-
Notifications
You must be signed in to change notification settings - Fork 4
167 lines (139 loc) · 6 KB
/
Copy pathdeploy.yml
File metadata and controls
167 lines (139 loc) · 6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
name: deploy
on:
repository_dispatch:
workflow_dispatch:
push:
branches:
- main
pull_request:
env:
IMAGE_NAME: us-central1-docker.pkg.dev/analysis-tools-dev/analysis-tools/website
permissions:
contents: 'read'
id-token: 'write'
concurrency:
# Only one execution per branch/PR can run at the same time.
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
env:
NEXT_TELEMETRY_DISABLED: 1
CI: true
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'npm'
- name: Install dependencies
run: npm ci --legacy-peer-deps
- name: Run linting
run: npm run lint
- name: Build project
run: npm run build
deploy:
if: github.event_name != 'pull_request'
runs-on: ubuntu-latest
env:
NEXT_TELEMETRY_DISABLED: 1
CI: true
steps:
- uses: actions/checkout@v4
- name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: 'projects/84699750544/locations/global/workloadIdentityPools/github/providers/github'
service_account: 'github-actions@analysis-tools-dev.iam.gserviceaccount.com'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'npm'
- name: Install dependencies
run: npm ci --legacy-peer-deps
- name: Run linting
run: npm run lint
- name: Build project
run: npm run build
- name: 'Configure Docker'
run: gcloud auth configure-docker us-central1-docker.pkg.dev
- name: 'Generate GitHub Token'
id: generate_token
uses: tibdex/github-app-token@v2
with:
app_id: ${{ secrets.GH_APP_ID }}
private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}
# We want to redeploy, whenever the tools.json file changes
# so make sure to hash the file and use it as a tag for the Docker image
- name: 'Download tools.json File'
run: curl -sL https://github.com/analysis-tools-dev/static-analysis/raw/master/data/api/tools.json -o ./tools.json
- name: 'Generate Hash of tools.json File'
id: tools_json_hash
run: echo "tools_json_hash=$(sha256sum tools.json | cut -c1-7)" >> $GITHUB_ENV
# Also take screenshots.json into account, which is at
# https://github.com/analysis-tools-dev/assets/blob/master/screenshots.json
- name: 'Download screenshots.json File'
run: curl -sL https://github.com/analysis-tools-dev/assets/raw/master/screenshots.json -o ./screenshots.json
- name: 'Generate Hash of screenshots.json File'
id: screenshots_json_hash
run: echo "screenshots_json_hash=$(sha256sum screenshots.json | cut -c1-7)" >> $GITHUB_ENV
# Image hash is a combination of the hashes
- name: 'Set IMAGE_NAME hash'
run: |
short_hash=$(echo "${{ github.sha }}" | cut -c1-7)
echo "IMAGE_NAME=${{ env.IMAGE_NAME }}:$short_hash-${{ env.tools_json_hash }}-${{ env.screenshots_json_hash }}" >> $GITHUB_ENV
- name: 'Build Docker Image'
env:
GH_TOKEN: ${{ steps.generate_token.outputs.token }}
run: |
echo ${{ secrets.FIREBASE_TOKEN }} | base64 -d > ./credentials.json
echo "Building Docker Image with tag $IMAGE_NAME"
docker build --build-arg GH_TOKEN=${{ env.GH_TOKEN }} \
--build-arg PROJECT_ID=analysis-tools-dev \
-t ${IMAGE_NAME} .
rm ./credentials.json
- name: 'Push Docker Image'
run: |
echo "Pushing Docker Image $IMAGE_NAME"
docker push $IMAGE_NAME
- name: 'Deploy'
uses: pulumi/actions@v5
env:
# TODO: Create a password for Pulumi stack during project bootstrap
PULUMI_CONFIG_PASSPHRASE: '${{ secrets.PULUMI_SECRET }}'
ALGOLIA_API_KEY: '${{ secrets.ALGOLIA_API_KEY }}'
with:
command: up
work-dir: ./pulumi
cloud-url: gs://analysis-tools-dev-pulumi
# TODO: Fix the branch name
stack-name: stage
refresh: true
- name: 'Deploy prod'
uses: pulumi/actions@v5
if: github.ref == 'refs/heads/main'
env:
# TODO: Create a password for Pulumi stack during project bootstrap
PULUMI_CONFIG_PASSPHRASE: '${{ secrets.PULUMI_SECRET_PROD }}'
ALGOLIA_API_KEY: '${{ secrets.ALGOLIA_API_KEY }}'
with:
command: up
work-dir: ./pulumi
cloud-url: gs://analysis-tools-dev-pulumi
stack-name: prod
refresh: true
# Node.js is already set up earlier in the workflow
- name: 'Update Algolia index'
if: github.ref == 'refs/heads/main'
env:
ALGOLIA_APP_ID: '${{ secrets.ALGOLIA_APP_ID }}'
ALGOLIA_ADMIN_KEY: '${{ secrets.ALGOLIA_ADMIN_KEY }}'
ALGOLIA_INDEX_NAME: 'tools'
run: |
npm run search-index