Skip to content

Release workflow

Release workflow #33

name: Release workflow
on:
workflow_dispatch:
inputs:
commit:
description: "Leave blank to use current HEAD, or provide an override commit SHA"
type: string
required: false
jobs:
ref:
name: Load Commit Ref
runs-on: ubuntu-latest
steps:
- id: ref
uses: passportxyz/gh-workflows/.github/actions/load_commit_ref@v1
with:
commit: ${{ inputs.commit }}
outputs:
version_tag: ${{ steps.ref.outputs.version_tag }}
docker_tag: ${{ steps.ref.outputs.docker_tag }}
refspec: ${{ steps.ref.outputs.refspec }}
run-tests:
runs-on: ubuntu-latest
needs: [ref]
# Run a local ceramic nod to test against
services:
ceramic:
image: gitcoinpassport/js-ceramic:3.2.0
ports:
- 7007:7007
steps:
- uses: actions/checkout@v3
- name: Use Node.js 20
uses: actions/setup-node@v3
with:
node-version: 20.8.1
cache: "yarn"
- name: Install Packages
run: yarn install
- name: Run Tests
run: yarn test
- name: Run Linter
run: yarn lint
- name: Workarround for build error
run: rm -rf node_modules/@tendermint
- name: Run Build (ensure that build succeeds)
run: yarn build
- name: Load Secrets
id: op-load-secret
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
CERAMIC_PRIVATE_KEY: op://DevOps/passport-review-secrets/ci/CERAMIC_PRIVATE_KEY
- name: Deploy Ceramic Models
working-directory: ./schemas
run: yarn models:deploy-composite
env:
CERAMIC_URL: http://localhost:7007
PRIVATE_KEY: ${{env.CERAMIC_PRIVATE_KEY}}
- name: Run Ceramic Integration Tests
run: yarn test:ceramic-integration
env:
CERAMIC_CLIENT_URL: http://localhost:7007
check-provider-bitmap:
runs-on: ubuntu-latest
name: Check Provider Bitmaps
needs: [ref]
steps:
- uses: actions/checkout@v3
- name: Use Node.js 20
uses: actions/setup-node@v3
with:
node-version: 20.8
cache: "yarn"
- name: Install Packages
run: yarn install
- name: Load Secrets
id: op-load-secret
uses: 1password/load-secrets-action@v1
with:
export-env: true
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
ALCHEMY_API_KEY: op://DevOps/passport-review-secrets/ci/ALCHEMY_API_KEY
- name: Check provider bitmaps
uses: ./.github/actions/check-provider-bitmaps
with:
ALCHEMY_API_KEY: ${{env.ALCHEMY_API_KEY}}
create-draft-release:
name: Create Draft Release
runs-on: ubuntu-latest
needs: [ref, run-tests, check-provider-bitmap]
permissions: write-all
steps:
- name: Release
# https://github.com/ncipollo/release-action
uses: ncipollo/release-action@v1
with:
generateReleaseNotes: true
allowUpdates: true
token: ${{ secrets.github_token }}
tag: ${{ needs.ref.outputs.version_tag }}
commit: ${{ needs.ref.outputs.refspec }}
draft: true
deploy-api-staging:
name: Deploy API to Staging
needs: [ref, run-tests, check-provider-bitmap, create-draft-release]
uses: ./.github/workflows/build_and_deploy_generic.yml
with:
refspec: ${{ needs.ref.outputs.refspec }}
docker_tag: ${{ needs.ref.outputs.docker_tag }}
environment: staging
secrets: inherit
deploy-ui-staging:
name: Deploy UI to Staging - Push to branch
runs-on: ubuntu-latest
needs:
[
ref,
run-tests,
check-provider-bitmap,
create-draft-release,
deploy-api-staging,
]
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ needs.ref.outputs.refspec }}
fetch-depth: 0
- name: Push code to branch
uses: passportxyz/gh-workflows/.github/actions/push_to_branch@v1
with:
commit: ${{ needs.ref.outputs.refspec }}
github-token: ${{ secrets.GITHUB_TOKEN }}
branch: staging-app
deploy-api-production:
name: Deploy API to Production
needs:
[
ref,
run-tests,
check-provider-bitmap,
create-draft-release,
deploy-api-staging,
deploy-ui-staging,
]
uses: ./.github/workflows/build_and_deploy_generic.yml
with:
refspec: ${{ needs.ref.outputs.refspec }}
docker_tag: ${{ needs.ref.outputs.docker_tag }}
environment: production
secrets: inherit
deploy-ui-production:
name: Deploy UI to Production - Push to branch
runs-on: ubuntu-latest
needs:
[
ref,
run-tests,
check-provider-bitmap,
create-draft-release,
deploy-api-staging,
deploy-ui-staging,
deploy-api-production,
]
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ needs.ref.outputs.refspec }}
fetch-depth: 0
- name: Push code to branch
uses: passportxyz/gh-workflows/.github/actions/push_to_branch@v1
with:
commit: ${{ needs.ref.outputs.refspec }}
github-token: ${{ secrets.GITHUB_TOKEN }}
branch: production-app
release:
name: Release
needs:
[
ref,
run-tests,
check-provider-bitmap,
create-draft-release,
deploy-api-staging,
deploy-ui-staging,
deploy-api-production,
deploy-ui-production,
]
permissions: write-all
runs-on: ubuntu-latest
steps:
- name: Release
# https://github.com/ncipollo/release-action
uses: ncipollo/release-action@v1
with:
allowUpdates: true
omitBodyDuringUpdate: true
token: ${{ secrets.github_token }}
tag: ${{ needs.ref.outputs.version_tag }}
commit: ${{ needs.ref.outputs.refspec }}
draft: false