debugging helm release github actions workflow

grafana · Jun 13, 2024 · 40df01d · 40df01d
1 parent 76f3cd3
commit 40df01d
Showing 1 changed file with 72 additions and 74 deletions.
diff --git a/.github/workflows/on-release-published.yml b/.github/workflows/on-release-published.yml
@@ -4,88 +4,86 @@ on:
   release:
     types:
       - published
-  # TODO: remove when done testing
-  workflow_dispatch:
 
 jobs:
-  # linting-and-tests:
-  #   name: Linting and tests
-  #   uses: ./.github/workflows/linting-and-tests.yml
+  linting-and-tests:
+    name: Linting and tests
+    uses: ./.github/workflows/linting-and-tests.yml
 
-  # snyk-security-scan:
-  #   name: Snyk security scan
-  #   uses: ./.github/workflows/snyk-security-scan.yml
+  snyk-security-scan:
+    name: Snyk security scan
+    uses: ./.github/workflows/snyk-security-scan.yml
 
-  # build-sign-and-publish-plugin-to-gcom:
-  #   name: Build, sign, and publish frontend plugin to grafana.com
-  #   needs:
-  #     - linting-and-tests
-  #     - snyk-security-scan
-  #   runs-on: ubuntu-latest
-  #   # These permissions are needed to assume roles from Github's OIDC.
-  #   # https://github.com/grafana/shared-workflows/tree/main/actions/get-vault-secrets
-  #   permissions:
-  #     contents: read
-  #     id-token: write
-  #   steps:
-  #     - name: Checkout project
-  #       uses: actions/checkout@v4
-  #     - name: Install frontend dependencies
-  #       uses: ./.github/actions/install-frontend-dependencies
-  #     # This will fetch the secret keys from vault and set them as environment variables for subsequent steps
-  #     - name: Get Vault secrets
-  #       uses: grafana/shared-workflows/actions/get-vault-secrets@main
-  #       with:
-  #         repo_secrets: |
-  #           GRAFANA_ACCESS_POLICY_TOKEN=github_actions:cloud-access-policy-token
-  #           GCS_PLUGIN_PUBLISHER_SERVICE_ACCOUNT_JSON=github_actions:gcs-plugin-publisher
-  #           GCOM_PLUGIN_PUBLISHER_API_KEY=github_actions:gcom-plugin-publisher-api-key
-  #     - name: Build, sign, and package plugin
-  #       id: build-sign-and-package-plugin
-  #       uses: ./.github/actions/build-sign-and-package-plugin
-  #       with:
-  #         plugin_version_number: ${{ github.ref_name }}
-  #         grafana_access_policy_token: ${{ env.GRAFANA_ACCESS_POLICY_TOKEN }}
-  #         working_directory: grafana-plugin
-  #     - name: Authenticate with GCS
-  #       uses: google-github-actions/auth@v2
-  #       with:
-  #         credentials_json: ${{ env.GCS_PLUGIN_PUBLISHER_SERVICE_ACCOUNT_JSON }}
-  #     - name: Publish plugin artifact to GCS
-  #       uses: google-github-actions/upload-cloud-storage@v2
-  #       with:
-  #         path: grafana-plugin/${{ steps.build-sign-and-package-plugin.outputs.artifact_filename }}
-  #         destination: grafana-oncall-app/releases
-  #         predefinedAcl: publicRead
-  #     - name: Determine GCS artifact URL
-  #       shell: bash
-  #       id: gcs-artifact-url
-  #       # yamllint disable rule:line-length
-  #       run: |
-  #         echo url="https://storage.googleapis.com/grafana-oncall-app/releases/grafana-oncall-app-${{ github.ref_name }}.zip" >> $GITHUB_OUTPUT
-  #     - name: Publish plugin to grafana.com
-  #       run: |
-  #         curl -f -w "status=%{http_code}" -s -H "Authorization: Bearer ${{ env.GCOM_PLUGIN_PUBLISHER_API_KEY }}" -d "download[any][url]=${{ steps.gcs-artifact-url.outputs.url }}" -d "download[any][md5]=$(curl -sL ${{ steps.gcs-artifact-url.outputs.url }} | md5sum | cut -d'' '' -f1)" -d url=https://github.com/grafana/oncall/grafana-plugin https://grafana.com/api/plugins
-  #       # yamllint enable rule:line-length
+  build-sign-and-publish-plugin-to-gcom:
+    name: Build, sign, and publish frontend plugin to grafana.com
+    needs:
+      - linting-and-tests
+      - snyk-security-scan
+    runs-on: ubuntu-latest
+    # These permissions are needed to assume roles from Github's OIDC.
+    # https://github.com/grafana/shared-workflows/tree/main/actions/get-vault-secrets
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Checkout project
+        uses: actions/checkout@v4
+      - name: Install frontend dependencies
+        uses: ./.github/actions/install-frontend-dependencies
+      # This will fetch the secret keys from vault and set them as environment variables for subsequent steps
+      - name: Get Vault secrets
+        uses: grafana/shared-workflows/actions/get-vault-secrets@main
+        with:
+          repo_secrets: |
+            GRAFANA_ACCESS_POLICY_TOKEN=github_actions:cloud-access-policy-token
+            GCS_PLUGIN_PUBLISHER_SERVICE_ACCOUNT_JSON=github_actions:gcs-plugin-publisher
+            GCOM_PLUGIN_PUBLISHER_API_KEY=github_actions:gcom-plugin-publisher-api-key
+      - name: Build, sign, and package plugin
+        id: build-sign-and-package-plugin
+        uses: ./.github/actions/build-sign-and-package-plugin
+        with:
+          plugin_version_number: ${{ github.ref_name }}
+          grafana_access_policy_token: ${{ env.GRAFANA_ACCESS_POLICY_TOKEN }}
+          working_directory: grafana-plugin
+      - name: Authenticate with GCS
+        uses: google-github-actions/auth@v2
+        with:
+          credentials_json: ${{ env.GCS_PLUGIN_PUBLISHER_SERVICE_ACCOUNT_JSON }}
+      - name: Publish plugin artifact to GCS
+        uses: google-github-actions/upload-cloud-storage@v2
+        with:
+          path: grafana-plugin/${{ steps.build-sign-and-package-plugin.outputs.artifact_filename }}
+          destination: grafana-oncall-app/releases
+          predefinedAcl: publicRead
+      - name: Determine GCS artifact URL
+        shell: bash
+        id: gcs-artifact-url
+        # yamllint disable rule:line-length
+        run: |
+          echo url="https://storage.googleapis.com/grafana-oncall-app/releases/grafana-oncall-app-${{ github.ref_name }}.zip" >> $GITHUB_OUTPUT
+      - name: Publish plugin to grafana.com
+        run: |
+          curl -f -w "status=%{http_code}" -s -H "Authorization: Bearer ${{ env.GCOM_PLUGIN_PUBLISHER_API_KEY }}" -d "download[any][url]=${{ steps.gcs-artifact-url.outputs.url }}" -d "download[any][md5]=$(curl -sL ${{ steps.gcs-artifact-url.outputs.url }} | md5sum | cut -d'' '' -f1)" -d url=https://github.com/grafana/oncall/grafana-plugin https://grafana.com/api/plugins
+        # yamllint enable rule:line-length
 
-  # build-engine-docker-image-and-publish-to-dockerhub:
-  #   name: Build engine Docker image and publish to Dockerhub
-  #   needs:
-  #     - linting-and-tests
-  #     - snyk-security-scan
-  #   uses: ./.github/workflows/build-engine-docker-image-and-publish-to-dockerhub.yml
-  #   with:
-  #     engine_version: ${{ github.ref_name }}
-  #     # https://github.com/docker/metadata-action?tab=readme-ov-file#tags-input
-  #     docker_image_tags: |
-  #       type=raw,value=${{ github.ref_name }}
-  #       type=raw,value=latest
+  build-engine-docker-image-and-publish-to-dockerhub:
+    name: Build engine Docker image and publish to Dockerhub
+    needs:
+      - linting-and-tests
+      - snyk-security-scan
+    uses: ./.github/workflows/build-engine-docker-image-and-publish-to-dockerhub.yml
+    with:
+      engine_version: ${{ github.ref_name }}
+      # https://github.com/docker/metadata-action?tab=readme-ov-file#tags-input
+      docker_image_tags: |
+        type=raw,value=${{ github.ref_name }}
+        type=raw,value=latest
 
   create-helm-release-pr:
     name: Create Helm release PR
-    # needs:
-    #   - build-sign-and-publish-plugin-to-gcom
-    #   - build-engine-docker-image-and-publish-to-dockerhub
+    needs:
+      - build-sign-and-publish-plugin-to-gcom
+      - build-engine-docker-image-and-publish-to-dockerhub
     runs-on: ubuntu-latest
     outputs:
       helm_release_pr_number: ${{ fromJSON(steps.update-helm-chart-pr.outputs.pull_request).number }}