forked from open-policy-agent/opa
-
Notifications
You must be signed in to change notification settings - Fork 0
195 lines (166 loc) · 6.02 KB
/
post-merge.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
name: Post Merge
on:
push:
branches:
- main
permissions:
contents: read
jobs:
generate:
permissions:
contents: write # for Git to git push
name: Sync Generated Code and Docs
runs-on: ubuntu-22.04
steps:
- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
token: ${{ secrets.GH_PUSH_TOKEN }} # required to push to protected branch below
- name: Generate
run: make clean generate docs-generate-cli-docs
- name: Commit & Push
shell: bash
run: |
# Commit any changes and push as needed.
# See https://github.com/actions/checkout#push-a-commit-using-the-built-in-token
AUTHOR=wasm-updater
git config user.name ${AUTHOR}
git config user.email ${AUTHOR}@github.com
# Prevent looping if the build was non-deterministic..
CAN_PUSH=1
if [[ "$(git log -1 --pretty=format:'%an')" == "${AUTHOR}" ]]; then
CAN_PUSH=0
fi
if ./build/commit-wasm-bins.sh; then
if [[ "${CAN_PUSH}" == "1" ]]; then
git push
else
echo "Previous commit was auto-generated -- Aborting!"
exit 1
fi
else
echo "No generated changes to push!"
fi
AUTHOR=cli-docs-updater
git config user.name ${AUTHOR}
git config user.email ${AUTHOR}@github.com
# Prevent looping if the build was non-deterministic..
CAN_PUSH=1
if [[ "$(git log -1 --pretty=format:'%an')" == "${AUTHOR}" ]]; then
CAN_PUSH=0
fi
if ./build/commit-cli-docs.sh; then
if [[ "${CAN_PUSH}" == "1" ]]; then
git push
else
echo "Previous commit was auto-generated -- Aborting!"
exit 1
fi
else
echo "No generated changes to push!"
fi
code-coverage:
name: Update Go Test Coverage
runs-on: ubuntu-22.04
needs: generate
steps:
- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Unit Test Golang
run: make ci-go-test-coverage
timeout-minutes: 30
release-build:
name: Release Build (linux, windows)
runs-on: ubuntu-22.04
needs: generate
steps:
- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Build Linux and Windows
run: make ci-go-ci-build-linux ci-go-ci-build-linux-static ci-go-ci-build-windows
timeout-minutes: 30
env:
TELEMETRY_URL: ${{ secrets.TELEMETRY_URL }}
- name: Build Linux arm64
run: make ci-go-ci-build-linux-static
timeout-minutes: 30
env:
GOARCH: arm64
TELEMETRY_URL: ${{ secrets.TELEMETRY_URL }}
- name: Upload binaries
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: always()
with:
name: binaries-linux-windows
path: _release
release-build-darwin:
name: Release Build (darwin)
runs-on: macos-14
needs: generate
steps:
- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: go_version
name: Read go version
run: echo "go_version=$(cat .go-version)" >> $GITHUB_OUTPUT
- name: Install Go (${{ steps.go_version.outputs.go_version }})
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version: ${{ steps.go_version.outputs.go_version }}
- name: Build Darwin
run: |
make ci-build-darwin GOARCH=amd64
make ci-build-darwin-arm64-static
timeout-minutes: 30
env:
TELEMETRY_URL: ${{ secrets.TELEMETRY_URL }}
- name: Upload binaries (darwin)
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: always()
with:
name: binaries-darwin
path: _release
deploy-edge:
name: Push Edge Release
runs-on: ubuntu-22.04
needs: [release-build, release-build-darwin]
steps:
- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Test
run: make ci-release-test
timeout-minutes: 60
- name: Download release binaries
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
pattern: binaries-*
merge-multiple: true
path: _release
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- name: Deploy OPA Edge
env:
DOCKER_USER: ${{ secrets.DOCKER_USER }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DOCKER_IMAGE: ${{ secrets.DOCKER_IMAGE }}
S3_RELEASE_BUCKET: ${{ secrets.S3_RELEASE_BUCKET }}
# Only run if required secrets are provided
if: ${{ env.S3_RELEASE_BUCKET && env.AWS_ACCESS_KEY_ID && env.AWS_SECRET_ACCESS_KEY && env.DOCKER_USER && env.DOCKER_PASSWORD }}
run: make deploy-ci
deploy-wasm-builder:
name: Deploy WASM Builder
runs-on: ubuntu-22.04
needs: generate
steps:
- name: Check out code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Build and Push opa-wasm-builder
env:
DOCKER_USER: ${{ secrets.DOCKER_USER }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
DOCKER_WASM_BUILDER_IMAGE: ${{ secrets.DOCKER_WASM_BUILDER_IMAGE }}
# Only run if required secrets are provided
if: ${{ env.DOCKER_USER && env.DOCKER_PASSWORD }}
run: make push-wasm-builder-image