ci(identity): migrate identity-service CI to GitHub Actions #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Identity Service CI/CD | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'packages/identity-service/**' | |
| - 'packages/sdk/**' | |
| - 'packages/spl/**' | |
| - 'packages/eth/**' | |
| - 'packages/fixed-decimal/**' | |
| - 'packages/libs/**' | |
| - 'package-lock.json' | |
| - '.github/workflows/identity.yml' | |
| pull_request: | |
| paths: | |
| - 'packages/identity-service/**' | |
| - 'packages/sdk/**' | |
| - 'packages/spl/**' | |
| - 'packages/eth/**' | |
| - 'packages/fixed-decimal/**' | |
| - 'packages/libs/**' | |
| - 'package-lock.json' | |
| - '.github/workflows/identity.yml' | |
| workflow_dispatch: | |
| env: | |
| NODE_VERSION: '24.10.0' | |
| jobs: | |
| identity-init: | |
| name: Identity Init (Install & Cache) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'npm' | |
| cache-dependency-path: package-lock.json | |
| - name: Upgrade npm to 11.10.0 | |
| run: npm install -g npm@11.10.0 | |
| - name: Create concatenated patch file | |
| id: patch-file | |
| run: | | |
| ls -d -- packages/*/patches/*.patch 2>/dev/null | xargs cat > combined-patch-file.txt || touch combined-patch-file.txt | |
| echo "patch_checksum=$(sha256sum combined-patch-file.txt | cut -d' ' -f1)" >> $GITHUB_OUTPUT | |
| - name: Cache node modules | |
| id: cache-node-modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| node_modules | |
| packages/identity-service/node_modules | |
| packages/libs/node_modules | |
| packages/libs/dist | |
| packages/sdk/node_modules | |
| packages/sdk/dist | |
| packages/spl/node_modules | |
| packages/spl/dist | |
| packages/eth/node_modules | |
| packages/eth/dist | |
| packages/fixed-decimal/node_modules | |
| packages/fixed-decimal/dist | |
| key: npm-cache-identity-${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('package-lock.json') }}-${{ steps.patch-file.outputs.patch_checksum }} | |
| restore-keys: | | |
| npm-cache-identity-${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('package-lock.json') }}- | |
| - name: Install dependencies | |
| env: | |
| CI: true | |
| SKIP_POD_INSTALL: true | |
| SKIP_ANDROID_INSTALL: true | |
| ANDROID_HOME: /tmp/android-sdk-dummy | |
| NODE_OPTIONS: --max-old-space-size=8192 | |
| run: | | |
| mkdir -p /tmp/android-sdk-dummy | |
| if [[ -d node_modules ]]; then | |
| echo "Using cached node_modules, running postinstall..." | |
| npm run postinstall | |
| else | |
| echo "No cache found, running fresh install..." | |
| npm cache clean --force || true | |
| npm ci --prefer-offline || npm install --prefer-offline | |
| fi | |
| identity-lint: | |
| name: Identity Lint | |
| runs-on: ubuntu-latest | |
| needs: identity-init | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'npm' | |
| cache-dependency-path: package-lock.json | |
| - name: Upgrade npm to 11.10.0 | |
| run: npm install -g npm@11.10.0 | |
| - name: Create concatenated patch file | |
| id: patch-file | |
| run: | | |
| ls -d -- packages/*/patches/*.patch 2>/dev/null | xargs cat > combined-patch-file.txt || touch combined-patch-file.txt | |
| echo "patch_checksum=$(sha256sum combined-patch-file.txt | cut -d' ' -f1)" >> $GITHUB_OUTPUT | |
| - name: Cache node modules | |
| id: cache-node-modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| node_modules | |
| packages/identity-service/node_modules | |
| packages/libs/node_modules | |
| packages/libs/dist | |
| packages/sdk/node_modules | |
| packages/sdk/dist | |
| packages/spl/node_modules | |
| packages/spl/dist | |
| packages/eth/node_modules | |
| packages/eth/dist | |
| packages/fixed-decimal/node_modules | |
| packages/fixed-decimal/dist | |
| key: npm-cache-identity-${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('package-lock.json') }}-${{ steps.patch-file.outputs.patch_checksum }} | |
| restore-keys: | | |
| npm-cache-identity-${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('package-lock.json') }}- | |
| - name: Install dependencies (if cache miss) | |
| if: steps.cache-node-modules.outputs.cache-hit != 'true' | |
| env: | |
| CI: true | |
| SKIP_POD_INSTALL: true | |
| SKIP_ANDROID_INSTALL: true | |
| ANDROID_HOME: /tmp/android-sdk-dummy | |
| NODE_OPTIONS: --max-old-space-size=8192 | |
| run: | | |
| mkdir -p /tmp/android-sdk-dummy | |
| npm cache clean --force || true | |
| npm ci --prefer-offline || npm install --prefer-offline | |
| - name: Cache for Turbo | |
| uses: rharkor/caching-for-turbo@v2.2.1 | |
| - name: Lint | |
| run: npx turbo run lint --filter=identity-service | |
| identity-typecheck: | |
| name: Identity Typecheck | |
| runs-on: ubuntu-latest | |
| needs: identity-init | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'npm' | |
| cache-dependency-path: package-lock.json | |
| - name: Upgrade npm to 11.10.0 | |
| run: npm install -g npm@11.10.0 | |
| - name: Create concatenated patch file | |
| id: patch-file | |
| run: | | |
| ls -d -- packages/*/patches/*.patch 2>/dev/null | xargs cat > combined-patch-file.txt || touch combined-patch-file.txt | |
| echo "patch_checksum=$(sha256sum combined-patch-file.txt | cut -d' ' -f1)" >> $GITHUB_OUTPUT | |
| - name: Cache node modules | |
| id: cache-node-modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| node_modules | |
| packages/identity-service/node_modules | |
| packages/libs/node_modules | |
| packages/libs/dist | |
| packages/sdk/node_modules | |
| packages/sdk/dist | |
| packages/spl/node_modules | |
| packages/spl/dist | |
| packages/eth/node_modules | |
| packages/eth/dist | |
| packages/fixed-decimal/node_modules | |
| packages/fixed-decimal/dist | |
| key: npm-cache-identity-${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('package-lock.json') }}-${{ steps.patch-file.outputs.patch_checksum }} | |
| restore-keys: | | |
| npm-cache-identity-${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('package-lock.json') }}- | |
| - name: Install dependencies (if cache miss) | |
| if: steps.cache-node-modules.outputs.cache-hit != 'true' | |
| env: | |
| CI: true | |
| SKIP_POD_INSTALL: true | |
| SKIP_ANDROID_INSTALL: true | |
| ANDROID_HOME: /tmp/android-sdk-dummy | |
| NODE_OPTIONS: --max-old-space-size=8192 | |
| run: | | |
| mkdir -p /tmp/android-sdk-dummy | |
| npm cache clean --force || true | |
| npm ci --prefer-offline || npm install --prefer-offline | |
| - name: Cache for Turbo | |
| uses: rharkor/caching-for-turbo@v2.2.1 | |
| - name: Typecheck | |
| run: npx turbo run typecheck --filter=identity-service | |
| identity-test: | |
| name: Identity Tests | |
| runs-on: ubuntu-latest | |
| needs: identity-init | |
| services: | |
| postgres: | |
| image: postgres:11.1 | |
| env: | |
| POSTGRES_USER: postgres | |
| POSTGRES_PASSWORD: postgres | |
| POSTGRES_DB: audius_identity_service_test | |
| ports: | |
| - 7433:5432 | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 5s | |
| --health-timeout 5s | |
| --health-retries 10 | |
| redis: | |
| image: redis:7.0 | |
| ports: | |
| - 6379:6379 | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 5s | |
| --health-timeout 5s | |
| --health-retries 10 | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.NODE_VERSION }} | |
| cache: 'npm' | |
| cache-dependency-path: package-lock.json | |
| - name: Upgrade npm to 11.10.0 | |
| run: npm install -g npm@11.10.0 | |
| - name: Create concatenated patch file | |
| id: patch-file | |
| run: | | |
| ls -d -- packages/*/patches/*.patch 2>/dev/null | xargs cat > combined-patch-file.txt || touch combined-patch-file.txt | |
| echo "patch_checksum=$(sha256sum combined-patch-file.txt | cut -d' ' -f1)" >> $GITHUB_OUTPUT | |
| - name: Cache node modules | |
| id: cache-node-modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| node_modules | |
| packages/identity-service/node_modules | |
| packages/libs/node_modules | |
| packages/libs/dist | |
| packages/sdk/node_modules | |
| packages/sdk/dist | |
| packages/spl/node_modules | |
| packages/spl/dist | |
| packages/eth/node_modules | |
| packages/eth/dist | |
| packages/fixed-decimal/node_modules | |
| packages/fixed-decimal/dist | |
| key: npm-cache-identity-${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('package-lock.json') }}-${{ steps.patch-file.outputs.patch_checksum }} | |
| restore-keys: | | |
| npm-cache-identity-${{ runner.os }}-node-${{ env.NODE_VERSION }}-${{ hashFiles('package-lock.json') }}- | |
| - name: Install dependencies (if cache miss) | |
| if: steps.cache-node-modules.outputs.cache-hit != 'true' | |
| env: | |
| CI: true | |
| SKIP_POD_INSTALL: true | |
| SKIP_ANDROID_INSTALL: true | |
| ANDROID_HOME: /tmp/android-sdk-dummy | |
| NODE_OPTIONS: --max-old-space-size=8192 | |
| run: | | |
| mkdir -p /tmp/android-sdk-dummy | |
| npm cache clean --force || true | |
| npm ci --prefer-offline || npm install --prefer-offline | |
| - name: Cache for Turbo | |
| uses: rharkor/caching-for-turbo@v2.2.1 | |
| - name: Build dependencies | |
| run: npx turbo run build --filter=identity-service^... | |
| # The identity-service test runner (scripts/run-tests.sh) spins up its own | |
| # postgres/redis docker containers when run outside CI. We supply them as | |
| # GHA service containers instead, then call ts-mocha directly with the | |
| # env vars the script exports. | |
| - name: Run tests | |
| timeout-minutes: 20 | |
| working-directory: packages/identity-service | |
| env: | |
| isTestRun: 'true' | |
| environment: 'test' | |
| logLevel: 'debug' | |
| redisHost: 'localhost' | |
| redisPort: '6379' | |
| POSTGRES_TEST_PORT: '7433' | |
| dbUrl: 'postgres://postgres:postgres@localhost:7433/audius_identity_service_test' | |
| ethTokenAddress: '' | |
| ethRegistryAddress: '' | |
| registryAddress: '' | |
| ethOwnerWallet: '' | |
| solanaTrackListenCountAddress: '' | |
| solanaAudiusEthRegistryAddress: '' | |
| solanaValidSigner: '' | |
| run: ../../node_modules/ts-mocha/bin/ts-mocha test/index.ts --timeout 12000 --exit | |
| identity-docker-push: | |
| name: Push identity-service Docker image | |
| runs-on: ubuntu-latest | |
| needs: [identity-lint, identity-typecheck, identity-test] | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASS }} | |
| - name: Build and push identity-service image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: packages/identity-service/Dockerfile.prod | |
| push: true | |
| tags: audius/identity-service:${{ github.sha }} | |
| build-args: | | |
| git_sha=${{ github.sha }} | |
| cache-from: type=gha,scope=identity-service | |
| cache-to: type=gha,scope=identity-service,mode=max | |
| - name: Alert Slack on failure | |
| if: failure() && env.SLACK_DAILY_DEPLOY_WEBHOOK != '' | |
| env: | |
| SLACK_DAILY_DEPLOY_WEBHOOK: ${{ secrets.SLACK_DAILY_DEPLOY_WEBHOOK }} | |
| JOB_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| run: | | |
| json_content=$(cat <<EOF | |
| { "blocks": [ | |
| { "type": "section", | |
| "text": { "type": "mrkdwn", | |
| "text": "Failed to build and push identity-service. Today's release can't move forward until this is resolved. Hint: check <${JOB_URL}|here>" } | |
| } | |
| ]} | |
| EOF | |
| ) | |
| curl -f -X POST -H 'Content-type: application/json' \ | |
| --data "$json_content" \ | |
| "$SLACK_DAILY_DEPLOY_WEBHOOK" |