chore(release): [skip-github-pipeline] #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to production | |
| on: | |
| # create: | |
| # tags: | |
| # - "^peerlab@[0-9]+.[0-9]+.[0-9]+$" | |
| push: | |
| branches: | |
| - production | |
| jobs: | |
| check-branch: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check branch | |
| run: | | |
| BRANCHES=$(curl -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/${{ github.repository }}/commits/${{ github.sha }}/branches-where-head) | |
| echo "Branches:" $BRANCHES | |
| if [[ $BRANCHES != *"production"* ]]; then | |
| echo "Tag is not on the production branch, cancelling workflow." | |
| exit 1 | |
| fi | |
| # build-researchers-peers-rest-api: | |
| # runs-on: ubuntu-latest | |
| # needs: [check-branch] | |
| # # environment: | |
| # # name: core-platform-shell-iac-production # Requires permission to proceed | |
| # strategy: | |
| # matrix: | |
| # node-version: [18] | |
| # npm-version: [8] | |
| # yarn-version: ["1.22.x"] | |
| # pnpm-version: [8] | |
| # steps: | |
| # - name: Checkout code | |
| # uses: actions/checkout@v3 | |
| # if: ${{ github.event_name != 'pull_request' }} | |
| # with: | |
| # fetch-depth: 0 # This is important to get all history for all branches | |
| # ref: production | |
| # - name: Detect package manager | |
| # id: package_manager | |
| # run: | | |
| # echo "package_manager=$([[ -f ./yarn.lock ]] && echo "yarn" || ([[ -f ./pnpm-lock.yaml ]] && echo "pnpm") || echo "npm")" >> $GITHUB_ENV | |
| # - name: Set node/npm/yarn versions using volta | |
| # uses: volta-cli/action@v3 | |
| # with: | |
| # node-version: "${{ matrix.node-version }}" | |
| # npm-version: "${{ matrix.npm-version }}" | |
| # yarn-version: "${{ matrix.yarn-version }}" | |
| # pnpm-version: "${{ matrix.pnpm-version }}" | |
| # - name: Install PNPM | |
| # if: env.package_manager == 'pnpm' | |
| # uses: pnpm/action-setup@v2.2.1 | |
| # with: | |
| # version: "${{ matrix.pnpm-version }}" | |
| # - name: Print node/npm/yarn/pnpm versions | |
| # id: versions | |
| # run: | | |
| # node_ver=$( node --version ) | |
| # yarn_ver=$( yarn --version || true ) | |
| # pnpm_ver=$( pnpm --version || true ) | |
| # echo "Node: ${node_ver:1}" | |
| # echo "NPM: $(npm --version )" | |
| # if [[ $yarn_ver != '' ]]; then echo "Yarn: $yarn_ver"; fi | |
| # if [[ $pnpm_ver != '' ]]; then echo "PNPM: $pnpm_ver"; fi | |
| # echo "node_version=${node_ver:1}" >> $GITHUB_ENV | |
| # - name: Use the node_modules cache if available [npm] | |
| # if: env.package_manager == 'npm' | |
| # uses: actions/cache@v2 | |
| # with: | |
| # path: ~/.npm | |
| # key: ${{ runner.os }}-node-${{ env.node_version }}-${{ hashFiles('**/package-lock.json') }} | |
| # restore-keys: | | |
| # ${{ runner.os }}-node-${{ env.node_version }}- | |
| # - name: Use the node_modules cache if available [pnpm] | |
| # if: env.package_manager == 'pnpm' | |
| # uses: actions/cache@v2 | |
| # with: | |
| # path: ~/.pnpm-store | |
| # key: ${{ runner.os }}-node-${{ env.node_version }}-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| # restore-keys: | | |
| # ${{ runner.os }}-node-${{ env.node_version }}- | |
| # - name: Get yarn cache directory path | |
| # if: env.package_manager == 'yarn' | |
| # id: yarn-cache-dir-path | |
| # run: echo "yarn_cache_dir_path=$(yarn cache dir)" >> $GITHUB_ENV | |
| # - name: Use the node_modules cache if available [yarn] | |
| # if: env.package_manager == 'yarn' | |
| # uses: actions/cache@v2 | |
| # with: | |
| # path: ${{ env.yarn_cache_dir_path }} | |
| # key: ${{ runner.os }}-node-${{ env.node_version }}-yarn-${{ hashFiles('**/yarn.lock') }} | |
| # restore-keys: | | |
| # ${{ runner.os }}-node-${{ env.node_version }}- | |
| # - name: Install dependencies | |
| # run: | | |
| # if [ "${{ env.package_manager == 'yarn' }}" == "true" ]; then | |
| # echo "Running yarn install --frozen-lockfile" | |
| # yarn install --frozen-lockfile | |
| # elif [ "${{ env.package_manager == 'pnpm' }}" == "true" ]; then | |
| # echo "Running pnpm install --frozen-lockfile" | |
| # pnpm install --frozen-lockfile | |
| # else | |
| # echo "Running npm ci" | |
| # npm ci | |
| # fi | |
| # - name: Extract environment name | |
| # run: | | |
| # if [[ "${{ github.event_name }}" == "push" ]]; then | |
| # branch_name=${GITHUB_REF#refs/heads/} | |
| # echo "branch_name:" $branch_name | |
| # elif [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
| # branch_name=${GITHUB_HEAD_REF} | |
| # echo "branch_name:" $branch_name | |
| # else | |
| # # If the event is a tag push, then checkout the tag and find the branch that contains the tag | |
| # git fetch --depth=1 origin +refs/tags/*:refs/tags/* | |
| # git checkout "${GITHUB_REF#refs/tags/}" | |
| # branch_name=$(git branch -r --contains tags/${GITHUB_REF#refs/tags/} | sed -n 's/origin\///p' | head -n1) | |
| # echo "branch_name:" $branch_name | |
| # fi | |
| # trimmed_branch_name=$(echo "$branch_name" | sed 's/^[ -]*//' | sed 's/[ -]*$//') # Remove trailing and leading spaces and dashes | |
| # parsed_branch_name=$(echo "$trimmed_branch_name" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9]/-/g') # Replace special characters with dashes, and upper case letters by lowercase letters | |
| # echo "parsed_branch_name:" $parsed_branch_name | |
| # echo "environment_name=$parsed_branch_name" >> $GITHUB_ENV | |
| # - name: Check if app was affected | |
| # run: | | |
| # bash scripts/nx/check-if-app-was-affected.sh --project-name=researchers-peers-svc-rest-api --file-path=$GITHUB_ENV | |
| # - name: Get short commit hash | |
| # if: ${{ env.affected == 'true' }} | |
| # run: | | |
| # SHORT_SHA=${{ github.sha }} | |
| # echo "short_commit_sha=${SHORT_SHA:0:8}" >> $GITHUB_ENV | |
| # - name: Set up Docker Buildx | |
| # if: ${{ env.affected == 'true' }} | |
| # uses: docker/setup-buildx-action@v2 | |
| # - name: Login to Google Container Registry | |
| # if: ${{ env.affected == 'true' }} | |
| # uses: docker/login-action@v2 | |
| # with: | |
| # registry: ${{ secrets.GCP_LOCATION }}-docker.pkg.dev | |
| # username: _json_key | |
| # password: ${{ secrets.GCP_TF_ADMIN_SERVICE_ACCOUNT_KEY }} | |
| # - name: Build and push Docker image | |
| # if: ${{ env.affected == 'true' }} | |
| # uses: docker/build-push-action@v4 | |
| # with: | |
| # context: . | |
| # file: ./apps/researchers/peers/svc-rest-api/Dockerfile | |
| # push: true | |
| # no-cache: true | |
| # tags: | | |
| # ${{ secrets.GCP_LOCATION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/${{ secrets.GCP_DOCKER_ARTIFACT_REPOSITORY_NAME }}/${{ env.IMAGE_NAME }}:${{ env.environment_name }} | |
| # ${{ secrets.GCP_LOCATION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/${{ secrets.GCP_DOCKER_ARTIFACT_REPOSITORY_NAME }}/${{ env.IMAGE_NAME }}:${{ env.short_commit_sha }} | |
| # env: | |
| # IMAGE_NAME: researchers-peers-svc-rest-api | |
| # build-core-platform-experiments: | |
| # needs: [check-branch] | |
| # runs-on: ubuntu-latest | |
| # # environment: | |
| # # name: core-platform-shell-iac-preview | |
| # env: | |
| # IMAGE_NAME: core-platform-experiments | |
| # strategy: | |
| # matrix: | |
| # node-version: [18] | |
| # pnpm-version: [8] | |
| # steps: | |
| # - name: Checkout code | |
| # uses: actions/checkout@v3 | |
| # with: | |
| # fetch-depth: 0 # This is important to get all history for all branches | |
| # - name: Override fake nx token | |
| # run: | | |
| # bash scripts/nx/set-token.sh --access-token=${{ secrets.NX_ACCESS_TOKEN }} | |
| # - name: Extract environment name | |
| # run: | | |
| # if [[ "${{ github.event_name }}" == "push" ]]; then | |
| # branch_name=${GITHUB_REF#refs/heads/} | |
| # echo "branch_name:" $branch_name | |
| # elif [[ "${{ github.event_name }}" == "pull_request" ]]; then | |
| # branch_name=${GITHUB_HEAD_REF} | |
| # echo "branch_name:" $branch_name | |
| # else | |
| # # If the event is a tag push, then checkout the tag and find the branch that contains the tag | |
| # git fetch --depth=1 origin +refs/tags/*:refs/tags/* | |
| # git checkout "${GITHUB_REF#refs/tags/}" | |
| # branch_name=$(git branch -r --contains tags/${GITHUB_REF#refs/tags/} | sed -n 's/origin\///p' | head -n1) | |
| # echo "branch_name:" $branch_name | |
| # fi | |
| # trimmed_branch_name=$(echo "$branch_name" | sed 's/^[ -]*//' | sed 's/[ -]*$//') # Remove trailing and leading spaces and dashes | |
| # parsed_branch_name=$(echo "$trimmed_branch_name" | tr '[:upper:]' '[:lower:]' | sed 's/[^a-z0-9]/-/g') # Replace special characters with dashes, and upper case letters by lowercase letters | |
| # echo "parsed_branch_name:" $parsed_branch_name | |
| # echo "environment_name=$parsed_branch_name" >> $GITHUB_ENV | |
| # echo "environment_name:" $parsed_branch_name | |
| # - name: Get short commit hash | |
| # run: | | |
| # SHORT_SHA=${{ github.sha }} | |
| # echo "short_commit_sha=${SHORT_SHA:0:8}" >> $GITHUB_ENV | |
| # - name: Save GCP credentials to file | |
| # run: | | |
| # echo '${{ secrets.GCP_TF_ADMIN_SERVICE_ACCOUNT_KEY }}' > apps/core/platform-shell-iac/credentials.json | |
| # - id: "auth" | |
| # name: "Authenticate to Google Cloud" | |
| # uses: "google-github-actions/auth@v1" | |
| # with: | |
| # credentials_json: ${{ secrets.GCP_TF_ADMIN_SERVICE_ACCOUNT_KEY }} | |
| # - name: Check if Docker image exists | |
| # id: check_image | |
| # run: | | |
| # IMAGE_EXISTS=$(gcloud container images list-tags ${{ secrets.GCP_LOCATION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/${{ secrets.GCP_DOCKER_ARTIFACT_REPOSITORY_NAME }}/${{ env.IMAGE_NAME }} --filter="tags:${{ env.parsed_branch_name }}" --format=json | jq '. | length') | |
| # if [ $IMAGE_EXISTS -eq 0 ]; then | |
| # echo "is_existing_image=false" >> $GITHUB_ENV | |
| # else | |
| # echo "is_existing_image=true" >> $GITHUB_ENV | |
| # fi | |
| # - name: Detect package manager | |
| # if: ${{ env.is_existing_image == 'true' }} | |
| # id: package_manager | |
| # run: | | |
| # echo "package_manager=pnpm" >> $GITHUB_ENV | |
| # - name: Set node/npm/yarn/pnpm versions using volta | |
| # if: ${{ env.is_existing_image == 'true' }} | |
| # uses: volta-cli/action@v3 | |
| # with: | |
| # node-version: "${{ matrix.node-version }}" | |
| # pnpm-version: "${{ matrix.pnpm-version }}" | |
| # - name: Install PNPM | |
| # if: ${{ env.is_existing_image == 'true'}} | |
| # uses: pnpm/action-setup@v2.2.1 | |
| # with: | |
| # version: "${{ matrix.pnpm-version }}" | |
| # - name: Print node/pnpm versions | |
| # if: ${{ env.is_existing_image == 'true' }} | |
| # id: versions | |
| # run: | | |
| # node_ver=$( node --version ) | |
| # pnpm_ver=$( pnpm --version || true ) | |
| # echo "Node: ${node_ver:1}" | |
| # echo "PNPM: $pnpm_ver" | |
| # echo "node_version=${node_ver:1}" >> $GITHUB_ENV | |
| # - name: Use the node_modules cache if available [pnpm] | |
| # if: ${{ env.is_existing_image == 'true'}} | |
| # uses: actions/cache@v2 | |
| # with: | |
| # path: ~/.pnpm-store | |
| # key: ${{ runner.os }}-node-${{ env.node_version }}-${{ hashFiles('**/pnpm-lock.yaml') }} | |
| # restore-keys: | | |
| # ${{ runner.os }}-node-${{ env.node_version }}- | |
| # - name: Check if app was affected | |
| # if: ${{ env.is_existing_image == 'true' }} | |
| # run: | | |
| # bash scripts/nx/check-if-app-was-affected.sh --project-name=researchers-peers-svc-rest-api --file-path=$GITHUB_ENV | |
| # - name: Set up Docker Buildx | |
| # if: ${{ env.affected == 'true' || env.is_existing_image == 'false' }} | |
| # uses: docker/setup-buildx-action@v2 | |
| # - name: Login to Google Container Registry | |
| # if: ${{ env.affected == 'true' || env.is_existing_image == 'false' }} | |
| # uses: docker/login-action@v2 | |
| # with: | |
| # registry: ${{ secrets.GCP_LOCATION }}-docker.pkg.dev | |
| # username: _json_key | |
| # password: ${{ secrets.GCP_TF_ADMIN_SERVICE_ACCOUNT_KEY }} | |
| # - name: Build and push Docker image | |
| # if: ${{ env.affected == 'true' || env.is_existing_image == 'false' }} | |
| # uses: docker/build-push-action@v4 | |
| # with: | |
| # context: . | |
| # file: ./apps/core/platform-experiments/Dockerfile | |
| # push: true | |
| # no-cache: true # TODO: Check if this is necessary | |
| # # build-args: BRANCH_NAME=${{ env.branch_name }} # Comment out this line if you don't need to use nx remote cache within your container | |
| # tags: | | |
| # ${{ secrets.GCP_LOCATION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/${{ secrets.GCP_DOCKER_ARTIFACT_REPOSITORY_NAME }}/${{ env.IMAGE_NAME }}:${{ env.environment_name }} | |
| # ${{ secrets.GCP_LOCATION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/${{ secrets.GCP_DOCKER_ARTIFACT_REPOSITORY_NAME }}/${{ env.IMAGE_NAME }}:${{ env.short_commit_sha }} | |
| # - name: Override nx token back to fake value # Avoid leaking the token | |
| # run: | | |
| # bash scripts/nx/set-token.sh --access-token=fake-token | |
| deploy: | |
| # needs: [build-researchers-peers-rest-api, build-core-platform-experiments] | |
| needs: [check-branch] | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ${{ github.workspace }} | |
| steps: | |
| - name: Get short commit hash | |
| run: | | |
| SHORT_SHA=${{ github.sha }} | |
| echo "short_commit_sha=${SHORT_SHA:0:8}" >> $GITHUB_ENV | |
| - name: Checkout production branch | |
| uses: actions/checkout@v3 | |
| - name: Save GCP credentials to file | |
| run: | | |
| echo '${{ secrets.GCP_TF_ADMIN_SERVICE_ACCOUNT_KEY }}' > apps/core/platform-shell-iac/production/credentials.json | |
| - id: "auth" | |
| name: "Authenticate to Google Cloud" | |
| uses: "google-github-actions/auth@v1" | |
| with: | |
| credentials_json: ${{ secrets.GCP_TF_ADMIN_SERVICE_ACCOUNT_KEY }} | |
| - name: Install gcloud CLI | |
| run: | | |
| curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-441.0.0-linux-x86_64.tar.gz | |
| tar -xf google-cloud-cli-441.0.0-linux-x86_64.tar.gz | |
| ./google-cloud-sdk/install.sh --quiet | |
| - name: Authenticate with gcloud cli | |
| run: | | |
| gcloud auth activate-service-account --key-file=apps/core/platform-shell-iac/production/credentials.json | |
| # - name: "Set up Cloud SDK" | |
| # uses: "google-github-actions/setup-gcloud@v1" | |
| # with: | |
| # version: ">= 441.0.0" | |
| - name: Set up Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| - name: Terraform init | |
| run: | | |
| echo "Running terraform init..." | |
| echo "" | |
| terraform init | |
| working-directory: apps/core/platform-shell-iac/production | |
| - name: Terraform validate | |
| run: | | |
| echo "Running terraform validate..." | |
| terraform validate | |
| working-directory: apps/core/platform-shell-iac/production | |
| - name: Terraform Plan | |
| run: | | |
| echo "Running terraform plan..." | |
| echo "Commit Hash: ${{ env.short_commit_sha }}" | |
| terraform plan -out=tfplan -var "gcp_project_id=${{ secrets.GCP_PROJECT_ID }}" -var "gcp_location=${{ secrets.GCP_LOCATION }}" -var "short_commit_sha=${{ env.short_commit_sha }}" -var "vercel_api_token=${{ secrets.VERCEL_API_TOKEN }}" -var "mongodb_atlas_public_key=${{ secrets.MONGODB_ATLAS_PUBLIC_KEY }}" -var "mongodb_atlas_private_key=${{ secrets.MONGODB_ATLAS_PRIVATE_KEY }}" -var "mongodb_atlas_org_id=${{ secrets.MONGODB_ATLAS_ORG_ID }}" -var "support_account_email=${{ secrets.SUPPORT_ACCOUNT_EMAIL }}" -var "auth0_api_token=${{ secrets.AUTH0_API_TOKEN }}" -var "auth0_domain=${{ secrets.AUTH0_DOMAIN }}" -var "auth0_debug=${{ secrets.AUTH0_DEBUG }}" -var "owner_account_email=${{ secrets.OWNER_ACCOUNT_EMAIL }}" -var "gcp_billing_account_id=${{ secrets.GCP_BILLING_ACCOUNT_ID }}" -var "gcp_organization_id=${{ secrets.GCP_ORGANIZATION_ID }}" | |
| working-directory: apps/core/platform-shell-iac/production | |
| - name: Terraform Apply | |
| run: | | |
| echo "Running terraform apply..." | |
| terraform apply -auto-approve tfplan | |
| working-directory: apps/core/platform-shell-iac/production | |
| - name: Emmit Compass Deployment event | |
| run: | | |
| bash scripts/compass/emmit-deployment-event.sh --atlassian-domain=${{ secrets.ATLASSIAN_DOMAIN }} --atlassian-cloud-id=${{ secrets.ATLASSIAN_CLOUD_ID }} --atlassian-user-email=${{ secrets.ATLASSIAN_USER_EMAIL }} --atlassian-user-api-token=${{ secrets.ATLASSIAN_USER_API_TOKEN }} --compass-external-event-source-id=${{ secrets.COMPASS_EXTERNAL_EVENT_SOURCE_ID }} --pipeline-run-id=${GITHUB_RUN_ID} --repository-name=${GITHUB_REPOSITORY} |