update relative url root #26
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI CD | |
| on: | |
| pull_request: | |
| push: | |
| branches: [ main ] | |
| jobs: | |
| scan_ruby: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: .ruby-version | |
| bundler-cache: true | |
| - name: Scan for common Rails security vulnerabilities using static analysis | |
| run: bin/brakeman --no-pager | |
| scan_js: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install packages | |
| run: sudo apt-get update && sudo apt-get install poppler-utils imagemagick | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: .ruby-version | |
| bundler-cache: true | |
| - name: Scan for security vulnerabilities in JavaScript dependencies | |
| run: bin/importmap audit | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: .ruby-version | |
| bundler-cache: true | |
| - name: Lint code for consistent style | |
| run: bin/rubocop -f github | |
| test: | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:17.2-alpine | |
| ports: | |
| - 5432:5432 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: dailynews_test | |
| steps: | |
| - name: Install packages | |
| run: sudo apt-get update && sudo apt-get install --no-install-recommends -y build-essential git poppler-utils imagemagick libyaml-dev pkg-config google-chrome-stable chromium-chromedriver | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: .ruby-version | |
| bundler-cache: true | |
| - name: Run tests | |
| env: | |
| RAILS_ENV: test | |
| DATABASE_URL: postgresql://postgres:postgres@localhost:5432/dailynews_test | |
| HEADLESS: true | |
| run: | | |
| bin/rails db:test:prepare | |
| bundle exec rspec --exclude-pattern spec/system --out test-results/rspec.xml | |
| - name: Upload test results | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: test-results | |
| path: test-results/ | |
| - name: Keep screenshots from failed system tests | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: screenshots | |
| path: ${{ github.workspace }}/tmp/screenshots | |
| if-no-files-found: ignore | |
| build_and_push_docker_image: | |
| runs-on: ubuntu-latest | |
| needs: [test, lint, scan_ruby, scan_js] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract Docker metadata (tags, labels) | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=sha | |
| - name: Build and push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| no-cache: true | |
| deploy: | |
| runs-on: ubuntu-latest | |
| needs: build_and_push_docker_image | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Copy docker-compose.yml to server | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.SERVER_HOST }} | |
| username: ${{ secrets.SERVER_USER }} | |
| key: ${{ secrets.SERVER_SSH_KEY }} | |
| source: "docker-compose.yml,nginx.conf" | |
| target: "/root" | |
| - name: Deploy to server | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.SERVER_HOST }} | |
| username: ${{ secrets.SERVER_USER }} | |
| key: ${{ secrets.SERVER_SSH_KEY }} | |
| script: | | |
| cd /root | |
| docker compose pull | |
| docker compose up -d | |
| # Clean up old images from ghcr.io registry (keep only the latest) | |
| docker images 'ghcr.io/oddsteam/dailynews-e-newspaper' --format '{{.ID}} {{.Tag}}' | grep -v 'latest' | awk '{print $1}' | xargs -r docker rmi -f || true | |
| - name: Health check | |
| run: | | |
| echo "Waiting for services to start..." | |
| sleep 15 | |
| echo "Checking application health..." | |
| for i in {1..5}; do | |
| if curl -f -s http://${{ secrets.SERVER_HOST }}/e-newspaper/up > /dev/null; then | |
| echo "✓ Health check passed!" | |
| exit 0 | |
| fi | |
| echo "Attempt $i failed, retrying in 10 seconds..." | |
| sleep 10 | |
| done | |
| echo "✗ Health check failed after 5 attempts" | |
| exit 1 | |