-
Notifications
You must be signed in to change notification settings - Fork 5
160 lines (146 loc) · 6.1 KB
/
main.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
name: Build and test
on:
push:
branches:
- "main"
paths-ignore:
- "release-index.yaml"
- "replica-releases/**"
- "node-labels/**"
pull_request:
paths-ignore:
- "release-index.yaml"
- "replica-releases/**"
- "node-labels/**"
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
bazel:
runs-on:
labels: dre-runner-custom
# This image is based on ubuntu:20.04
container: ghcr.io/dfinity/dre/actions-runner:3dd4f38f076cad73fdcc68ad37fd29bed4fa3e4d
permissions:
contents: write
packages: write
pages: write
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2
# The GitHub App token is necessary for pushing changed files back to the repository
# If regular secrets.GITHUB_TOKEN is used instead, the push will not trigger any actions
# https://github.com/orgs/community/discussions/25702
- name: Create GitHub App Token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }}
private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }}
- name: "☁️ Setup runner"
uses: ./.github/workflows/manage-runner-pre
########################################
# Build and test
# Will run test as a local subprocess because for some tests
# create status files on certain locations (like $HOME)
########################################
- name: "🚀 Building"
uses: ./.github/workflows/build
with:
# See above where the token is generated: we can't use regular secrets.GITHUB_TOKEN
# since the push needs to trigger actions again
GITHUB_TOKEN: "${{ steps.app-token.outputs.token }}"
- name: "🚀 Testing"
env:
STAGING_PRIVATE_KEY_PEM: "${{ secrets.STAGING_PRIVATE_KEY_PEM }}"
run: |
mkdir -p ~/.config/dfx/identity/bootstrap-super-leader/
echo $STAGING_PRIVATE_KEY_PEM > ~/.config/dfx/identity/bootstrap-super-leader/identity.pem
bazel test ... --spawn_strategy=local --test_env=HOME=/home/runner
# We don't need the linear-jira build and test step for now
# - name: "🚀 Build and Test Linear-Jira with Bazel"
# shell: bash
# run: |
# set -euxo pipefail
# cd linear-jira
# bazel build --config=ci ...
# bazel test --config=ci ... || true
# bazel query --noshow_progress 'kind("oci_push", ...)' | xargs -P $(nproc) -I_target bazel run _target -- --tag ${{ github.sha }}
########################################
# Upload test artifacts
########################################
- name: "🧪 Upload test artifacts"
if: ${{ github.ref == 'refs/heads/main' }}
uses: actions/upload-artifact@v4
with:
name: test-artifacts
path: bazel-out/k8-opt/bin/rs/ic-observability/multiservice-discovery/multiservice-discovery
########################################
# Upload container images
########################################
- name: "🔧 Login to GitHub Container Registry"
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: "📦 Push images to GitHub Container Registry"
if: ${{ startsWith(github.head_ref, 'container') || startsWith(github.ref, 'refs/heads/container') || (github.ref == 'refs/heads/main') }}
run: bazel query --noshow_progress 'kind("oci_push", ...)' | xargs -I_target bazel run _target -- --tag ${GITHUB_SHA}
########################################
# Check if dashboard/* changed to see if
# it also needs to be updated in k8s
########################################
- name: "❓ Check if dashboard/* changed in last commit"
id: check
uses: ./.github/workflows/check-modified-files-as-step
with:
path: dashboard/*
- name: "💲 Setting correct paths to update"
id: paths
shell: bash
run: |
files=(
bases/apps/ic-release-controller/controller/controller.yaml
bases/apps/ic-release-controller/commit-annotator/commit-annotator.yaml
bases/apps/mainnet-dashboard/backend/base/deployment.yaml
bases/apps/mainnet-dashboard/statefulset-slack.yaml
bases/apps/service-discovery/service-discovery.yaml
.github/workflows/dre-vector-configs.yaml
)
if [[ $changed == "true" ]]; then
echo "Adding frontend to list of files"
files+=( bases/apps/mainnet-dashboard/frontend/deployment.yaml )
else
echo "Skipping adding of frontend to list of files"
fi
echo "Output of this step:"
echo ${files[@]}
echo "files=${files[@]}" >> $GITHUB_ENV
########################################
# Deploy to github pages
########################################
- name: "🚢 Deploy to GitHub Pages"
if: ${{ github.ref == 'refs/heads/main' }}
run: |
git config --global user.email "[email protected]"
git config --global user.name "GitHub Actions"
bazel run "//:mkdocs" -- gh-deploy --force
########################################
# Update k8s deployments
########################################
- name: "🤖 Update k8s deployments"
if: ${{ github.ref == 'refs/heads/main' }}
uses: ./.github/workflows/update-k8s-deployments
with:
github_api_token: ${{ secrets.K8S_API_TOKEN }}
########################################
# Clean up runner
########################################
- uses: ./.github/workflows/manage-runner-post
name: "🪓 Tear down runner"
if: ${{ !startsWith(runner.name, 'dre-runner-custom') }}
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}