Create application update #513
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Create application update" | |
| on: | |
| # Test run before merging | |
| pull_request: | |
| branches: | |
| - main | |
| # On merged | |
| push: | |
| branches: | |
| - main | |
| # On released | |
| release: | |
| types: [created] | |
| jobs: | |
| build-docker: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| runs-on: ubuntu-22.04 | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| name: "Build and deploy" | |
| env: | |
| AWS_REGION: us-west-2 | |
| DEFAULT_BRANCH: main | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| with: | |
| ref: ${{github.event.pull_request.head.ref}} | |
| repository: ${{github.event.pull_request.head.repo.full_name}} | |
| fetch-depth: 0 | |
| - id: "auth" | |
| name: "Authenticate to Google Cloud" | |
| uses: "google-github-actions/auth@v1" | |
| with: | |
| token_format: "access_token" | |
| workload_identity_provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}" | |
| service_account: "${{ secrets.GCP_PRD_GITHUB_SA_GCS_CACHE }}" | |
| create_credentials_file: true | |
| - name: Configure bazel GCS cache | |
| run: | | |
| export BAZEL_REMOTE_CACHE_CREDENTIALS_JSON='${{ steps.auth.outputs.credentials_file_path }}' | |
| export BAZEL_REMOTE_CACHE_ENDPOINT='${{ vars.BAZEL_REMOTE_CACHE_ENDPOINT }}' | |
| python config/gcp_cs_cache.py | |
| shell: bash | |
| #### BEGIN PRODUCT CHANGES EVALUATION #### | |
| - name: Get changed files | |
| id: changed-files | |
| uses: tj-actions/changed-files@v35 | |
| with: | |
| dir_names: "true" | |
| json: true | |
| write_output_files: true | |
| - name: "Analyse project changes" | |
| id: project-changed | |
| run: | | |
| if [ "${{ contains(steps.changed-files.outputs.all_changed_and_modified_files, 'products/devex-apollo') }}" = "true" ]; then | |
| echo "devex-apollo=true" >> $GITHUB_OUTPUT | |
| fi | |
| #### END PRODUCT CHANGES EVALUATION #### | |
| - name: Preparing merged branches | |
| # Fetch the ref of the base branch, just the single commit. | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "Zilliqa Bot" | |
| echo "Running git checkout ${{ env.DEFAULT_BRANCH }}" | |
| git checkout ${{ env.DEFAULT_BRANCH }} | |
| git fetch --all --tags | |
| git pull --all | |
| # Checking out the base branch to make this our working branch and | |
| # merge the head | |
| echo "Running git checkout ${{ github.base_ref }}" | |
| git checkout ${{ github.base_ref }} | |
| git fetch --all --tags | |
| git pull --all | |
| python config/workspace-status.py | |
| - name: Committing head | |
| if: github.event_name == 'pull_request' | |
| env: | |
| HEAD_REF: ${{ github.head_ref }} | |
| # Fetch the ref of the base branch, just the single commit. | |
| run: | | |
| echo "Running git merge --squash ${{ env.HEAD_REF }}" | |
| git merge --squash ${{ env.HEAD_REF }} | |
| git add . -A | |
| git commit -m "Finish merge" | |
| python config/workspace-status.py | |
| - name: Install SSH key | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.SSH_SECRET_KET_MANIFESTS }} | |
| - name: Get tag version | |
| id: get-version | |
| run: | | |
| python config/workspace-status.py | grep FULL_VERSION_TAG | awk '{print $2}' > VERSION | |
| cat VERSION | |
| - name: Configure AWS Credentials - production | |
| if: github.event_name == 'release' && github.event.action == 'created' | |
| uses: Zilliqa/gh-actions-workflows/actions/configure-aws-credentials@v1 | |
| with: | |
| aws-region: us-west-2 | |
| role-to-assume: arn:aws:iam::298213327629:role/ecr-read-write | |
| oidc-role: ${{ secrets.OIDC_ROLE }} | |
| - name: Login to the registry - production | |
| if: github.event_name == 'release' && github.event.action == 'created' | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: 298213327629.dkr.ecr.us-west-2.amazonaws.com | |
| - name: "Build and push devex-apollo - production" | |
| if: github.event_name == 'release' && github.event.action == 'created' && steps.project-changed.outputs.devex-apollo == 'true' | |
| run: | | |
| VERSION=$(cat VERSION) | |
| docker build -t devex-apollo:local products/devex-apollo | |
| docker tag devex-apollo:local 298213327629.dkr.ecr.us-west-2.amazonaws.com/devex-apollo:$VERSION | |
| docker push 298213327629.dkr.ecr.us-west-2.amazonaws.com/devex-apollo:$VERSION | |
| ### BEGIN DEPLOYMENT STAGES | |
| - name: "Create application.bzl" | |
| run: | | |
| echo 'APPLICATIONS_PROD = [' > cd/applications.bzl | |
| if [ "${{ contains(steps.changed-files.outputs.all_changed_and_modified_files, 'products/devex-apollo') }}" = "true" ]; then | |
| echo ' "//products/devex-apollo",' >> cd/applications.bzl | |
| fi | |
| echo ']' >> cd/applications.bzl | |
| cat cd/applications.bzl | |
| - name: "Creating production update" | |
| if: github.event_name == 'release' && github.event.action == 'created' | |
| run: | | |
| bazelisk run //cd:update_production | |
| env: | |
| GITHUB_TOKEN: ${{ github.token }} | |
| DEVOPS_ACCESS_TOKEN: ${{ secrets.DEVOPS_ACCESS_TOKEN }} | |
| BUILD_URI_SUFFIX: ${{ github.head_ref }} |