1+ name : Rollout (wi)
2+ on :
3+ push :
4+ branches : ["wi-test"]
5+ paths : ["migrations/*.sql"]
6+ env :
7+ BYTEBASE_URL : https://4932-103-137-247-74.ngrok-free.app/
8+ BYTEBASE_WORKLOAD_IDENTITY : wi@db333.workload.bytebase.com
9+ BYTEBASE_PROJECT : projects/db333
10+ jobs :
11+ build :
12+ runs-on : ubuntu-latest
13+ steps :
14+ - uses : actions/checkout@v4
15+ - name : Build
16+ run : echo "Building..."
17+ create-rollout :
18+ needs : build
19+ permissions :
20+ id-token : write
21+ runs-on : ubuntu-latest
22+ container :
23+ image : bytebase/bytebase-action
24+ outputs :
25+ bytebase-plan : ${{ steps.set-output.outputs.plan }}
26+ steps :
27+ - uses : actions/checkout@v4
28+ - name : Exchange token
29+ id : bytebase-auth
30+ run : |
31+ OIDC_TOKEN=$(curl -s -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
32+ "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=bytebase" | jq -r '.value')
33+ ACCESS_TOKEN=$(curl -s -X POST "$BYTEBASE_URL/v1/auth:exchangeToken" \
34+ -H "Content-Type: application/json" \
35+ -d "{\"token\":\"$OIDC_TOKEN\",\"email\":\"$BYTEBASE_WORKLOAD_IDENTITY\"}" \
36+ | jq -r '.accessToken')
37+ echo "access-token=$ACCESS_TOKEN" >> $GITHUB_OUTPUT
38+ name : Create rollout
39+ run : |
40+ bytebase-action rollout \
41+ --url=$BYTEBASE_URL \
42+ --access-token=${{ steps.bytebase-auth.outputs.access-token }} \
43+ --project=$BYTEBASE_PROJECT \
44+ --targets=instances/dbdbdb/databases/db_0 \
45+ --file-pattern=migrations/*.sql \
46+ --output=${{ runner.temp }}/bytebase-metadata.json
47+ name : Set output
48+ id : set-output
49+ run : |
50+ PLAN=$(jq -r .plan ${{ runner.temp }}/bytebase-metadata.json)
51+ echo "plan=$PLAN" >> $GITHUB_OUTPUT
52+ deploy-to-test :
53+ needs : create-rollout
54+ permissions :
55+ id-token : write
56+ runs-on : ubuntu-latest
57+ environment : test
58+ container :
59+ image : bytebase/bytebase-action
60+ steps :
61+ - uses : actions/checkout@v4
62+ - name : Exchange token
63+ id : bytebase-auth
64+ run : |
65+ OIDC_TOKEN=$(curl -s -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
66+ "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=bytebase" | jq -r '.value')
67+ ACCESS_TOKEN=$(curl -s -X POST "$BYTEBASE_URL/v1/auth:exchangeToken" \
68+ -H "Content-Type: application/json" \
69+ -d "{\"token\":\"$OIDC_TOKEN\",\"email\":\"$BYTEBASE_WORKLOAD_IDENTITY\"}" \
70+ | jq -r '.accessToken')
71+ echo "access-token=$ACCESS_TOKEN" >> $GITHUB_OUTPUT
72+ name : Deploy to test
73+ run : |
74+ bytebase-action rollout \
75+ --url=$BYTEBASE_URL \
76+ --access-token=${{ steps.bytebase-auth.outputs.access-token }} \
77+ --project=$BYTEBASE_PROJECT \
78+ --target-stage=environments/test \
79+ --plan=${{ needs.create-rollout.outputs.bytebase-plan }}
80+ deploy-to-prod :
81+ needs : [deploy-to-test, create-rollout]
82+ permissions :
83+ id-token : write
84+ runs-on : ubuntu-latest
85+ environment : prod
86+ container :
87+ image : bytebase/bytebase-action
88+ steps :
89+ - uses : actions/checkout@v4
90+ - name : Exchange token
91+ id : bytebase-auth
92+ run : |
93+ OIDC_TOKEN=$(curl -s -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
94+ "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=bytebase" | jq -r '.value')
95+ ACCESS_TOKEN=$(curl -s -X POST "$BYTEBASE_URL/v1/auth:exchangeToken" \
96+ -H "Content-Type: application/json" \
97+ -d "{\"token\":\"$OIDC_TOKEN\",\"email\":\"$BYTEBASE_WORKLOAD_IDENTITY\"}" \
98+ | jq -r '.accessToken')
99+ echo "access-token=$ACCESS_TOKEN" >> $GITHUB_OUTPUT
100+ name : Deploy to prod
101+ run : |
102+ bytebase-action rollout \
103+ --url=$BYTEBASE_URL \
104+ --access-token=${{ steps.bytebase-auth.outputs.access-token }} \
105+ --project=$BYTEBASE_PROJECT \
106+ --target-stage=environments/prod \
107+ --plan=${{ needs.create-rollout.outputs.bytebase-plan }}
0 commit comments