deploy(infra): add deployment Justfiles for Azure, Dokku, and Fly.io #534
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Publish | |
| on: | |
| workflow_dispatch: | |
| # allow ssh access to be enabled via the GH actions UI | |
| inputs: | |
| debug_enabled: | |
| type: boolean | |
| description: "Run with tmate enabled (https://github.com/marketplace/actions/debugging-with-tmate)" | |
| required: false | |
| default: false | |
| push: | |
| branches: [master] | |
| pull_request: {} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| # run `just secrets_ci_grant-github-actions` to set | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| # for the gh-cli | |
| GH_TOKEN: ${{ github.token }} | |
| # a important design goal is to avoid custom configuration in CI. This enables tests to be run in a CI-like environment | |
| # locally, making it easy to replicate CI issues. This is one of the few CI-specific configuration changes since | |
| # the host where services are located is truly unique to the CI environment. | |
| DATABASE_HOST: localhost | |
| REDIS_HOST: localhost | |
| SMTP_HOST: localhost | |
| # https://github.com/Textualize/rich/issues/2769 | |
| COLUMNS: 120 | |
| jobs: | |
| # NOTE there is no global timeout minutes, so we need to set it on each job :/ | |
| app: | |
| name: Backend | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/common-setup | |
| timeout-minutes: 2 | |
| - uses: iloveitaly/github-action-localias@master | |
| with: | |
| chrome: true | |
| - run: just up --fast | |
| - run: just py_setup | |
| - run: just py_lint | |
| - run: just db_migrate | |
| - run: just db_lint | |
| - run: just py_test | |
| # NOTE one important problem with `detached` is if something fails, the github environment does seem to get wiped | |
| # for instance GITHUB_ENV, seems to be cleared out. | |
| - uses: mxschmitt/action-tmate@v3 | |
| if: ${{ github.event_name == 'workflow_dispatch' && inputs.debug_enabled }} | |
| with: { detached: true } | |
| # traces and pngs allow us to debug e2e test failures | |
| - name: Upload test artifacts | |
| if: ${{ failure() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: playwright-traces | |
| # NOTE if direnv sourcing fails, this var will not be set and it will fail | |
| path: ${{ env.TEST_RESULTS_DIRECTORY }} | |
| web: | |
| name: Frontend | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/common-setup | |
| timeout-minutes: 2 | |
| - run: just js_setup | |
| - run: just js_lint | |
| - run: just js_test | |
| deploy: | |
| name: 🚀 Deploy | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| needs: [web, app] | |
| if: ${{ github.ref == 'refs/heads/master' && github.event_name == 'push' }} | |
| permissions: | |
| packages: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: ./.github/actions/common-setup | |
| timeout-minutes: 1 | |
| # login before building so previous build image can be pulled for nixpacks cache | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| # password: ${{ secrets.GITHUB_TOKEN }} | |
| password: ${{ github.token }} | |
| - run: just build | |
| - run: just build_push |