name: Zulip production suite on: push: paths: - "**/migrations/**" - puppet/** - requirements/** - scripts/** - static/** - tools/** - zproject/** - yarn.lock - .github/workflows/production-suite.yml pull_request: paths: - "**/migrations/**" - puppet/** - requirements/** - scripts/** - static/** - tools/** - zproject/** - yarn.lock - .github/workflows/production-suite.yml defaults: run: shell: bash jobs: production_build: # This job builds a release tarball from the current commit, which # will be used for all of the following install/upgrade tests. name: Bionic production build runs-on: ubuntu-latest # This docker image was created by a generated Dockerfile at: # tools/ci/images/bionic/Dockerfile # Bionic ships with Python 3.6. container: zulip/ci:bionic steps: - name: Add required permissions run: | # The checkout actions doesn't clone to ~/zulip or allow # us to use the path option to clone outside the current # /__w/zulip/zulip directory. Since this directory is owned # by root we need to change it's ownership to allow the # github user to clone the code here. # Note: /__w/ is a docker volume mounted to $GITHUB_WORKSPACE # which is /home/runner/work/. sudo chown -R github . # This is the GitHub Actions specific cache directory the # the current github user must be able to access for the # cache action to work. It is owned by root currently. sudo chmod -R 0777 /__w/_temp/ - uses: actions/checkout@v2 - name: Create cache directories run: | dirs=(/srv/zulip-{npm,venv,emoji}-cache) sudo mkdir -p "${dirs[@]}" sudo chown -R github "${dirs[@]}" - name: Restore node_modules cache uses: actions/cache@v2 with: path: /srv/zulip-npm-cache key: v1-yarn-deps-${{ github.job }}-${{ hashFiles('package.json') }}-${{ hashFiles('yarn.lock') }} restore-keys: v1-yarn-deps-${{ github.job }} - name: Restore python cache uses: actions/cache@v2 with: path: /srv/zulip-venv-cache key: v1-venv-${{ github.job }}-${{ hashFiles('requirements/dev.txt') }} restore-keys: v1-venv-${{ github.job }} - name: Restore emoji cache uses: actions/cache@v2 with: path: /srv/zulip-emoji-cache key: v1-emoji-${{ github.job }}-${{ hashFiles('tools/setup/emoji/emoji_map.json') }}-${{ hashFiles('tools/setup/emoji/build_emoji') }}-${{ hashFiles('tools/setup/emoji/emoji_setup_utils.py') }}-${{ hashFiles('tools/setup/emoji/emoji_names.py') }}-${{ hashFiles('package.json') }} restore-keys: v1-emoji-${{ github.job }} - name: Do Bionic hack run: | # Temporary hack till `sudo service redis-server start` gets fixes in Bionic. See # https://chat.zulip.org/#narrow/stream/3-backend/topic/Ubuntu.20bionic.20CircleCI sudo sed -i '/^bind/s/bind.*/bind 0.0.0.0/' /etc/redis/redis.conf - name: Build production tarball run: ./tools/ci/production-build - name: Upload production build artifacts for install jobs uses: actions/upload-artifact@v2 with: name: production-tarball path: /tmp/production-build retention-days: 14 - name: Report status if: failure() env: ZULIP_BOT_KEY: ${{ secrets.ZULIP_BOT_KEY }} run: tools/ci/send-failure-message production_install: # This job installs the server release tarball built above on a # range of platforms, and does some basic health checks on the # resulting installer Zulip server. strategy: fail-fast: false matrix: include: # Base images are built using `tools/ci/Dockerfile.template`. # The comments at the top explain how to build and upload these images. - docker_image: zulip/ci:bionic name: Bionic production install with custom db name and user is_bionic: true os: bionic install-command: /tmp/production-install --test-custom-db - docker_image: zulip/ci:focal name: Focal production install is_focal: true os: focal install-command: /tmp/production-install - docker_image: zulip/ci:buster name: Buster production install is_buster: true os: buster install-command: /tmp/production-install - docker_image: zulip/ci:bullseye name: Bullseye production install is_bullseye: true os: bullseye install-command: /tmp/production-install name: ${{ matrix.name }} container: ${{ matrix.docker_image }} runs-on: ubuntu-latest needs: production_build steps: - name: Download built production tarball uses: actions/download-artifact@v2 with: name: production-tarball path: /tmp - name: Add required permissions and setup run: | # This is the GitHub Actions specific cache directory the # the current github user must be able to access for the # cache action to work. It is owned by root currently. sudo chmod -R 0777 /__w/_temp/ # Since actions/download-artifact@v2 loses all the permissions # of the tarball uploaded by the upload artifact fix those. chmod +x /tmp/production-upgrade-pg chmod +x /tmp/production-install chmod +x /tmp/production-verify chmod +x /tmp/send-failure-message - name: Create cache directories run: | dirs=(/srv/zulip-{npm,venv,emoji}-cache) sudo mkdir -p "${dirs[@]}" sudo chown -R github "${dirs[@]}" - name: Restore node_modules cache uses: actions/cache@v2 with: path: /srv/zulip-npm-cache key: v1-yarn-deps-${{ matrix.os }}-${{ hashFiles('/tmp/package.json') }}-${{ hashFiles('/tmp/yarn.lock') }} restore-keys: v1-yarn-deps-${{ matrix.os }} - name: Do Bionic hack if: ${{ matrix.is_bionic }} run: | # Temporary hack till `sudo service redis-server start` gets fixes in Bionic. See # https://chat.zulip.org/#narrow/stream/3-backend/topic/Ubuntu.20bionic.20CircleCI sudo sed -i '/^bind/s/bind.*/bind 0.0.0.0/' /etc/redis/redis.conf - name: Install production run: | sudo service rabbitmq-server restart sudo ${{ matrix.install-command }} - name: Verify install run: sudo /tmp/production-verify - name: Upgrade postgresql if: ${{ matrix.is_bionic }} run: sudo /tmp/production-upgrade-pg - name: Verify install after upgrading postgresql if: ${{ matrix.is_bionic }} run: sudo /tmp/production-verify - name: Report status if: failure() env: ZULIP_BOT_KEY: ${{ secrets.ZULIP_BOT_KEY }} run: /tmp/send-failure-message production_upgrade: # The production upgrade job starts with a container with a # previous Zulip release installed, and attempts to upgrade it to # the release tarball built for the current commit being tested. # # This is intended to catch bugs that result in the upgrade # process failing. strategy: fail-fast: false matrix: include: # Base images are built using `tools/ci/Dockerfile.prod.template`. # The comments at the top explain how to build and upload these images. - docker_image: zulip/ci:buster-3.4 name: 3.4 Version Upgrade is_focal: true os: buster name: ${{ matrix.name }} container: ${{ matrix.docker_image }} runs-on: ubuntu-latest needs: production_build steps: - name: Download built production tarball uses: actions/download-artifact@v2 with: name: production-tarball path: /tmp - name: Add required permissions and setup run: | # This is the GitHub Actions specific cache directory the # the current github user must be able to access for the # cache action to work. It is owned by root currently. sudo chmod -R 0777 /__w/_temp/ # Since actions/download-artifact@v2 loses all the permissions # of the tarball uploaded by the upload artifact fix those. chmod +x /tmp/production-upgrade chmod +x /tmp/production-verify chmod +x /tmp/send-failure-message - name: Upgrade production run: sudo /tmp/production-upgrade # TODO: We should be running production-verify here, but it # doesn't pass yet. # # - name: Verify install # run: sudo /tmp/production-verify - name: Report status if: failure() env: ZULIP_BOT_KEY: ${{ secrets.ZULIP_BOT_KEY }} run: /tmp/send-failure-message