Merge pull request #93 from infinum/feature/github-actions

Task #419 - GitHub Actions workflows

Author: lovro-bikic

.github/workflows/build.yml

@@ -0,0 +1,107 @@
+name: Build
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  workflow_call:
+    inputs:
+      # Selects the version of Postgres for running tests
+      # See: https://github.com/docker-library/docs/blob/master/postgres/README.md#supported-tags-and-respective-dockerfile-links
+      postgres_image:
+        required: true
+        type: string
+
+      # Determines whether to install Node and run `yarn install`
+      use_node:
+        required: false
+        type: boolean
+        default: true
+
+      # Sets BUNDLE_APP_CONFIG environment variable
+      # See: https://bundler.io/man/bundle-config.1.html
+      bundle_app_config:
+        required: false
+        type: string
+        default: .bundle/ci-build
+
+      # Selects the runner on which the workflow will run
+      # See: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
+      runner:
+        required: false
+        type: string
+        default: ubuntu-20.04
+
+      # Defines which scripts will run on CI
+      # Format: space-delimited paths to scripts
+      # Example: 'bin/audit bin/lint bin/test'
+      ci_steps:
+        required: true
+        type: string
+    secrets:
+      VAULT_ADDR:
+        required: true
+      VAULT_AUTH_METHOD:
+        required: true
+      VAULT_AUTH_USER_ID:
+        required: true
+      VAULT_AUTH_APP_ID:
+        required: true
+
+jobs:
+  build:
+    name: 'Build'
+    runs-on: ${{ inputs.runner }}
+    env:
+      BUNDLE_APP_CONFIG: ${{ inputs.bundle_app_config }}
+      RUBOCOP_CACHE_ROOT: .rubocop-cache
+    services:
+      postgres:
+        image: postgres:${{ inputs.postgres_image }}
+        env:
+          POSTGRES_HOST_AUTH_METHOD: trust
+        ports:
+          - 5432:5432
+        options: --name=postgres
+    steps:
+      - name: Git checkout
+        uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+      - name: Prepare RuboCop cache
+        uses: actions/cache@v2
+        with:
+          path: ${{ env.RUBOCOP_CACHE_ROOT }}
+          key: ${{ runner.os }}-rubocop-cache-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-rubocop-cache-
+      - name: Set up Node
+        uses: actions/setup-node@v2
+        if: ${{ inputs.use_node }}
+        with:
+          node-version-file: '.node-version'
+      - name: Prepare node_modules cache
+        uses: actions/cache@v2
+        if: ${{ inputs.use_node }}
+        with:
+          path: node_modules
+          key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-modules-
+      - name: Install JS packages
+        if: ${{ inputs.use_node }}
+        run: yarn install --frozen-lockfile
+      - name: Prepare CI
+        run: bin/prepare_ci
+        env:
+          VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
+          VAULT_AUTH_METHOD: ${{ secrets.VAULT_AUTH_METHOD }}
+          VAULT_AUTH_USER_ID: ${{ secrets.VAULT_AUTH_USER_ID }}
+          VAULT_AUTH_APP_ID: ${{ secrets.VAULT_AUTH_APP_ID }}
+      - name: Wait for Postgres to be ready
+        run: until docker exec postgres pg_isready; do sleep 1; done
+      - name: CI steps
+        run: 'parallel --lb -k -j0 ::: ${{ inputs.ci_steps }}'

.github/workflows/deploy.yml

@@ -0,0 +1,62 @@
+name: Deploy
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+
+on:
+  workflow_call:
+    inputs:
+      # Sets the Mina environment (e.g. staging, production)
+      # A task by the same name must exist in config/deploy.rb
+      environment:
+        required: true
+        type: string
+
+      # Sets the Git branch which will be checked out
+      branch:
+        required: true
+        type: string
+
+      # Determines who can manually trigger the workflow
+      # Example: "@github_username1 @github_username2"
+      # See: https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow
+      deployers:
+        required: false
+        type: string
+        default: ''
+
+      # Sets BUNDLE_APP_CONFIG environment variable
+      # See: https://bundler.io/man/bundle-config.1.html
+      bundle_app_config:
+        required: false
+        type: string
+        default: .bundle/ci-deploy
+
+      # Selects the runner on which the workflow will run
+      # See: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
+      runner:
+        required: false
+        type: string
+        default: ubuntu-20.04
+    secrets:
+      SSH_PRIVATE_KEY:
+        required: true
+
+jobs:
+  deploy:
+    name: Deploy
+    runs-on: ${{ inputs.runner }}
+    env:
+      BUNDLE_APP_CONFIG: ${{ inputs.bundle_app_config }}
+    if: ${{ github.event_name == 'workflow_dispatch' && contains(inputs.deployers, format('@{0}', github.actor)) || github.event.workflow_run.conclusion == 'success' }}
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: ${{ inputs.branch }}
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+      - uses: webfactory/ssh-agent@v0.5.4
+        with:
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+      - run: bin/deploy ${{ inputs.environment }}

README.md

@@ -23,6 +23,22 @@ then run if needed:
   rbenv global #{latest_ruby}
 ```
 
+### GitHub Actions
+
+This template uses GitHub Actions for CI/CD. In order for workflows to work properly some [secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) have to be set up.
+
+For build workflow to work, the following secrets must exist (usually set up by DevOps):
+- `VAULT_ADDR`
+- `VAULT_AUTH_METHOD`
+- `VAULT_AUTH_USER_ID`
+- `VAULT_AUTH_APP_ID`
+
+For deploy workflows, you need to generate private/public SSH key pairs for each environment. Public key should be added to the server to which you're deploying. Private key should be added as a secret to GitHub and named `SSH_PRIVATE_KEY_#{ENVIRONMENT}`, where `ENVIRONMENT` is replaced with an appropriate environment name (`STAGING`, `PRODUCTION`, etc.).
+
+### Frontend
+
+If your application will have a frontend (the template will ask you that), you must have Node installed on your machine. The template creates a `.node-version` file with the Node version set to the version you're currently running (check by executing `node -v`). Therefore, ensure that you have the latest [Active LTS](https://nodejs.org/en/about/releases/) version of Node running on your machine before using the template.
+
 ## Usage
 
 ```shell

build.yml

@@ -0,0 +1,17 @@
+name: Build
+
+on: [push]
+
+jobs:
+  build:
+    name: Build
+    uses: infinum/default_rails_template/.github/workflows/build.yml@v1
+    with:
+      postgres_image: '13.2'
+      use_node: false
+      ci_steps: 'bin/audit bin/lint bin/test'
+    secrets:
+      VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
+      VAULT_AUTH_METHOD: ${{ secrets.VAULT_AUTH_METHOD }}
+      VAULT_AUTH_USER_ID: ${{ secrets.VAULT_AUTH_USER_ID }}
+      VAULT_AUTH_APP_ID: ${{ secrets.VAULT_AUTH_APP_ID }}

deploy-production.yml

@@ -0,0 +1,19 @@
+name: Deploy production
+
+on:
+  workflow_dispatch:
+  # workflow_run: # UNCOMMENT THIS IF YOU WANT AUTOMATIC PRODUCTION DEPLOYS
+  #   workflows: [Build]
+  #   branches: [master]
+  #   types: [completed]
+
+jobs:
+  deploy:
+    name: Deploy
+    uses: infinum/default_rails_template/.github/workflows/deploy.yml@v1
+    with:
+      environment: production
+      branch: master
+      deployers: 'DEPLOY USERS GO HERE' # Example: '@github_username1 @github_username2'
+    secrets:
+      SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY_PRODUCTION }}

deploy-staging.yml

@@ -0,0 +1,19 @@
+name: Deploy staging
+
+on:
+  workflow_dispatch:
+  workflow_run:
+    workflows: [Build]
+    branches: [staging]
+    types: [completed]
+
+jobs:
+  deploy:
+    name: Deploy
+    uses: infinum/default_rails_template/.github/workflows/deploy.yml@v1
+    with:
+      environment: staging
+      branch: staging
+      deployers: 'DEPLOY USERS GO HERE' # Example: '@github_username1 @github_username2'
+    secrets:
+      SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY_STAGING }}