Skip to content

skip self signed cert in smoke test #9

skip self signed cert in smoke test

skip self signed cert in smoke test #9

Workflow file for this run

name: Production CI/CD
on:
push:
branches: ["prod"]
workflow_dispatch:
env:
REGISTRY: ghcr.io
IMAGE_NAMESPACE: ${{ github.repository_owner }}/nektokz
K8S_NAMESPACE: sumdyk
jobs:
test:
name: Test
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: "1.25.0"
cache: true
cache-dependency-path: |
go.work.sum
libs/proto/go.sum
libs/shared/go.sum
services/api-gateway/go.sum
services/chat-service/go.sum
services/matchmaking-service/go.sum
services/moderation-service/go.sum
services/notification-service/go.sum
services/user-service/go.sum
- name: Run Go tests
run: |
set -euo pipefail
for dir in \
libs/proto \
libs/shared \
services/api-gateway \
services/chat-service \
services/matchmaking-service \
services/moderation-service \
services/notification-service \
services/user-service
do
echo "Testing ${dir}"
(cd "${dir}" && go test ./...)
done
- name: Set up Node
uses: actions/setup-node@v4
with:
node-version: 22
cache: npm
cache-dependency-path: apps/web/package-lock.json
- name: Install frontend dependencies
working-directory: apps/web
run: npm ci
- name: Lint frontend
working-directory: apps/web
run: npm run lint
build:
name: Build and Push Images
runs-on: ubuntu-latest
needs: test
permissions:
contents: read
packages: write
env:
NEXT_PUBLIC_API_URL: ${{ secrets.NEXT_PUBLIC_API_URL }}
NEXT_PUBLIC_WS_URL: ${{ secrets.NEXT_PUBLIC_WS_URL }}
strategy:
fail-fast: false
matrix:
include:
- name: api-gateway
context: .
dockerfile: services/api-gateway/Dockerfile
- name: user-service
context: .
dockerfile: services/user-service/Dockerfile
- name: matchmaking-service
context: .
dockerfile: services/matchmaking-service/Dockerfile
- name: chat-service
context: .
dockerfile: services/chat-service/Dockerfile
- name: moderation-service
context: .
dockerfile: services/moderation-service/Dockerfile
- name: notification-service
context: .
dockerfile: services/notification-service/Dockerfile
- name: frontend
context: apps/web
dockerfile: apps/web/Dockerfile
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push frontend
if: matrix.name == 'frontend'
uses: docker/build-push-action@v6
with:
context: ${{ matrix.context }}
file: ${{ matrix.dockerfile }}
push: true
tags: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${{ matrix.name }}:${{ github.sha }}
${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${{ matrix.name }}:prod
build-args: |
NEXT_PUBLIC_API_URL=${{ env.NEXT_PUBLIC_API_URL }}
NEXT_PUBLIC_WS_URL=${{ env.NEXT_PUBLIC_WS_URL }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Build and push services
if: matrix.name != 'frontend'
uses: docker/build-push-action@v6
with:
context: ${{ matrix.context }}
file: ${{ matrix.dockerfile }}
push: true
tags: |
${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${{ matrix.name }}:${{ github.sha }}
${{ env.REGISTRY }}/${{ env.IMAGE_NAMESPACE }}/${{ matrix.name }}:prod
cache-from: type=gha
cache-to: type=gha,mode=max
deploy:
name: Deploy
runs-on: ubuntu-latest
needs: build
environment: production
steps:
- name: Checkout deployment assets
uses: actions/checkout@v4
- name: Upload deployment assets to the server
uses: appleboy/scp-action@v0.1.7
with:
host: ${{ secrets.SERVER_HOST }}
username: ${{ secrets.SERVER_USER }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
source: "scripts/deploy-k8s.sh,infrastructure/k8s,Makefile"
target: "/tmp/nektokz-release"
- name: Apply Kubernetes manifests on the server
uses: appleboy/ssh-action@v1.0.0
with:
host: ${{ secrets.SERVER_HOST }}
username: ${{ secrets.SERVER_USER }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
envs: IMAGE_TAG,IMAGE_NAMESPACE,REGISTRY,K8S_NAMESPACE,ALLOWED_ORIGINS,JWT_SECRET,INTERNAL_TOKEN,USER_DB_URL,CHAT_DB_URL,MODERATION_DB_URL,REDIS_URL,GHCR_USERNAME,GHCR_TOKEN
script: |
set -euo pipefail
cd /tmp/nektokz-release
chmod +x scripts/deploy-k8s.sh
make deploy
env:
IMAGE_TAG: ${{ github.sha }}
IMAGE_NAMESPACE: ${{ env.IMAGE_NAMESPACE }}
REGISTRY: ${{ env.REGISTRY }}
K8S_NAMESPACE: ${{ env.K8S_NAMESPACE }}
ALLOWED_ORIGINS: ${{ secrets.ALLOWED_ORIGINS }}
JWT_SECRET: ${{ secrets.JWT_SECRET }}
INTERNAL_TOKEN: ${{ secrets.INTERNAL_TOKEN }}
USER_DB_URL: ${{ secrets.USER_DB_URL }}
CHAT_DB_URL: ${{ secrets.CHAT_DB_URL }}
MODERATION_DB_URL: ${{ secrets.MODERATION_DB_URL }}
REDIS_URL: ${{ secrets.REDIS_URL }}
GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
smoke:
name: Smoke Test
runs-on: ubuntu-latest
needs: deploy
steps:
- name: Check API health
env:
BASE_URL: ${{ secrets.BASE_URL }}
run: |
set -euo pipefail
test -n "$BASE_URL"
curl -kfsS "$BASE_URL/api/v1/health" >/dev/null
- name: Check frontend
env:
FRONTEND_URL: ${{ secrets.FRONTEND_URL }}
run: |
set -euo pipefail
test -n "$FRONTEND_URL"
curl -kfsS "$FRONTEND_URL" >/dev/null