Release #41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# THIS CODE WAS AUTOGENERATED. DO NOT MODIFY THIS FILE DIRECTLY | ||
# THE SOURCE CODE LIVES IN A DIFFERENT REPOSITORY: | ||
# - centralized-templates | ||
# FILE STEWARD: @pleo-io/devx,@pleo-bot-auto-approver | ||
name: Release | ||
# This workflow | ||
# - calculates the version number to release | ||
# - generates release notes | ||
# - releases the library | ||
on: | ||
repository_dispatch: | ||
types: | ||
- release | ||
concurrency: ci-${{ github.workflow }}-${{ github.ref }} | ||
env: | ||
releaseOpenAPIClients: false | ||
publishNodeOpenAPIClient: true | ||
publishTypeScriptFrontendModels: false | ||
publishAdditionalProjects: false | ||
deploymentEnabled: false | ||
productionDeploymentEnabled: true | ||
generateChangelogUpdate: true | ||
jobs: | ||
determine-version: | ||
name: Determine version bump | ||
runs-on: ubuntu-latest | ||
outputs: | ||
version-bump: ${{ steps.calculate-next-version.outputs.version }} | ||
current-version: ${{ steps.get-current-version.outputs.gradle_version }} | ||
permissions: | ||
contents: write # Allows cloning the repository and creating releases in the "Release" page | ||
issues: write # Allows searching through PRs and issues | ||
pull-requests: write # Allows search through PRs, issues and commenting on PRs | ||
packages: write # Allows writing to packages | ||
timeout-minutes: 30 | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | ||
with: | ||
fetch-depth: 0 | ||
# Set up a JDK environment for building, testing and releasing. | ||
- name: Setup JDK 17 | ||
uses: actions/[email protected] | ||
with: | ||
java-version: 17 | ||
distribution: temurin | ||
# Allow caching Gradle executions to further speed up CI/CD steps invoking Gradle. | ||
- name: Setup Gradle | ||
uses: gradle/[email protected] | ||
with: | ||
gradle-executable: ./gradlew | ||
gradle-version: wrapper | ||
cache-read-only: true | ||
# Allow caching the Auto executable to speed up CI/CD steps by not re-downloading Auto. | ||
- name: Cache Auto | ||
id: cache-auto | ||
uses: actions/cache@v3 | ||
with: | ||
path: ~/auto | ||
key: dependency--intuit/auto-v11.0.4 | ||
# Set up Auto for determining the version bump to release. | ||
- name: Setup Auto | ||
if: steps.cache-auto.outputs.cache-hit != 'true' | ||
run: | | ||
curl -vkL -o - https://github.com/intuit/auto/releases/download/v11.0.4/auto-linux.gz | gunzip > ~/auto | ||
chmod a+x ~/auto | ||
# Get the currently released version for determining how big a version jump to release. | ||
- name: Get current version number (Gradle) | ||
id: get-current-version | ||
run: | | ||
GRADLE_OUTPUT="$(./gradlew properties)" | ||
EXIT_CODE=$? | ||
GRADLE_VERSION="$(echo "$GRADLE_OUTPUT" | grep "^version: " | awk '{print $2}')" | ||
echo "$GRADLE_VERSION" | ||
echo "gradle_version=$GRADLE_VERSION" >> "$GITHUB_OUTPUT" | ||
exit $EXIT_CODE | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | ||
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | ||
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }} | ||
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | ||
# Verify that the current version is tagged in git as expected. | ||
- name: Verify previous release tag | ||
run: | | ||
if git rev-parse "$TAG" >/dev/null 2>&1; then | ||
echo "Found previous release tag $TAG"; | ||
else | ||
echo "Did not find $TAG - creating release tag $TAG" | ||
PREVIOUS_COMMIT="$(git rev-parse HEAD^1)" | ||
git tag "$TAG" "$PREVIOUS_COMMIT" | ||
fi | ||
env: | ||
TAG: v${{ steps.get-current-version.outputs.gradle_version }} | ||
# Determine how big a version bump to release (patch, minor, major). | ||
- name: Calculate new version (Auto) | ||
id: calculate-next-version | ||
run: | | ||
CURRENT_VERSION="v${{ steps.get-current-version.outputs.gradle_version }}" | ||
AUTO_VERSION="$(~/auto version --from $CURRENT_VERSION | tail -n 1)" | ||
echo "$AUTO_VERSION" | ||
echo "version=$AUTO_VERSION" >> "$GITHUB_OUTPUT" | ||
env: | ||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
bump-versions: | ||
name: Bump versions | ||
runs-on: ubuntu-latest-8-cores | ||
needs: determine-version | ||
if: needs.determine-version.outputs.version-bump | ||
outputs: | ||
new-version: $ {{ steps.get-updated-version-number.outputs.version }} | ||
permissions: | ||
contents: write # Allows cloning the repository and creating releases in the "Release" page | ||
issues: write # Allows searching through PRs and issues | ||
pull-requests: write # Allows search through PRs, issues and commenting on PRs | ||
packages: write # Allows writing to packages | ||
timeout-minutes: 30 | ||
steps: | ||
# Elevate token permissions to allow pushing to the default branch without branch protections. | ||
- name: Allow pushing version updates to the default branch | ||
id: get-admin-token | ||
uses: peter-murray/workflow-application-token-action@v2 | ||
with: | ||
application_id: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_APP_ID }} | ||
application_private_key: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_PRIVATE_KEY }} | ||
# Checkout the code with the elevated token to allow default branch pushes. | ||
- name: Checkout code | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | ||
with: | ||
fetch-depth: 0 | ||
ref: main | ||
token: ${{ steps.get-admin-token.outputs.token }} | ||
# Allow caching the Auto executable to speed up CI/CD steps by not re-downloading Auto. | ||
- name: Cache Auto | ||
id: cache-auto | ||
uses: actions/cache@v3 | ||
with: | ||
path: ~/auto | ||
key: dependency--intuit/auto-v11.0.4 | ||
# Set up Auto for generating a CHANGELOG. | ||
- name: Setup Auto | ||
if: steps.cache-auto.outputs.cache-hit != 'true' | ||
run: | | ||
curl -vkL -o - https://github.com/intuit/auto/releases/download/v11.0.4/auto-linux.gz | gunzip > ~/auto | ||
chmod a+x ~/auto | ||
# Setup JDK environment for Gradle build tasks. | ||
- name: Setup JDK 17 | ||
uses: actions/[email protected] | ||
with: | ||
java-version: 17 | ||
distribution: temurin | ||
# Allow caching Gradle executions to further speed up CI/CD steps invoking Gradle. | ||
- name: Setup Gradle | ||
uses: gradle/[email protected] | ||
with: | ||
gradle-executable: ./gradlew | ||
gradle-version: wrapper | ||
cache-read-only: true | ||
# Setup Node for TS/JS/Node client generation. | ||
- name: Setup Node | ||
if: env.releaseOpenAPIClients == 'true' | ||
uses: actions/setup-node@v4 | ||
with: | ||
node-version: 16 | ||
# Bump the version according to the version bump detected by Auto. | ||
- name: Bump library version (Gradle) | ||
run: ./gradlew incrementVersion -Pmode=${{ needs.determine-version.outputs.version-bump }} --stacktrace | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | ||
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | ||
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }} | ||
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | ||
# Get the new version. | ||
- name: Get updated version number (Gradle) | ||
id: get-updated-version-number | ||
run: | | ||
GRADLE_OUTPUT="$(./gradlew properties)" | ||
EXIT_CODE=$? | ||
GRADLE_VERSION="$(echo "$GRADLE_OUTPUT" | grep "^version: " | awk '{print $2}')" | ||
echo "$GRADLE_VERSION" | ||
echo "gradle_version=$GRADLE_VERSION" >> "$GITHUB_OUTPUT" | ||
exit $EXIT_CODE | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | ||
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | ||
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }} | ||
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | ||
# Generate the Kotlin and TS/JS/Node client. | ||
- name: Build project and generate clients (Gradle) | ||
if: env.releaseOpenAPIClients == 'true' | ||
run: ./gradlew build -x test -x functest --stacktrace | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | ||
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | ||
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | ||
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }} | ||
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | ||
# Commit and push the project with version changes applied to the default branch. | ||
- name: Add changes (Git) | ||
uses: EndBug/add-and-commit@v9 | ||
with: | ||
author_name: pleo-bot-auto-versioning | ||
author_email: [email protected] | ||
message: Release ${{ steps.get-updated-version-number.outputs.gradle_version }} [skip ci] | ||
commit: --no-verify | ||
tag: v${{ steps.get-updated-version-number.outputs.gradle_version }} | ||
# Generate the CHANGELOG with changes from the previously released version to the current version. | ||
- name: Generate Release Notes (Auto) | ||
if: env.generateChangelogUpdate == 'true' | ||
run: ~/auto changelog --from v${{ needs.determine-version.outputs.current-version }} | ||
env: | ||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
# Add and push the generated CHANGELOG to the default branch. | ||
- name: Push changes (Git) | ||
if: env.generateChangelogUpdate == 'true' | ||
uses: ad-m/github-push-action@master | ||
with: | ||
github_token: ${{ steps.get-admin-token.outputs.token }} | ||
publish: | ||
name: Publish | ||
runs-on: ubuntu-latest-8-cores | ||
needs: | ||
- determine-version | ||
- bump-versions | ||
if: needs.determine-version.outputs.current-version != needs.bump-versions.outputs.new-version | ||
permissions: | ||
contents: write # Allows cloning the repository and creating releases in the "Release" page | ||
issues: write # Allows searching through PRs and issues | ||
pull-requests: write # Allows search through PRs, issues and commenting on PRs | ||
packages: write # Allows writing to packages | ||
timeout-minutes: 30 | ||
steps: | ||
# Checkout the code to publish. | ||
- name: Checkout code | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | ||
with: | ||
fetch-depth: 0 | ||
ref: main | ||
# Set up expected environment variables for the repository name and the default branch. | ||
- name: Environment standardization | ||
run: | | ||
default_branch=${{ github.event.repository.default_branch }} | ||
echo "default_branch=${default_branch}" >> "$GITHUB_ENV" | ||
default_branch_ref="refs/heads/${default_branch}" | ||
echo "default_branch_ref=${default_branch_ref}" >> "$GITHUB_ENV" | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
# Setup a JDK environment for running Gradle publishing tasks. | ||
- name: Setup JDK 17 | ||
uses: actions/[email protected] | ||
with: | ||
java-version: 17 | ||
distribution: temurin | ||
# Allow caching Gradle executions to further speed up CI/CD steps invoking Gradle. | ||
- name: Setup Gradle | ||
uses: gradle/[email protected] | ||
with: | ||
gradle-executable: ./gradlew | ||
gradle-version: wrapper | ||
gradle-home-cache-cleanup: true | ||
cache-read-only: true | ||
# Setup a Node environment to allow publishing to the private GitHub NPM package repository. | ||
- name: Setup Node | ||
if: env.releaseOpenAPIClients == 'true' | ||
uses: actions/setup-node@v4 | ||
with: | ||
node-version: 16 | ||
# Build the project and generate the Kotlin and TS/JS/Node client for publishing. | ||
- name: Build project (Gradle) | ||
if: env.releaseOpenAPIClients == 'true' | ||
run: ./gradlew build -x test --stacktrace | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | ||
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | ||
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | ||
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }} | ||
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | ||
# Release the library. | ||
- name: Release library (Gradle) | ||
if: env.releaseOpenAPIClients == 'false' | ||
id: release-library | ||
continue-on-error: true | ||
uses: nick-fields/retry@v2 | ||
with: | ||
command: ./gradlew publish --parallel --continue --stacktrace --no-configuration-cache | ||
max_attempts: 3 # Attempt to release a maximum of three times | ||
timeout_minutes: 30 # Minutes to wait before attempt times out. | ||
retry_wait_seconds: 5 # Wait 5 seconds before retrying | ||
env: | ||
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | ||
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }} | ||
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | ||
# Publish the Kotlin client to the private GitHub Maven repository. | ||
- name: Publish Kotlin OpenAPI client (Gradle) | ||
if: env.releaseOpenAPIClients == 'true' | ||
run: ./gradlew :pleo-${{ github.event.repository.name }}-client-kotlin:publish -x test -x formatKotlin -x functest --stacktrace --no-configuration-cache | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | ||
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | ||
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }} | ||
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | ||
# Publish the TS/JS/Node client to the private GitHub NPM repository. | ||
- name: Publish Node OpenAPI client (NPM) | ||
if: env.releaseOpenAPIClients == 'true' && env.publishNodeOpenAPIClient == 'true' | ||
working-directory: pleo-${{ github.event.repository.name }}-client-js/output/node | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
run: | | ||
npm install | ||
npm config set '//npm.pkg.github.com/:_authToken' "${GITHUB_TOKEN}" | ||
npm publish --access restricted | ||
# Publish the TS/JS/Node models to the private GitHub NPM repository for frontend requests. | ||
- name: Publish TypeScript models (NPM) | ||
if: env.releaseOpenAPIClients == 'true' && env.publishTypeScriptFrontendModels == 'true' | ||
working-directory: pleo-${{ github.event.repository.name }}-client-js/output/models | ||
continue-on-error: true | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
run: | | ||
npm install | ||
npm config set '//npm.pkg.github.com/:_authToken' "${GITHUB_TOKEN}" | ||
npm publish --access restricted | ||
# Publish additional publishing configurations to the private GitHub Maven repository. | ||
- name: Publish additional publishing configurations (Gradle) | ||
if: env.publishAdditionalProjects == 'true' && env.releaseOpenAPIClients == 'true' | ||
run: ./gradlew publish -x test -x formatKotlin -x :pleo-${{ github.event.repository.name }}-client-kotlin:publish -x functest --stacktrace --no-configuration-cache | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | ||
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | ||
GRADLE_WRITE_KEY: ${{ secrets.GITHUB_TOKEN }} | ||
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | ||
# Push the generated OpenAPI definition to OpsLevel | ||
- name: Push generated OpenAPI definitions to OpsLevel | ||
if: env.releaseOpenAPIClients == 'true' || env.forceReleaseOpenAPIDocument == 'true' | ||
continue-on-error: true | ||
run: | | ||
SERVICE_ALIAS="${{ github.event.repository.name }}" | ||
if [[ -z "${SERVICE_ALIAS}" ]]; then | ||
echo "Could not detect an OpsLevel service alias." | ||
echo "::error::Could not detect an OpsLevel service alias." | ||
exit 1 | ||
fi | ||
echo "Detected service alias as $SERVICE_ALIAS" | ||
FILE_PATH="$(find "pleo-$SERVICE_ALIAS-rest" -type f -name "$SERVICE_ALIAS-openapi.yaml" -not -path "pleo-$SERVICE_ALIAS-rest/build/*")" | ||
echo "Detected OpenAPI schema location: $FILE_PATH" | ||
echo "Pushing OpenAPI definition to OpsLevel..." | ||
echo "" | ||
curl --retry 5 \ | ||
--retry-delay 0 \ | ||
--max-time 10 \ | ||
--retry-max-time 80 \ | ||
-i \ | ||
-X POST "${{ secrets.OPSLEVEL_API_DOCS_URL }}/$SERVICE_ALIAS/openapi" \ | ||
-H 'content-type: application/octet-stream' \ | ||
--data-binary @"${FILE_PATH}" | ||
# Alert in Slack on any failure in the publishing job. | ||
- name: Alert in Slack on failure | ||
if: cancelled() || failure() | ||
uses: rtCamp/[email protected] | ||
env: | ||
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} | ||
SLACK_CHANNEL: dev-deploy-failure | ||
SLACK_COLOR: danger | ||
SLACK_TITLE: ${{ github.actor }} publish of one or more libraries in `${{ github.repository }}` failed or was/were cancelled | ||
SLACK_MESSAGE: "Reason: <https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}| Release job failed :warning:>" | ||
SLACK_USERNAME: GitHub Actions | ||
SLACK_ICON_EMOJI: ":crashingrocket:" | ||
SLACK_FOOTER: "" | ||
publish-docker-image: | ||
name: Publish Docker image | ||
runs-on: ubuntu-latest-8-cores | ||
permissions: | ||
id-token: write | ||
contents: read | ||
timeout-minutes: 30 | ||
steps: | ||
# Checkout the code to publish. | ||
- name: Checkout code | ||
if: env.deploymentEnabled == 'true' | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | ||
with: | ||
fetch-depth: 0 | ||
ref: main | ||
# Setup a JDK environment for running Gradle publishing tasks. | ||
- name: Setup JDK 17 | ||
if: env.deploymentEnabled == 'true' | ||
uses: actions/[email protected] | ||
with: | ||
java-version: 17 | ||
distribution: temurin | ||
# Build the project and generate Docker Image | ||
- name: Build project (Gradle) | ||
if: env.deploymentEnabled == 'true' | ||
run: ./gradlew build -x test --stacktrace | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | ||
GRADLE_USER: ${{ secrets.GITHUB_ACTOR }} | ||
GRADLE_READ_KEY: ${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | ||
JOB_RUNR_REPO_PASSWORD: ${{ secrets.JOB_RUNR_REPO_PASSWORD }} | ||
# Login to DockerHub for fetching and pushing Docker images. | ||
- name: Login to DockerHub | ||
if: env.deploymentEnabled == 'true' | ||
uses: docker/[email protected] | ||
with: | ||
username: pleodeployments | ||
password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
# Setup Buildx for Docker operations. | ||
- name: Setup Buildx | ||
if: env.deploymentEnabled == 'true' | ||
uses: docker/setup-buildx-action@v3 | ||
# Build Docker image and cache Docker image/layers. | ||
- name: Build Docker Image | ||
if: env.deploymentEnabled == 'true' | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
tags: ${{ github.sha }} | ||
load: true | ||
cache-from: type=gha | ||
cache-to: type=gha,mode=max | ||
build-args: | | ||
github_sha=${{ github.sha }} | ||
GRADLE_USER=${{ secrets.GITHUB_ACTOR }} | ||
GRADLE_READ_KEY=${{ secrets.GH_REGISTRY_GRADLE_TOKEN }} | ||
- name: Configure product-dev AWS credentials | ||
if: env.deploymentEnabled == 'true' | ||
uses: aws-actions/[email protected] | ||
with: | ||
role-to-assume: arn:aws:iam::${{vars.AWS_ACCOUNT_ID_PRODUCT_DEV}}:role/github/repository/${{ github.event.repository.name }}-github-actions | ||
role-session-name: GitHubActions | ||
aws-region: eu-west-1 | ||
special-characters-workaround: true | ||
- name: Login to Amazon ECR Product dev | ||
if: env.deploymentEnabled == 'true' | ||
uses: aws-actions/[email protected] | ||
- name: Push Docker Image to AWS ECR Product dev | ||
if: env.deploymentEnabled == 'true' | ||
run: | | ||
ecr_repo_url="${{ vars.AWS_ACCOUNT_ID_PRODUCT_DEV }}.dkr.ecr.eu-west-1.amazonaws.com/pleo/${{ github.event.repository.name }}:${{ github.sha }}" | ||
docker tag ${{ github.sha }} ${ecr_repo_url} | ||
docker push ${ecr_repo_url} | ||
docker rmi -f ${ecr_repo_url} | ||
- name: Configure staging AWS credentials | ||
if: env.deploymentEnabled == 'true' | ||
uses: aws-actions/[email protected] | ||
with: | ||
role-to-assume: arn:aws:iam::${{vars.AWS_ACCOUNT_ID_PRODUCT_STAGING}}:role/github/repository/${{ github.event.repository.name }}-github-actions | ||
role-session-name: GitHubActions | ||
aws-region: eu-west-1 | ||
special-characters-workaround: true | ||
# Allow publishing the built project Docker image to AWS ECR (staging). | ||
- name: Login to Amazon ECR Staging | ||
if: env.deploymentEnabled == 'true' | ||
uses: aws-actions/[email protected] | ||
# Publish the built project Docker image to AWS ECR (staging). | ||
- name: Push Docker Image to AWS ECR Staging | ||
if: env.deploymentEnabled == 'true' | ||
run: | | ||
ecr_repo_url="${{ vars.AWS_ACCOUNT_ID_PRODUCT_STAGING }}.dkr.ecr.eu-west-1.amazonaws.com/pleo/${{ github.event.repository.name }}:${{ github.sha }}" | ||
docker tag ${{ github.sha }} ${ecr_repo_url} | ||
docker push ${ecr_repo_url} | ||
docker rmi -f ${ecr_repo_url} | ||
- name: Configure production AWS credentials | ||
if: env.deploymentEnabled == 'true' && env.productionDeploymentEnabled == 'true' | ||
uses: aws-actions/[email protected] | ||
with: | ||
role-to-assume: arn:aws:iam::${{vars.AWS_ACCOUNT_ID_PRODUCT_PRODUCTION}}:role/github/repository/${{ github.event.repository.name }}-github-actions | ||
role-session-name: GitHubActions | ||
aws-region: eu-west-1 | ||
special-characters-workaround: true | ||
# Allow publishing the built project Docker image to AWS ECR (production). | ||
- name: Login to AWS ECR Production | ||
if: env.deploymentEnabled == 'true' && env.productionDeploymentEnabled == 'true' | ||
uses: aws-actions/[email protected] | ||
# Publish the built project Docker image to AWS ECR (production). | ||
- name: Push Docker Image to AWS ECR Production | ||
if: env.deploymentEnabled == 'true' && env.productionDeploymentEnabled == 'true' | ||
run: | | ||
ecr_repo_url="${{ vars.AWS_ACCOUNT_ID_PRODUCT_PRODUCTION }}.dkr.ecr.eu-west-1.amazonaws.com/pleo/${{ github.event.repository.name }}:${{ github.sha }}" | ||
docker tag ${{ github.sha }} ${ecr_repo_url} | ||
docker push ${ecr_repo_url} | ||
docker rmi -f ${ecr_repo_url} | ||
get-env-variables: | ||
name: Prepare env variables | ||
outputs: | ||
deploymentEnabled: ${{ steps.env-variables.outputs.deploymentEnabled }} | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Set output variables | ||
id: env-variables | ||
run: | | ||
echo "deploymentEnabled=${{ env.deploymentEnabled }}" >> "$GITHUB_OUTPUT" | ||
trigger-deploy-gitops-product-dev: | ||
name: Trigger deployment (GitOps)- Update product-dev image | ||
concurrency: update-image-tag | ||
needs: | ||
- publish-docker-image | ||
- get-env-variables | ||
if: needs.get-env-variables.outputs.deploymentEnabled == 'true' | ||
uses: pleo-io/reusable-workflows/.github/workflows/update-image-tag.yaml@main | ||
with: | ||
environment: product-dev | ||
image_tag: ${{ github.sha }} | ||
secrets: | ||
application_id: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_APP_ID }} | ||
application_private_key: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_PRIVATE_KEY }} | ||
trigger-deploy-gitops-product-staging: | ||
name: Trigger deployment (GitOps)- Update product-staging image | ||
concurrency: update-image-tag | ||
needs: | ||
- publish-docker-image | ||
- get-env-variables | ||
if: needs.get-env-variables.outputs.deploymentEnabled == 'true' | ||
uses: pleo-io/reusable-workflows/.github/workflows/update-image-tag.yaml@main | ||
Check failure on line 581 in .github/workflows/release.yaml GitHub Actions / .github/workflows/release.yamlInvalid workflow file
|
||
with: | ||
environment: product-staging | ||
image_tag: ${{ github.sha }} | ||
secrets: | ||
application_id: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_APP_ID }} | ||
application_private_key: ${{ secrets.PLEO_GH_APP_TOKEN_SIGNER_PRIVATE_KEY }} |