feat: IAM Auth for RDS (#3559) #1073
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
tags: | |
- "v[0-9]+.[0-9]+.[0-9]+" | |
name: Automatically Build Release | |
jobs: | |
build-runners: | |
name: Build Runner Docker Images | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Init Hermit | |
uses: cashapp/activate-hermit@v1.1.3 | |
- name: Build Runner | |
run: | | |
just build-docker runner | |
mkdir -p artifacts/ftl-runner | |
docker save -o artifacts/ftl-runner/ftl-runner.tar ftl0/ftl-runner:latest | |
- name: Temporarily save Docker image | |
uses: actions/upload-artifact@v4 | |
with: | |
name: docker-runner-artifact | |
path: artifacts/ftl-runner/ftl-runner.tar | |
retention-days: 1 | |
- name: Build JVM Runner | |
run: | | |
just build-docker runner-jvm | |
mkdir -p artifacts/ftl-runner-jvm | |
docker save -o artifacts/ftl-runner-jvm/ftl-runner-jvm.tar ftl0/ftl-runner-jvm:latest | |
- name: Temporarily save JVM Docker image | |
uses: actions/upload-artifact@v4 | |
with: | |
name: docker-runner-jvm-artifact | |
path: artifacts/ftl-runner-jvm/ftl-runner-jvm.tar | |
retention-days: 1 | |
build-controller: | |
name: Build Controller Docker Image | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Init Hermit | |
uses: cashapp/activate-hermit@v1.1.3 | |
- name: Build | |
run: | | |
just build-docker controller | |
mkdir -p artifacts/ftl-controller | |
docker save -o artifacts/ftl-controller/ftl-controller.tar ftl0/ftl-controller:latest | |
- name: Temporarily save Docker image | |
uses: actions/upload-artifact@v4 | |
with: | |
name: docker-controller-artifact | |
path: artifacts/ftl-controller | |
retention-days: 1 | |
build-provisioner: | |
name: Build Provisioner Docker Image | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Init Hermit | |
uses: cashapp/activate-hermit@v1.1.3 | |
- name: Build | |
run: | | |
just build-docker provisioner | |
mkdir -p artifacts/ftl-provisioner | |
docker save -o artifacts/ftl-provisioner/ftl-provisioner.tar ftl0/ftl-provisioner:latest | |
- name: Temporarily save Docker image | |
uses: actions/upload-artifact@v4 | |
with: | |
name: docker-provisioner-artifact | |
path: artifacts/ftl-provisioner | |
retention-days: 1 | |
build-cron: | |
name: Build Cron Docker Image | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Init Hermit | |
uses: cashapp/activate-hermit@v1.1.3 | |
- name: Build | |
run: | | |
just build-docker cron | |
mkdir -p artifacts/ftl-cron | |
docker save -o artifacts/ftl-cron/ftl-cron.tar ftl0/ftl-cron:latest | |
- name: Temporarily save Docker image | |
uses: actions/upload-artifact@v4 | |
with: | |
name: docker-cron-artifact | |
path: artifacts/ftl-cron | |
retention-days: 1 | |
build-http-ingress: | |
name: Build HTTP Ingress Docker Image | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Init Hermit | |
uses: cashapp/activate-hermit@v1.1.3 | |
- name: Build | |
run: | | |
just build-docker http-ingress | |
mkdir -p artifacts/ftl-http-ingress | |
docker save -o artifacts/ftl-http-ingress/ftl-http-ingress.tar ftl0/ftl-http-ingress:latest | |
- name: Temporarily save Docker image | |
uses: actions/upload-artifact@v4 | |
with: | |
name: docker-http-ingress-artifact | |
path: artifacts/ftl-http-ingress | |
retention-days: 1 | |
release-docker: | |
name: Release Assets | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
needs: [build-runners, build-controller, build-provisioner, build-cron, build-http-ingress] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Init Hermit | |
uses: cashapp/activate-hermit@v1.1.3 | |
- name: Retrieve Runner Docker image | |
uses: actions/download-artifact@v4 | |
with: | |
name: docker-runner-artifact | |
path: artifacts/ftl-runner | |
- name: Retrieve JVM Runner Docker image | |
uses: actions/download-artifact@v4 | |
with: | |
name: docker-runner-jvm-artifact | |
path: artifacts/ftl-runner-jvm | |
- name: Retrieve Controller Docker image | |
uses: actions/download-artifact@v4 | |
with: | |
name: docker-controller-artifact | |
path: artifacts/ftl-controller | |
- name: Retrieve Provisioner Docker image | |
uses: actions/download-artifact@v4 | |
with: | |
name: docker-provisioner-artifact | |
path: artifacts/ftl-provisioner | |
- name: Retrieve Cron Docker image | |
uses: actions/download-artifact@v4 | |
with: | |
name: docker-cron-artifact | |
path: artifacts/ftl-cron | |
- name: Retrieve HTTP Ingress Docker image | |
uses: actions/download-artifact@v4 | |
with: | |
name: docker-http-ingress-artifact | |
path: artifacts/ftl-http-ingress | |
- name: Load Runner Docker image | |
run: docker load -i artifacts/ftl-runner/ftl-runner.tar | |
- name: Load JVM Runner Docker image | |
run: docker load -i artifacts/ftl-runner-jvm/ftl-runner-jvm.tar | |
- name: Load Controller Docker image | |
run: docker load -i artifacts/ftl-controller/ftl-controller.tar | |
- name: Load Provisioner Docker image | |
run: docker load -i artifacts/ftl-provisioner/ftl-provisioner.tar | |
- name: Load Cron Docker image | |
run: docker load -i artifacts/ftl-cron/ftl-cron.tar | |
- name: Load HTTP Ingress Docker image | |
run: docker load -i artifacts/ftl-http-ingress/ftl-http-ingress.tar | |
- name: Log in to the Container registry | |
uses: docker/login-action@v3 | |
with: | |
username: ftl0 | |
password: ${{ secrets.FTL_DOCKER_PUSH_TOKEN }} | |
- name: Push Docker Images | |
run: | | |
version="$(git describe --tags --abbrev=0)" | |
docker tag ftl0/ftl-runner:latest ftl0/ftl-runner:"$GITHUB_SHA" | |
docker tag ftl0/ftl-runner:latest ftl0/ftl-runner:"$version" | |
docker push -a ftl0/ftl-runner | |
docker tag ftl0/ftl-runner-jvm:latest ftl0/ftl-runner-jvm:"$GITHUB_SHA" | |
docker tag ftl0/ftl-runner-jvm:latest ftl0/ftl-runner-jvm:"$version" | |
docker push -a ftl0/ftl-runner-jvm | |
docker tag ftl0/ftl-controller:latest ftl0/ftl-controller:"$GITHUB_SHA" | |
docker tag ftl0/ftl-controller:latest ftl0/ftl-controller:"$version" | |
docker push -a ftl0/ftl-controller | |
docker tag ftl0/ftl-provisioner:latest ftl0/ftl-provisioner:"$GITHUB_SHA" | |
docker tag ftl0/ftl-provisioner:latest ftl0/ftl-provisioner:"$version" | |
docker push -a ftl0/ftl-provisioner | |
docker tag ftl0/ftl-cron:latest ftl0/ftl-cron:"$GITHUB_SHA" | |
docker tag ftl0/ftl-cron:latest ftl0/ftl-cron:"$version" | |
docker push -a ftl0/ftl-cron | |
docker tag ftl0/ftl-http-ingress:latest ftl0/ftl-http-ingress:"$GITHUB_SHA" | |
docker tag ftl0/ftl-http-ingress:latest ftl0/ftl-http-ingress:"$version" | |
docker push -a ftl0/ftl-http-ingress | |
create-go-release: | |
name: Release Go Binaries | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Init Hermit | |
uses: cashapp/activate-hermit@v1.1.3 | |
- name: Build Cache | |
uses: ./.github/actions/build-cache | |
- name: Build Console | |
run: just build-frontend | |
- name: Publish Go Binaries | |
run: | | |
just errtrace | |
just build ftl # Ensure all the prerequisites are built before we use goreleaser | |
just build-language-plugins | |
goreleaser release --skip=validate | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
FTL_HOMEBREW_TOKEN: ${{ secrets.FTL_HOMEBREW_TOKEN }} | |
create-jvm-releases: | |
name: Release JVM Artifacts | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Init Hermit | |
uses: cashapp/activate-hermit@v1.1.3 | |
- uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven- | |
- name: Set Version | |
working-directory: ./jvm-runtime/ftl-runtime | |
run: mvn versions:set -DnewVersion="$(echo ${{ github.ref_name }} | sed s/v//)" | |
- name: Build, Test, and Deploy to Maven Central | |
working-directory: ./jvm-runtime/ftl-runtime | |
run: | | |
# Maven deploy lifecycle will build, run tests, verify, sign, and deploy | |
mvn \ | |
deploy \ | |
-P ossrh,release \ | |
--batch-mode \ | |
--settings .maven_settings.xml | |
env: | |
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} | |
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} | |
SIGN_KEY_PASS: ${{ secrets.GPG_SECRET_PASSPHRASE }} | |
SIGN_KEY: ${{ secrets.GPG_SECRET_KEY }} | |
hermit-release: | |
name: Release Hermit | |
runs-on: ubuntu-latest | |
needs: [create-go-release] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
repository: TBD54566975/hermit-ftl | |
ref: "main" | |
token: ${{ secrets.FTL_HERMIT_AUTOVERSION }} | |
- name: Init Hermit | |
uses: cashapp/activate-hermit@v1.1.3 | |
- name: Setup Git Config | |
run: | | |
git config --global user.email "github-actions[bot]@users.noreply.github.com" | |
git config --global user.name "github-actions[bot]" | |
- name: Auto-version | |
run: | | |
hermit manifest auto-version ftl.hcl --update-digests | |
- name: Commit and Push | |
run: | | |
git add ftl.hcl | |
git commit -m "Auto-versioned" | |
git push origin main | |
vscode-release: | |
name: Release VSCode Extension | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Init Hermit | |
uses: cashapp/activate-hermit@v1.1.3 | |
- name: Publish | |
run: | | |
set -euo pipefail | |
version="$(git describe --tags --abbrev=0 | sed 's/^v//')" | |
echo "Publishing version $version" | |
jq --arg version "$version" '.version = $version' frontend/vscode/package.json > frontend/vscode/package.json.tmp | |
mv frontend/vscode/package.json.tmp frontend/vscode/package.json | |
just publish-extension | |
env: | |
VSCE_PAT: ${{ secrets.VSCE_PAT }} | |
helm-release: | |
name: Release Helm Charts | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
name: "Checkout Charts Repository" | |
with: | |
repository: '${{ github.repository_owner }}/ftl-charts' | |
token: '${{ secrets.FTL_CHARTS_TOKEN }}' | |
fetch-depth: 0 | |
- name: Checkout FTL | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
path: .ftl | |
- name: Init Hermit | |
uses: cashapp/activate-hermit@v1.1.3 | |
with: | |
working-directory: '.ftl' | |
- name: Configure Git | |
run: | | |
git config user.name "$GITHUB_ACTOR" | |
git config user.email "$GITHUB_ACTOR@users.noreply.github.com" | |
git config pull.rebase true | |
- name: Sync Charts to Charts Repository | |
run: | | |
cd .ftl | |
version="$(git describe --tags --abbrev=0 | sed 's/v//')" | |
just chart set-version "$version" | |
cd .. | |
rm -rf charts/ | |
cp -r .ftl/charts/ charts/ | |
git add charts | |
git commit -a -m "Update charts" | |
git push |