Build and Deploy to Prod #31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will perform the following actions when the code is pushed to production branch: | |
| # - Run test using Playwright | |
| # - Build the latest docker image in production which needs test to pass first. | |
| # | |
| # Maintainers: | |
| # - name: Nisha Sharma | |
| # - email: nisha.sharma@uni-jena.de | |
| name: Build and Deploy to Prod | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| confirm: | |
| description: "Type 'DEPLOY' to confirm production deployment" | |
| required: true | |
| type: string | |
| env: | |
| DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} | |
| REPOSITORY_NAME: nodejs-microservice | |
| REPOSITORY_NAMESPACE: nfdi4chem | |
| jobs: | |
| guard: | |
| name: Access control and confirmation | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Validate actor and confirmation | |
| shell: bash | |
| run: | | |
| echo "Actor: ${GITHUB_ACTOR}" | |
| # Require explicit confirmation to avoid accidental triggers | |
| if [[ "${{ github.event.inputs.confirm }}" != "DEPLOY" ]]; then | |
| echo "Confirmation token mismatch. Expected 'DEPLOY'." | |
| exit 1 | |
| fi | |
| # Allowed users who can trigger production deploys | |
| # Add more GitHub usernames separated by spaces | |
| ALLOWED_USERS=" hamed-musallam vcnainala NishaSharma14 " | |
| # Case-insensitive membership check | |
| ALLOWED_USERS_LOWER=" ${ALLOWED_USERS,,} " | |
| ACTOR_LOWER="${GITHUB_ACTOR,,}" | |
| if [[ "${ALLOWED_USERS_LOWER}" != *" ${ACTOR_LOWER} "* ]]; then | |
| echo "User '${GITHUB_ACTOR}' is not authorized to trigger this workflow." | |
| exit 1 | |
| fi | |
| echo "Authorization check passed." | |
| e2etest: | |
| needs: guard | |
| if: ${{ needs.guard.result == 'success' }} | |
| uses: NFDI4Chem/nmrxiv-nodejs-microservice/.github/workflows/e2e.yml@development | |
| setup-build-publish-deploy-prod: | |
| name: Deploy to prod | |
| runs-on: ubuntu-latest | |
| needs: [guard, e2etest] | |
| if: ${{ needs.guard.result == 'success' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # Fetch latest GitHub release | |
| - name: Fetch latest release | |
| id: fetch-latest-release | |
| uses: InsonusK/get-latest-release@v1.1.0 | |
| with: | |
| myToken: ${{ github.token }} | |
| exclude_types: "draft" | |
| view_top: 10 | |
| # Configure docker to use the gcloud command-line tool as a credential helper | |
| - name: Configure docker | |
| run: |- | |
| gcloud auth configure-docker europe-west3-docker.pkg.dev | |
| # Login to Docker Hub | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a | |
| with: | |
| username: ${{ env.DOCKER_HUB_USERNAME }} | |
| password: ${{ env.DOCKER_HUB_PASSWORD }} | |
| # Build and push image to Docker Hub | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| build-args: | | |
| RELEASE_VERSION=${{ steps.fetch-latest-release.outputs.tag_name }} | |
| tags: | | |
| ${{ env.REPOSITORY_NAMESPACE }}/${{ env.REPOSITORY_NAME }}:${{ steps.fetch-latest-release.outputs.tag_name }} | |
| ${{ env.REPOSITORY_NAMESPACE }}/${{ env.REPOSITORY_NAME }}:latest |