.github/workflows/ci-review.yml

name: Setup review environment

on:
  # run it during pull request
  pull_request:
    branches: [ master, stable ]

jobs:
  build-and-test:
    name: Build and Test

    # run only when code is compiling and tests are passing
    runs-on: ubuntu-latest

    outputs:
      dockerTag: ${{ steps.compute.outputs.docker_tag }}

    services:
      # Label used to access the service container
      postgres:
        # Docker Hub image
        image: postgres:11.5
        # Provide the password for postgres
        env:
          POSTGRES_DB: testdb
        # Set health checks to wait until postgres has started
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          # Maps tcp port 5432 on service container to the host
          - 5432:5432

      redis:
        image: redis
        # Set health checks to wait until redis has started
        options: >-
          --health-cmd "redis-cli ping"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          - 6379:6379

    env:
      DJANGO_SETTINGS_MODULE: app.settings
      SUPRESS_DEBUG_TOOLBAR: 1
      GITCOIN_API_USER: ${{ secrets.GITCOIN_API_USER }}
      GITHUB_API_TOKEN: ${{ secrets.GITCOIN_API_TOKEN }}
      POLYGONSCAN_API_KEY: ${{ secrets.POLYGONSCAN_API_KEY }}

    # steps to perform in job
    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Use Node.js 14
        uses: actions/setup-node@v2
        with:
          node-version: 14
          cache: "yarn"

      - name: Use Python 3.7
        uses: "actions/setup-python@v2"
        with:
          python-version: 3.7
          cache: "pip"

      - name: Setup Env
        run: |
          echo "PYTHONPATH=/home/runner/work/web/web/app" >> $GITHUB_ENV
          cp app/app/ci.env app/app/.env
          pip install pip==20.0.2 setuptools wheel --upgrade

      - name: Fetch and Install GeoIP database files
        run: |
          sudo apt-get update && sudo apt-get install -y libmaxminddb-dev libsodium-dev libsecp256k1-dev
          cp dist/*.gz ./
          gunzip GeoLite2-City.mmdb.tar.gz && gunzip GeoLite2-Country.mmdb.tar.gz
          tar -xvf GeoLite2-City.mmdb.tar && tar -xvf GeoLite2-Country.mmdb.tar
          sudo mkdir -p /opt/GeoIP/
          sudo mv GeoLite2-City_20200128/*.mmdb /opt/GeoIP/
          sudo mv GeoLite2-Country_20200128/*.mmdb /opt/GeoIP/

      - name: Install libvips, Node, and Python dependencies
        run: |
          sudo apt-get install -y libvips libvips-dev
          node --version
          yarn install
          pip install -r requirements/test.txt
          yarn run eslint
          yarn run stylelint
          (cd app; python ./manage.py collectstatic --noinput --disable-collectfast)

      - name: Run management commands
        run: |
          python app/manage.py migrate
          python app/manage.py fetch_gas_prices

      - name: Run Python and UI tests
        run: |
          pytest -p no:ethereum -p no:warnings
          bin/ci/cypress-run

      - name: Deploy to Github Pages 🚀
        uses: peaceiris/actions-gh-pages@v3
        if: github.ref == 'refs/heads/master'
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }}
          publish_dir: _build/site
          cname: docs.gitcoin.coind

      - name: Compute some values
        id: compute
        run: |
          echo "::set-output name=docker_tag::gitcoin/web:${GITHUB_SHA: -10}"

      - name: Login to Docker Hub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v1

      - name: Deploy to Docker Hub 🚀
        uses: docker/build-push-action@v2
        with:
          context: ./
          file: ./Dockerfile
          builder: ${{ steps.buildx.outputs.name }}
          push: true
          tags: ${{ steps.compute.outputs.docker_tag }}
          cache-from: type=registry,ref=${{ secrets.DOCKER_USERNAME }}/web:buildcache
          cache-to: type=registry,ref=${{ secrets.DOCKER_USERNAME }}/web:buildcache,mode=max

      - uses: actions/github-script@v6
        with:
          script: |
            console.log("Context", context)
            github.rest.issues.createComment({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: `The new docker image for has been pushed to: \`${{ steps.compute.outputs.docker_tag }}\``
            })

  deploy:
    name: Deploy
    needs: build-and-test
    environment: review
    runs-on: ubuntu-latest

    steps:

      - name: Checkout code
        uses: actions/checkout@v2

      - name: Compute some values
        id: compute
        run: |
          echo "::set-output name=pulumi_stack::gitcoin/review/review-${{ github.event.number }}"
          echo "::set-output name=review_domain::review-${{ github.event.number }}.review.gitcoin.co"

      #########################################################################
      # Provision the shared ressources for the review environment
      #########################################################################
      - name: Use Node.js
        uses: actions/setup-node@v2
        with:
          cache: "npm"
          cache-dependency-path: infra/review-env/package-lock.json

      # Install pulumi dependencies
      # Select the new pulumi stack
      - run: |
          npm install
          pulumi stack select -c gitcoin/review-env/review
          pulumi config -s gitcoin/review-env/review set aws:region us-west-2 --non-interactive
        working-directory: infra/review-env
        env:
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}

      # Run pulumi actions
      - uses: pulumi/actions@v3
        id: pulumi-env
        name: Ensure the pulumi review environment shared ressources
        with:
          command: up
          stack-name: gitcoin/review-env/review
          upsert: true
          work-dir: infra/review-env
        env:
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
          PULUMI_CONFIG_PASSPHRASE:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_REGION: ${{ secrets.AWS_REGION }}


      #########################################################################
      # Provision the PR specific ressources for the review environment
      #########################################################################
      - name: Use Node.js
        uses: actions/setup-node@v2
        with:
          cache: "npm"
          cache-dependency-path: infra/review-pr/package-lock.json

      # Install pulumi dependencies
      # Select the new pulumi stack
      - run: |
          npm install
          pulumi stack select -c ${{ steps.compute.outputs.pulumi_stack }}
          pulumi config -s ${{ steps.compute.outputs.pulumi_stack }} set aws:region us-west-2 --non-interactive
        working-directory: infra/review-pr
        env:
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}

      # Run pulumi actions
      - uses: pulumi/actions@v3
        id: pulumi
        name: Create the environment specific for this PR
        with:
          command: up
          stack-name: ${{ steps.compute.outputs.pulumi_stack }}
          upsert: true
          work-dir: infra/review-pr
        env:
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
          PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_CONFIG_PASSPHRASE }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
          DB_NAME: ${{ secrets.DB_NAME }}
          DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
          DB_USER: ${{ secrets.DB_USER }}
          DOCKER_GTC_WEB_IMAGE: ${{ needs.build-and-test.outputs.dockerTag }}
          GITHUB_API_USER: ${{ secrets.REVIEW_GITHUB_API_USER }}
          GITHUB_API_TOKEN: ${{ secrets.REVIEW_GITHUB_API_TOKEN }}
          GITHUB_APP_NAME: ${{ secrets.GTC_GITHUB_APP_NAME }}
          GITHUB_CLIENT_ID: ${{ secrets.GTC_GITHUB_CLIENT_ID }}
          GITHUB_CLIENT_SECRET: ${{ secrets.GTC_GITHUB_CLIENT_SECRET }}


          # Pass in the outputs from the generic environment, we will deploy our ressources in the VPC
          # and subnet that where created there
          REVIEW_ENV_VPC_ID: ${{ steps.pulumi-env.outputs.vpcID }}
          REVIEW_ENV_PRIVATE_SUBNET_1: ${{ steps.pulumi-env.outputs.vpcPrivateSubnetId1 }}
          REVIEW_ENV_PRIVATE_SUBNET_2: ${{ steps.pulumi-env.outputs.vpcPrivateSubnetId2 }}
          REVIEW_ENV_PUBLIC_SUBNET_1: ${{ steps.pulumi-env.outputs.vpcPublicSubnetId1 }}
          REVIEW_ENV_PUBLIC_SUBNET_2: ${{ steps.pulumi-env.outputs.vpcPublicSubnetId2 }}

          REVIEW_ENV_ROUTE53_ZONE_ID: ${{ secrets.ROUTE53_ZONE_ID }}
          REVIEW_ENV_DOMAIN: ${{ steps.compute.outputs.review_domain }}
          REVIEW_ENV_NAME: ${{ github.event.number }}


      - name: Start migration task
        run: |
          aws ecs run-task --launch-type FARGATE --task-definition ${{ steps.pulumi.outputs.taskDefinition }} --cluster ${{ steps.pulumi.outputs.clusterId }} --network-configuration "awsvpcConfiguration={subnets=[${{ steps.pulumi-env.outputs.vpcPrivateSubnetId1 }}],securityGroups=[${{ steps.pulumi.outputs.securityGroupForTaskDefinition }}],assignPublicIp=ENABLED}"
        env:
          # We need AWS_EC2_METADATA_DISABLED, because: https://github.com/actions/checkout/issues/440
          AWS_EC2_METADATA_DISABLED: true
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: us-west-2

      - name: Copy static files to bucket
        run: |
          mkdir static_files_to_deploy
          mkdir docker_bin

          cat <<EOT >> docker_bin/static_files.sh
          #!/bin/bash
          python3.7 manage.py bundle
          python3.7 manage.py collectstatic --disable-collectfast
          EOT

          docker run -v $(pwd)/static_files_to_deploy:/code/app/static -v $(pwd)/docker_bin:/code/app/bin -e DATABASE_URL=${{ steps.pulumi.outputs.rdsConnectionUrl }} -e BUNDLE_USE_CHECKSUM=${BUNDLE_USE_CHECKSUM} ${{ needs.build-and-test.outputs.dockerTag }} sh /code/app/bin/static_files.sh

          echo "Syncing to bucket: ${{ steps.pulumi.outputs.bucketName }}"
          echo "Source folder: $(pwd)/static_files_to_deploy"

          aws s3 sync $(pwd)/static_files_to_deploy s3://${{ steps.pulumi.outputs.bucketName }}/static --acl public-read --delete
        env:
          # We need AWS_EC2_METADATA_DISABLED, because: https://github.com/actions/checkout/issues/440
          AWS_EC2_METADATA_DISABLED: true
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          BUNDLE_USE_CHECKSUM: 'false'

      - uses: actions/github-script@v6
        with:
          script: |
            github.rest.issues.createComment({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: `Test your commit here: \n\
              - [${{ steps.pulumi.outputs.frontendURL }}](${{ steps.pulumi.outputs.frontendURL }}) \n\
              - [https://${{ steps.compute.outputs.review_domain }}](https://${{ steps.compute.outputs.review_domain }}) \n\
              `
            })