Skip to content
Build tag and publish

[AN-169] Fix GHA step for pushing tags #17

Sign in to view logs

[AN-169] Fix GHA step for pushing tags

[AN-169] Fix GHA step for pushing tags #17

Workflow file for this run

.github/workflows/build_tag_publish.yml at 76be059
name: 'Build tag and publish'
on:
workflow_dispatch:
merge_group:
pull_request:
paths-ignore: [ '**.md' ]
push:
branches: [ develop ]
paths-ignore: [ '**.md' ]
jobs:
build-and-push-job:
runs-on: ubuntu-latest
permissions:
contents: 'write'
id-token: 'write'
outputs:
tag: ${{ steps.tag.outputs.tag }}
steps:
- name: Checkout current code
uses: actions/checkout@v4
- name: Set up Git
shell: bash
run: |
git config --global user.name 'broadbot'
git config --global user.email '[email protected]'
- name: Git secrets setup
run: |
git clone https://github.com/awslabs/git-secrets.git ~/git-secrets
cd ~/git-secrets
git checkout ad82d68ee924906a0401dfd48de5057731a9bc84
sudo make install
shell: bash
- name: Secrets check
run: |
sudo ln -s "$(which echo)" /usr/local/bin/say
./minnie-kenny.sh --force
git secrets --scan-history
shell: bash
- name: Check ref
shell: bash
run: |
git_refs_url=$(jq .repository.git_refs_url $GITHUB_EVENT_PATH | tr -d '"' | sed 's/{\/sha}//g')
echo $git_refs_url
# TODO: change RELEASE_BRANCHES to develop
- name: Bump the tag to a new version
uses: databiosphere/github-actions/actions/[email protected]
id: tag
env:
DEFAULT_BUMP: patch
GITHUB_TOKEN: ${{ secrets.BROADBOT_TOKEN }}
RELEASE_BRANCHES: .*
WITH_V: true
# - name: Construct Dockerhub and GCR image names
# id: image-name
# run: |
# echo "DOCKERHUB_NAME=broadinstitute/agora:${{ steps.tag.outputs.tag }}" >> $GITHUB_OUTPUT
# echo "GCR_NAME=gcr.io/broad-dsp-gcr-public/agora:${{ steps.tag.outputs.tag }}" >> $GITHUB_OUTPUT
#
# - name: Setup JDK
# uses: actions/setup-java@v4
# with:
# distribution: temurin
# java-version: 11
#
# - name: Build image
# run: |
# docker build -t ${{ steps.image-name.outputs.DOCKERHUB_NAME }} .
#
# - name: Login to Docker Hub
# uses: docker/login-action@v1
# with:
# username: dsdejenkins
# password: ${{ secrets.DSDEJENKINS_DOCKERHUB_PASSWORD }}
#
# - name: Push dockerhub image
# run: docker push ${{ steps.image-name.outputs.DOCKERHUB_NAME }}
#
# - name: Re-tag image for GCR
# run: docker tag ${{ steps.image-name.outputs.DOCKERHUB_NAME }} ${{ steps.image-name.outputs.GCR_NAME }}
#
# - name: Authenticate to Google Cloud
# id: 'auth'
# uses: google-github-actions/auth@v2
# with:
# # Centralized in dsp-tools-k8s; ask in #dsp-devops-champions for help troubleshooting
# workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider'
# service_account: '[email protected]'
#
# # Install gcloud, `setup-gcloud` automatically picks up authentication from `auth`
# - name: Set up Cloud SDK
# uses: google-github-actions/setup-gcloud@v2
#
# - name: Explicitly auth Docker for GCR
# run: gcloud auth configure-docker --quiet
#
# - name: Push GCR image
# run: docker push ${{ steps.image-name.outputs.GCR_NAME }}
# report-to-sherlock:
# # Report new Agora version to Sherlock and hence Beehive
# uses: broadinstitute/sherlock/.github/workflows/client-report-app-version.yaml@main
# needs: [ build-and-push-job ]
# with:
# new-version: ${{ needs.build-and-push-job.outputs.tag }}
# chart-name: 'agora'
# permissions:
# contents: 'read'
# id-token: 'write'
#
# set-version-in-dev:
# # Put new Agora version in dev environment
# uses: broadinstitute/sherlock/.github/workflows/client-set-environment-app-version.yaml@main
# needs: [ build-and-push-job, report-to-sherlock ]
# if: ${{ github.ref_name == 'develop' }}
# with:
# new-version: ${{ needs.build-and-push-job.outputs.tag }}
# chart-name: 'agora'
# environment-name: 'dev'
# secrets:
# sync-git-token: ${{ secrets.BROADBOT_TOKEN }}
# permissions:
# id-token: 'write'