Filter access token check by expiry #630
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: push | |
| jobs: | |
| build-module: | |
| name: Build & test npm module | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: module | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 24 | |
| - run: npm install | |
| # Just check the code compiles | |
| - run: npm run build | |
| build-api: | |
| name: Build & test API | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: api | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 24 | |
| - run: npm ci | |
| - run: npm test | |
| build-dashboard: | |
| name: Build & test dashboard | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: 24 | |
| - name: Dashboard NPM CI | |
| run: npm ci | |
| working-directory: ui | |
| - run: npm run build:ui | |
| env: | |
| ACCOUNTS_API: '/api' # UI always uses the matching-origin API | |
| VERSION: ${{ github.sha }} | |
| NODE_ENV: production | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: dashboard-dist | |
| path: dist/* | |
| if-no-files-found: error | |
| build-completed: | |
| name: Build completed | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-module | |
| - build-api | |
| - build-dashboard | |
| steps: | |
| - run: echo 'Build completed' | |
| deploy-api: | |
| name: Deploy API to production | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| environment: production | |
| needs: build-completed | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write # Required to publish containers to GHCR | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| images: | | |
| ghcr.io/httptoolkit/accounts-api | |
| tags: | | |
| type=raw,value=prod,enable={{is_default_branch}} | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=sha | |
| - name: Build & publish API image to registry | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: api/ | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| build-args: VERSION=${{ github.sha }} | |
| - name: Configure Kubectl | |
| run: | | |
| kubectl config set-cluster scw-cluster \ | |
| --server="${{ vars.K8S_SERVER_ADDRESS }}" \ | |
| --certificate-authority=<(echo "${{ vars.K8S_CA_CERT }}" | base64 -d) \ | |
| --embed-certs=true | |
| kubectl config set-credentials deployer --token="${{ secrets.K8S_DEPLOY_TOKEN }}" | |
| kubectl config set-context default --cluster=scw-cluster --user=deployer | |
| kubectl config use-context default | |
| - name: Deploy to Kubernetes | |
| run: | | |
| sed "s|/accounts-api:latest|/accounts-api:sha-${GITHUB_SHA::7}|g" api/deploy/deployment.yaml | \ | |
| kubectl apply -f - \ | |
| -f api/deploy/service.yaml \ | |
| -f api/deploy/routes.yaml | |
| kubectl rollout status deployment/accounts-api -n accounts-api | |
| deploy-dashboard: | |
| name: Deploy Dashboard to production | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' | |
| environment: production | |
| needs: build-completed | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: dashboard-dist | |
| path: dashboard-dist | |
| - name: Publish to Bunny.net FTP | |
| uses: SamKirkland/[email protected] | |
| with: | |
| local-dir: ./dashboard-dist/ | |
| server-dir: /${{ vars.FTP_USERNAME }}/ | |
| protocol: ftps | |
| log-level: verbose | |
| server: ${{ vars.FTP_HOSTNAME }} | |
| username: ${{ vars.FTP_USERNAME }} | |
| password: ${{ secrets.FTP_PASSWORD }} | |
| timeout: 60000 | |
| post-deploy: | |
| name: Update CDN after deploy | |
| environment: production | |
| needs: | |
| - deploy-api | |
| - deploy-dashboard | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Flush CDN cache | |
| run: | | |
| # Clear CDN cache to re-request content: | |
| curl -f --request POST \ | |
| --url https://api.bunny.net/pullzone/$BUNNY_PULL_ZONE_ID/purgeCache \ | |
| --header "AccessKey: $BUNNY_SITE_API_KEY" | |
| env: | |
| BUNNY_PULL_ZONE_ID: ${{ vars.BUNNY_PULL_ZONE_ID }} | |
| BUNNY_SITE_API_KEY: ${{ secrets.BUNNY_SITE_API_KEY }} |