Merge pull request #554 from shuymn/renovate/postcss-8.x #477
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - '.github/workflows/**' | |
| - '!.github/workflows/deploy.yml' | |
| - '*.md' | |
| - 'docs/**' | |
| - 'renovate.json' | |
| repository_dispatch: | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| env: | |
| NO_D1_WARNING: true | |
| CLOUDFLARE_API_TOKEN: ${{ secrets.CF_API_TOKEN }} | |
| CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} | |
| steps: | |
| - name: Ensure CF_DEPLOY_DOMAIN and CF_ZONE_ID are defined | |
| run: | | |
| if [ -z "$CF_ZONE_ID" ] | |
| then | |
| echo "CF_ZONE_ID not defined" | |
| exit 1 | |
| fi | |
| if [ -z "$CF_DEPLOY_DOMAIN" ] | |
| then | |
| echo "CF_DEPLOY_DOMAIN not defined" | |
| exit 1 | |
| fi | |
| env: | |
| CF_ZONE_ID: ${{ vars.CF_ZONE_ID }} | |
| CF_DEPLOY_DOMAIN: ${{ vars.CF_DEPLOY_DOMAIN }} | |
| # this is needed to get the lowercase version of the repository_owner name | |
| # and being able to override the suffix when mutliple instances are hosted | |
| # by the same GitHub account. | |
| - name: Set name suffix | |
| run: | | |
| if [ -z "$OVERRIDE_NAME_SUFFIX" ] | |
| then | |
| echo $GH_OWNER | awk '{ print "NAME_SUFFIX=" tolower($0) }' >> ${GITHUB_ENV} | |
| else | |
| echo $OVERRIDE_NAME_SUFFIX | awk '{ print "NAME_SUFFIX=" tolower($0) }' >> ${GITHUB_ENV} | |
| fi | |
| env: | |
| GH_OWNER: ${{ github.repository_owner }} | |
| OVERRIDE_NAME_SUFFIX: ${{ vars.OVERRIDE_NAME_SUFFIX }} | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
| - uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3 | |
| - uses: pnpm/action-setup@v2 | |
| with: | |
| version: 8 | |
| - uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4 | |
| with: | |
| node-version-file: .node-version | |
| cache: pnpm | |
| - name: Install packages | |
| run: pnpm install | |
| - name: Configure Cloudflare Images variants | |
| run: | | |
| curl -XPOST https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/images/v1/variants \ | |
| -d '{ | |
| "id": "avatar", | |
| "options": { | |
| "metadata": "copyright", | |
| "width": 400, | |
| "height": 400 | |
| } | |
| }' \ | |
| -H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' | |
| curl -XPOST https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/images/v1/variants \ | |
| -d '{ | |
| "id": "header", | |
| "options": { | |
| "metadata": "copyright", | |
| "width": 1500, | |
| "height": 500 | |
| } | |
| }' \ | |
| -H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' | |
| curl -XPOST https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/images/v1/variants \ | |
| -d '{ | |
| "id": "usercontent", | |
| "options": { | |
| "metadata": "copyright" | |
| } | |
| }' \ | |
| -H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' | |
| - name: Check D1 database | |
| run: | | |
| alpha_exists=$(npx wrangler d1 list --json | jq -r '.[] | select(.name == "wildebeest-${{ env.NAME_SUFFIX }}" and .version == "alpha") | .name') | |
| beta_exists=$(npx wrangler d1 list --json | jq -r '.[] | select(.name == "wildebeest-${{ env.NAME_SUFFIX }}-v1" and .version == "beta") | .name') | |
| [[ -n "$alpha_exists" && -z "$beta_exists" ]] && echo "Error: There is an alpha version of D1 but no corresponding beta version." && exit 1 || exit 0 | |
| - name: Create D1 database | |
| continue-on-error: true | |
| run: npx wrangler d1 create wildebeest-${{ env.NAME_SUFFIX }}-v1 | |
| - name: retrieve D1 database | |
| run: npx wrangler d1 list --json | jq -r '.[] | select(.name == "wildebeest-${{ env.NAME_SUFFIX }}-v1" and .version == "beta") | .uuid' | awk '{print "d1_id="$1}' >> $GITHUB_ENV | |
| - name: migrate D1 database | |
| run: | | |
| echo -e "[[d1_databases]]\nbinding=\"DATABASE\"\ndatabase_name=\"wildebeest-${{ env.NAME_SUFFIX }}-v1\"\ndatabase_id=\"${{ env.d1_id }}\"" >> wrangler.toml | |
| npx wrangler d1 migrations apply wildebeest-${{ env.NAME_SUFFIX }}-v1 | |
| - name: retrieve Zero Trust organization | |
| run: | | |
| auth_domain=$(curl https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/access/organizations \ | |
| -H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' | jq -r '.result.auth_domain') | |
| printf "auth_domain=$auth_domain" >> $GITHUB_ENV | |
| - name: retrieve Terraform state KV namespace | |
| run: | | |
| npx wrangler kv:namespace list | jq -r '.[] | select( .title == "wildebeest-terraform-${{ env.NAME_SUFFIX }}-state" ) | .id' | awk '{print "tfstate_kv="$1}' >> $GITHUB_ENV | |
| - name: Init | |
| run: terraform init | |
| working-directory: ./tf | |
| - name: download Terraform state | |
| if: ${{ env.tfstate_kv != '' }} | |
| run: | | |
| npx wrangler kv:key get --namespace-id=${{ env.tfstate_kv }} terraform.tfstate > ./tf/terraform.tfstate | |
| chmod 777 ./tf/terraform.tfstate | |
| - name: download VAPID keys | |
| if: ${{ env.tfstate_kv != '' }} | |
| continue-on-error: true | |
| run: npx wrangler kv:key get --namespace-id=${{ env.tfstate_kv }} vapid_jwk | jq . > ./tf/vapid_jwk | |
| - name: generate VAPID keys if needed | |
| run: | | |
| sudo chmod 777 ./tf/vapid_jwk || true | |
| if [ ! -s ./tf/vapid_jwk ] | |
| then | |
| node ./scripts/generate-vapid-keys.mjs > ./tf/vapid_jwk | |
| echo "VAPID keys generated" | |
| fi | |
| - name: Publish DO | |
| run: | | |
| pnpm --dir do install | |
| npx wrangler deploy --config do/wrangler.toml | |
| - name: Retrieve DO namespace | |
| run: | | |
| curl https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/workers/durable_objects/namespaces \ | |
| -H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' \ | |
| | jq -r '.result[] | select( .script == "wildebeest-do" ) | .id' | awk '{print "do_cache_id="$1}' >> $GITHUB_ENV | |
| - name: Configure | |
| run: terraform plan && terraform apply -auto-approve | |
| working-directory: ./tf | |
| env: | |
| TF_VAR_cloudflare_account_id: ${{ secrets.CF_ACCOUNT_ID }} | |
| TF_VAR_cloudflare_api_token: ${{ secrets.CF_API_TOKEN }} | |
| TF_VAR_cloudflare_zone_id: ${{ vars.CF_ZONE_ID }} | |
| TF_VAR_cloudflare_deploy_domain: ${{ vars.CF_DEPLOY_DOMAIN }} | |
| TF_VAR_name_suffix: ${{ env.NAME_SUFFIX }} | |
| TF_VAR_d1_id: ${{ env.d1_id }} | |
| TF_VAR_do_cache_id: ${{ env.do_cache_id }} | |
| TF_VAR_access_auth_domain: ${{ env.auth_domain }} | |
| TF_VAR_wd_instance_title: ${{ vars.INSTANCE_TITLE }} | |
| TF_VAR_wd_admin_email: ${{ vars.ADMIN_EMAIL }} | |
| TF_VAR_wd_instance_description: ${{ vars.INSTANCE_DESCR }} | |
| TF_VAR_sentry_dsn: ${{ secrets.SENTRY_DSN }} | |
| TF_VAR_sentry_access_client_id: ${{ secrets.SENTRY_ACCESS_CLIENT_ID }} | |
| TF_VAR_sentry_access_client_secret: ${{ secrets.SENTRY_ACCESS_CLIENT_SECRET }} | |
| - name: retrieve Terraform state KV namespace | |
| if: ${{ env.tfstate_kv == '' }} | |
| run: npx wrangler kv:namespace list | jq -r '.[] | select( .title == "wildebeest-terraform-${{ env.NAME_SUFFIX }}-state" ) | .id' | awk '{print "tfstate_kv="$1}' >> $GITHUB_ENV | |
| - name: store VAPID keys state | |
| run: npx wrangler kv:key put --namespace-id=${{ env.tfstate_kv }} vapid_jwk --path=./tf/vapid_jwk | |
| - name: store Terraform state | |
| run: npx wrangler kv:key put --namespace-id=${{ env.tfstate_kv }} terraform.tfstate --path=./tf/terraform.tfstate | |
| - name: Create Queue | |
| continue-on-error: true | |
| run: npx wrangler queues create wildebeest-${{ env.NAME_SUFFIX }} | |
| - name: Publish consumer | |
| run: | | |
| echo "*** pre commands ***" | |
| echo -e "name = \"wildebeest-consumer-${{ env.NAME_SUFFIX }}\"\n" >> consumer/wrangler.toml | |
| echo -e "[[queues.consumers]]\n" >> consumer/wrangler.toml | |
| echo -e "max_batch_size = 10\n" >> consumer/wrangler.toml | |
| echo -e "max_batch_timeout = 30\n" >> consumer/wrangler.toml | |
| echo -e "max_retries = 10\n" >> consumer/wrangler.toml | |
| echo -e "queue = \"wildebeest-${{ env.NAME_SUFFIX }}\"\n" >> consumer/wrangler.toml | |
| echo -e "[[d1_databases]]\nbinding=\"DATABASE\"\ndatabase_name=\"wildebeest-${{ env.NAME_SUFFIX }}-v1\"\ndatabase_id=\"${{ env.d1_id }}\"\n" >> consumer/wrangler.toml | |
| echo -e "[durable_objects]\n" >> consumer/wrangler.toml | |
| echo -e "bindings=[" >> consumer/wrangler.toml | |
| echo -e "{name=\"DO_CACHE\",class_name=\"WildebeestCache\",script_name=\"wildebeest-do\"}," >> consumer/wrangler.toml | |
| echo -e "]" >> consumer/wrangler.toml | |
| echo -e "[vars]\n" >> consumer/wrangler.toml | |
| echo -e "DOMAIN=\"${{ vars.CF_DEPLOY_DOMAIN }}\"\n" >> consumer/wrangler.toml | |
| echo -e "ADMIN_EMAIL=\"${{ vars.ADMIN_EMAIL }}\"\n" >> consumer/wrangler.toml | |
| pnpm --dir consumer install | |
| echo "******" | |
| npx wrangler deploy --config consumer/wrangler.toml | |
| - name: add Queue producer to Pages | |
| run: | | |
| curl https://api.cloudflare.com/client/v4/accounts/${{ secrets.CF_ACCOUNT_ID }}/pages/projects/wildebeest-${{ env.NAME_SUFFIX }} \ | |
| -XPATCH \ | |
| -H 'Authorization: Bearer ${{ secrets.CF_API_TOKEN }}' \ | |
| -d '{ | |
| "deployment_configs": { | |
| "production": { | |
| "queue_producers": { | |
| "QUEUE": { | |
| "name": "wildebeest-${{ env.NAME_SUFFIX }}" | |
| } | |
| } | |
| } | |
| } | |
| }' > /dev/null | |
| - name: Publish | |
| env: | |
| COMMIT_HASH: ${{ github.sha }} | |
| run: | | |
| echo "*** pre commands ***" | |
| pnpm build | |
| echo "******" | |
| npx wrangler pages deploy --project-name=wildebeest-${{ env.NAME_SUFFIX }} frontend/dist |