Deploying a live Datasette demo when the tests pass
I’ve implemented this pattern a bunch of times now - here’s the version I’ve settled on for my datasette-auth0 plugin repository.
For publishing to Cloud Run, it needs two GitHub Actions secrets to be configured: GCP_SA_EMAIL and GCP_SA_KEY.
See below for publishing to Vercel.
In .github/workflows/test.yml:
name: Test
on: [push]
jobs: test: runs-on: ubuntu-latest strategy: matrix: python-version: ["3.7", "3.8", "3.9", "3.10", "3.11"] steps: - uses: actions/checkout@v3 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - uses: actions/cache@v3 name: Configure pip caching with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/setup.py') }} restore-keys: | ${{ runner.os }}-pip- - name: Install dependencies run: | pip install -e '.[test]' - name: Run tests run: | pytest deploy_demo: runs-on: ubuntu-latest needs: [test] if: github.ref == 'refs/heads/main' steps: - uses: actions/checkout@v3 - name: Set up Python 3.11 uses: actions/setup-python@v4 with: python-version: "3.11" cache: pip cache-dependency-path: "**/setup.py" - name: Install datasette run: pip install datasette - name: Set up Cloud Run uses: google-github-actions/setup-gcloud@v0 with: version: '275.0.0' service_account_email: ${{ secrets.GCP_SA_EMAIL }} service_account_key: ${{ secrets.GCP_SA_KEY }} - name: Deploy demo to Cloud Run env: CLIENT_SECRET: ${{ secrets.AUTH0_CLIENT_SECRET }} run: |- gcloud config set run/region us-central1 gcloud config set project datasette-222320 wget https://latest.datasette.io/fixtures.db datasette publish cloudrun fixtures.db \ --install https://github.com/simonw/datasette-auth0/archive/$GITHUB_SHA.zip \ --plugin-secret datasette-auth0 domain "datasette.us.auth0.com" \ --plugin-secret datasette-auth0 client_id "n9eaHS0ckIsujoyZNZ1wVgcPevjAcAXn" \ --plugin-secret datasette-auth0 client_secret "$CLIENT_SECRET" \ --about "datasette-auth0" \ --about_url "https://datasette.io/plugins/datasette-auth0" \ --service datasette-auth0-demoThe first job called test runs the Python tests in the repo. The second deploy_demo block is where things get interesting.
deploy_demo: runs-on: ubuntu-latest needs: [test] if: github.ref == 'refs/heads/main'The needs: [test] bit ensures this only runs if the tests pass first.
if: github.ref == 'refs/heads/main' causes the deploy to only run on pushes to the main branch.
The most interesting bit of the deploy command is this bit:
datasette publish cloudrun fixtures.db \--install https://github.com/simonw/datasette-auth0/archive/$GITHUB_SHA.zip \...$GITHUB_SHA is the commit hash that triggered the wokrflow. The --install line there constructs a URL to the zip archive of that version from the GitHub repository - so that exact version will be treated as a plugin and installed as part of deploying the Datasette demo instance.
Deploying to Vercel
This example deploys to Vercel instead. The key difference is this:
- name: Install datasette run: pip install datasette datasette-publish-vercel - name: Deploy demo to Vercel env: VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }} run: |- wget https://latest.datasette.io/fixtures.db datasette publish vercel fixtures.db \ --project datasette-hashed-urls \ --install https://github.com/simonw/datasette-hashed-urls/archive/$GITHUB_SHA.zip \ --token $VERCEL_TOKEN \ --scope datasetteThe --token $VERCEL_TOKEN passes a token created in the Vercel dashboard. I needed --scope datasette here because I was deploying to a Vercel team of that name - if deploying to your personal account you can leave this off.