Release workflow #37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release workflow | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| commit: | |
| description: "Leave blank to use current HEAD, or provide an override commit SHA" | |
| type: string | |
| required: false | |
| jobs: | |
| ref: | |
| name: Load Commit Ref | |
| runs-on: ubuntu-latest | |
| steps: | |
| - id: ref | |
| uses: passportxyz/gh-workflows/.github/actions/load_commit_ref@v1 | |
| with: | |
| commit: ${{ inputs.commit }} | |
| outputs: | |
| version_tag: ${{ steps.ref.outputs.version_tag }} | |
| docker_tag: ${{ steps.ref.outputs.docker_tag }} | |
| refspec: ${{ steps.ref.outputs.refspec }} | |
| run-tests: | |
| runs-on: ubuntu-latest | |
| needs: [ref] | |
| # Run a local ceramic nod to test against | |
| services: | |
| ceramic: | |
| image: gitcoinpassport/js-ceramic:3.2.0 | |
| ports: | |
| - 7007:7007 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Use Node.js 20 | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 20.8.1 | |
| cache: "yarn" | |
| - name: Install Packages | |
| run: yarn install | |
| - name: Run Tests | |
| run: yarn test | |
| - name: Run Linter | |
| run: yarn lint | |
| - name: Workarround for build error | |
| run: rm -rf node_modules/@tendermint | |
| - name: Run Build (ensure that build succeeds) | |
| run: yarn build | |
| - name: Load Secrets | |
| id: op-load-secret | |
| uses: 1password/load-secrets-action@v1 | |
| with: | |
| export-env: true | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| CERAMIC_PRIVATE_KEY: op://DevOps/passport-xyz-production-secrets/ci/CERAMIC_PRIVATE_KEY | |
| - name: Deploy Ceramic Models | |
| working-directory: ./schemas | |
| run: yarn models:deploy-composite | |
| env: | |
| CERAMIC_URL: http://localhost:7007 | |
| PRIVATE_KEY: ${{env.CERAMIC_PRIVATE_KEY}} | |
| - name: Run Ceramic Integration Tests | |
| run: yarn test:ceramic-integration | |
| env: | |
| CERAMIC_CLIENT_URL: http://localhost:7007 | |
| check-provider-bitmap: | |
| runs-on: ubuntu-latest | |
| name: Check Provider Bitmaps | |
| needs: [ref] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Use Node.js 20 | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 20.8 | |
| cache: "yarn" | |
| - name: Install Packages | |
| run: yarn install | |
| - name: Load Secrets | |
| id: op-load-secret | |
| uses: 1password/load-secrets-action@v1 | |
| with: | |
| export-env: true | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| ALCHEMY_API_KEY: op://DevOps/passport-xyz-production-secrets/ci/ALCHEMY_API_KEY | |
| - name: Check provider bitmaps | |
| uses: ./.github/actions/check-provider-bitmaps | |
| with: | |
| ALCHEMY_API_KEY: ${{env.ALCHEMY_API_KEY}} | |
| create-draft-release: | |
| name: Create Draft Release | |
| runs-on: ubuntu-latest | |
| needs: [ref, run-tests, check-provider-bitmap] | |
| permissions: write-all | |
| steps: | |
| - name: Release | |
| # https://github.com/ncipollo/release-action | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| generateReleaseNotes: true | |
| allowUpdates: true | |
| token: ${{ secrets.github_token }} | |
| tag: ${{ needs.ref.outputs.version_tag }} | |
| commit: ${{ needs.ref.outputs.refspec }} | |
| draft: true | |
| deploy-api-staging: | |
| name: Deploy API to Staging | |
| needs: [ref, run-tests, check-provider-bitmap, create-draft-release] | |
| uses: ./.github/workflows/build_and_deploy_generic.yml | |
| with: | |
| refspec: ${{ needs.ref.outputs.refspec }} | |
| docker_tag: ${{ needs.ref.outputs.docker_tag }} | |
| environment: staging | |
| secrets: inherit | |
| deploy-ui-staging: | |
| name: Deploy UI to Staging - Push to branch | |
| runs-on: ubuntu-latest | |
| needs: | |
| [ | |
| ref, | |
| run-tests, | |
| check-provider-bitmap, | |
| create-draft-release, | |
| deploy-api-staging, | |
| ] | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ needs.ref.outputs.refspec }} | |
| fetch-depth: 0 | |
| - name: Push code to branch | |
| uses: passportxyz/gh-workflows/.github/actions/push_to_branch@v1 | |
| with: | |
| commit: ${{ needs.ref.outputs.refspec }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| branch: staging-app | |
| deploy-api-production: | |
| name: Deploy API to Production | |
| needs: | |
| [ | |
| ref, | |
| run-tests, | |
| check-provider-bitmap, | |
| create-draft-release, | |
| deploy-api-staging, | |
| deploy-ui-staging, | |
| ] | |
| uses: ./.github/workflows/build_and_deploy_generic.yml | |
| with: | |
| refspec: ${{ needs.ref.outputs.refspec }} | |
| docker_tag: ${{ needs.ref.outputs.docker_tag }} | |
| environment: production | |
| secrets: inherit | |
| deploy-ui-production: | |
| name: Deploy UI to Production - Push to branch | |
| runs-on: ubuntu-latest | |
| needs: | |
| [ | |
| ref, | |
| run-tests, | |
| check-provider-bitmap, | |
| create-draft-release, | |
| deploy-api-staging, | |
| deploy-ui-staging, | |
| deploy-api-production, | |
| ] | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ needs.ref.outputs.refspec }} | |
| fetch-depth: 0 | |
| - name: Push code to branch | |
| uses: passportxyz/gh-workflows/.github/actions/push_to_branch@v1 | |
| with: | |
| commit: ${{ needs.ref.outputs.refspec }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| branch: production-app | |
| release: | |
| name: Release | |
| needs: | |
| [ | |
| ref, | |
| run-tests, | |
| check-provider-bitmap, | |
| create-draft-release, | |
| deploy-api-staging, | |
| deploy-ui-staging, | |
| deploy-api-production, | |
| deploy-ui-production, | |
| ] | |
| permissions: write-all | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Release | |
| # https://github.com/ncipollo/release-action | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| allowUpdates: true | |
| omitBodyDuringUpdate: true | |
| token: ${{ secrets.github_token }} | |
| tag: ${{ needs.ref.outputs.version_tag }} | |
| commit: ${{ needs.ref.outputs.refspec }} | |
| draft: false |