Release - 10.0 #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "run tests & deploy to prod" | |
| on: | |
| pull_request: | |
| types: [ closed ] | |
| branches: [ main ] | |
| env: | |
| IMAGE_NAME: api | |
| concurrency: | |
| group: ci-release-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| prod-test: | |
| runs-on: ubuntu-latest | |
| if: (contains(toJSON(github.head_ref), 'release/') || contains(toJSON(github.head_ref), 'hotfix/')) && github.event.pull_request.merged == true | |
| steps: | |
| # 1. Setup | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK | |
| uses: actions/[email protected] | |
| with: | |
| distribution: 'liberica' | |
| java-version: '21' | |
| cache: 'maven' | |
| # 2. Test | |
| - name: Run Unit & Integration Tests | |
| run: mvn clean verify --no-transfer-progress | |
| prod-deploy: | |
| needs: [ prod-test ] | |
| runs-on: ubuntu-latest | |
| environment: prod | |
| permissions: # Necessary for workload identity provider | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| # 1. Setup | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK | |
| uses: actions/[email protected] | |
| with: | |
| distribution: 'liberica' | |
| java-version: '21' | |
| cache: 'maven' | |
| # 2. Sets & print variables | |
| - name: Sets variables | |
| id: variables | |
| run: | | |
| git fetch --prune --prune-tags origin | |
| # 1. Get tags | |
| LATEST_TAG=$(git describe --tags "$(git rev-list --tags --max-count=1)") | |
| TAG_LIST=($(echo $LATEST_TAG | tr '.' ' ')) | |
| [[ "${#TAG_LIST[@]}" -ne 2 ]] && echo "$RELEASE_VERSION is not a valid version" && exit 1 | |
| # 2. Set release version | |
| if [[ "$GITHUB_HEAD_REF" == release* ]] | |
| then | |
| RELEASE_VERSION=$(( TAG_LIST[0] + 1 )).0; | |
| else | |
| RELEASE_VERSION=${TAG_LIST[0]}.$(( TAG_LIST[1] + 1)); | |
| fi | |
| # 3. Set vars | |
| IMAGE_REGISTRY="us-docker.pkg.dev/${{ secrets.PROJECT_ID }}/cloud-diplomats/${{ env.IMAGE_NAME }}" | |
| IMAGE_TAG=${RELEASE_VERSION}-$(git rev-parse --short=4 HEAD) | |
| # 4. Set vars as env | |
| echo "IMAGE_REGISTRY=$IMAGE_REGISTRY" >> $GITHUB_ENV | |
| echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV | |
| echo "RELEASE_VERSION=$RELEASE_VERSION" >> $GITHUB_ENV | |
| - name: Print variables | |
| run: | | |
| echo "IMAGE_TAG=$IMAGE_TAG" | |
| echo "IMAGE_REGISTRY=$IMAGE_REGISTRY" | |
| # 3. Auth | |
| - name: Auth via Workload Identity Federation | |
| id: auth | |
| uses: google-github-actions/[email protected] | |
| with: | |
| workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ secrets.SERVICE_ACCOUNT }} # impersonated SA | |
| # 4. Setup gcloud & configure docker to use gcloud | |
| - name: Set up gcloud | |
| uses: google-github-actions/[email protected] | |
| with: | |
| project_id: ${{ secrets.PROJECT_ID }} | |
| - name: Setup docker to authenticate via gcloud | |
| run: gcloud --quiet auth configure-docker us-docker.pkg.dev | |
| # 5. Build image | |
| - name: Build image | |
| run: mvn clean package -DskipTests spring-boot:build-image --no-transfer-progress -Dspring-boot.build-image.imageName=$IMAGE_REGISTRY:$IMAGE_TAG | |
| # 6. Push image | |
| - name: Push image | |
| run: docker push $IMAGE_REGISTRY:$IMAGE_TAG | |
| # 7. Notify if fails | |
| # - name: Notify slack fail | |
| # if: failure() | |
| # env: | |
| # SLACK_BOT_TOKEN: ${{ secrets.SLACK_NOTIFICATIONS_BOT_TOKEN }} | |
| # uses: voxmedia/github-action-slack-notify-build@v1 | |
| # with: | |
| # channel: app-alerts | |
| # status: FAILED | |
| # color: danger | |
| prod-create-release: | |
| needs: [ prod-deploy ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| # 1. Setup | |
| - uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ secrets.CI_APP_ID }} | |
| private-key: ${{ secrets.CI_APP_PRIVATE_KEY }} | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{ steps.app-token.outputs.token }} | |
| # 2. Create release | |
| - name: Create release | |
| env: | |
| GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} | |
| run: | | |
| git config user.name github-actions | |
| git config user.email [email protected] | |
| git tag -a $RELEASE_VERSION -m "release: $RELEASE_VERSION" | |
| git push origin $RELEASE_VERSION | |
| gh release create $RELEASE_VERSION --title "$RELEASE_VERSION" --generate-notes | |
| prod-create-pull-request: | |
| needs: [ prod-deploy ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| # 1. Setup | |
| - uses: actions/create-github-app-token@v1 | |
| id: app-token | |
| with: | |
| app-id: ${{ secrets.CI_APP_ID }} | |
| private-key: ${{ secrets.CI_APP_PRIVATE_KEY }} | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: develop | |
| fetch-depth: 0 | |
| token: ${{ steps.app-token.outputs.token }} | |
| # 2. Create PR | |
| - name: Open PR to align develop with main | |
| env: | |
| GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} | |
| run: | | |
| git config user.name github-actions | |
| git config user.email [email protected] | |
| BRANCH_NAME="merge/$RELEASE_VERSION" | |
| git checkout -b $BRANCH_NAME | |
| git merge origin/main | |
| git commit --allow-empty -am "Merge main into develop" | |
| git push origin "$BRANCH_NAME" | |
| gh pr create --base develop --head "$BRANCH_NAME" --title "Merge - $RELEASE_VERSION" --fill |