forked from OWASP/threat-dragon
-
Notifications
You must be signed in to change notification settings - Fork 0
130 lines (112 loc) · 3.64 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Deploy to Heroku
concurrency: deploy
on:
push:
branches:
- main
workflow_dispatch:
env:
# threatdragon is the working area on docker hub so use this area
# owasp/threat-dragon is the final release area so DO NOT use that
image_name: threatdragon/owasp-threat-dragon
heroku_app: threatdragon-v2
# for security reasons the github actions are pinned to specific release versions
jobs:
publish_docker:
name: publish docker
runs-on: ubuntu-22.04
if: github.repository == 'OWASP/threat-dragon'
steps:
- name: Checkout
uses: actions/[email protected]
- name: Set up Docker Buildx
id: buildx
uses: docker/[email protected]
with:
install: true
- name: Cache Docker layers
uses: actions/[email protected]
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ hashFiles('Dockerfile') }}
restore-keys: |
${{ runner.os }}-buildx-
- name: Login to Docker Hub
uses: docker/[email protected]
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push
id: docker_build
uses: docker/[email protected]
with:
context: ./
file: ./Dockerfile
builder: ${{ steps.buildx.outputs.name }}
push: true
tags: ${{ env.image_name }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache
deploy:
name: upload to Heroku
runs-on: ubuntu-22.04
needs: [publish_docker]
# There is an action to build and deploy a heroku app
# We already built the container though, so why not just re-tag and push
steps:
- name: Pull docker image
run: docker pull ${{ env.image_name }}
- name: Login to Heroku Registry
uses: docker/[email protected]
with:
registry: registry.heroku.com
username: _
password: ${{ secrets.HEROKU_API_KEY }}
- name: Tag Heroku image
run: docker tag ${{ env.image_name }} registry.heroku.com/${{ env.heroku_app }}/web
- name: Push to Heroku
run: docker push registry.heroku.com/${{ env.heroku_app }}/web
- name: Deploy to Heroku
run: heroku container:release web --app ${{ env.heroku_app }}
env:
HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }}
smoke_tests:
name: smoke tests
runs-on: ubuntu-22.04
needs: [deploy]
defaults:
run:
working-directory: td.vue
steps:
- name: Checkout
uses: actions/[email protected]
- name: Use Node.js 18.x
uses: actions/[email protected]
with:
node-version: '18'
- name: Cache NPM dir
uses: actions/[email protected]
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install packages
run: npm clean-install
- name: BrowserStack Env Setup
uses: browserstack/github-actions/[email protected]
with:
username: ${{ secrets.BROWSERSTACK_USERNAME }}
access-key: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
- name: Run cross-browser smoke tests
run: npm run test:e2e-smokes
rollback:
name: rollback on fail
runs-on: ubuntu-22.04
needs: [smoke_tests]
if: ${{ failure() }}
steps:
- name: Rollback
run: heroku rollback --app ${{ env.heroku_app }}
env:
HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }}