Suppress Sonar warning #4602

Workflow file for this run

.github/workflows/run-ci-cd.yaml at e9c5f5f

	name: Run CI/CD

	on:
	merge_group:
	pull_request:
	branches:
	- feature/**
	- main
	paths-ignore:
	- backend/data/nest.json.gz
	- schema/*
	push:
	branches:
	- feature/**
	- main
	paths-ignore:
	- backend/data/nest.json.gz
	- schema/*
	release:
	types:
	- published
	workflow_dispatch:

	permissions:
	contents: read

	concurrency:
	cancel-in-progress: true
	group: ${{ github.repository }}-${{ github.workflow }}-${{ github.ref }}

	env:
	DOCKERHUB_USERNAME: arkid15r
	FORCE_COLOR: 1

	jobs:
	pre-commit:
	name: Run pre-commit checks
	runs-on: ubuntu-latest
	steps:
	- name: Check out repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

	- name: Install Poetry
	run: pipx install poetry

	- name: Set up Python
	uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065
	with:
	cache: 'poetry'
	cache-dependency-path: backend/poetry.lock
	python-version: '3.13'

	- name: Set up pre-commit cache
	uses: actions/cache@v4
	with:
	path: ~/.cache/pre-commit
	key: pre-commit-${{ runner.os }}-${{ hashFiles('.pre-commit-config.yaml') }}
	restore-keys: \|
	pre-commit-${{ runner.os }}-

	- name: Run pre-commit
	uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd

	- name: Check for uncommitted changes
	run: \|
	git diff --exit-code \|\| (echo 'Unstaged changes detected. \
	Run `make check` and use `git add` to address it.' && exit 1)

	check-frontend:
	name: Run frontend checks
	runs-on: ubuntu-latest
	steps:
	- name: Check out repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

	- name: Install pnpm
	uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
	with:
	version: 10
	run_install: true

	- name: Set up Node
	uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
	with:
	node-version: 22
	cache: 'pnpm'
	cache-dependency-path: frontend/pnpm-lock.yaml

	- name: Run pnpm format
	working-directory: frontend
	run: pnpm run format

	- name: Run pnpm lint check
	working-directory: frontend
	run: pnpm run lint:check

	- name: Check for uncommitted changes
	run: \|
	git diff --exit-code \|\| (echo 'Unstaged changes detected. \
	Run `make check` and use `git add` to address it.' && exit 1)

	spellcheck:
	name: Run spell check
	runs-on: ubuntu-latest
	steps:
	- name: Check out repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

	- name: Run cspell
	run: \|
	make check-spelling

	scan-code:
	name: Run Code Scan
	needs:
	- check-frontend
	- pre-commit
	- spellcheck
	runs-on: ubuntu-latest
	steps:
	- name: Check out repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

	- name: Setup Trivy
	uses: aquasecurity/setup-trivy@9ea583eb67910444b1f64abf338bd2e105a0a93d
	with:
	cache: true
	version: v0.62.1

	- name: Run Trivy Repository Scan
	uses: aquasecurity/trivy-action@76071ef0d7ec797419534a183b498b4d6366cf37
	with:
	scan-type: repo
	skip-setup-trivy: true
	trivy-config: trivy.yaml
	trivyignores: trivyignore.yaml

	scan-ci-dependencies:
	name: Run CI Denendencies Scan
	needs:
	- check-frontend
	- pre-commit
	- spellcheck
	runs-on: ubuntu-latest
	steps:
	- name: Check out repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

	- name: Setup Trivy
	uses: aquasecurity/setup-trivy@9ea583eb67910444b1f64abf338bd2e105a0a93d
	with:
	cache: true
	version: v0.62.1

	- name: Run Trivy Filesystem Scan
	uses: aquasecurity/trivy-action@76071ef0d7ec797419534a183b498b4d6366cf37
	with:
	scan-type: fs
	skip-setup-trivy: true
	trivy-config: trivy.yaml
	trivyignores: trivyignore.yaml

	run-backend-tests:
	name: Run backend tests
	needs:
	- scan-code
	- scan-ci-dependencies
	runs-on: ubuntu-latest
	steps:
	- name: Check out repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

	- name: Set up Docker buildx
	uses: docker/setup-buildx-action@18ce135bb5112fa8ce4ed6c17ab05699d7f3a5e0

	- name: Build backend test image
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
	with:
	cache-from: \|
	type=gha
	type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-backend:cache
	cache-to: \|
	type=gha,compression=zstd
	context: backend
	file: backend/docker/Dockerfile.test
	load: true
	platforms: linux/amd64
	tags: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-backend:latest

	- name: Run backend tests
	run: \|
	docker run -e DJANGO_CONFIGURATION=Test ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-backend:latest pytest

	run-frontend-unit-tests:
	name: Run frontend unit tests
	needs:
	- scan-code
	- scan-ci-dependencies
	runs-on: ubuntu-latest
	steps:
	- name: Check out repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

	- name: Set up Docker buildx
	uses: docker/setup-buildx-action@18ce135bb5112fa8ce4ed6c17ab05699d7f3a5e0

	- name: Build frontend unit-testing image
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
	with:
	cache-from: \|
	type=gha
	type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-frontend-unit:cache
	cache-to: \|
	type=gha,compression=zstd
	context: frontend
	file: frontend/docker/Dockerfile.unit.test
	load: true
	platforms: linux/amd64
	tags: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-frontend-unit:latest

	- name: Run frontend unit tests
	run: \|
	docker run --env-file frontend/.env.example ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-frontend-unit:latest pnpm run test:unit

	run-frontend-e2e-tests:
	name: Run frontend e2e tests
	needs:
	- scan-code
	- scan-ci-dependencies
	runs-on: ubuntu-latest
	steps:
	- name: Check out repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

	- name: Set up Docker buildx
	uses: docker/setup-buildx-action@18ce135bb5112fa8ce4ed6c17ab05699d7f3a5e0

	- name: Build frontend end-to-end testing image
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
	with:
	cache-from: \|
	type=gha
	type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-frontend-e2e:cache
	context: frontend
	file: frontend/docker/Dockerfile.e2e.test
	load: true
	platforms: linux/amd64
	tags: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-frontend-e2e:latest

	- name: Run frontend end-to-end tests
	run: \|
	docker run --env-file frontend/.env.example ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-test-frontend-e2e:latest pnpm run test:e2e

	build-staging-images:
	name: Build Staging Images
	environment: staging
	if: \|
	github.repository == 'OWASP/Nest' &&
	github.ref == 'refs/heads/main'
	needs:
	- run-backend-tests
	- run-frontend-e2e-tests
	- run-frontend-unit-tests
	runs-on: ubuntu-latest
	steps:
	- name: Check out repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

	- name: Set up QEMU
	uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392

	- name: Set up Docker buildx
	uses: docker/setup-buildx-action@18ce135bb5112fa8ce4ed6c17ab05699d7f3a5e0

	- name: Login to Docker Hub
	uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
	with:
	username: ${{ env.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Build backend image
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
	with:
	cache-from: \|
	type=gha
	type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:staging-cache
	cache-to: \|
	type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:staging-cache
	context: backend
	file: backend/docker/Dockerfile
	platforms: linux/amd64
	push: true
	tags: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:staging

	- name: Prepare frontend environment
	run: \|
	touch frontend/.env
	echo "NEXT_PUBLIC_API_URL=${{ secrets.VITE_API_URL }}" >> frontend/.env
	echo "NEXT_PUBLIC_CSRF_URL=${{ secrets.VITE_CSRF_URL }}" >> frontend/.env
	echo "NEXT_PUBLIC_ENVIRONMENT=${{ secrets.VITE_ENVIRONMENT }}" >> frontend/.env
	echo "NEXT_PUBLIC_GRAPHQL_URL=${{ secrets.VITE_GRAPHQL_URL }}" >> frontend/.env
	echo "NEXT_PUBLIC_GTM_ID=${{ secrets.NEXT_PUBLIC_GTM_ID }}" >> frontend/.env
	echo "NEXT_PUBLIC_IDX_URL=${{ secrets.VITE_IDX_URL }}" >> frontend/.env
	echo "NEXT_PUBLIC_RELEASE_VERSION=${{ github.event.release.tag_name }}" >> frontend/.env
	echo "NEXT_PUBLIC_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }}" >> frontend/.env
	echo "NEXT_SERVER_CSRF_URL=${{ secrets.NEXT_SERVER_CSRF_URL }}" >> frontend/.env
	echo "NEXT_SERVER_GRAPHQL_URL=${{ secrets.NEXT_SERVER_GRAPHQL_URL }}" >> frontend/.env

	- name: Build frontend image
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
	with:
	cache-from: \|
	type=gha
	type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:staging-cache
	cache-to: \|
	type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:staging-cache
	context: frontend
	file: frontend/docker/Dockerfile
	platforms: linux/amd64
	push: true
	tags: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:staging

	scan-staging-images:
	name: Scan Staging Images
	needs:
	- build-staging-images
	runs-on: ubuntu-latest
	steps:
	- name: Check out repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

	- name: Setup Trivy
	uses: aquasecurity/setup-trivy@9ea583eb67910444b1f64abf338bd2e105a0a93d
	with:
	cache: true
	version: v0.62.1

	- name: Scan backend image
	uses: aquasecurity/trivy-action@76071ef0d7ec797419534a183b498b4d6366cf37
	with:
	exit-code: 1
	image-ref: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:staging
	skip-setup-trivy: true
	trivy-config: trivy.yaml
	trivyignores: trivyignore.yaml

	- name: Scan frontend image
	uses: aquasecurity/trivy-action@76071ef0d7ec797419534a183b498b4d6366cf37
	with:
	exit-code: 1
	image-ref: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:staging
	skip-setup-trivy: true
	trivy-config: trivy.yaml
	trivyignores: trivyignore.yaml

	deploy-staging-nest:
	name: Deploy Nest Staging
	env:
	ANSIBLE_HOST_KEY_CHECKING: false
	NEST_HOST_IP_ADDRESS: ${{ secrets.NEST_HOST_IP_ADDRESS }}
	NEST_SSH_PRIVATE_KEY_PATH: ${{ vars.NEST_SSH_PRIVATE_KEY_PATH }}
	environment: staging
	if: \|
	github.repository == 'OWASP/Nest' &&
	github.ref == 'refs/heads/main'
	needs:
	- scan-staging-images
	runs-on: ubuntu-latest
	steps:
	- name: Check out repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

	- name: Prepare SSH key
	run: \|
	mkdir -m 700 ~/.ssh
	echo "${{ secrets.NEST_SSH_PRIVATE_KEY }}" > ${{ env.NEST_SSH_PRIVATE_KEY_PATH }}
	chmod 400 ${{ env.NEST_SSH_PRIVATE_KEY_PATH }}

	- name: Prepare secrets
	run: \|
	# Backend
	touch .env.backend
	echo "DJANGO_ALGOLIA_APPLICATION_ID=${{ secrets.DJANGO_ALGOLIA_APPLICATION_ID }}" >> .env.backend
	echo "DJANGO_ALGOLIA_WRITE_API_KEY=${{ secrets.DJANGO_ALGOLIA_WRITE_API_KEY }}" >> .env.backend
	echo "DJANGO_ALLOWED_HOSTS=${{ secrets.DJANGO_ALLOWED_HOSTS }}" >> .env.backend
	echo "DJANGO_AWS_ACCESS_KEY_ID=${{ secrets.DJANGO_AWS_ACCESS_KEY_ID }}" >> .env.backend
	echo "DJANGO_AWS_SECRET_ACCESS_KEY=${{ secrets.DJANGO_AWS_SECRET_ACCESS_KEY }}" >> .env.backend
	echo "DJANGO_CONFIGURATION=${{ secrets.DJANGO_CONFIGURATION }}" >> .env.backend
	echo "DJANGO_DB_HOST=${{ secrets.DJANGO_DB_HOST }}" >> .env.backend
	echo "DJANGO_DB_NAME=${{ secrets.DJANGO_DB_NAME }}" >> .env.backend
	echo "DJANGO_DB_PASSWORD=${{ secrets.DJANGO_DB_PASSWORD }}" >> .env.backend
	echo "DJANGO_DB_PORT=${{ secrets.DJANGO_DB_PORT }}" >> .env.backend
	echo "DJANGO_DB_USER=${{ secrets.DJANGO_DB_USER }}" >> .env.backend
	echo "DJANGO_OPEN_AI_SECRET_KEY=${{ secrets.DJANGO_OPEN_AI_SECRET_KEY }}" >> .env.backend
	echo "DJANGO_REDIS_HOST=${{ secrets.DJANGO_REDIS_HOST }}" >> .env.backend
	echo "DJANGO_REDIS_PASSWORD=${{ secrets.DJANGO_REDIS_PASSWORD }}" >> .env.backend
	echo "DJANGO_RELEASE_VERSION=$(date '+%y.%-m.%-d')-${GITHUB_SHA:0:7}" >> .env.backend
	echo "DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }}" >> .env.backend
	echo "DJANGO_SENTRY_DSN=${{ secrets.DJANGO_SENTRY_DSN }}" >> .env.backend
	echo "DJANGO_SETTINGS_MODULE=${{ secrets.DJANGO_SETTINGS_MODULE }}" >> .env.backend
	echo "DJANGO_SLACK_BOT_TOKEN=${{ secrets.DJANGO_SLACK_BOT_TOKEN }}" >> .env.backend
	echo "DJANGO_SLACK_SIGNING_SECRET=${{ secrets.DJANGO_SLACK_SIGNING_SECRET }}" >> .env.backend
	echo "GITHUB_TOKEN=${{ secrets.NEST_GITHUB_TOKEN }}" >> .env.backend
	echo "SLACK_BOT_TOKEN_T04T40NHX=${{ secrets.SLACK_BOT_TOKEN_T04T40NHX }}" >> .env.backend

	# Cache
	touch .env.cache
	echo "REDIS_PASSWORD=${{ secrets.DJANGO_REDIS_PASSWORD }}" >> .env.cache

	# Database
	touch .env.db
	echo "POSTGRES_DB=${{ secrets.DJANGO_DB_NAME }}" >> .env.db
	echo "POSTGRES_PASSWORD=${{ secrets.DJANGO_DB_PASSWORD }}" >> .env.db
	echo "POSTGRES_USER=${{ secrets.DJANGO_DB_USER }}" >> .env.db

	- name: Run Nest deploy
	working-directory: .github/ansible
	run: ansible-playbook -i inventory.yaml staging/nest.yaml -e "github_workspace=$GITHUB_WORKSPACE"

	deploy-staging-nest-proxy:
	name: Deploy Staging Nest Proxy
	env:
	ANSIBLE_HOST_KEY_CHECKING: false
	PROXY_HOST_IP_ADDRESS: ${{ secrets.PROXY_HOST_IP_ADDRESS }}
	PROXY_SSH_PRIVATE_KEY_PATH: ${{ vars.PROXY_SSH_PRIVATE_KEY_PATH }}
	environment: staging
	if: \|
	github.repository == 'OWASP/Nest' &&
	github.ref == 'refs/heads/main'
	needs:
	- deploy-staging-nest
	runs-on: ubuntu-latest
	steps:
	- name: Check out repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

	- name: Prepare SSH key
	run: \|
	mkdir -m 700 ~/.ssh
	echo "${{ secrets.PROXY_SSH_PRIVATE_KEY }}" > ${{ env.PROXY_SSH_PRIVATE_KEY_PATH }}
	chmod 400 ${{ env.PROXY_SSH_PRIVATE_KEY_PATH }}

	- name: Run proxy deploy
	working-directory: .github/ansible
	run: ansible-playbook -i inventory.yaml staging/proxy.yaml -e "github_workspace=$GITHUB_WORKSPACE"

	build-docker-production-images:
	name: Build Docker Production Images
	environment: production
	if: \|
	github.event_name == 'release' &&
	github.event.action == 'published'
	needs:
	- run-backend-tests
	- run-frontend-e2e-tests
	- run-frontend-unit-tests
	runs-on: ubuntu-latest
	steps:
	- name: Check out repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

	- name: Set up QEMU
	uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392

	- name: Set up Docker buildx
	uses: docker/setup-buildx-action@18ce135bb5112fa8ce4ed6c17ab05699d7f3a5e0

	- name: Login to Docker Hub
	uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
	with:
	username: ${{ env.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Build backend image
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
	with:
	cache-from: \|
	type=gha
	type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:staging-cache
	context: backend
	file: backend/docker/Dockerfile
	platforms: linux/amd64
	push: true
	tags: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:production

	- name: Prepare frontend environment
	run: \|
	touch frontend/.env
	echo "NEXT_PUBLIC_API_URL=${{ secrets.VITE_API_URL }}" >> frontend/.env
	echo "NEXT_PUBLIC_CSRF_URL=${{ secrets.VITE_CSRF_URL }}" >> frontend/.env
	echo "NEXT_PUBLIC_ENVIRONMENT=${{ secrets.VITE_ENVIRONMENT }}" >> frontend/.env
	echo "NEXT_PUBLIC_GRAPHQL_URL=${{ secrets.VITE_GRAPHQL_URL }}" >> frontend/.env
	echo "NEXT_PUBLIC_GTM_ID=${{ secrets.NEXT_PUBLIC_GTM_ID }}" >> frontend/.env
	echo "NEXT_PUBLIC_IDX_URL=${{ secrets.VITE_IDX_URL }}" >> frontend/.env
	echo "NEXT_PUBLIC_RELEASE_VERSION=${{ github.event.release.tag_name }}" >> frontend/.env
	echo "NEXT_PUBLIC_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }}" >> frontend/.env
	echo "NEXT_SERVER_CSRF_URL=${{ secrets.NEXT_SERVER_CSRF_URL }}" >> frontend/.env
	echo "NEXT_SERVER_GRAPHQL_URL=${{ secrets.NEXT_SERVER_GRAPHQL_URL }}" >> frontend/.env

	- name: Build frontend image
	uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83
	with:
	cache-from: \|
	type=gha
	type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:staging-cache
	context: frontend
	file: frontend/docker/Dockerfile
	platforms: linux/amd64
	push: true
	tags: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:production

	scan-production-images:
	name: Scan Production Images
	needs:
	- build-docker-production-images
	runs-on: ubuntu-latest
	steps:
	- name: Check out repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

	- name: Setup Trivy
	uses: aquasecurity/setup-trivy@9ea583eb67910444b1f64abf338bd2e105a0a93d
	with:
	cache: true
	version: v0.62.1

	- name: Scan backend image
	continue-on-error: true
	uses: aquasecurity/trivy-action@76071ef0d7ec797419534a183b498b4d6366cf37
	with:
	exit-code: 1
	image-ref: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:production
	skip-setup-trivy: true
	trivy-config: trivy.yaml
	trivyignores: trivyignore.yaml

	- name: Scan frontend image
	continue-on-error: true
	uses: aquasecurity/trivy-action@76071ef0d7ec797419534a183b498b4d6366cf37
	with:
	exit-code: 1
	image-ref: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:production
	skip-setup-trivy: true
	trivy-config: trivy.yaml
	trivyignores: trivyignore.yaml

	deploy-production-nest:
	name: Deploy Nest to Production
	env:
	ANSIBLE_HOST_KEY_CHECKING: false
	NEST_HOST_IP_ADDRESS: ${{ secrets.NEST_HOST_IP_ADDRESS }}
	NEST_SSH_PRIVATE_KEY_PATH: ${{ vars.NEST_SSH_PRIVATE_KEY_PATH }}
	environment: production
	if: \|
	github.event_name == 'release' &&
	github.event.action == 'published'
	needs:
	- scan-production-images
	runs-on: ubuntu-latest
	steps:
	- name: Check out repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

	- name: Prepare SSH key
	run: \|
	mkdir -m 700 ~/.ssh
	echo "${{ secrets.NEST_SSH_PRIVATE_KEY }}" > ${{ env.NEST_SSH_PRIVATE_KEY_PATH }}
	chmod 400 ${{ env.NEST_SSH_PRIVATE_KEY_PATH }}

	- name: Prepare secrets
	run: \|
	# Backend
	touch .env.backend
	echo "DJANGO_ALGOLIA_APPLICATION_ID=${{ secrets.DJANGO_ALGOLIA_APPLICATION_ID }}" >> .env.backend
	echo "DJANGO_ALGOLIA_WRITE_API_KEY=${{ secrets.DJANGO_ALGOLIA_WRITE_API_KEY }}" >> .env.backend
	echo "DJANGO_ALLOWED_HOSTS=${{ secrets.DJANGO_ALLOWED_HOSTS }}" >> .env.backend
	echo "DJANGO_AWS_ACCESS_KEY_ID=${{ secrets.DJANGO_AWS_ACCESS_KEY_ID }}" >> .env.backend
	echo "DJANGO_AWS_SECRET_ACCESS_KEY=${{ secrets.DJANGO_AWS_SECRET_ACCESS_KEY }}" >> .env.backend
	echo "DJANGO_CONFIGURATION=${{ secrets.DJANGO_CONFIGURATION }}" >> .env.backend
	echo "DJANGO_DB_HOST=${{ secrets.DJANGO_DB_HOST }}" >> .env.backend
	echo "DJANGO_DB_NAME=${{ secrets.DJANGO_DB_NAME }}" >> .env.backend
	echo "DJANGO_DB_PASSWORD=${{ secrets.DJANGO_DB_PASSWORD }}" >> .env.backend
	echo "DJANGO_DB_PORT=${{ secrets.DJANGO_DB_PORT }}" >> .env.backend
	echo "DJANGO_DB_USER=${{ secrets.DJANGO_DB_USER }}" >> .env.backend
	echo "DJANGO_OPEN_AI_SECRET_KEY=${{ secrets.DJANGO_OPEN_AI_SECRET_KEY }}" >> .env.backend
	echo "DJANGO_REDIS_HOST=${{ secrets.DJANGO_REDIS_HOST }}" >> .env.backend
	echo "DJANGO_REDIS_PASSWORD=${{ secrets.DJANGO_REDIS_PASSWORD }}" >> .env.backend
	echo "DJANGO_RELEASE_VERSION=${{ github.event.release.tag_name }}" >> .env.backend
	echo "DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }}" >> .env.backend
	echo "DJANGO_SENTRY_DSN=${{ secrets.DJANGO_SENTRY_DSN }}" >> .env.backend
	echo "DJANGO_SETTINGS_MODULE=${{ secrets.DJANGO_SETTINGS_MODULE }}" >> .env.backend
	echo "DJANGO_SLACK_BOT_TOKEN=${{ secrets.DJANGO_SLACK_BOT_TOKEN }}" >> .env.backend
	echo "DJANGO_SLACK_SIGNING_SECRET=${{ secrets.DJANGO_SLACK_SIGNING_SECRET }}" >> .env.backend
	echo "GITHUB_TOKEN=${{ secrets.NEST_GITHUB_TOKEN }}" >> .env.backend
	echo "SLACK_BOT_TOKEN_T04T40NHX=${{ secrets.SLACK_BOT_TOKEN_T04T40NHX }}" >> .env.backend

	# Cache
	touch .env.cache
	echo "REDIS_PASSWORD=${{ secrets.DJANGO_REDIS_PASSWORD }}" >> .env.cache

	# Database
	touch .env.db
	echo "POSTGRES_DB=${{ secrets.DJANGO_DB_NAME }}" >> .env.db
	echo "POSTGRES_PASSWORD=${{ secrets.DJANGO_DB_PASSWORD }}" >> .env.db
	echo "POSTGRES_USER=${{ secrets.DJANGO_DB_USER }}" >> .env.db

	- name: Run Nest deploy
	working-directory: .github/ansible
	run: ansible-playbook -i inventory.yaml production/nest.yaml -e "github_workspace=$GITHUB_WORKSPACE"

	deploy-production-nest-proxy:
	name: Deploy Production Nest Proxy
	env:
	ANSIBLE_HOST_KEY_CHECKING: false
	PROXY_HOST_IP_ADDRESS: ${{ secrets.PROXY_HOST_IP_ADDRESS }}
	PROXY_SSH_PRIVATE_KEY_PATH: ${{ vars.PROXY_SSH_PRIVATE_KEY_PATH }}
	environment: production
	if: \|
	github.event_name == 'release' &&
	github.event.action == 'published'
	needs:
	- deploy-production-nest
	runs-on: ubuntu-latest
	steps:
	- name: Check out repository
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683

	- name: Prepare SSH key
	run: \|
	mkdir -m 700 ~/.ssh
	echo "${{ secrets.PROXY_SSH_PRIVATE_KEY }}" > ${{ env.PROXY_SSH_PRIVATE_KEY_PATH }}
	chmod 400 ${{ env.PROXY_SSH_PRIVATE_KEY_PATH }}

	- name: Run proxy deploy
	working-directory: .github/ansible
	run: ansible-playbook -i inventory.yaml production/proxy.yaml -e "github_workspace=$GITHUB_WORKSPACE"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Suppress Sonar warning #4602

Workflow file

Suppress Sonar warning #4602

Uh oh!

Jobs

Run details

Workflow file for this run