Add GitHub Actions workflows for build and deploy

Remove bundler setup from bin/deploy

Fix bin/build reference

Add reusable workflows for build and deploy

Add workflows for build and deploy to staging and production

Copy build/deploy workflows to .github/workflows folder

Add GA explanation to readme

Turn off node by default

Ask about manual deployers

Move postgres image prefix to reusable workflow

Update SSH key naming scheme

Add commented-out automatic deploy to production

Add interpolation marks

Change Postgres image to 13.2

Add --frozen-lockfile flag to yarn install

Remove cancel-in-progress for deploys

Add optional input for GHA runner

Revert "Update SSH key naming scheme"

This reverts commit f1df594.

Separate Mina commands

Add RAILS_ENV=test

Document workflow inputs

Add bin/audit, force color output

Add prepare_ci script

Run CI steps in parallel

Move workflows to .github/workflows folder

Remove postgres user

Use trust auth method

Add -j4 flag

Add rubocop cache step

Give names to all steps

Move rubocop cache step

Rename job to build

Use github format for rubocop

Use both simple and github formats

Fix workflow path

Make the ci_steps input required

Change location of rubocop cache

Change flag -j4 to -j0

Add example for deployers input

Create .node-version file

Add info about frontend to readme

Author: lovro-bikic

.github/workflows/build.yml

@@ -0,0 +1,107 @@
+name: Build
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  workflow_call:
+    inputs:
+      # Selects the version of Postgres for running tests
+      # See: https://github.com/docker-library/docs/blob/master/postgres/README.md#supported-tags-and-respective-dockerfile-links
+      postgres_image:
+        required: true
+        type: string
+
+      # Determines whether to install Node and run `yarn install`
+      use_node:
+        required: false
+        type: boolean
+        default: true
+
+      # Sets BUNDLE_APP_CONFIG environment variable
+      # See: https://bundler.io/man/bundle-config.1.html
+      bundle_app_config:
+        required: false
+        type: string
+        default: .bundle/ci-build
+
+      # Selects the runner on which the workflow will run
+      # See: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
+      runner:
+        required: false
+        type: string
+        default: ubuntu-20.04
+
+      # Defines which scripts will run on CI
+      # Format: space-delimited paths to scripts
+      # Example: 'bin/audit bin/lint bin/test'
+      ci_steps:
+        required: true
+        type: string
+    secrets:
+      VAULT_ADDR:
+        required: true
+      VAULT_AUTH_METHOD:
+        required: true
+      VAULT_AUTH_USER_ID:
+        required: true
+      VAULT_AUTH_APP_ID:
+        required: true
+
+jobs:
+  build:
+    name: 'Build'
+    runs-on: ${{ inputs.runner }}
+    env:
+      BUNDLE_APP_CONFIG: ${{ inputs.bundle_app_config }}
+      RUBOCOP_CACHE_ROOT: .rubocop-cache
+    services:
+      postgres:
+        image: postgres:${{ inputs.postgres_image }}
+        env:
+          POSTGRES_HOST_AUTH_METHOD: trust
+        ports:
+          - 5432:5432
+        options: --name=postgres
+    steps:
+      - name: Git checkout
+        uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+      - name: Prepare RuboCop cache
+        uses: actions/cache@v2
+        with:
+          path: ${{ env.RUBOCOP_CACHE_ROOT }}
+          key: ${{ runner.os }}-rubocop-cache-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-rubocop-cache-
+      - name: Set up Node
+        uses: actions/setup-node@v2
+        if: ${{ inputs.use_node }}
+        with:
+          node-version-file: '.node-version'
+      - name: Prepare node_modules cache
+        uses: actions/cache@v2
+        if: ${{ inputs.use_node }}
+        with:
+          path: node_modules
+          key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-modules-
+      - name: Install JS packages
+        if: ${{ inputs.use_node }}
+        run: yarn install --frozen-lockfile
+      - name: Prepare CI
+        run: bin/prepare_ci
+        env:
+          VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
+          VAULT_AUTH_METHOD: ${{ secrets.VAULT_AUTH_METHOD }}
+          VAULT_AUTH_USER_ID: ${{ secrets.VAULT_AUTH_USER_ID }}
+          VAULT_AUTH_APP_ID: ${{ secrets.VAULT_AUTH_APP_ID }}
+      - name: Wait for Postgres to be ready
+        run: until docker exec postgres pg_isready; do sleep 1; done
+      - name: CI steps
+        run: 'parallel --lb -k -j0 ::: ${{ inputs.ci_steps }}'

.github/workflows/deploy.yml

@@ -0,0 +1,62 @@
+name: Deploy
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+
+on:
+  workflow_call:
+    inputs:
+      # Sets the Mina environment (e.g. staging, production)
+      # A task by the same name must exist in config/deploy.rb
+      environment:
+        required: true
+        type: string
+
+      # Sets the Git branch which will be checked out
+      branch:
+        required: true
+        type: string
+
+      # Determines who can manually trigger the workflow
+      # Example: "@github_username1 @github_username2"
+      # See: https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow
+      deployers:
+        required: false
+        type: string
+        default: ''
+
+      # Sets BUNDLE_APP_CONFIG environment variable
+      # See: https://bundler.io/man/bundle-config.1.html
+      bundle_app_config:
+        required: false
+        type: string
+        default: .bundle/ci-deploy
+
+      # Selects the runner on which the workflow will run
+      # See: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
+      runner:
+        required: false
+        type: string
+        default: ubuntu-20.04
+    secrets:
+      SSH_PRIVATE_KEY:
+        required: true
+
+jobs:
+  deploy:
+    name: Deploy
+    runs-on: ${{ inputs.runner }}
+    env:
+      BUNDLE_APP_CONFIG: ${{ inputs.bundle_app_config }}
+    if: ${{ github.event_name == 'workflow_dispatch' && contains(inputs.deployers, format('@{0}', github.actor)) || github.event.workflow_run.conclusion == 'success' }}
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: ${{ inputs.branch }}
+      - uses: ruby/setup-ruby@v1
+        with:
+          bundler-cache: true
+      - uses: webfactory/ssh-agent@v0.5.4
+        with:
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+      - run: bin/deploy ${{ inputs.environment }}

README.md

@@ -23,6 +23,22 @@ then run if needed:
   rbenv global #{latest_ruby}
 ```
 
+### GitHub Actions
+
+This template uses GitHub Actions for CI/CD. In order for workflows to work properly some [secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) have to be set up.
+
+For build workflow to work, the following secrets must exist (usually set up by DevOps):
+- `VAULT_ADDR`
+- `VAULT_AUTH_METHOD`
+- `VAULT_AUTH_USER_ID`
+- `VAULT_AUTH_APP_ID`
+
+For deploy workflows, you need to generate private/public SSH key pairs for each environment. Public key should be added to the server to which you're deploying. Private key should be added as a secret to GitHub and named `SSH_PRIVATE_KEY_#{ENVIRONMENT}`, where `ENVIRONMENT` is replaced with an appropriate environment name (`STAGING`, `PRODUCTION`, etc.).
+
+### Frontend
+
+If your application will have a frontend (the template will ask you that), you must have Node installed on your machine. The template creates a `.node-version` file with the Node version set to the version you're currently running (check by executing `node -v`). Therefore, ensure that you have the latest [Active LTS](https://nodejs.org/en/about/releases/) version of Node running on your machine before using the template.
+
 ## Usage
 
 ```shell

build.yml

@@ -0,0 +1,17 @@
+name: Build
+
+on: [push]
+
+jobs:
+  build:
+    name: Build
+    uses: infinum/default_rails_template/.github/workflows/build.yml@v1
+    with:
+      postgres_image: '13.2'
+      use_node: false
+      ci_steps: 'bin/audit bin/lint bin/test'
+    secrets:
+      VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
+      VAULT_AUTH_METHOD: ${{ secrets.VAULT_AUTH_METHOD }}
+      VAULT_AUTH_USER_ID: ${{ secrets.VAULT_AUTH_USER_ID }}
+      VAULT_AUTH_APP_ID: ${{ secrets.VAULT_AUTH_APP_ID }}

deploy-production.yml

@@ -0,0 +1,19 @@
+name: Deploy production
+
+on:
+  workflow_dispatch:
+  # workflow_run: # UNCOMMENT THIS IF YOU WANT AUTOMATIC PRODUCTION DEPLOYS
+  #   workflows: [Build]
+  #   branches: [master]
+  #   types: [completed]
+
+jobs:
+  deploy:
+    name: Deploy
+    uses: infinum/default_rails_template/.github/workflows/deploy.yml@v1
+    with:
+      environment: production
+      branch: master
+      deployers: 'DEPLOY USERS GO HERE' # Example: '@github_username1 @github_username2'
+    secrets:
+      SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY_PRODUCTION }}

deploy-staging.yml

@@ -0,0 +1,19 @@
+name: Deploy staging
+
+on:
+  workflow_dispatch:
+  workflow_run:
+    workflows: [Build]
+    branches: [staging]
+    types: [completed]
+
+jobs:
+  deploy:
+    name: Deploy
+    uses: infinum/default_rails_template/.github/workflows/deploy.yml@v1
+    with:
+      environment: staging
+      branch: staging
+      deployers: 'DEPLOY USERS GO HERE' # Example: '@github_username1 @github_username2'
+    secrets:
+      SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY_STAGING }}