add omise helper to mock api key for test env #48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI CD | |
| on: | |
| pull_request: | |
| push: | |
| branches: [ main ] | |
| tags: [ 'v*' ] | |
| release: | |
| types: [ published ] | |
| jobs: | |
| scan_ruby: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: .ruby-version | |
| bundler-cache: true | |
| - name: Scan for common Rails security vulnerabilities using static analysis | |
| run: bin/brakeman --no-pager | |
| scan_js: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install packages | |
| run: sudo apt-get update && sudo apt-get install poppler-utils imagemagick | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: .ruby-version | |
| bundler-cache: true | |
| - name: Scan for security vulnerabilities in JavaScript dependencies | |
| run: bin/importmap audit | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: .ruby-version | |
| bundler-cache: true | |
| - name: Lint code for consistent style | |
| run: bin/rubocop -f github | |
| test: | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:17.2-alpine | |
| ports: | |
| - 5432:5432 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: dailynews_test | |
| steps: | |
| - name: Install packages | |
| run: sudo apt-get update && sudo apt-get install --no-install-recommends -y build-essential git poppler-utils imagemagick libyaml-dev pkg-config google-chrome-stable chromium-chromedriver | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: .ruby-version | |
| bundler-cache: true | |
| - name: Run tests | |
| env: | |
| RAILS_ENV: test | |
| DATABASE_URL: postgresql://postgres:postgres@localhost:5432/dailynews_test | |
| HEADLESS: true | |
| run: | | |
| bin/rails db:test:prepare | |
| bundle exec rspec --exclude-pattern spec/system --out test-results/rspec.xml | |
| - name: Upload test results | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: test-results | |
| path: test-results/ | |
| - name: Keep screenshots from failed system tests | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: screenshots | |
| path: ${{ github.workspace }}/tmp/screenshots | |
| if-no-files-found: ignore | |
| build_and_push_docker_image: | |
| runs-on: ubuntu-latest | |
| needs: [test, lint, scan_ruby, scan_js] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract Docker metadata (tags, labels) | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=raw,value=production,enable=${{ github.event_name == 'release' || startsWith(github.ref, 'refs/tags/v') }} | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=sha | |
| - name: Build and push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| no-cache: true | |
| deploy_uat: | |
| runs-on: ubuntu-latest | |
| needs: build_and_push_docker_image | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Copy docker-compose.yml to server | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.SERVER_HOST }} | |
| username: ${{ secrets.SERVER_USER }} | |
| key: ${{ secrets.SERVER_SSH_KEY }} | |
| source: "docker-compose.yml,nginx.conf" | |
| target: "/root" | |
| - name: Deploy to server (UAT) | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.SERVER_HOST }} | |
| username: ${{ secrets.SERVER_USER }} | |
| key: ${{ secrets.SERVER_SSH_KEY }} | |
| script: | | |
| cd /root | |
| docker compose -f docker-compose.yml pull | |
| docker compose -f docker-compose.yml up -d | |
| # Clean up old images from ghcr.io registry (keep only the latest) | |
| docker images 'ghcr.io/oddsteam/dailynews-e-newspaper' --format '{{.ID}} {{.Tag}}' | grep -v 'latest' | grep -v 'production' | awk '{print $1}' | xargs -r docker rmi -f || true | |
| - name: Health check | |
| run: | | |
| echo "Waiting for services to start..." | |
| sleep 15 | |
| echo "Checking application health..." | |
| for i in {1..5}; do | |
| if curl -f -s http://${{ secrets.SERVER_HOST }}/e-newspaper/up > /dev/null; then | |
| echo "✓ Health check passed!" | |
| exit 0 | |
| fi | |
| echo "Attempt $i failed, retrying in 10 seconds..." | |
| sleep 10 | |
| done | |
| echo "✗ Health check failed after 5 attempts" | |
| exit 1 | |
| # deploy_production: | |
| # runs-on: ubuntu-latest | |
| # needs: build_and_push_docker_image | |
| # if: startsWith(github.ref, 'refs/tags/v') || github.event_name == 'release' | |
| # steps: | |
| # - name: Checkout code | |
| # uses: actions/checkout@v4 | |
| # - name: Copy docker-compose.prod.yml to server | |
| # uses: appleboy/[email protected] | |
| # with: | |
| # host: ${{ secrets.SERVER_PRODUCTION_HOST }} | |
| # username: ${{ secrets.SERVER_PRODUCTION_USER }} | |
| # key: ${{ secrets.SERVER_PRODUCTION_SSH_KEY }} | |
| # source: "docker-compose.prod.yml,nginx.conf" | |
| # target: "/home/${{ secrets.SERVER_PRODUCTION_USER }}" | |
| # - name: Deploy to server (Production) | |
| # uses: appleboy/[email protected] | |
| # with: | |
| # host: ${{ secrets.SERVER_PRODUCTION_HOST }} | |
| # username: ${{ secrets.SERVER_PRODUCTION_USER }} | |
| # key: ${{ secrets.SERVER_PRODUCTION_SSH_KEY }} | |
| # script: | | |
| # cd /home/${{ secrets.SERVER_PRODUCTION_USER }} | |
| # docker compose -f docker-compose.prod.yml pull | |
| # docker compose -f docker-compose.prod.yml up -d | |
| # # Clean up old images from ghcr.io registry (keep only the latest and production) | |
| # docker images 'ghcr.io/oddsteam/dailynews-e-newspaper' --format '{{.ID}} {{.Tag}}' | grep -v 'latest' | grep -v 'production' | awk '{print $1}' | xargs -r docker rmi -f || true | |
| # - name: Health check | |
| # run: | | |
| # echo "Waiting for services to start..." | |
| # sleep 15 | |
| # echo "Checking application health..." | |
| # for i in {1..5}; do | |
| # if curl -f -s http://${{ secrets.SERVER_PRODUCTION_HOST }}/e-newspaper/up > /dev/null; then | |
| # echo "✓ Health check passed!" | |
| # exit 0 | |
| # fi | |
| # echo "Attempt $i failed, retrying in 10 seconds..." | |
| # sleep 10 | |
| # done | |
| # echo "✗ Health check failed after 5 attempts" | |
| # exit 1 | |