 2024 11:50:07 +0200 Subject: [PATCH] Revert "Remaking CI into single process with CD" This reverts commit ebfb8482e3b98c39d0dd77ab1e9382c0965649ec. --- .github/workflows/ci_cd.yml | 203 --------------------------------- .github/workflows/lint.yml | 19 +++ .github/workflows/security.yml | 23 ++++ .github/workflows/tests.yml | 94 +++++++++++++++ 4 files changed, 136 insertions(+), 203 deletions(-) delete mode 100644 .github/workflows/ci_cd.yml create mode 100644 .github/workflows/lint.yml create mode 100644 .github/workflows/security.yml create mode 100644 .github/workflows/tests.yml diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml deleted file mode 100644 index 6efd85cfc..000000000 --- a/.github/workflows/ci_cd.yml +++ /dev/null @@ -1,203 +0,0 @@ -env: - CI: true - COVERAGE: true - -name: CI - CD -on: [push] -jobs: - security: - name: Brakeman - if: "${{ github.actor != 'dependabot[bot]' }}" - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up Ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: 3.2.1 - - - name: Brakeman - uses: reviewdog/action-brakeman@v2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - lint: - name: Lint - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Set up Ruby - uses: ruby/setup-ruby@v1 - with: - bundler-cache: true - cache-version: 321 - - - name: Run RuboCop - run: bundle exec rubocop --parallel - - tests: - name: Tests - needs: - - security - runs-on: ubuntu-latest - timeout-minutes: 30 - services: - postgres: - image: postgres:latest - env: - POSTGRES_USER: admin_apientreprise - POSTGRES_PASSWORD: wow*verysecret - POSTGRES_DB: admin_apientreprise_test - POSTGRES_PORT: 5432 - ports: - - 5432:5432 - options: >- - --health-cmd pg_isready - --health-interval 10s - --health-timeout 5s - --health-retries 5 - - redis: - image: redis - ports: ["6379:6379"] - options: --entrypoint redis-server - - steps: - - name: Dump Github context - env: - GITHUB_CONTEXT: ${{ toJson(github) }} - run: echo "$GITHUB_CONTEXT" - - - name: Checkout code - uses: actions/checkout@v4 - - - name: Setup ruby - uses: ruby/setup-ruby@v1 - with: - bundler-cache: true - cache-version: 322 - - - name: Setup Nodejs - uses: actions/setup-node@v3 - - - name: Install mjml dependency - run: npm install mjml - - - name: Install postgres client #and imagemagick - run: sudo apt-get install libpq-dev #imagemagick - - - name: Create database users - env: - POSTGRES_USER: admin_apientreprise - POSTGRES_DB: admin_apientreprise_test - PGPASSWORD: wow*verysecret - run: | - psql -h localhost -U ${{ env.POSTGRES_USER }} -d ${{ env.POSTGRES_DB }} -f `pwd`/postgresql_setup.txt - - - name: Create database - run: bundle exec rails db:create db:schema:load RAILS_ENV=test - - - name: Run tests - run: bundle exec rspec - - - uses: joshmfrankel/simplecov-check-action@main - if: "${{ github.actor != 'dependabot[bot]' }}" - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - minimum_suite_coverage: 95 - - merge-with-master: - name: Merge develop with master - runs-on: ubuntu-latest - if: github.ref == 'refs/heads/develop' - needs: - - security - - lint - - tests - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Import GPG key to sign master push - if: github.ref == 'refs/heads/develop' - id: import_gpg - uses: crazy-max/ghaction-import-gpg@v6 - with: - gpg_private_key: ${{ secrets.GPG_SECRET_KEY }} - passphrase: ${{ secrets.GPG_PASSPHRASE }} - git_user_signingkey: true - git_commit_gpgsign: true - - - name: Force push develop to master - if: github.ref == 'refs/heads/develop' - run: | - git reset --hard && \ - git push --force origin develop:master && \ - git fetch && \ - [[ ! -s \"$(git rev-parse --git-dir)/shallow\" ]] || git fetch --unshallow - exit 0 - - continuous-deployment-staging: - name: Continuous deployment on staging - runs-on: ubuntu-latest - if: github.ref == 'refs/heads/develop' - needs: - - security - - lint - - tests - - merge-with-master - timeout-minutes: 10 - strategy: - matrix: - host: [watchdoge1, watchdoge2, watchdoge3, watchdoge4, watchdoge5] - fail-fast: false - environment: staging - env: - DEPLOY_HTTPS_LOGIN: ${{ secrets.DEPLOY_HTTPS_LOGIN }} - DEPLOY_HTTPS_PASSWORD: ${{ secrets.DEPLOY_HTTPS_PASSWORD }} - DEPLOY_HTTPS_REQUEST_URL: ${{ vars.DEPLOY_HTTPS_REQUEST_URL }} - DEPLOY_HTTPS_RESPONSE_URL: ${{ vars.DEPLOY_HTTPS_RESPONSE_URL }} - DEPLOY_HOST: host_${{ matrix.host }} - DEPLOY_APP: admin_apientreprise_staging - steps: - - name: Download and run deploy script - shell: bash - run: | - git clone https://github.com/etalab/api-entreprise-integration - cd api-entreprise-integration - ./deploy-parteprise.sh - - continuous-deployment-production: - name: Continuous deployment on production - runs-on: ubuntu-latest - if: github.ref == 'refs/heads/develop' - needs: - - security - - lint - - tests - - merge-with-master - - continuous-deployment-staging - timeout-minutes: 20 - strategy: - matrix: - host: [watchdoge1, watchdoge2, watchdoge3, watchdoge4, watchdoge5] - deploy_env: [staging, production] - fail-fast: false - environment: production - env: - DEPLOY_HTTPS_LOGIN: ${{ secrets.DEPLOY_HTTPS_LOGIN }} - DEPLOY_HTTPS_PASSWORD: ${{ secrets.DEPLOY_HTTPS_PASSWORD }} - DEPLOY_HTTPS_REQUEST_URL: ${{ vars.DEPLOY_HTTPS_REQUEST_URL }} - DEPLOY_HTTPS_RESPONSE_URL: ${{ vars.DEPLOY_HTTPS_RESPONSE_URL }} - DEPLOY_HOST: host_${{ matrix.host }} - DEPLOY_APP: admin_apientreprise_${{ matrix.deploy_env }} - steps: - - name: Download and run deploy script - shell: bash - run: | - git clone https://github.com/etalab/api-entreprise-integration - cd api-entreprise-integration - ./deploy-parteprise.sh diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 000000000..cbdd39819 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,19 @@ +name: RuboCop + +on: [push] + +jobs: + lint: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + bundler-cache: true + cache-version: 321 + + - name: Run RuboCop + run: bundle exec rubocop --parallel diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml new file mode 100644 index 000000000..f799586ce --- /dev/null +++ b/.github/workflows/security.yml @@ -0,0 +1,23 @@ +name: Security + +on: [push] + +jobs: + security: + name: Brakeman (Static security) + if: "${{ github.actor != 'dependabot[bot]' }}" + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: 3.2.1 + + - name: Brakeman + uses: reviewdog/action-brakeman@v2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 000000000..dcc848bf5 --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,94 @@ +env: + CI: true + COVERAGE: true + +name: Tests + merge develop->master +on: [push] +jobs: + test: + name: Tests (RSpec) + runs-on: ubuntu-latest + timeout-minutes: 30 + services: + postgres: + image: postgres:latest + env: + POSTGRES_USER: admin_apientreprise + POSTGRES_PASSWORD: wow*verysecret + POSTGRES_DB: admin_apientreprise_test + POSTGRES_PORT: 5432 + ports: + - 5432:5432 + options: >- + --health-cmd pg_isready + --health-interval 10s + --health-timeout 5s + --health-retries 5 + + redis: + image: redis + ports: ["6379:6379"] + options: --entrypoint redis-server + + steps: + - name: Dump Github context + env: + GITHUB_CONTEXT: ${{ toJson(github) }} + run: echo "$GITHUB_CONTEXT" + + - name: Checkout code + uses: actions/checkout@v4 + + - name: Setup ruby + uses: ruby/setup-ruby@v1 + with: + bundler-cache: true + cache-version: 322 + + - name: Setup Nodejs + uses: actions/setup-node@v3 + + - name: Install mjml dependency + run: npm install mjml + + - name: Install postgres client #and imagemagick + run: sudo apt-get install libpq-dev #imagemagick + + - name: Create database users + env: + POSTGRES_USER: admin_apientreprise + POSTGRES_DB: admin_apientreprise_test + PGPASSWORD: wow*verysecret + run: | + psql -h localhost -U ${{ env.POSTGRES_USER }} -d ${{ env.POSTGRES_DB }} -f `pwd`/postgresql_setup.txt + + - name: Create database + run: bundle exec rails db:create db:schema:load RAILS_ENV=test + + - name: Run tests + run: bundle exec rspec + + - uses: joshmfrankel/simplecov-check-action@main + if: "${{ github.actor != 'dependabot[bot]' }}" + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + minimum_suite_coverage: 95 + + - name: Import GPG key to sign master push + if: github.ref == 'refs/heads/develop' + id: import_gpg + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.GPG_SECRET_KEY }} + passphrase: ${{ secrets.GPG_PASSPHRASE }} + git_user_signingkey: true + git_commit_gpgsign: true + + - name: Force push develop to master + if: github.ref == 'refs/heads/develop' + run: | + git reset --hard && \ + git push --force origin develop:master && \ + git fetch && \ + [[ ! -s \"$(git rev-parse --git-dir)/shallow\" ]] || git fetch --unshallow + exit 0