encounter/decomp.me
0
0
Fork 0
mirror of https://github.com/encounter/decomp.me.git synced 2026-03-30 11:06:27 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
docker-compose-updates
decomp.me/.github/workflows/ci.yml
T
Mark Street 3d5e7bd0cb Bump node from 22 lts to 24 lts (#1763)
2025-12-08 09:50:58 +00:00

226 lines
8.1 KiB
YAML
Raw Permalink Blame History

name: PR
on:
push:
branches:
- main
pull_request:
jobs:
backend_test_docker_dev:
name: backend tests (docker dev container)
runs-on: ubuntu-24.04
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- name: Build decompme_backend image
run: |-
docker build backend -t decompme_backend
- name: Run tests
run: |-
sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
# NOTE: CI does not run as 'ubuntu' user
export USER_1000=$(getent passwd 1000 | cut -d: -f1)
for dir in backend/.venv sandbox local_files compilers libraries; do
mkdir -p "$dir"
sudo chown "${USER_1000}:${USER_1000}" "$dir"
done
docker run \
-v $(pwd):/decomp.me \
-v $(pwd)/local_files:/local_files \
-v $(pwd)/compilers:/compilers \
-v $(pwd)/libraries:/libraries \
--security-opt apparmor=unconfined \
--security-opt seccomp=unconfined \
--cap-drop all \
--cap-add setuid \
--cap-add setgid \
--cap-add setfcap \
--tmpfs /sandbox/tmp:exec,uid=1000,gid=1000,size=64M,mode=0700 \
--entrypoint /bin/bash \
-e COMPILER_BASE_PATH=/compilers \
-e LIBRARY_BASE_PATH=/libraries \
-e WINEPREFIX=/tmp/wine \
-e LOCAL_FILE_DIR=/local_files \
-e USE_SANDBOX_JAIL=on \
-e SANDBOX_DISABLE_PROC=true \
-e TIMEOUT_SCALE_FACTOR=10 \
decompme_backend \
-c 'cd /decomp.me/backend && \
uv sync && \
uv run compilers/download.py --compilers-dir ${COMPILER_BASE_PATH} && \
uv run libraries/download.py --libraries-dir ${LIBRARY_BASE_PATH} && \
for r in wine/*.reg; do regedit $r; done && \
uv run python manage.py test'
backend_test_docker_prod:
name: backend tests (docker prod container)
runs-on: ubuntu-24.04
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- name: Build decompme_backend image
run: |-
docker build backend --target prod -t decompme_backend
- name: Fetch compilers and libraries
run: |-
python3 -m pip install requests
python3 backend/compilers/download.py
python3 backend/libraries/download.py
export USER_1000=$(getent passwd 1000 | cut -d: -f1)
sudo chown -R ${USER_1000}:${USER_1000} backend/compilers
sudo chown -R ${USER_1000}:${USER_1000} backend/libraries
- name: Run tests
run: |-
sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
export USER_1000=$(getent passwd 1000 | cut -d: -f1)
mkdir -p local_files && sudo chown ${USER_1000}:${USER_1000} local_files
docker run \
-v $(pwd)/local_files:/local_files \
-v $(pwd)/backend/compilers:/compilers \
-v $(pwd)/backend/libraries:/libraries \
--security-opt apparmor=unconfined \
--security-opt seccomp=unconfined \
--cap-drop all \
--cap-add setuid \
--cap-add setgid \
--cap-add setfcap \
--tmpfs /sandbox/tmp:exec,uid=1000,gid=1000,size=64M,mode=0700 \
--entrypoint /bin/bash \
-e LOCAL_FILE_DIR=/local_files \
-e COMPILER_BASE_PATH=/compilers \
-e LIBRARY_BASE_PATH=/libraries \
-e USE_SANDBOX_JAIL=on \
-e SANDBOX_DISABLE_PROC=true \
-e TIMEOUT_SCALE_FACTOR=10 \
-e DATABASE_URL=sqlite:///:memory: \
-e DUMMY_COMPILER=1 \
-e SECRET_KEY=secret-key-secret-key-secret-key-secret-key-secret-key-secret-key \
decompme_backend \
-c '\
for r in wine/*.reg; do regedit $r; done && \
uv run python manage.py test'
docker_compose_test:
name: test docker compose
runs-on: ubuntu-24.04
timeout-minutes: 10
steps:
- uses: actions/checkout@v4
- name: Fetch compilers and libraries
run: |
python3 -m pip install requests
python3 backend/compilers/download.py
python3 backend/libraries/download.py
export USER_1000=$(getent passwd 1000 | cut -d: -f1)
sudo chown -R ${USER_1000}:${USER_1000} backend/compilers
sudo chown -R ${USER_1000}:${USER_1000} backend/libraries
- name: Setup dummy docker.prod.dev
run: |
echo 'POSTGRES_USER=decompme' >> docker.prod.env
echo 'POSTGRES_PASSWORD=decompme' >> docker.prod.env
echo 'SECRET_KEY=secret-key-secret-key-secret-key-secret-key-secret-key-secret-key' >> docker.prod.env
echo 'DATABASE_URL=psql://decompme:decompme@postgres:5432/decompme' >> docker.prod.env
echo 'CONN_MAX_AGE=60' >> docker.prod.env
echo 'CONN_HEALTH_CHECKS="true"' >> docker.prod.env
echo 'SANDBOX_DISABLE_PROC="true"' >> docker.prod.env
echo 'ALLOWED_HOSTS="backend,localhost,127.0.0.1"' >> docker.prod.env
echo 'USE_SANDBOX_JAIL="on"' >> docker.prod.env
echo 'CI=true' >> docker.prod.env
- name: Comment out SSL server configuration from nginx
run: |
sed -i '/{{HTTPS_SERVER_BLOCK_START}}/,/{{HTTPS_SERVER_BLOCK_END}}/s/^/#/' nginx/production.conf
- name: Bring up postgres and nginx containers
run: |
docker compose -f docker-compose.prod.yaml up -d postgres nginx
timeout 15s docker compose -f docker-compose.prod.yaml logs -f || true
docker compose logs nginx | grep "ready for start up"
! docker compose logs nginx | grep -q "nginx-1 exited with code"
- name: Build and bring up up backend container
run: |
docker compose -f docker-compose.prod.yaml build backend
docker compose -f docker-compose.prod.yaml up -d backend
timeout 15s docker compose -f docker-compose.prod.yaml logs -f || true
- name: Build and bring up up frontend container
run: |
docker compose -f docker-compose.prod.yaml -f docker-compose.build.yaml build frontend
docker compose -f docker-compose.prod.yaml up -d frontend
timeout 15s docker compose -f docker-compose.prod.yaml logs -f || true
- name: Sanity check the endpoints
run: |
curl --silent http://localhost:8080/ | head -c 256
curl --silent http://localhost:8000/api/ | jq
- name: Shut everything down
run: |
docker compose -f docker-compose.prod.yaml down
- name: Print out image sizes
run: |
docker image ls
frontend_lint:
name: biome
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Setup Node.js 24
uses: actions/setup-node@v4
with:
node-version: 24
cache: yarn
cache-dependency-path: frontend/yarn.lock
- name: Install frontend dependencies
run: |
cd frontend
yarn --frozen-lockfile
- name: Run Biome
run: |
cd frontend
yarn lint
mypy:
name: mypy
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
version: "latest"
- name: Setup Python 3.12
uses: actions/setup-python@v5
with:
python-version: "3.12"
- run: |-
cd backend
uv sync
uv run mypy
ruff:
name: ruff
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Install uv
uses: astral-sh/setup-uv@v4
with:
version: "latest"
- name: Setup Python 3.12
uses: actions/setup-python@v5
with:
python-version: "3.12"
- run: |-
cd backend
uv sync
uv run ruff check .
uv run ruff format --check .
Reference in New Issue View Git Blame Copy Permalink