infisical/.github/workflows/docker-image.yml

name: Build, Publish and Deploy to Gamma
on:
  push:
    tags:
      - "infisical/v*.*.*"

jobs:
  backend-image:
    name: Build backend image
    runs-on: ubuntu-latest
    steps:
      - name: Extract version from tag
        id: extract_version
        run: echo "::set-output name=version::${GITHUB_REF_NAME#infisical/}"
      - name: ☁️ Checkout source
        uses: actions/checkout@v3
      - name: 📦 Install dependencies to test all dependencies
        run: npm ci --only-production
        working-directory: backend
      - name: 🧪 Run tests
        run: npm run test:ci
        working-directory: backend
      - name: Save commit hashes for tag
        id: commit
        uses: pr-mpt/actions-commit-hash@v2
      - name: 🔧 Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: 🐋 Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Set up Depot CLI
        uses: depot/setup-action@v1
      - name: 📦 Build backend and export to Docker
        uses: depot/build-push-action@v1
        with:
          project: 64mmf0n610
          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
          load: true
          context: backend
          tags: infisical/backend:test
      - name: ⏻ Spawn backend container and dependencies
        run: |
          docker compose -f .github/resources/docker-compose.be-test.yml up --wait --quiet-pull
      - name: 🧪 Test backend image
        run: |
          ./.github/resources/healthcheck.sh infisical-backend-test
      - name: ⏻ Shut down backend container and dependencies
        run: |
          docker compose -f .github/resources/docker-compose.be-test.yml down
      - name: 🏗️ Build backend and push
        uses: depot/build-push-action@v1
        with:
          project: 64mmf0n610
          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
          push: true
          context: backend
          tags: |
            infisical/backend:${{ steps.commit.outputs.short }}
            infisical/backend:latest
            infisical/backend:${{ steps.extract_version.outputs.version }}
          platforms: linux/amd64,linux/arm64

  frontend-image:
    name: Build frontend image
    runs-on: ubuntu-latest
    steps:
      - name: Extract version from tag
        id: extract_version
        run: echo "::set-output name=version::${GITHUB_REF_NAME#infisical/}"
      - name: ☁️ Checkout source
        uses: actions/checkout@v3
      - name: Save commit hashes for tag
        id: commit
        uses: pr-mpt/actions-commit-hash@v2
      - name: 🔧 Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
      - name: 🐋 Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Set up Depot CLI
        uses: depot/setup-action@v1
      - name: 📦 Build frontend and export to Docker
        uses: depot/build-push-action@v1
        with:
          load: true
          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
          project: 64mmf0n610
          context: frontend
          tags: infisical/frontend:test
          build-args: |
            POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
      - name: ⏻ Spawn frontend container
        run: |
          docker run -d --rm --name infisical-frontend-test infisical/frontend:test
      - name: 🧪 Test frontend image
        run: |
          ./.github/resources/healthcheck.sh infisical-frontend-test
      - name: ⏻ Shut down frontend container
        run: |
          docker stop infisical-frontend-test
      - name: 🏗️ Build frontend and push
        uses: depot/build-push-action@v1
        with:
          project: 64mmf0n610
          push: true
          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
          context: frontend
          tags: |
            infisical/frontend:${{ steps.commit.outputs.short }}
            infisical/frontend:latest
            infisical/frontend:${{ steps.extract_version.outputs.version }}
          platforms: linux/amd64,linux/arm64
          build-args: |
            POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
  gamma-deployment:
    name: Deploy to gamma
    runs-on: ubuntu-latest
    needs: [frontend-image, backend-image]
    steps:
      - name: ☁️ Checkout source
        uses: actions/checkout@v3
      - name: Install Helm
        uses: azure/setup-helm@v3
        with:
          version: v3.10.0
      - name: Install infisical helm chart
        run: |
          helm repo add infisical-helm-charts 'https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/'
          helm repo update
      - name: Install kubectl
        uses: azure/setup-kubectl@v3
      - name: Install doctl
        uses: digitalocean/action-doctl@v2
        with:
          token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}
      - name: Save DigitalOcean kubeconfig with short-lived credentials
        run: doctl kubernetes cluster kubeconfig save --expiry-seconds 600 k8s-1-25-4-do-0-nyc1-1670645170179
      - name: switch to gamma namespace
        run: kubectl config set-context --current --namespace=gamma
      - name: test kubectl
        run: kubectl get ingress
      - name: Download helm values to file and upgrade gamma deploy
        run: |
          wget https://raw.githubusercontent.com/Infisical/infisical/main/.github/values.yaml
          helm upgrade infisical infisical-helm-charts/infisical  --values values.yaml --recreate-pods
          if [[ $(helm status infisical) == *"FAILED"* ]]; then
            echo "Helm upgrade failed"
            exit 1
          else
            echo "Helm upgrade was successful"
          fi