Skip to content

WM-2617: Bring in updated mkdocs instructions (#638) #38

WM-2617: Bring in updated mkdocs instructions (#638)

WM-2617: Bring in updated mkdocs instructions (#638) #38

Workflow file for this run

name: Release Latest Version
on:
push:
branches:
- main
jobs:
build:
runs-on: ubuntu-latest
services:
postgres:
image: postgres:11
# Provide the password for postgres
env:
POSTGRES_PASSWORD: postgres
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
# Maps tcp port 5432 on service container to the host
- 5432:5432
env:
MODULES: api ui functions/aou functions/sg docs
steps:
- name: prepare sources
uses: actions/checkout@v2
- name: Configure Git
run: |
git config --local user.email "$(git log --format='%ae' HEAD^!)"
git config --local user.name "$(git log --format='%an' HEAD^!)"
- name: Setup Java
uses: actions/setup-java@v1
with:
java-version: '11'
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: '3.7'
- name: Install Python Dependencies
run: python -m pip install -r ops/requirements.txt
- name: Setup Clojure
uses: DeLaGuardo/setup-clojure@e73bf2b6435244b2c9c5c226ae5022d91d0ce702
with:
cli: '1.10.1.739'
# Get secret from vault
- name: Authenticate to GCloud
id: gcloud
env:
ROLE_ID: ${{ secrets.ROLE_ID }}
SECRET_ID: ${{ secrets.SECRET_ID }}
VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
run: |
# get vault token using role-id and secret-id
VAULT_TOKEN=$(curl \
--request POST \
--data "{\"role_id\":\"${ROLE_ID}\",\"secret_id\":\"${SECRET_ID}\"}" \
${VAULT_ADDR}/v1/auth/approle/login | jq -r .auth.client_token)
if [ -z "${VAULT_TOKEN}" ] ; then
echo "Vault authentication failed!"
exit 1
fi
echo ::add-mask::${VAULT_TOKEN}
echo "VAULT_TOKEN=${VAULT_TOKEN}" >> $GITHUB_ENV
echo ${VAULT_TOKEN} > ~/.vault-token
# use vault token to read secret - service account json
curl --silent -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET \
${VAULT_ADDR}/v1/secret/dsde/gotc/dev/wfl/wfl-non-prod-service-account.json \
| jq .data > sa.json
if [ ! -s sa.json ] ; then
echo "Retrieval of Gcloud SA credentials failed"
exit 1
fi
# auth as service account
gcloud auth activate-service-account --key-file=sa.json
if [ $? -ne 0 ] ; then
echo "Gcloud auth failed!"
exit 1
fi
# get bearer token and set it to a specific env var that
# subsequent steps expect. bearer token good for 1 hour
GOOGLE_OAUTH_ACCESS_TOKEN=$(gcloud auth print-access-token)
if [ -z "${GOOGLE_OAUTH_ACCESS_TOKEN}" ] ; then
echo "Generating Gcloud access token failed"
exit 1
fi
echo ::add-mask::${GOOGLE_OAUTH_ACCESS_TOKEN}
echo "GOOGLE_OAUTH_ACCESS_TOKEN=${GOOGLE_OAUTH_ACCESS_TOKEN}" >> $GITHUB_ENV
echo "GOOGLE_APPLICATION_CREDENTIALS=$(find `pwd` -maxdepth 1 -name sa.json)" >> $GITHUB_ENV
- name: Docker Login
run: |
docker login \
--username "${{ secrets.dockerhub_username }}" \
--password "${{ secrets.dockerhub_password }}"
- name: Pre-Build
run: USER='Automated Release Action' make ${MODULES} TARGET=prebuild
- name: Lint
run: USER='Automated Release Action' make ${MODULES} TARGET=lint
- name: Build
run: USER='Automated Release Action' make ${MODULES} TARGET=build
- name: Unit Test
run: USER='Automated Release Action' make ${MODULES} TARGET=unit
- name: Integration Test
env:
WFL_POSTGRES_USERNAME: postgres
WFL_POSTGRES_PASSWORD: postgres
#
# Assign env variables from Atlantis-managed GitHub Secrets:
# https://github.com/broadinstitute/terraform-ap-deployments/blob/master/github/tfvars/broadinstitute-wfl.tfvars
#
WFL_SLACK_TOKEN: ${{ secrets.WFL_SLACK_TOKEN }}
run: USER='Automated Release Action' make ${MODULES} TARGET=integration
- name: Images
run: USER='Automated Release Action' make ${MODULES} TARGET=images
- name: tag-and-push-images
run: ./ops/cli.py tag-and-push-images
- name: Read Version Data
id: version
run: |
echo "::set-output name=VERSION::v$(cat version)"
echo "::set-output name=CHANGELOG::$(sed -n '1d;/$#/!p;//q' CHANGELOG.md)"
- name: Deploy Docs
uses: peaceiris/actions-gh-pages@v3
with:
personal_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: derived/docs/site
keep_files: true
destination_dir: ${{ steps.version.outputs.VERSION }}
- name: Add Release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.version.outputs.VERSION }}
body: |
Docs available at [broadinstitute.github.io/wfl/${{ steps.version.outputs.VERSION }}](https://broadinstitute.github.io/wfl/${{ steps.version.outputs.VERSION }})
[Changes](https://github.com/broadinstitute/wfl/blob/${{ steps.version.outputs.VERSION }}/CHANGELOG.md):
${{ steps.version.outputs.CHANGELOG }}