hackathon-kernelci/.github/workflows/deploy-production.yaml at main · profusion/hackathon-kernelci · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: Deploy production Dashboard

on:
  workflow_dispatch:
    inputs:
      tag:
        description: 'Tag to deploy'
        required: true
        default: 'main'

jobs:
  start-notification:
    runs-on: ubuntu-latest
    steps:
      - name: Discord notification
        env:
          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
        uses: Ilshidur/action-discord@master
        with:
          args: "Deploying production Dashboard with tag `${{ github.event.inputs.tag }}`"

  check-migrations:
    needs: start-notification
    runs-on: ubuntu-latest
    outputs:
      has_new_migrations: ${{ steps.check.outputs.has_new_migrations }}
      migration_list: ${{ steps.check.outputs.migration_list }}
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Check for new Django migrations
        id: check
        run: |
          # Compare against the previous tag; fall back to HEAD~1 if no tags exist
          PREV_TAG=$(git describe --abbrev=0 --tags HEAD^ 2>/dev/null || echo "")
          if [ -z "$PREV_TAG" ]; then
            echo "No previous tag found, comparing against HEAD~1"
            COMPARE_REF="HEAD~1"
          else
            echo "Comparing migrations against tag: $PREV_TAG"
            COMPARE_REF="$PREV_TAG"
          fi

          NEW_MIGRATIONS=$(git diff --name-only "$COMPARE_REF" HEAD -- '**/migrations/*.py' \
            | grep -v '__init__.py' || true)

          if [ -n "$NEW_MIGRATIONS" ]; then
            echo "has_new_migrations=true" >> $GITHUB_OUTPUT
            # Encode newlines for the output so it can be passed between jobs
            ENCODED=$(echo "$NEW_MIGRATIONS" | tr '\n' '|')
            echo "migration_list=$ENCODED" >> $GITHUB_OUTPUT
            echo "New migration files detected:"
            echo "$NEW_MIGRATIONS"
          else
            echo "has_new_migrations=false" >> $GITHUB_OUTPUT
            echo "migration_list=" >> $GITHUB_OUTPUT
            echo "No new migration files found"
          fi

  notify-new-migrations:
    needs: check-migrations
    if: needs.check-migrations.outputs.has_new_migrations == 'true'
    runs-on: ubuntu-latest
    steps:
      - name: Discord notification - new migrations detected
        env:
          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
        uses: Ilshidur/action-discord@master
        with:
          args: "New Django migrations detected in production deployment of `${{ github.event.inputs.tag }}`:\n`${{ needs.check-migrations.outputs.migration_list }}`"

  notify-no-migrations:
    needs: check-migrations
    if: needs.check-migrations.outputs.has_new_migrations == 'false'
    runs-on: ubuntu-latest
    steps:
      - name: Discord notification - no migrations detected
        env:
          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
        uses: Ilshidur/action-discord@master
        with:
          args: "No new Django migrations detected in production deployment of `${{ github.event.inputs.tag }}`"

  deploy-production:
    needs: start-notification
    runs-on: ubuntu-latest
    steps:
      - name: Configure host authenticity
        run: |
          mkdir -p ~/.ssh/ && chmod 700 ~/.ssh/
          touch ~/.ssh/known_hosts && chmod 600 ~/.ssh/known_hosts
          echo "$SSH_HOSTKEY" > ~/.ssh/known_hosts
        env:
          SSH_HOSTKEY: ${{ secrets.STAGING_HOSTKEY }}

      - name: Deploy production
        run: |
          eval $(ssh-agent -s)
          echo "$SSH_KEY" | ssh-add - >/dev/null
          ssh "${SSH_USER}@${SSH_HOST}" "
            rm -rf dashboard-production &&
            git clone --depth 1 --branch main https://github.com/kernelci/dashboard.git dashboard-production &&
            cp ~/.env-production dashboard-production/.env &&
            cd dashboard-production &&
            git checkout ${GITHUB_SHA} &&
            docker compose -f docker-compose-next.yml pull &&
            docker compose -f docker-compose-next.yml up -d
          "
        env:
          SSH_USER: ${{ secrets.STAGING_USER }}
          SSH_HOST: ${{ secrets.STAGING_HOST }}
          SSH_KEY: ${{ secrets.STAGING_KEY }}

      - name: Discord notification on success
        if: success()
        env:
          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
        uses: Ilshidur/action-discord@master
        with:
          args: "Production Dashboard deployment successful with tag `${{ github.event.inputs.tag }}`"

      - name: Discord notification on failure
        if: failure()
        env:
          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
        uses: Ilshidur/action-discord@master
        with:
          args: "Production Dashboard deployment failed with tag `${{ github.event.inputs.tag }}`"