vacuumlabs · Femi-lawal · Nov 28, 2022
diff --git a/.github/workflows/_config-dev.yml b/.github/workflows/_config-dev.yml
@@ -0,0 +1,45 @@
+name: CI/CD to development
+
+on:
+  push:
+    tags: [ "*" ]
+
+permissions:
+  pull-requests: read
+  contents: read
+  id-token: write
+
+jobs:
+  test_if_dev:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Exit if not on IIT branch
+        if: startsWith(github.ref, 'IIT') == false
+        run: |-
+          exit -1
+
+  build_and_test:
+    uses: ./.github/workflows/test.yml
+
+  build_and_push_docker_image:
+    needs: build_and_test
+    uses: ./.github/workflows/build-docker.yml
+    with:
+      PROJECT_ID_ARTIFACT_REGISTRY: vl-bots-common/vl-reportbot-dev-repository
+      REGION: europe-west1
+      SERVICE: reportbot-dev
+    secrets:
+      WIF_PROVIDER: ${{ secrets.WIF_PROVIDER_DEV }}
+      WIF_SERVICE_ACCOUNT: ${{ secrets.WIF_SERVICE_ACCOUNT_DEV }}
+
+  deploy_to_dev:
+    needs: build_and_push_docker_image
+    uses: ./.github/workflows/deploy-cloudrun.yml
+    with:
+      PROJECT_ID_ARTIFACT_REGISTRY: vl-bots-common/vl-reportbot-dev-repository
+      SERVICE: reportbot-dev
+      PROJECT_ID_CLOUD_RUN: vl-bots-reportbot-dev
+      REGION: europe-west1
+    secrets:
+      WIF_PROVIDER: ${{ secrets.WIF_PROVIDER_DEV }}
+      WIF_SERVICE_ACCOUNT: ${{ secrets.WIF_SERVICE_ACCOUNT_DEV }}
diff --git a/.github/workflows/_config-prod.yml b/.github/workflows/_config-prod.yml
@@ -0,0 +1,37 @@
+name: CI/CD to production
+
+on:
+  workflow_dispatch:
+
+permissions:
+  pull-requests: read
+  contents: read
+  id-token: write
+
+jobs:
+  build_and_test:
+    uses: ./.github/workflows/test.yml
+
+  build_and_push_docker_image:
+    needs: build_and_test
+    uses: ./.github/workflows/build-docker.yml
+    with:
+      PROJECT_ID_ARTIFACT_REGISTRY: vl-bots-common/vl-reportbot-prod-repository
+      REGION: europe-west1
+      SERVICE: reportbot-prod
+    secrets:
+      WIF_PROVIDER: ${{ secrets.WIF_PROVIDER_PROD }}
+      WIF_SERVICE_ACCOUNT: ${{ secrets.WIF_SERVICE_ACCOUNT_PROD }}
+
+  deploy_to_prod:
+    needs: build_and_push_docker_image
+    uses: ./.github/workflows/deploy-cloudrun.yml
+    with:
+      PROJECT_ID_ARTIFACT_REGISTRY: vl-bots-common/vl-reportbot-prod-repository
+      SERVICE: reportbot-prod
+      PROJECT_ID_CLOUD_RUN: vl-bots-reportbot-prod
+      REGION: europe-west1
+    secrets:
+      WIF_PROVIDER: ${{ secrets.WIF_PROVIDER_PROD }}
+      WIF_SERVICE_ACCOUNT: ${{ secrets.WIF_SERVICE_ACCOUNT_PROD }}
+
diff --git a/.github/workflows/_config-test.yml b/.github/workflows/_config-test.yml
@@ -0,0 +1,12 @@
+name: CI test
+
+on:
+  push:
+    branches: [ "**" ]
+
+permissions:
+  contents: read
+
+jobs:
+  build_and_test:
+    uses: ./.github/workflows/test.yml
diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
@@ -0,0 +1,53 @@
+name: CI/CD build Docker image and push to AR
+
+on:
+  workflow_call:
+    inputs:
+      PROJECT_ID_ARTIFACT_REGISTRY:
+        required: true
+        type: string
+      REGION:
+        required: true
+        type: string
+      SERVICE:
+        required: true
+        type: string
+    secrets:
+      WIF_PROVIDER:
+        required: true
+      WIF_SERVICE_ACCOUNT:
+        required: true
+
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  build_and_push_docker_image:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Google Auth from the pipeline
+        id: auth
+        uses: "google-github-actions/auth@v0"
+        with:
+          token_format: "access_token"
+          workload_identity_provider: ${{ secrets.WIF_PROVIDER }}
+          service_account: ${{ secrets.WIF_SERVICE_ACCOUNT }}
+
+      - name: Docker Auth to Google Cloud Artifact Registry
+        id: docker-auth
+        uses: "docker/login-action@v1"
+        with:
+          username: "oauth2accesstoken"
+          password: "${{ steps.auth.outputs.access_token }}"
+          registry: "${{ inputs.REGION }}-docker.pkg.dev"
+
+      - name: Build and Push docker image for
+        run: |-
+          DOCKER_IMAGE_NAME="${{ inputs.REGION }}-docker.pkg.dev/${{ inputs.PROJECT_ID_ARTIFACT_REGISTRY }}/${{ inputs.SERVICE }}" 
+          docker build -t "$DOCKER_IMAGE_NAME:${{ github.sha }}" -t "$DOCKER_IMAGE_NAME:latest" ./
+          docker push "$DOCKER_IMAGE_NAME" --all-tags
diff --git a/.github/workflows/deploy-cloudrun.yml b/.github/workflows/deploy-cloudrun.yml
@@ -0,0 +1,56 @@
+name: CI/CD deploy to Cloud Run
+
+on:
+  workflow_call:
+    inputs:
+      PROJECT_ID_ARTIFACT_REGISTRY:
+        required: true
+        type: string
+      REGION:
+        required: true
+        type: string
+      SERVICE:
+        required: true
+        type: string
+      PROJECT_ID_CLOUD_RUN:
+        required: true
+        type: string
+    secrets:
+      WIF_PROVIDER:
+        required: true
+      WIF_SERVICE_ACCOUNT:
+        required: true
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  deploy_to_stage:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Google Auth from the pipeline staging
+        id: auth
+        uses: "google-github-actions/auth@v0"
+        with:
+          token_format: "access_token"
+          workload_identity_provider: ${{ secrets.WIF_PROVIDER}}
+          service_account: ${{ secrets.WIF_SERVICE_ACCOUNT }}
+
+      - name: Docker Auth to Google Cloud Artifact Registry staging
+        id: docker-auth
+        uses: "docker/login-action@v1"
+        with:
+          username: "oauth2accesstoken"
+          password: "${{ steps.auth.outputs.access_token }}"
+          registry: "${{ inputs.REGION }}-docker.pkg.dev"
+
+      - name: Deploy to Cloud Run staging
+        id: deploy
+        uses: google-github-actions/deploy-cloudrun@v0
+        with:
+          project_id: ${{ inputs.PROJECT_ID_CLOUD_RUN }}
+          service: ${{ inputs.SERVICE}}
+          region: ${{ inputs.REGION }}
+          image: ${{ inputs.REGION }}-docker.pkg.dev/${{ inputs.PROJECT_ID_ARTIFACT_REGISTRY }}/${{ inputs.SERVICE }}:${{ github.sha }}
+
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,55 @@
+name: Report-bot CI test
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    services:
+      postgres:
+        image: postgres
+        env:
+          POSTGRES_USER: postgres
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_DB: report_bot
+        ports:
+          - 5432:5432
+        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Node
+        uses: actions/setup-node@v3
+        with:
+          node-version: 16.x
+
+      - name: Install dependencies
+        run: |-
+          npm i -g yarn
+
+      - name: Copy env templates 
+        run: |-
+          cp .env.template .env && cp server/.env.template server/.env
+
+      - name: Install application dependencies
+        run: |-
+          yarn
+
+      - name: Build application
+        run: |- 
+          yarn build
+
+      - name: Run migrations
+        run: |- 
+          yarn knex migrate:latest
+
+      - name: Run tests
+        run: |- 
+          yarn test
diff --git a/config.js b/config.js
@@ -6,7 +6,16 @@ exports.default = transenv()(({str, bool, num}) => {
   return {
     knex: {
       client: 'pg',
-      connection: `${str('DATABASE_URL')}${isDev ? '' : '?sslmode=no-verify'}`,
+      connection: str('DATABASE_URL', null) ?
+      `${str('DATABASE_URL')}${isDev ? '' : '?sslmode=no-verify'}`
+      : {
+        host: str('DATABASE_HOST'),
+        port: str('DATABASE_PORT'),
+        user: str('DATABASE_USER'),
+        password: str('DATABASE_PASSWORD'),
+        database: str('DATABASE_NAME'),
+        ssl: false
+      },
       debug: isDev,
       migrations: {
         directory: 'migrations',

diff --git a/server/src/config.js b/server/src/config.js
@@ -17,7 +17,16 @@ export default transenv()(({str, bool, num}) => {
       requiredTeamId: num('required_team_id'),
     }),
     pgClient: {
-      connectionString: `${str('DATABASE_URL')}${isDev ? '' : '?sslmode=no-verify'}`,
+      connectionString: str('DATABASE_URL', null)
+      ? `${str('DATABASE_URL')}${isDev ? '' : '?sslmode=no-verify'}`
+      : {
+          host: str('DATABASE_HOST'),
+          port: str('DATABASE_PORT'),
+          user: str('DATABASE_USER'),
+          password: str('DATABASE_PASSWORD'),
+          database: str('DATABASE_NAME'),
+          ssl: false,
+        },
       ssl: !isDev,
     },
     slack: {