-
Notifications
You must be signed in to change notification settings - Fork 5
151 lines (132 loc) · 5.25 KB
/
ci-on-merge-main-or-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: "Create application update"
on:
# Test run before merging
pull_request:
branches:
- main
# On merged
push:
branches:
- main
# On released
release:
types: [created]
jobs:
build-docker:
permissions:
id-token: write
contents: write
runs-on: ubuntu-22.04
if: ${{ github.actor != 'dependabot[bot]' }}
name: "Build and deploy"
env:
AWS_REGION: us-west-2
DEFAULT_BRANCH: main
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
fetch-depth: 0
- id: "auth"
name: "Authenticate to Google Cloud"
uses: "google-github-actions/auth@v1"
with:
token_format: "access_token"
workload_identity_provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}"
service_account: "${{ secrets.GCP_PRD_GITHUB_SA_GCS_CACHE }}"
create_credentials_file: true
- name: Configure bazel GCS cache
run: |
export BAZEL_REMOTE_CACHE_CREDENTIALS_JSON='${{ steps.auth.outputs.credentials_file_path }}'
export BAZEL_REMOTE_CACHE_ENDPOINT='${{ vars.BAZEL_REMOTE_CACHE_ENDPOINT }}'
python config/gcp_cs_cache.py
shell: bash
#### BEGIN PRODUCT CHANGES EVALUATION ####
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v35
with:
dir_names: "true"
json: true
write_output_files: true
- name: "Analyse project changes"
id: project-changed
run: |
if [ "${{ contains(steps.changed-files.outputs.all_changed_and_modified_files, 'products/devex-apollo') }}" = "true" ]; then
echo "devex-apollo=true" >> $GITHUB_OUTPUT
fi
#### END PRODUCT CHANGES EVALUATION ####
- name: Preparing merged branches
# Fetch the ref of the base branch, just the single commit.
run: |
git config --global user.email "[email protected]"
git config --global user.name "Zilliqa Bot"
echo "Running git checkout ${{ env.DEFAULT_BRANCH }}"
git checkout ${{ env.DEFAULT_BRANCH }}
git fetch --all --tags
git pull --all
# Checking out the base branch to make this our working branch and
# merge the head
echo "Running git checkout ${{ github.base_ref }}"
git checkout ${{ github.base_ref }}
git fetch --all --tags
git pull --all
python config/workspace-status.py
- name: Committing head
if: github.event_name == 'pull_request'
env:
HEAD_REF: ${{ github.head_ref }}
# Fetch the ref of the base branch, just the single commit.
run: |
echo "Running git merge --squash ${{ env.HEAD_REF }}"
git merge --squash ${{ env.HEAD_REF }}
git add . -A
git commit -m "Finish merge"
python config/workspace-status.py
- name: Install SSH key
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.SSH_SECRET_KET_MANIFESTS }}
- name: Get tag version
id: get-version
run: |
python config/workspace-status.py | grep FULL_VERSION_TAG | awk '{print $2}' > VERSION
cat VERSION
- name: Configure AWS Credentials - production
if: github.event_name == 'release' && github.event.action == 'created'
uses: Zilliqa/gh-actions-workflows/actions/configure-aws-credentials@v1
with:
aws-region: us-west-2
role-to-assume: arn:aws:iam::298213327629:role/ecr-read-write
oidc-role: ${{ secrets.OIDC_ROLE }}
- name: Login to the registry - production
if: github.event_name == 'release' && github.event.action == 'created'
uses: docker/login-action@v2
with:
registry: 298213327629.dkr.ecr.us-west-2.amazonaws.com
- name: "Build and push devex-apollo - production"
if: github.event_name == 'release' && github.event.action == 'created' && steps.project-changed.outputs.devex-apollo == 'true'
run: |
VERSION=$(cat VERSION)
docker build -t devex-apollo:local products/devex-apollo
docker tag devex-apollo:local 298213327629.dkr.ecr.us-west-2.amazonaws.com/devex-apollo:$VERSION
docker push 298213327629.dkr.ecr.us-west-2.amazonaws.com/devex-apollo:$VERSION
### BEGIN DEPLOYMENT STAGES
- name: "Create application.bzl"
run: |
echo 'APPLICATIONS_PROD = [' > cd/applications.bzl
if [ "${{ contains(steps.changed-files.outputs.all_changed_and_modified_files, 'products/devex-apollo') }}" = "true" ]; then
echo ' "//products/devex-apollo",' >> cd/applications.bzl
fi
echo ']' >> cd/applications.bzl
cat cd/applications.bzl
- name: "Creating production update"
if: github.event_name == 'release' && github.event.action == 'created'
run: |
bazelisk run //cd:update_production
env:
GITHUB_TOKEN: ${{ github.token }}
DEVOPS_ACCESS_TOKEN: ${{ secrets.DEVOPS_ACCESS_TOKEN }}
BUILD_URI_SUFFIX: ${{ github.head_ref }}