Add semantic release for backend

.github/workflows/build-and-deploy.yaml

@@ -0,0 +1,126 @@
+name: Build and Deploy
+on:
+  workflow_dispatch:
+  push:
+    branches: [beta, dev]
+
+permissions:
+  actions: read
+  checks: read
+  contents: write
+  deployments: read
+  issues: write
+  discussions: read
+  packages: write
+  pull-requests: write
+  repository-projects: write
+  security-events: read
+  statuses: write
+
+env:
+  IMAGE_REPO: ghcr.io/${{ github.repository }}
+  IMAGE_COMPUTE: ghcr.io/thinc-org/cugetreg/cugetreg-computation
+
+jobs:
+  release-note:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - uses: actions/cache@v2
+        id: yarn-cache # use this to check for `cache-hit` (`steps.yarn-cache.outputs.cache-hit != 'true'`)
+        with:
+          path: '**/node_modules'
+          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
+
+      - name: Install dependencies
+        if: steps.yarn-cache.outputs.cache-hit != 'true' && ${{ github.ref == 'refs/heads/beta' }}
+        run: yarn --fronzen-lockfile
+
+      - name: Release
+        if: ${{ github.ref == 'refs/heads/master' }}
+        run: npx semantic-release
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+
+  build-and-deploy:
+    strategy:
+      matrix:
+        node-version: [14.x]
+        platform: [ubuntu-latest]
+
+    runs-on: ${{ matrix.platform }}
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Docker login using Github Token
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta_main
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.IMAGE_REPO }}
+
+      - name: Build and Push Central Backend to GitHub Packages
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          tags: ${{ steps.meta_main.outputs.tags }}
+          labels: ${{ steps.meta_main.outputs.labels }}
+          cache-from: type=registry,ref=${{ env.IMAGE_REPO }}:buildcache
+          cache-to: type=registry,ref=${{ env.IMAGE_REPO }}:buildcache,mode=max
+          context: .
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta_computation
+        uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
+        with:
+          images: ${{ env.IMAGE_REPO }}
+
+      - name: Build and Push Computation Backend to GitHub Packages
+        uses: docker/build-push-action@v2
+        with:
+          push: true
+          tags: ${{ steps.meta_computation.outputs.tags }}
+          labels: ${{ steps.meta_computation.outputs.labels }}
+          cache-from: type=registry,ref=${{ env.IMAGE_COMPUTE }}:buildcache
+          cache-to: type=registry,ref=${{ env.IMAGE_COMPUTE }}:buildcache,mode=max
+          context: ./computation
+
+      - name: Connect SSLVPN
+        uses: thinc-org/openfortivpn-action@master
+        with:
+          host: ${{ secrets.SSLVPN_HOST }}
+          username: ${{ secrets.SSLVPN_USERNAME }}
+          password: ${{ secrets.SSLVPN_PASSWORD }}
+          trustedCert: ${{ secrets.SSLVPN_TRUSTED_CERT }}
+
+      - name: Deploy to VM
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.SSH_HOST }}
+          username: ${{ secrets.SSH_USERNAME }}
+          key: ${{ secrets.SSH_KEY }}
+          passphrase: ${{ secrets.SSH_PASSPHRASE }}
+          script: |
+            docker pull ${{ env.IMAGE_REPO }}:${{ steps.meta_main.outputs.version }}
+            docker pull ${{ env.IMAGE_COMPUTE }}:${{ steps.meta_computation.outputs.version }}
+            docker-compose up -d
+            if [[ "$(docker images --filter "dangling=true" -q)" == "" ]]; then
+              echo "No image with <none> tag"
+            else
+              docker rmi $(docker images --filter "dangling=true" -q) || true
+            fi