Add isolated OAuth 2.0 + PKCE support for GPT Actions #171
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Backend CI/CD | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - master | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| branches: | |
| - main | |
| - master | |
| workflow_dispatch: | |
| env: | |
| IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/jobapplytracker-backend | |
| CONTAINER_NAME: job-tracker-app | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: backend-${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| test-and-build: | |
| name: Test and Build | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 40 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Java | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: corretto | |
| java-version: '21' | |
| cache: maven | |
| - name: Run tests and package JAR | |
| run: mvn -B -ntp clean verify | |
| - name: Print Surefire report summary on failure | |
| if: failure() | |
| run: | | |
| if [ -d target/surefire-reports ]; then | |
| echo "Collected Surefire reports:" | |
| find target/surefire-reports -maxdepth 1 -type f \( -name '*.txt' -o -name '*.xml' \) | |
| echo | |
| for report in target/surefire-reports/*.txt; do | |
| [ -f "$report" ] || continue | |
| echo "===== $report =====" | |
| sed -n '1,200p' "$report" | |
| echo | |
| done | |
| else | |
| echo "No target/surefire-reports directory found." | |
| fi | |
| - name: Upload Surefire reports | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: surefire-reports | |
| path: | | |
| target/surefire-reports/** | |
| **/*.dump | |
| **/*-jvmRun*.dump | |
| **/*.dumpstream | |
| if-no-files-found: warn | |
| retention-days: 14 | |
| - name: Upload packaged JAR | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: spring-boot-jar | |
| path: target/*.jar | |
| if-no-files-found: error | |
| retention-days: 14 | |
| publish-image: | |
| name: Publish Image | |
| needs: test-and-build | |
| if: ${{ github.event_name != 'pull_request' }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract image metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=latest | |
| type=sha,prefix=sha- | |
| - name: Build and push image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| deploy-vps: | |
| name: Deploy to VPS | |
| needs: publish-image | |
| if: ${{ github.event_name != 'pull_request' }} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 20 | |
| steps: | |
| - name: Deploy latest image over SSH | |
| uses: appleboy/ssh-action@v1.2.0 | |
| with: | |
| host: ${{ secrets['VPS_IP'] }} | |
| username: ${{ secrets['VPS_USER'] }} | |
| key: ${{ secrets['SSH_KEY'] }} | |
| port: 22 | |
| script_stop: true | |
| script: | | |
| set -eu | |
| cd /docker/jobpplytracker-api | |
| docker compose pull | |
| docker compose up -d --remove-orphans | |
| docker image prune -f |