Skip to content

refactor: api docs (#209) #637

refactor: api docs (#209)

refactor: api docs (#209) #637

Workflow file for this run

name: CI/CD
on:
workflow_dispatch:
push:
branches:
- main
tags:
- 'v*'
pull_request:
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
branches:
- main
types:
- opened # default
- reopened # default
- synchronize # default
- ready_for_review
release:
types:
- released
env:
REGISTRY: ghcr.io/${{ github.repository_owner }}
jobs:
test:
name: Test
runs-on: ubuntu-latest
env:
PORT: 3000
URL: http://localhost
DB_CONNECTION_STRING: mongodb://localhost:4000
DB_NAME: test_registry
SMTP_HOST: placeholder
SMTP_PORT: 0000
SMTP_USER: placeholder
SMTP_PASSWORD: placeholder
AUTH_JWT_SECRET_KEY: abcdefgh123456
AUTH_ADMIN_PASSWORD_HASH: $2b$10$9ScWBY1SuA0a2nZbjvAOWeshe1XqchHKeI18NgWSs.TS4zbZsds3C
FRONTEND_URL: http://localhost:3001
services:
mongo:
image: mongo:7.0
ports:
- 4000:27017
concurrency:
group: ${{ github.workflow }}-test-${{ github.ref }}
cancel-in-progress: true
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: yarn
- run: yarn global add node-gyp
- run: yarn install --frozen-lockfile
- run: yarn build
- run: yarn test
build:
name: Docker build and push
needs: test
permissions:
packages: write
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-build-${{ github.ref }}
cancel-in-progress: true
outputs:
version: ${{ steps.meta.outputs.version }}
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ github.token }}
- uses: docker/metadata-action@v5
id: meta
with:
images: ${{ env.REGISTRY }}/ssi-trust-registry
tags: |
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
type=sha,prefix=pr-${{ github.event.pull_request.number }}-,priority=601,enable=${{ github.event_name == 'pull_request' }}
type=sha,prefix={{branch}}-,priority=601,enable=${{ github.event_name != 'pull_request' && github.ref_type == 'branch' }}
type=ref,event=branch,priority=600
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- uses: docker/build-push-action@v5
with:
context: .
platforms: linux/amd64 # linux/arm64/v8 is too slow to build (right now)
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: |
type=gha
type=registry,ref=${{ env.REGISTRY }}/ssi-trust-registry:latest
cache-to: type=gha,mode=max
compose:
name: Compose Test
needs: build
permissions:
packages: read
runs-on: ubuntu-latest
env:
IMAGE_TAG: ${{ needs.build.outputs.version }}
concurrency:
group: ${{ github.workflow }}-compose-${{ github.ref }}
cancel-in-progress: true
steps:
- uses: actions/checkout@v4
- run: docker compose pull
- run: docker compose up -d
# Run a few tests
- run: curl --silent --show-error --fail http://localhost:3000/health
- run: curl --silent --show-error --fail http://localhost:3000/api/registry
- name: MongoDB logs
if: always()
run: docker logs mongo
- name: Trust Registry logs
if: always()
run: docker logs trust-registry
deploy:
name: Deploy to EKS
needs: [compose, build]
permissions:
id-token: write
contents: read
checks: read
runs-on: ubuntu-latest
env:
TAILSCALE_VERSION: 1.52.1
HELMFILE_VERSION: v0.158.1
HELM_VERSION: v3.13.1
concurrency:
group: ${{ github.workflow }}-deploy-${{ github.event_name == 'release' && 'prod' || 'dev' }}
cancel-in-progress: false
environment:
name: ${{ github.event_name == 'release' && 'prod' || 'dev' }}
url: ${{ vars.PUBLIC_URL }}
# Don't deploy if triggering actor is dependabot
# Only deploy if PR is Ready for Review
if: github.triggering_actor != 'dependabot[bot]' && github.event.pull_request.draft == false
steps:
- uses: actions/checkout@v4
- uses: unfor19/install-aws-cli-action@v1
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ vars.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
role-session-name: github-cicd
- run: aws eks update-kubeconfig --name ${{ secrets.CLUSTER }}
- uses: tailscale/github-action@main
with:
authkey: ${{ secrets.TAILSCALE_AUTHKEY }}
version: ${{ env.TAILSCALE_VERSION }}
- name: Helmfile Apply/Diff
uses: helmfile/[email protected]
with:
helmfile-args: |
${{ github.event_name != 'pull_request' && 'apply' || 'diff' }} \
--environment ${{ vars.ENVIRONMENT }} \
-f ./helm/trust-registry.yaml \
--set image.tag=${{ needs.build.outputs.version }} \
--set config.authJwtSecretKey=${{ secrets.AUTH_JWT_SECRET_KEY }} \
--set config.authAdminPasswordHash=${{ secrets.AUTH_ADMIN_PASSWORD_HASH }}
helmfile-version: ${{ env.HELMFILE_VERSION }}
helm-version: ${{ env.HELM_VERSION }}
- name: Test Health
if: github.event_name != 'pull_request'
run: curl --silent --show-error --fail ${{ vars.PUBLIC_URL }}/health
- name: Test Registry
if: github.event_name != 'pull_request'
run: curl --silent --show-error --fail ${{ vars.PUBLIC_URL }}/api/registry