Skip to content

fix: sentry release (#1566) #977

fix: sentry release (#1566)

fix: sentry release (#1566) #977

Workflow file for this run

name: Release version
on:
push:
branches: [main, next]
jobs:
tests:
uses: "./.github/workflows/ci.yml"
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
release:
concurrency:
group: "release-${{ github.workflow }}-${{ github.ref }}"
permissions: write-all
outputs:
VERSION: ${{ steps.get-version.outputs.VERSION }}
PREV_VERSION: ${{ steps.get-prev-version.outputs.VERSION }}
runs-on: ubuntu-latest
steps:
- name: Checkout project
uses: actions/checkout@v4
with:
fetch-depth: 0
persist-credentials: true
- uses: actions/setup-node@v3
with:
node-version: 20
- uses: actions/cache@v3
with:
path: |
**/node_modules
.yarn/install-state.gz
.yarn/cache
~/.cache
key: yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: yarn-
- name: Install dependencies
run: yarn install
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
platforms: linux/amd64
install: true
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Expose GitHub Runtime
uses: crazy-max/ghaction-github-runtime@v2
- name: Retrieve previous version
id: get-prev-version
run: echo "VERSION=$(git describe --tags --abbrev=0 | cut -c2-)" >> "$GITHUB_OUTPUT"
- name: bump and release
run: yarn release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
GITHUB_REF_NAME: ${{ env.GITHUB_REF_NAME }}
- name: Retrieve new version
id: get-version
run: echo "VERSION=$(git describe --tags --abbrev=0 | cut -c2-)" >> "$GITHUB_OUTPUT"
docker-scout:
if: needs.release.outputs.VERSION != needs.release.outputs.PREV_VERSION
concurrency:
group: "scout-${{ github.workflow }}-${{ github.ref }}"
needs: ["release"]
runs-on: ubuntu-latest
steps:
- name: Authenticate to Docker
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USER }}
password: ${{ secrets.DOCKER_PAT }}
- name: Server Docker Scout
uses: docker/scout-action@v1
with:
command: quickview,cves,recommendations,compare
image: ghcr.io/mission-apprentissage/mna_lba_server:${{ needs.release.outputs.VERSION }}
to: ghcr.io/mission-apprentissage/mna_lba_server:${{ needs.release.outputs.PREV_VERSION }}
sarif-file: sarif-server.output.json
- name: Server Docker Upload SARIF result
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: sarif-server.output.json
category: Docker Server
- name: UI Docker Scout
uses: docker/scout-action@v1
with:
command: quickview,cves,recommendations,compare
image: ghcr.io/mission-apprentissage/mna_lba_ui:${{ needs.release.outputs.VERSION }}-production
to: ghcr.io/mission-apprentissage/mna_lba_ui:${{ needs.release.outputs.PREV_VERSION }}-production
sarif-file: sarif-ui.output.json
- name: UI Docker Upload SARIF result
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: sarif-ui.output.json
category: Docker UI
deploy:
concurrency:
group: "deploy-${{ github.workflow }}-${{ github.ref }}"
needs: ["release"]
name: Deploy ${{ needs.release.outputs.VERSION }} on recette
uses: "./.github/workflows/_deploy.yml"
with:
environment: recette
app_version: ${{ needs.release.outputs.VERSION }}
secrets:
DEPLOY_SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
DEPLOY_PASS: ${{ secrets.DEPLOY_PASS }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
VAULT_PWD: ${{ secrets.VAULT_PWD }}
deploy-pentest:
concurrency:
group: "deploy-pentest-${{ github.workflow }}-${{ github.ref }}"
needs: ["release"]
name: Deploy ${{ needs.release.outputs.VERSION }} on pentest
uses: "./.github/workflows/_deploy.yml"
with:
environment: pentest
app_version: ${{ needs.release.outputs.VERSION }}
secrets:
DEPLOY_SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
DEPLOY_PASS: ${{ secrets.DEPLOY_PASS }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
VAULT_PWD: ${{ secrets.VAULT_PWD }}
sentry:
needs: ["release"]
runs-on: ubuntu-latest
steps:
- name: Checkout project
uses: actions/checkout@v4
with:
fetch-depth: 0
persist-credentials: true
- uses: actions/setup-node@v4
with:
node-version: 20
- uses: actions/cache@v3
with:
path: |
**/node_modules
.yarn/install-state.gz
.yarn/cache
key: yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: yarn-
- name: Install dependencies
run: yarn install
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create vault pwd file
run: echo ${{ secrets.VAULT_PWD }} > .infra/.vault_pwd.txt
- name: upload sourcemaps to sentry
run: .bin/mna-lba sentry:release ${{ needs.release.outputs.VERSION }}
env:
ANSIBLE_VAULT_PASSWORD_FILE: .infra/.vault_pwd.txt
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REF_NAME: ${{ env.GITHUB_REF_NAME }}
cypress:
needs: ["deploy"]
uses: "./.github/workflows/cypress.yml"
with:
cypress_host: "https://labonnealternance-recette.apprentissage.beta.gouv.fr"
smtp_host: "https://labonnealternance-recette.apprentissage.beta.gouv.fr/smtp"
environment: recette
secrets:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
VAULT_PWD: ${{ secrets.VAULT_PWD }}