From 084bbf34d6fa2eaac5c3f23e01e19e755b4bde99 Mon Sep 17 00:00:00 2001
From: 839 <8398a7@gmail.com>
Date: Wed, 23 Oct 2024 20:37:12 +0900
Subject: [PATCH] update ci workflow

---
 .github/workflows/ci.yml            | 78 ++++++++++++-----------------
 build/base.Dockerfile => Dockerfile | 14 ++++--
 Makefile                            |  9 +---
 build/Dockerfile                    | 29 -----------
 4 files changed, 44 insertions(+), 86 deletions(-)
 rename build/base.Dockerfile => Dockerfile (86%)
 delete mode 100644 build/Dockerfile

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 979d0de0..1d48afba 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -4,7 +4,7 @@ on: [push]
 
 jobs:
   test:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     env:
       RAILS_ENV: test
       TZ: /usr/share/zoneinfo/Asia/Tokyo
@@ -14,34 +14,24 @@ jobs:
 
     services:
       postgres:
-        image: postgres:11.5-alpine
+        image: postgres:17.0-alpine
         env:
           POSTGRES_USER: postgres
           POSTGRES_PASSWORD: postgres
         ports:
           - 5432:5432
       redis:
-        image: redis:5.0.5-alpine
+        image: redis:7.4.1-alpine
         ports:
           - 6379:6379
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: 16
-      - name: Get yarn cache directory path
-        id: yarn-cache-dir-path
-        run: echo "::set-output name=dir::$(yarn cache dir)"
-      - uses: actions/cache@v3
-        id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
-        with:
-          path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
-          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-yarn-v1
-      - name: yarn install
-        run: yarn install
+          node-version: 22
+          cache: yarn
+      - run: yarn install --frozen-lockfile
       - name: Run Eslint and Prettier
         run: yarn lint
       - uses: ruby/setup-ruby@v1
@@ -64,33 +54,39 @@ jobs:
         uses: paambaati/codeclimate-action@v3.0.0
         env:
           CC_TEST_REPORTER_ID: ${{secrets.CC_TEST_REPORTER_ID}}
+          NODE_OPTIONS: --openssl-legacy-provider
         with:
           coverageCommand: bundle exec rspec
       - name: Archive artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           path: ./tmp/test-results
   build:
     if: contains(github.ref, 'master')
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs: [test]
     steps:
       - uses: actions/checkout@v1
-      - name: docker login
-        run: echo $REGISTRY_TOKEN | docker login docker.pkg.github.com -u 8398a7 --password-stdin
-        env:
-          REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
-      - run: make pull build
-      - name: initialize gcloud sdk
-        run: |
-          echo $GCLOUD_SERVICE_KEY > ${HOME}/gcloud-service-key.json
-          gcloud auth activate-service-account --key-file=${HOME}/gcloud-service-key.json
-          gcloud --quiet config set project iidx-app
-          gcloud --quiet config set compute/zone us-west1-b
-          gcloud auth configure-docker --quiet --project iidx-app
-        env:
-          GCLOUD_SERVICE_KEY: ${{ secrets.GCLOUD_SERVICE_KEY }}
-      - run: make push
+      - name: Get short SHA
+        id: vars
+        run: echo "SHA_TAG=$(git describe --tags --abbrev=10)" >> $GITHUB_ENV
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: login ghcr.io
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: 8398a7
+          password: ${{ secrets.REGISTRY_TOKEN }}
+      - name: build image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: |
+            ghcr.io/8398a7/abilitysheet/app:${{ env.SHA_TAG }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
       - uses: 8398a7/action-slack@v3
         with:
           fields: repo,job
@@ -101,17 +97,7 @@ jobs:
         if: always()
   deploy:
     if: contains(github.ref, 'master')
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     needs: [build]
     steps:
       - uses: actions/checkout@v1
-      - name: deploy abilitysheet chart
-        run: |
-          curl -X POST \
-            https://api.github.com/repos/8398a7/iidx-app-cluster/dispatches \
-            -H 'Accept: application/vnd.github.everest-preview+json' \
-            -H "Authorization: Basic ${TOKEN}" \
-            -H 'Content-Type: application/json' \
-            -d "{\"event_type\": \"abilitysheet abilitysheet.image.tag=$(git describe --tags --abbrev=10)\"}"
-        env:
-          TOKEN: ${{ secrets.DEPLOY_TOKEN }}
diff --git a/build/base.Dockerfile b/Dockerfile
similarity index 86%
rename from build/base.Dockerfile
rename to Dockerfile
index 9163bc14..85692ef6 100644
--- a/build/base.Dockerfile
+++ b/Dockerfile
@@ -3,6 +3,7 @@ LABEL maintainer '8398a7 <8398a7@gmail.com>'
 
 ENV \
   HOME=/app \
+  NODE_OPTIONS='--openssl-legacy-provider' \
   DEBIAN_FRONTEND=noninteractive \
   RAILS_ENV=production \
   SECRET_KEY_BASE=wip
@@ -13,10 +14,10 @@ RUN \
   apt-get update -qq && apt-get install -y \
   git \
   build-essential \
-  libpq-dev
-RUN \
-  apt-get install -y curl && \
-  curl -sL https://deb.nodesource.com/setup_16.x | bash - && \
+  libpq-dev \
+  tzdata \
+  curl && \
+  curl -sL https://deb.nodesource.com/setup_22.x | bash - && \
   curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
   echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
   apt-get update -qq && apt-get install -y --no-install-recommends nodejs yarn
@@ -47,3 +48,8 @@ COPY ./config $HOME/config
 COPY config/database.k8s.yml $HOME/config/database.yml
 ENV SENTRY_JS_DSN https://xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@sentry.io/y
 RUN mkdir log && rails ts:routes assets:precompile
+
+COPY . $HOME
+RUN \
+  mv config/database.k8s.yml config/database.yml && \
+  mkdir -p tmp/pids
diff --git a/Makefile b/Makefile
index 15e099d9..99202114 100644
--- a/Makefile
+++ b/Makefile
@@ -1,14 +1,9 @@
 TAG := $(shell git describe --tags --abbrev=10)
-BASE_IMAGE := docker.pkg.github.com/8398a7/abilitysheet/abilitysheet-base
-IMAGE := gcr.io/iidx-app/abilitysheet
+IMAGE := ghcr.io/8398a7/abilitysheet/app
 
-.PHONY: pull
-	docker pull $(BASE_IMAGE):latest
 .PHONY: build
 build:
-	docker build --platform linux/amd64 --cache-from $(BASE_IMAGE):latest -t $(BASE_IMAGE):latest -f build/base.Dockerfile .
-	docker build --platform linux/amd64 -t $(IMAGE):$(TAG) -f build/Dockerfile .
+	docker build --platform linux/amd64 -t $(IMAGE):$(TAG) .
 .PHONY: push
 push:
-	docker push $(BASE_IMAGE):latest
 	docker push $(IMAGE):$(TAG)
diff --git a/build/Dockerfile b/build/Dockerfile
deleted file mode 100644
index 9bbe0a64..00000000
--- a/build/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
-FROM docker.pkg.github.com/8398a7/abilitysheet/abilitysheet-base:latest AS base-dependencies
-LABEL maintainer '8398a7 <8398a7@gmail.com>'
-
-FROM ruby:3.1.2-slim-bullseye
-
-ENV \
-  HOME=/app \
-  RAILS_ENV=production \
-  SECRET_KEY_BASE=wip
-
-RUN \
-  apt-get update -qq && apt-get install -y \
-  build-essential \
-  libpq-dev \
-  tzdata \
-  curl && \
-  curl -sL https://deb.nodesource.com/setup_16.x | bash - && \
-  curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
-  echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
-  apt-get update -qq && apt-get install -y --no-install-recommends nodejs yarn
-
-WORKDIR $HOME
-COPY --from=base-dependencies /usr/local/bundle/ /usr/local/bundle/
-COPY --from=base-dependencies $HOME/public/ $HOME/public/
-
-COPY . $HOME
-RUN \
-  mv config/database.k8s.yml config/database.yml && \
-  mkdir log && mkdir -p tmp/pids