-
Notifications
You must be signed in to change notification settings - Fork 4
162 lines (135 loc) · 5.68 KB
/
Copy pathdeploy.yml
File metadata and controls
162 lines (135 loc) · 5.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
name: deploy
on:
repository_dispatch:
workflow_dispatch:
push:
branches:
- main
pull_request:
env:
IMAGE_NAME: us-central1-docker.pkg.dev/analysis-tools-dev/analysis-tools/website
permissions:
contents: 'read'
id-token: 'write'
concurrency:
# Only one execution per branch/PR can run at the same time.
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
env:
NEXT_TELEMETRY_DISABLED: 1
CI: true
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'npm'
- name: Install dependencies
run: npm ci --legacy-peer-deps
- name: Run linting
run: npm run lint
- name: Build project
run: npm run build
deploy:
if: github.event_name != 'pull_request'
runs-on: ubuntu-latest
env:
NEXT_TELEMETRY_DISABLED: 1
CI: true
steps:
- uses: actions/checkout@v4
- name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: 'projects/84699750544/locations/global/workloadIdentityPools/github/providers/github'
service_account: 'github-actions@analysis-tools-dev.iam.gserviceaccount.com'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'npm'
- name: Install dependencies
run: npm ci --legacy-peer-deps
- name: Run linting
run: npm run lint
- name: Build project
run: npm run build
- name: 'Configure Docker'
run: gcloud auth configure-docker us-central1-docker.pkg.dev
- name: 'Generate GitHub Token'
id: generate_token
uses: tibdex/github-app-token@v2
with:
app_id: ${{ secrets.GH_APP_ID }}
private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}
# Hash the generated tools.json from the build (created by npm run build-data)
# to ensure we redeploy when tools data changes
- name: 'Generate Hash of built tools data'
run: |
echo "tools_hash=$(sha256sum data/tools.json | cut -c1-7)" >> $GITHUB_ENV
# Also take screenshots.json into account for cache busting
- name: 'Download screenshots.json File'
run: curl -sL https://github.com/analysis-tools-dev/assets/raw/master/screenshots.json -o ./screenshots.json
- name: 'Generate Hash of screenshots.json File'
run: echo "screenshots_hash=$(sha256sum screenshots.json | cut -c1-7)" >> $GITHUB_ENV
# Image hash is a combination of commit + data hashes
- name: 'Set IMAGE_NAME hash'
run: |
short_hash=$(echo "${{ github.sha }}" | cut -c1-7)
echo "IMAGE_NAME=${{ env.IMAGE_NAME }}:$short_hash-${{ env.tools_hash }}-${{ env.screenshots_hash }}" >> $GITHUB_ENV
- name: 'Build Docker Image'
env:
GH_TOKEN: ${{ steps.generate_token.outputs.token }}
run: |
echo ${{ secrets.FIREBASE_TOKEN }} | base64 -d > ./credentials.json
echo "Building Docker Image with tag $IMAGE_NAME"
docker build --build-arg GH_TOKEN=${{ env.GH_TOKEN }} \
--build-arg PROJECT_ID=analysis-tools-dev \
-t ${IMAGE_NAME} .
rm ./credentials.json
- name: 'Push Docker Image'
run: |
echo "Pushing Docker Image $IMAGE_NAME"
docker push $IMAGE_NAME
- name: 'Deploy'
uses: pulumi/actions@v5
env:
# TODO: Create a password for Pulumi stack during project bootstrap
PULUMI_CONFIG_PASSPHRASE: '${{ secrets.PULUMI_SECRET }}'
ALGOLIA_API_KEY: '${{ secrets.ALGOLIA_API_KEY }}'
with:
command: up
work-dir: ./pulumi
cloud-url: gs://analysis-tools-dev-pulumi
# TODO: Fix the branch name
stack-name: stage
refresh: true
- name: 'Deploy prod'
uses: pulumi/actions@v5
if: github.ref == 'refs/heads/main'
env:
# TODO: Create a password for Pulumi stack during project bootstrap
PULUMI_CONFIG_PASSPHRASE: '${{ secrets.PULUMI_SECRET_PROD }}'
ALGOLIA_API_KEY: '${{ secrets.ALGOLIA_API_KEY }}'
with:
command: up
work-dir: ./pulumi
cloud-url: gs://analysis-tools-dev-pulumi
stack-name: prod
refresh: true
# Node.js is already set up earlier in the workflow
- name: 'Update Algolia index'
if: github.ref == 'refs/heads/main'
env:
ALGOLIA_APP_ID: '${{ secrets.ALGOLIA_APP_ID }}'
ALGOLIA_ADMIN_KEY: '${{ secrets.ALGOLIA_ADMIN_KEY }}'
ALGOLIA_INDEX_NAME: 'tools'
run: |
npm run search-index