name: CI-GCP on: pull_request: push: branches: - master - develop - cppal-dev env: DOCKER_BUILDKIT: "1" DOCKER_IMAGE: "us-central1-docker.pkg.dev/boostorg-project1/website/website" DOCKER_REGISTRY: "us-central1-docker.pkg.dev" PROJECT_ID: boostorg-project1 GKE_CLUSTER: boostorg-cluster1 GKE_REGION: us-central1 GKE_ZONE: us-central1-c DEPLOYMENT_NAME: boost # more environment variables are set in the build step jobs: test: runs-on: ubuntu-latest services: postgres: image: postgres:16 env: POSTGRES_USER: postgres POSTGRES_PASSWORD: postgres POSTGRES_DB: postgres ports: ["5432:5432"] # options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 redis: image: redis ports: - 6379:6379 steps: - name: Git - Get Sources uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Python 3.13 uses: actions/setup-python@v5 with: python-version: 3.13 - uses: actions/cache@v4 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/base.txt') }} restore-keys: | ${{ runner.os }}-pip- ${{ runner.os }}- - name: Install dependencies run: | python -m pip install --upgrade uv uv pip install -r requirements.txt --system sudo apt-get install -y ruby ruby-dev build-essential sudo gem install asciidoctor if: steps.cache.outputs.cache-hit != 'true' - name: Test with pytest env: DATABASE_URL: "postgres://postgres:postgres@localhost:${{ job.services.postgres.ports[5432] }}/postgres" HYPERKITTY_DATABASE_URL: "postgres://postgres:postgres@localhost:${{ job.services.postgres.ports[5432] }}/lists_production_web" SECRET_KEY: "for-testing-only" REDIS_HOST: "localhost" CI: "true" OPENROUTER_API_KEY: ${{ secrets.OPENROUTER_API_KEY }} run: | python -m pytest - name: Lints with pre-commit run: | pre-commit run -a build: needs: [test] name: Build and Publish Docker image runs-on: ubuntu-latest if: ( github.repository == 'boostorg/website-v2' && github.event_name == 'push' && ( github.ref == 'refs/heads/master' || github.ref == 'refs/heads/develop' )) || ( github.repository == 'cppalliance/website-v2-qa' && github.event_name == 'push' && github.ref == 'refs/heads/cppal-dev' ) steps: - name: Set environment for branches run: | if [[ $GITHUB_REF == 'refs/heads/master' ]]; then echo "K8S_NAMESPACE=production" >> "$GITHUB_ENV" echo "HELM_RELEASE_NAME=boost-production" >> "$GITHUB_ENV" echo "FASTLY_SERVICE_ID_1=${{ secrets.FASTLY_SERVICE_ID_PRODUCTION_1 }}" >> "$GITHUB_ENV" echo "FASTLY_SERVICE_ID_2=${{ secrets.FASTLY_SERVICE_ID_PRODUCTION_2 }}" >> "$GITHUB_ENV" elif [[ $GITHUB_REF == 'refs/heads/develop' ]]; then echo "K8S_NAMESPACE=stage" >> "$GITHUB_ENV" echo "HELM_RELEASE_NAME=boost-stage" >> "$GITHUB_ENV" echo "FASTLY_SERVICE_ID_1=${{ secrets.FASTLY_SERVICE_ID_STAGE_1 }}" >> "$GITHUB_ENV" echo "FASTLY_SERVICE_ID_2=${{ secrets.FASTLY_SERVICE_ID_STAGE_2 }}" >> "$GITHUB_ENV" elif [[ $GITHUB_REF == 'refs/heads/cppal-dev' ]]; then # cppal-dev is a test branch in another fork. Doesn't need to be created in the main repo. echo "K8S_NAMESPACE=cppal-dev" >> "$GITHUB_ENV" echo "HELM_RELEASE_NAME=boost-cppal-dev" >> "$GITHUB_ENV" echo "FASTLY_SERVICE_ID_1=${{ secrets.FASTLY_SERVICE_ID_CPPAL_DEV_1 }}" >> "$GITHUB_ENV" echo "FASTLY_SERVICE_ID_2=${{ secrets.FASTLY_SERVICE_ID_CPPAL_DEV_2 }}" >> "$GITHUB_ENV" fi - name: Determine boost latest release shell: bash run: | set -o pipefail BOOST_REPOSITORY=https://github.com/boostorg/boost BOOST_LATEST_RELEASE="master" # https://stackoverflow.com/questions/10649814/get-last-git-tag-from-a-remote-repo-without-cloning if multiple_tags=$(git -c 'versionsort.suffix=-' ls-remote --tags --sort='-v:refname' $BOOST_REPOSITORY | cut --delimiter='/' --fields=3 ); then for item in ${multiple_tags}; do if [[ ${item} =~ boost ]] && [[ ! ${item} =~ beta ]] && [[ ! ${item} =~ rc ]]; then BOOST_LATEST_RELEASE=${item} break fi done fi echo "Discovered BOOST_LATEST_RELEASE is ${BOOST_LATEST_RELEASE}" echo "BOOST_LATEST_RELEASE=${BOOST_LATEST_RELEASE}" >> "$GITHUB_ENV" - name: Git - Get Sources uses: actions/checkout@v4 with: fetch-depth: 0 - name: Fetch Git Tags run: | git fetch --depth=1 origin +refs/tags/*:refs/tags/* || true - name: Set up Python 3.13 uses: actions/setup-python@v5 with: python-version: 3.13 - name: Install Python dependencies run: | python -m pip install --upgrade pip python -m pip install vinnie # # To avoid conflicting with the develop branch version tags, # use SHORT_SHA instead. # # - name: Bump and Tag our version # run: | # git config --local user.email "action@github.com" # git config --local user.name "GitHub Action" # vinnie patch # export VINNIE_VERSION=`vinnie version` # git push --tags - name: Set short git commit SHA run: | echo "SHORT_SHA=$(git rev-parse --short ${{ github.sha }})" >> $GITHUB_ENV - name: Display SHORT_SHA tag run: echo $SHORT_SHA env: SHORT_SHA: ${{ env.SHORT_SHA }} - name: Login to Container Registry uses: docker/login-action@v2 with: registry: ${{ env.DOCKER_REGISTRY }} username: ${{ secrets.GKE_DOCKER_REGISTRY_USERNAME }} password: ${{ secrets.GKE_DOCKER_REGISTRY_PASSWORD }} - name: Build Docker image run: | # TAG=`vinnie version` TAG=${{ env.SHORT_SHA }} docker build --file ./docker/Dockerfile \ --build-arg TAG=${TAG} \ --cache-from=${DOCKER_IMAGE}:latest \ --tag ${DOCKER_IMAGE} . - name: Docker - Tag and Push run: | # TAG=`vinnie version` TAG=${{ env.SHORT_SHA }} docker tag ${DOCKER_IMAGE} ${DOCKER_IMAGE}:latest docker tag ${DOCKER_IMAGE} ${DOCKER_IMAGE}:${TAG} docker push ${DOCKER_IMAGE}:latest docker push ${DOCKER_IMAGE}:${TAG} - name: Deploy to cluster - google auth id: 'auth' uses: 'google-github-actions/auth@v1' with: credentials_json: '${{ secrets.GKE_SA_KEY }}' - name: Deploy to cluster - get credentials id: 'get-credentials' uses: 'google-github-actions/get-gke-credentials@v1' with: cluster_name: ${{ env.GKE_CLUSTER }} location: ${{ env.GKE_REGION }} - name: Deploy to cluster - helm run: |- set -xe TAG=${{ env.SHORT_SHA }} cd kube/boost helm upgrade --install --create-namespace -n ${{ env.K8S_NAMESPACE }} -f values-${{ env.K8S_NAMESPACE }}-gke.yaml --timeout=3600s --set=Image=${DOCKER_IMAGE} --set-string boostLatestRelease=${{ env.BOOST_LATEST_RELEASE }} --set-string ImageTag="${TAG}" ${{ env.HELM_RELEASE_NAME }} . kubectl rollout status deployment/$DEPLOYMENT_NAME -n ${{ env.K8S_NAMESPACE }} kubectl get services -o wide -n ${{ env.K8S_NAMESPACE }} - name: Purge CDN cache run: | set -xe # Clears files selected by the Surrogate Key "deployment", which can be adjusted in the VCL. if [ -n "${{ env.FASTLY_SERVICE_ID_1 }}" ]; then curl -X POST -H 'Fastly-Soft-Purge:1' -H "Fastly-Key: ${{ secrets.FASTLY_TOKEN }}" -H 'Accept: application/json' https://api.fastly.com/service/${{ env.FASTLY_SERVICE_ID_1 }}/purge/deployment fi if [ -n "${{ env.FASTLY_SERVICE_ID_2 }}" ]; then curl -X POST -H 'Fastly-Soft-Purge:1' -H "Fastly-Key: ${{ secrets.FASTLY_TOKEN }}" -H 'Accept: application/json' https://api.fastly.com/service/${{ env.FASTLY_SERVICE_ID_2 }}/purge/deployment fi