New CI/CD

crmne · Dec 20, 2024 · caff0dd · caff0dd
1 parent 0e4fc86
commit caff0dd
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 46 deletions.
diff --git a/.github/workflows/ci.yml → .github/workflows/ci-cd.yml b/.github/workflows/ci.yml → .github/workflows/ci-cd.yml
@@ -1,58 +1,32 @@
-name: CI
-
+name: CI/CD
 on:
   pull_request:
   push:
     branches: [ main ]
-
 jobs:
   scan_ruby:
     runs-on: ubuntu-latest
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: .ruby-version
           bundler-cache: true
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-          cache: 'npm'
-
-      - name: Install Node.js dependencies
-        run: npm install
-
       - name: Scan for common Rails security vulnerabilities using static analysis
         run: bin/brakeman --no-pager
 
   scan_js:
     runs-on: ubuntu-latest
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: .ruby-version
           bundler-cache: true
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-          cache: 'npm'
-
-      - name: Install Node.js dependencies
-        run: npm install
-
       - name: Scan for security vulnerabilities in JavaScript dependencies
         run: bin/importmap audit
 
@@ -61,22 +35,19 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: .ruby-version
           bundler-cache: true
-
       - name: Lint code for consistent style
         run: bin/rubocop -f github
 
   test:
     runs-on: ubuntu-latest
-
     services:
       postgres:
-        image: postgres
+        image: postgres:16
         env:
           POSTGRES_USER: postgres
           POSTGRES_PASSWORD: postgres
@@ -87,41 +58,55 @@ jobs:
     steps:
       - name: Install packages
         run: sudo apt-get update && sudo apt-get install --no-install-recommends -y google-chrome-stable curl libjemalloc2 libvips postgresql-client
-
       - name: Checkout code
         uses: actions/checkout@v4
-
       - name: Set up Ruby
         uses: ruby/setup-ruby@v1
         with:
           ruby-version: .ruby-version
           bundler-cache: true
-
       - name: Set up Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: '23'
           cache: 'npm'
-
       - name: Install Node.js dependencies
         run: npm install
-
-      - name: Build Tailwind CSS
-        run: bin/rails tailwindcss:build
-
       - name: Run tests
         env:
           RAILS_ENV: test
           DATABASE_URL: postgres://postgres:postgres@localhost:5432
-        run: |
-          bin/rails db:test:prepare
-          bin/rails test
-          bin/rails test:system
-
+        run: bin/rails db:test:prepare test test:system
       - name: Keep screenshots from failed system tests
         uses: actions/upload-artifact@v4
         if: failure()
         with:
           name: screenshots
           path: ${{ github.workspace }}/tmp/screenshots
           if-no-files-found: ignore
+
+  deploy:
+    runs-on: ubuntu-latest
+    needs: [ scan_ruby, scan_js, lint, test ]
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: .ruby-version
+          bundler-cache: true
+      - name: Install SSH key
+        uses: shimataro/ssh-key-action@v2
+        with:
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
+          known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }}
+      - name: Deploy with Kamal
+        env:
+          RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
+          POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
+          KAMAL_REGISTRY_PASSWORD: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}
+        run: |
+          bundle exec kamal deploy
diff --git a/bin/set_github_secrets.rb b/bin/set_github_secrets.rb
@@ -0,0 +1,39 @@
+#!/usr/bin/env ruby
+
+require 'dotenv'
+require 'open3'
+
+# Load .env but don't pollute ENV
+env_file = Dotenv.parse('.env')
+
+def execute_command(cmd)
+  stdout, status = Open3.capture2(cmd)
+  stdout.strip if status.success?
+end
+
+puts "Setting GitHub secrets..."
+
+env_file.each do |key, value|
+  next if value.nil? || value.empty?
+
+  if value.start_with?('$(') && value.end_with?(')')
+    # Extract and execute command between $()
+    cmd = value[2..-2]  # Remove $( and )
+    actual_value = execute_command(cmd)
+  else
+    actual_value = value
+  end
+
+  next if actual_value.nil? || actual_value.empty?
+
+  command = "gh secret set #{key} --body '#{actual_value}'"
+  system(command, out: File::NULL)
+
+  if $?.success?
+    puts "✓ Successfully set #{key}"
+  else
+    puts "✗ Failed to set #{key}"
+  end
+end
+
+puts "\nDone!"
diff --git a/config/deploy.yml b/config/deploy.yml
@@ -8,7 +8,9 @@ servers:
 
 proxy:
   ssl: true
-  host: clusterheadachetracker.com
+  hosts:
+    - clusterheadachetracker.com
+    - www.clusterheadachetracker.com
 
 registry:
   username: crmne