forked from gooddata/gooddata-ui-sdk
-
Notifications
You must be signed in to change notification settings - Fork 0
145 lines (140 loc) · 5.7 KB
/
post-merge-pipeline.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
# (C) 2023 GoodData Corporation
name: Build web component's container image
on:
push:
branches: ["master", "release", "hotfix/tiger", "hotfix/panther", "fast_track"]
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
env:
WEB_COMPONENTS_DIR: libs/sdk-ui-web-components
jobs:
build-web-components:
if: ${{ startsWith(github.event.head_commit.message, 'Release ') }}
runs-on: [infra1-medium] # need the bigger runner than small because Web component build consume more resource
permissions:
contents: read
id-token: write
container:
image: 020413372491.dkr.ecr.us-east-1.amazonaws.com/3rdparty/library/node:18
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Add repository to git safe directories to avoid dubious ownership issue
run: git config --global --add safe.directory $GITHUB_WORKSPACE
- name: Cache pnpm dependencies
id: cache-pnpm
uses: actions/cache@v3
with:
key: web-components-${{ hashFiles('common/config/rush/pnpm-lock.yaml') }}
path: |
common/temp/node_modules
common/temp/pnpm-store
- name: Run build web components app
run: |
npm i -g @microsoft/rush
rush install
rush build --to @gooddata/sdk-ui-web-components
tar czvf ./libs/sdk-ui-web-components/web-components.tar.gz -C ./$WEB_COMPONENTS_DIR/esm .
- name: Archive the build artifact
uses: actions/upload-artifact@v3
with:
name: web-components-artifact
path: ./${{ env.WEB_COMPONENTS_DIR }}/web-components.tar.gz
docker-build-web-components:
runs-on: [infra1-small]
needs: [build-web-components]
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Set SHORT SHA and BRANCH ESCAPE REF NAME to ENV Variable to use for image tag later
run: |
echo "GITHUB_SHORT_SHA=${GITHUB_SHA::8}" >> $GITHUB_ENV
echo "GITHUB_ESCAPE_REF_NAME=${GITHUB_REF_NAME/\//-}" >> $GITHUB_ENV
- name: Set up QEMU to add multiplatform support
uses: docker/setup-qemu-action@v2
- name: Create docker context
run: |
docker context create builder
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
with:
endpoint: builder
- name: Get Vault secrets for ECR
uses: hashicorp/vault-action@v2
with:
url: "https://vault.ord1.infra.intgdc.com"
method: jwt
path: jwt/github
role: ecr-push
secrets: |
secret/data/v2/data-special/infra1-user-ecr-rw aws_ecr_access_key | AWS_ACCESS_KEY ;
secret/data/v2/data-special/infra1-user-ecr-rw aws_ecr_secret_key | AWS_SECRET_KEY ;
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY }}
aws-secret-access-key: ${{ env.AWS_SECRET_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- uses: actions/download-artifact@v3
with:
name: web-components-artifact
path: ./${{ env.WEB_COMPONENTS_DIR }}
- name: Docker build and push image
uses: docker/build-push-action@v4
with:
context: ./${{ env.WEB_COMPONENTS_DIR }}
file: ./${{ env.WEB_COMPONENTS_DIR }}/Dockerfile
platforms: |
linux/amd64
linux/arm64
push: true
tags: |
020413372491.dkr.ecr.us-east-1.amazonaws.com/nas-testing/${{ github.event.repository.name }}:${{ env.GITHUB_ESCAPE_REF_NAME }}
020413372491.dkr.ecr.us-east-1.amazonaws.com/nas-testing/${{ github.event.repository.name }}:${{ env.GITHUB_SHORT_SHA }}
outputs:
github_short_sha: ${{ env.GITHUB_SHORT_SHA }}
generate-update:
runs-on: [infra1-small]
permissions:
contents: read
id-token: write
needs: [docker-build-web-components]
container:
image: 020413372491.dkr.ecr.us-east-1.amazonaws.com/infra/tools:3.5.0
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Add repository to git safe directories to void dubious ownership issue
run: git config --global --add safe.directory $GITHUB_WORKSPACE
- name: Get the commit before SHA
run: echo "GITHUB_COMMIT_BEFORE_SHA=$(git rev-parse HEAD^)" >> $GITHUB_ENV
- name: Get Vault secrets for creating MR to gdc-nas gitlab project
uses: hashicorp/vault-action@v2
with:
url: "https://vault.ord1.infra.intgdc.com"
method: jwt
path: jwt/github
role: front-end
secrets: |
secret/data/v3/int/github/github-runner-gitlab-token gitlab_approver_token | GITLAB_APPROVER_TOKEN ;
secret/data/v3/int/github/github-runner-gitlab-token gitlab_merger_token | GITLAB_MERGER_TOKEN ;
- name: Generate MR with a new version of web-components image to gdc-nas
run: /scripts/update_ext_image_version.py web-components
env:
CI_API_V4_URL: https://gitlab.com/api/v4
CI_PROJECT_NAME: ${{ github.event.repository.name }}
CI_COMMIT_SHORT_SHA: ${{ needs.docker-build-web-components.outputs.github_short_sha }}
CI_COMMIT_BEFORE_SHA: ${{ env.GITHUB_COMMIT_BEFORE_SHA }}
CI_COMMIT_BRANCH: ${{ github.ref_name }}
GITLAB_APPROVER_TOKEN: ${{ env.GITLAB_APPROVER_TOKEN }}
GITLAB_MERGER_TOKEN: ${{ env.GITLAB_MERGER_TOKEN }}