Deploy #974
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy | |
on: | |
workflow_dispatch: | |
inputs: | |
flavor: | |
description: 'Select what enverionment to deploy to' | |
type: choice | |
default: canary | |
options: | |
- canary | |
- beta | |
- stable | |
- internal | |
env: | |
APP_NAME: affine | |
NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }} | |
jobs: | |
build-server: | |
name: Build Server | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Version | |
id: version | |
uses: ./.github/actions/setup-version | |
- name: Setup Node.js | |
uses: ./.github/actions/setup-node | |
with: | |
electron-install: false | |
extra-flags: workspaces focus @affine/server | |
- name: Build Server | |
run: yarn workspace @affine/server build | |
- name: Upload server dist | |
uses: actions/upload-artifact@v4 | |
with: | |
name: server-dist | |
path: ./packages/backend/server/dist | |
if-no-files-found: error | |
build-core: | |
name: Build @affine/core | |
runs-on: ubuntu-latest | |
environment: ${{ github.event.inputs.flavor }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Version | |
id: version | |
uses: ./.github/actions/setup-version | |
- name: Setup Node.js | |
uses: ./.github/actions/setup-node | |
- name: Build Core | |
run: yarn nx build @affine/core --skip-nx-cache | |
env: | |
R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} | |
R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} | |
R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
BUILD_TYPE: ${{ github.event.inputs.flavor }} | |
SHOULD_REPORT_TRACE: true | |
TRACE_REPORT_ENDPOINT: ${{ secrets.TRACE_REPORT_ENDPOINT }} | |
CAPTCHA_SITE_KEY: ${{ secrets.CAPTCHA_SITE_KEY }} | |
SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }} | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }} | |
- name: Upload core artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: core | |
path: ./packages/frontend/core/dist | |
if-no-files-found: error | |
build-core-selfhost: | |
name: Build @affine/core selfhost | |
runs-on: ubuntu-latest | |
environment: ${{ github.event.inputs.flavor }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Version | |
id: version | |
uses: ./.github/actions/setup-version | |
- name: Setup Node.js | |
uses: ./.github/actions/setup-node | |
- name: Build Core | |
run: yarn nx build @affine/core --skip-nx-cache | |
env: | |
BUILD_TYPE: ${{ github.event.inputs.flavor }} | |
SHOULD_REPORT_TRACE: false | |
PUBLIC_PATH: '/' | |
- name: Download selfhost fonts | |
run: node ./scripts/download-blocksuite-fonts.mjs | |
- name: Upload core artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: selfhost-core | |
path: ./packages/frontend/core/dist | |
if-no-files-found: error | |
build-storage: | |
name: Build Storage - ${{ matrix.targets.name }} | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
targets: | |
- name: x86_64-unknown-linux-gnu | |
file: storage.node | |
- name: aarch64-unknown-linux-gnu | |
file: storage.arm64.node | |
- name: armv7-unknown-linux-gnueabihf | |
file: storage.armv7.node | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Version | |
id: version | |
uses: ./.github/actions/setup-version | |
- name: Setup Node.js | |
uses: ./.github/actions/setup-node | |
with: | |
electron-install: false | |
extra-flags: workspaces focus @affine/storage | |
- name: Build Rust | |
uses: ./.github/actions/build-rust | |
with: | |
target: ${{ matrix.targets.name }} | |
package: '@affine/storage' | |
nx_token: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }} | |
- name: Upload ${{ matrix.targets.file }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.targets.file }} | |
path: ./packages/backend/storage/storage.node | |
if-no-files-found: error | |
build-docker: | |
name: Build Docker | |
runs-on: ubuntu-latest | |
needs: | |
- build-server | |
- build-core | |
- build-core-selfhost | |
- build-storage | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Download core artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: core | |
path: ./packages/frontend/core/dist | |
- name: Download server dist | |
uses: actions/download-artifact@v4 | |
with: | |
name: server-dist | |
path: ./packages/backend/server/dist | |
- name: Download storage.node | |
uses: actions/download-artifact@v4 | |
with: | |
name: storage.node | |
path: ./packages/backend/server | |
- name: Download storage.node arm64 | |
uses: actions/download-artifact@v4 | |
with: | |
name: storage.arm64.node | |
path: ./packages/backend/storage | |
- name: Download storage.node arm64 | |
uses: actions/download-artifact@v4 | |
with: | |
name: storage.armv7.node | |
path: . | |
- name: move storage files | |
run: | | |
mv ./packages/backend/storage/storage.node ./packages/backend/server/storage.arm64.node | |
mv storage.node ./packages/backend/server/storage.armv7.node | |
- name: Setup env | |
run: | | |
echo "GIT_SHORT_HASH=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV" | |
if [ -z "${{ inputs.flavor }}" ] | |
then | |
echo "RELEASE_FLAVOR=canary" >> "$GITHUB_ENV" | |
else | |
echo "RELEASE_FLAVOR=${{ inputs.flavor }}" >> "$GITHUB_ENV" | |
fi | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
logout: false | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build front Dockerfile | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
push: true | |
pull: true | |
platforms: linux/amd64,linux/arm64 | |
provenance: true | |
file: .github/deployment/front/Dockerfile | |
tags: ghcr.io/toeverything/affine-front:${{env.RELEASE_FLAVOR}}-${{ env.GIT_SHORT_HASH }},ghcr.io/toeverything/affine-front:${{env.RELEASE_FLAVOR}} | |
# setup node without cache configuration | |
# Prisma cache is not compatible with docker build cache | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.nvmrc' | |
registry-url: https://npm.pkg.github.com | |
scope: '@toeverything' | |
- name: Remove core dist | |
run: rm -rf ./packages/frontend/core/dist | |
- name: Download selfhost core artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: selfhost-core | |
path: ./packages/frontend/core/dist | |
- name: Install Node.js dependencies | |
run: | | |
yarn config set --json supportedArchitectures.cpu '["x64", "arm64", "arm"]' | |
yarn config set --json supportedArchitectures.libc '["glibc"]' | |
yarn workspaces focus @affine/server --production | |
- name: Generate Prisma client | |
run: yarn workspace @affine/server prisma generate | |
- name: Build graphql Dockerfile | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
push: true | |
pull: true | |
platforms: linux/amd64,linux/arm64,linux/arm/v7 | |
provenance: true | |
file: .github/deployment/node/Dockerfile | |
tags: ghcr.io/toeverything/affine-graphql:${{env.RELEASE_FLAVOR}}-${{ env.GIT_SHORT_HASH }},ghcr.io/toeverything/affine-graphql:${{env.RELEASE_FLAVOR}} | |
deploy: | |
name: Deploy to cluster | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
environment: ${{ github.event.inputs.flavor }} | |
permissions: | |
contents: 'write' | |
id-token: 'write' | |
needs: | |
- build-docker | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Version | |
id: version | |
uses: ./.github/actions/setup-version | |
- name: Deploy to ${{ github.event.inputs.flavor }} | |
uses: ./.github/actions/deploy | |
with: | |
build-type: ${{ github.event.inputs.flavor }} | |
gcp-project-number: ${{ secrets.GCP_PROJECT_NUMBER }} | |
gcp-project-id: ${{ secrets.GCP_PROJECT_ID }} | |
service-account: ${{ secrets.GCP_HELM_DEPLOY_SERVICE_ACCOUNT }} | |
cluster-name: ${{ secrets.GCP_CLUSTER_NAME }} | |
cluster-location: ${{ secrets.GCP_CLUSTER_LOCATION }} | |
env: | |
APP_VERSION: ${{ steps.version.outputs.APP_VERSION }} | |
DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }} | |
CANARY_DEPLOY_HOST: ${{ secrets.CANARY_DEPLOY_HOST }} | |
R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} | |
R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} | |
R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
ENABLE_CAPTCHA: true | |
CAPTCHA_TURNSTILE_SECRET: ${{ secrets.CAPTCHA_TURNSTILE_SECRET }} | |
MAILER_SENDER: ${{ secrets.OAUTH_EMAIL_SENDER }} | |
MAILER_USER: ${{ secrets.OAUTH_EMAIL_LOGIN }} | |
MAILER_PASSWORD: ${{ secrets.OAUTH_EMAIL_PASSWORD }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
AFFINE_GOOGLE_CLIENT_ID: ${{ secrets.AFFINE_GOOGLE_CLIENT_ID }} | |
AFFINE_GOOGLE_CLIENT_SECRET: ${{ secrets.AFFINE_GOOGLE_CLIENT_SECRET }} | |
DATABASE_URL: ${{ secrets.DATABASE_URL }} | |
DATABASE_USERNAME: ${{ secrets.DATABASE_USERNAME }} | |
DATABASE_PASSWORD: ${{ secrets.DATABASE_PASSWORD }} | |
DATABASE_NAME: ${{ secrets.DATABASE_NAME }} | |
GCLOUD_CONNECTION_NAME: ${{ secrets.GCLOUD_CONNECTION_NAME }} | |
GCLOUD_CLOUD_SQL_INTERNAL_ENDPOINT: ${{ secrets.GCLOUD_CLOUD_SQL_INTERNAL_ENDPOINT }} | |
REDIS_HOST: ${{ secrets.REDIS_HOST }} | |
REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }} | |
CLOUD_SQL_IAM_ACCOUNT: ${{ secrets.CLOUD_SQL_IAM_ACCOUNT }} | |
STRIPE_API_KEY: ${{ secrets.STRIPE_API_KEY }} | |
STRIPE_WEBHOOK_KEY: ${{ secrets.STRIPE_WEBHOOK_KEY }} | |
STATIC_IP_NAME: ${{ secrets.STATIC_IP_NAME }} |