-
-
Notifications
You must be signed in to change notification settings - Fork 22
172 lines (150 loc) · 8.16 KB
/
Copy pathdeploy-preview.yml
File metadata and controls
172 lines (150 loc) · 8.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
name: CD Azure (preview)
on:
# Uncomment for testing:
# pull_request:
pull_request_target:
types: [opened, synchronize, reopened, labeled]
workflow_dispatch:
inputs:
preview_name:
description: 'Name of the deployment environment'
type: string
required: true
permissions:
pull-requests: write
id-token: write
jobs:
preview:
name: Build & Deploy to preview
runs-on: windows-latest
env:
PREVIEW_NAME: ${{ github.event.pull_request.number || github.event.inputs.preview_name }}
# renovate: datasource=python-version depName=python
PYTHON_VERSION: '3.14'
steps:
# We could also add these checks to a job-wide if condition, to skip the workflow if its unsecure to run.
# However, Github views skipped workflows as "successful" and thus one could merge a PR without running this workflow first.
- name: Fail if unsecure
if: "github.event_name != 'workflow_dispatch' && !contains(github.event.pull_request.labels.*.name, 'status: safe to test') && github.actor != 'tobiasdiez' && github.actor != 'dependabot[bot]' && github.actor != 'renovate[bot]' && github.actor != 'copilot-swe-agent'"
run: |
echo "The workflow was triggered by ${{ github.actor }} and the PR is not labeled as 'safe to test'. For security reasons, we do not run this workflow in this case."
exit 1
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}
- name: Install pnpm
uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v4.4.0
- name: Setup Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: 24.15.0
cache: 'pnpm'
- name: Install dependencies
run: pnpm install
- name: Build
run: pnpm build:azure
env:
NUXT_SESSION_PASSWORD: ${{ secrets.AZURE_SESSION_SECRET }} # Needed for prerending
- name: Login to Azure
uses: Azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Deploy Web App
id: deploy_web
run: |
# Workaround for https://github.com/Azure/static-web-apps-cli/issues/557 and https://github.com/Azure/static-web-apps-cli/issues/565
$output = pnpm swa deploy .output\public --env $env:PREVIEW_NAME --verbose=silly 2>&1 | Out-String
Write-Host $output
$match = $output | Select-String -Pattern 'Project deployed to (?<url>.*) '
if ($match -eq $null) { exit 1 }
$url = $match.Matches[0].Groups['url'].Value
echo "url=$url" >> $env:GITHUB_OUTPUT
env:
SWA_CLI_DEPLOYMENT_TOKEN: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN_MANGO_PEBBLE_0224C3803 }}
- name: Install Python
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Create test database on Azure
id: create_db
run: |
$name = "postgres_test_$env:PREVIEW_NAME"
$pwd = az account get-access-token --resource-type oss-rdbms --output tsv --query accessToken
# az postgres flexible-server db create --server-name jabrefdb --resource-group JabRefOnline --database-name $name --charset utf8 --collation en_US.utf8
# For some reason the public schema is not created automatically or without the default permissions, so we need to do it manually
# TODO: Remove this workaround once https://github.com/Azure/azure-cli/issues/26772 is fixed
# We also need to manually install an old version of rdbms due to https://github.com/Azure/azure-cli/issues/25067
# az extension add --name rdbms-connect --version 1.0.3 --debug
# az postgres flexible-server execute --name jabrefdb -u "Github" -p "$pwd" --database-name $name -q "ALTER DATABASE $name OWNER TO azure_pg_admin; create schema public;" --output table
# az postgres flexible-server execute --name jabrefdb -u "Github" -p "$pwd" --database-name $name -q "grant usage on schema public to public; grant create on schema public to public;" --output table
# az postgres flexible-server execute --name jabrefdb -u "Github" -p "$pwd" --database-name $name -q "SELECT schema_name FROM information_schema.schemata;" --output table
# Login to the database using the Github user
$connection_string = "postgresql://Github:$pwd@$($env:DB_NAME).postgres.database.azure.com:5432/$($name)?sslmode=require"
echo "::add-mask::$connection_string"
echo "db_url=$connection_string" >> $env:GITHUB_OUTPUT
# Finally, run the migrations (this also creates the db)
$Env:NUXT_DATABASE_URL = $connection_string
pnpm prisma:migrate:reset --force
pnpm prisma:seed
env:
DB_NAME: ${{ secrets.AZURE_DATABASE_NAME }}
- name: Create & Link Function App
run: |
pip install azure-identity azure-mgmt-web azure-mgmt-storage azure-mgmt-applicationinsights azure-mgmt-redis azure-mgmt-communication
python .github\scripts\deploy.py --env $env:PREVIEW_NAME -v
env:
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
AZURE_GITHUB_REPO_TOKEN: ${{ secrets.GITHUBS_REPO_TOKEN }}
AZURE_SESSION_PASSWORD: ${{ secrets.AZURE_SESSION_SECRET }}
AZURE_DATABASE_URL: ${{ steps.create_db.outputs.db_url }}
- name: Cleanup deployment
run: |
# Nuxt/nitro creates symlinks to replicate parts of the node_modules folder
# if multiple versions of the same package are used.
# Replace symlinks with real copies so the deploy zip is self-contained
# However, Azure has problems with symlinks:
# - https://github.com/Azure/webapps-deploy/issues/54
# - https://github.com/Azure/functions-action/issues/332
# Therefore, replace all symlinks by the actual files
$links = Get-ChildItem -Path .output\server -Attributes ReparsePoint -Recurse
foreach ($link in $links)
{
$source = $link.Target;
$destination = $link.FullName;
Remove-Item $destination -Force
Copy-Item -Path $source -Destination $destination -Force -Recurse
}
- name: Deploy Function App
uses: Azure/functions-action@bc63708cc6539760eea18d8a7de4ce8ef5fdf593 # v1.5.6
with:
app-name: jabref-function-${{ env.PREVIEW_NAME }}
package: .output/server
- name: Check HTTP status
run: |
Start-Sleep -Seconds 30
curl -s -w 'Establish Connection: %{time_connect}s\nTTFB: %{time_starttransfer}s\nTotal: %{time_total}s\n' ${{ steps.deploy_web.outputs.url }} || true
curl -s -w 'Establish Connection: %{time_connect}s\nTTFB: %{time_starttransfer}s\nTotal: %{time_total}s\n' ${{ steps.deploy_web.outputs.url }}/api || true
# The api returns 400 status code for some reason
# uses: gerdemann/http-status-code@1.0.0
# with:
# url: ${{ steps.deploy_web.outputs.url }}/api
# code: 200
# timeout: 300 # initial warm up can take quite some time
# interval: 30
- name: Report URL as PR comment
if: github.event_name == 'pull_request_target'
uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
with:
message: |
Deployed ${{ github.sha }} to ${{ steps.deploy_web.outputs.url }}
- name: Run E2E tests
run: pnpm test:e2e
env:
TEST_URL: ${{ steps.deploy_web.outputs.url }}
# The tests need these tokens to run, but their actual value should not matter
NUXT_GITHUB_REPO_TOKEN: 'SIGNAL_TO_RUN_TEST'
# Re-enable when email sending in the test environment is fixed
#NUXT_EMAIL_CLIENT: 'SIGNAL_TO_RUN_TEST'