Release to Production #1153
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release to Production | |
| # Run this workflow every time a new commit is pushed to the master branch | |
| # or a version branch (e.g. version-4-0) | |
| on: | |
| schedule: | |
| - cron: '0 20 * * 1-5' # At 12:00 PM PST (8 PM UTC), Monday through Friday | |
| - cron: '0 5 * * 2-6' # At 9:00 PM PST (5 AM UTC next day), Monday through Friday | |
| - cron: '0 20 * * 6' # At 12:00 PM PST (8 PM UTC next day), Saturday - Due to Security Buletin Publication | |
| - cron: '0 20 * * 0' # At 12:00 PM PST (8 PM UTC next day), Sunday - Due to Security Buletin Publication | |
| workflow_dispatch: | |
| inputs: | |
| useGitHubHostedLargeRunner: | |
| description: 'Use the GitHub-hosted large runner. Allowed values are true or false. Caution - this results in additional charges to the organization.' | |
| required: false | |
| default: 'false' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_S3_ACCESS_KEY }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_S3_SECRET_KEY }} | |
| AWS_DEFAULT_REGION: us-east-1 | |
| APPZI_TOKEN: ${{ secrets.APPZI_TOKEN }} | |
| FULLSTORY_ORGID: ${{ secrets.FULLSTORY_ORGID }} | |
| ALGOLIA_ADMIN_KEY: ${{ secrets.ALGOLIA_ADMIN_KEY }} | |
| ALGOLIA_APP_ID: ${{ secrets.ALGOLIA_APP_ID }} | |
| ALGOLIA_SEARCH_KEY: ${{ secrets.ALGOLIA_SEARCH_KEY }} | |
| ALGOLIA_INDEX_NAME: ${{ secrets.ALGOLIA_INDEX_NAME }} | |
| PALETTE_API_KEY: ${{ secrets.PALETTE_API_KEY }} | |
| DISABLE_PACKS_INTEGRATIONS: ${{ secrets.DISABLE_PACKS_INTEGRATIONS }} | |
| DISABLE_SECURITY_INTEGRATIONS: ${{ secrets.DISABLE_SECURITY_INTEGRATIONS }} | |
| DSO_AUTH_TOKEN: ${{ secrets.DSO_AUTH_TOKEN }} | |
| concurrency: | |
| group: production-${{ github.workflow }} | |
| cancel-in-progress: true | |
| jobs: | |
| # This is the default workflow that uses the self-hosted runner. The self-hosted runner is slower than the GitHub-hosted large runner, but it does not incurr additional charges. | |
| build-self-hosted-runner: | |
| if: ${{ github.event.inputs.useGitHubHostedLargeRunner != 'true' || github.event_name == 'schedule' }} | |
| name: Build Website (Self-Hosted Runner) | |
| runs-on: ["self-hosted", "linux", "x64", "vcenter3"] | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: "master" | |
| - name: Setup Node.js environment | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| cache: "npm" | |
| - run: npm ci | |
| - name: Build | |
| run: | | |
| touch .env | |
| make versions-ci | |
| make build-ci | |
| - name: Build with cached packs | |
| if: ${{ env.BUILD_EXIT_CODE == '5' }} | |
| uses: ./.github/actions/build-cached-packs | |
| with: | |
| gh-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload to AWS | |
| run: | | |
| aws s3 sync --cache-control 'public, max-age=604800' --exclude '*.html' --exclude '*.xml' --exclude build/scripts/ build/ s3://docs.spectrocloud.com --delete | |
| aws s3 sync --cache-control 'public, max-age=0, s-maxage=604800' build/ s3://docs.spectrocloud.com --delete | |
| aws cloudfront create-invalidation --distribution-id ${{ secrets.DISTRIBUTION_ID }} --paths "/*" | |
| # Use this workflow if you want to use the GitHub-hosted large runner. Useful for scenarios when you need a change to deploy faster than the self-hosted runner can build it. | |
| build-large-runner: | |
| if: ${{ github.event.inputs.useGitHubHostedLargeRunner == 'true' && github.event_name != 'schedule' }} | |
| name: Build Website (GitHub-Hosted Large Runner) | |
| runs-on: | |
| group: 'Doc Runners' | |
| labels: docbot | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: "master" | |
| - name: Setup Node.js environment | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| cache: "npm" | |
| - run: npm ci | |
| - name: Versions | |
| run: | | |
| - name: Build | |
| run: | | |
| touch .env | |
| make versions-ci | |
| make build-ci | |
| - name: Build with cached packs | |
| if: ${{ env.BUILD_EXIT_CODE == '5' }} | |
| uses: ./.github/actions/build-cached-packs | |
| with: | |
| gh-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload to AWS | |
| run: | | |
| aws s3 sync --cache-control 'public, max-age=604800' --exclude '*.html' --exclude '*.xml' --exclude build/scripts/ build/ s3://docs.spectrocloud.com --delete | |
| aws s3 sync --cache-control 'public, max-age=0, s-maxage=604800' build/ s3://docs.spectrocloud.com --delete | |
| aws cloudfront create-invalidation --distribution-id ${{ secrets.DISTRIBUTION_ID }} --paths "/*" | |
| release: | |
| name: "Release" | |
| if: always() && (needs.build-large-runner.result == 'success' || needs.build-self-hosted-runner.result == 'success') | |
| needs: [build-self-hosted-runner,build-large-runner] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - id: checkout | |
| name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Retrieve Credentials | |
| id: import-secrets | |
| uses: hashicorp/vault-action@v3.0.0 | |
| with: | |
| url: https://vault.prism.spectrocloud.com | |
| method: approle | |
| roleId: ${{ secrets.VAULT_ROLE_ID }} | |
| secretId: ${{ secrets.VAULT_SECRET_ID }} | |
| secrets: /providers/github/organizations/spectrocloud/token?org_name=spectrocloud token | VAULT_GITHUB_TOKEN | |
| - name: Setup Nodejs | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| cache: "npm" | |
| - name: Install dependencies | |
| run: npm ci | |
| - name: "release" | |
| env: | |
| GITHUB_TOKEN: ${{ steps.import-secrets.outputs.VAULT_GITHUB_TOKEN }} | |
| run: npx semantic-release |