Update @hotosm/hanko-auth to 0.5.2 #276
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Development | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_PREFIX: ${{ github.repository }} | |
| jobs: | |
| test: | |
| name: Run Tests | |
| runs-on: ubuntu-latest | |
| environment: Development | |
| services: | |
| postgres: | |
| image: postgis/postgis:16-3.4 | |
| env: | |
| POSTGRES_USER: test | |
| POSTGRES_PASSWORD: test | |
| POSTGRES_DB: test | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| - 5432:5432 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12' | |
| - name: Install uv | |
| uses: astral-sh/setup-uv@v4 | |
| - name: Install backend dependencies (with hotosm-auth from monorepo) | |
| working-directory: ./backend | |
| run: | | |
| # Install dependencies (hotosm-auth from hotosm/login repo) | |
| uv sync --all-extras | |
| - name: Run backend tests | |
| working-directory: ./backend | |
| env: | |
| DATABASE_URL: postgresql+asyncpg://test:test@localhost:5432/test | |
| COOKIE_SECRET: ${{ secrets.COOKIE_SECRET }} | |
| run: uv run pytest | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: latest | |
| - name: Install frontend dependencies | |
| working-directory: ./frontend | |
| run: pnpm install --frozen-lockfile | |
| - name: Run frontend tests | |
| working-directory: ./frontend | |
| run: pnpm test | |
| - name: Build frontend | |
| working-directory: ./frontend | |
| run: pnpm build | |
| deploy: | |
| name: Deploy to Development Server | |
| runs-on: ubuntu-latest | |
| needs: test | |
| environment: Development | |
| if: github.ref == 'refs/heads/develop' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup SSH | |
| uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.EC2_SSH_KEY }} | |
| - name: Add EC2 host to known hosts | |
| env: | |
| EC2_HOST: ${{ secrets.EC2_HOST }} | |
| run: | | |
| mkdir -p ~/.ssh | |
| ssh-keyscan -H $EC2_HOST >> ~/.ssh/known_hosts | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push Docker images | |
| run: | | |
| # Build and push backend image (use root context for monorepo access) | |
| docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:latest \ | |
| -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:${{ github.sha }} \ | |
| --target production \ | |
| -f backend/Dockerfile \ | |
| . | |
| docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:latest | |
| docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:${{ github.sha }} | |
| # Build and push frontend image | |
| docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:latest \ | |
| -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:${{ github.sha }} \ | |
| --target production \ | |
| --build-arg VITE_HANKO_URL=https://dev.login.hotosm.org \ | |
| --build-arg VITE_DRONE_TM_URL=https://testlogin.dronetm.hotosm.org \ | |
| --build-arg BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ) \ | |
| --no-cache \ | |
| --pull \ | |
| ./frontend | |
| docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:latest | |
| docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:${{ github.sha }} | |
| - name: Deploy to EC2 | |
| env: | |
| EC2_HOST: ${{ secrets.EC2_HOST }} | |
| EC2_USER: ${{ secrets.EC2_USER }} | |
| COOKIE_SECRET: ${{ secrets.COOKIE_SECRET }} | |
| OSM_CLIENT_ID: ${{ secrets.OSM_CLIENT_ID }} | |
| OSM_CLIENT_SECRET: ${{ secrets.OSM_CLIENT_SECRET }} | |
| OSM_REDIRECT_URI: ${{ secrets.OSM_REDIRECT_URI }} | |
| ADMIN_EMAILS: ${{ secrets.ADMIN_EMAILS }} | |
| POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }} | |
| run: | | |
| # Deploy via SSH (using ssh-agent from webfactory/ssh-agent action) | |
| ssh $EC2_USER@$EC2_HOST << 'EOF' | |
| set -e | |
| # Navigate to application directory | |
| cd /opt/portal-test || exit 1 | |
| # Pull latest changes (reset to avoid divergent branches) | |
| git fetch origin develop | |
| git reset --hard origin/develop | |
| # Create/update .env file with secrets | |
| cat > .env << 'ENVEOF' | |
| POSTGRES_USER=portal | |
| POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} | |
| POSTGRES_DB=portal | |
| COOKIE_SECRET=${{ secrets.COOKIE_SECRET }} | |
| OSM_CLIENT_ID=${{ secrets.OSM_CLIENT_ID }} | |
| OSM_CLIENT_SECRET=${{ secrets.OSM_CLIENT_SECRET }} | |
| ADMIN_EMAILS=${{ secrets.ADMIN_EMAILS }} | |
| ENVEOF | |
| echo "✓ Updated .env" | |
| # Login to GitHub Container Registry | |
| echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| # Pull and restart services using compose.test.yaml | |
| docker compose -f compose.test.yaml pull | |
| docker compose -f compose.test.yaml up -d --force-recreate | |
| # Clean up old images | |
| docker image prune -af | |
| echo "✓ Deployment completed successfully" | |
| EOF | |
| # - name: Verify deployment | |
| # env: | |
| # EC2_HOST: ${{ secrets.EC2_HOST }} | |
| # run: | | |
| # sleep 30 | |
| # curl -f http://$EC2_HOST:8000/health || exit 1 | |
| # echo "✓ Backend health check passed" | |
| - name: Notify deployment status | |
| if: always() | |
| run: | | |
| if [ ${{ job.status }} == 'success' ]; then | |
| echo "✓ Deployment to testing environment successful" | |
| echo "Note: Manual verification required (health check disabled)" | |
| else | |
| echo "✗ Deployment failed" | |
| exit 1 | |
| fi |