Bump release python to 3.8 (#640) #39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Latest Version | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| services: | |
| postgres: | |
| image: postgres:11 | |
| # Provide the password for postgres | |
| env: | |
| POSTGRES_PASSWORD: postgres | |
| # Set health checks to wait until postgres has started | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| # Maps tcp port 5432 on service container to the host | |
| - 5432:5432 | |
| env: | |
| MODULES: api ui functions/aou functions/sg docs | |
| steps: | |
| - name: prepare sources | |
| uses: actions/checkout@v2 | |
| - name: Configure Git | |
| run: | | |
| git config --local user.email "$(git log --format='%ae' HEAD^!)" | |
| git config --local user.name "$(git log --format='%an' HEAD^!)" | |
| - name: Setup Java | |
| uses: actions/setup-java@v1 | |
| with: | |
| java-version: '11' | |
| - name: Setup Python | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: '3.8' | |
| - name: Install Python Dependencies | |
| run: python -m pip install -r ops/requirements.txt | |
| - name: Setup Clojure | |
| uses: DeLaGuardo/setup-clojure@e73bf2b6435244b2c9c5c226ae5022d91d0ce702 | |
| with: | |
| cli: '1.10.1.739' | |
| # Get secret from vault | |
| - name: Authenticate to GCloud | |
| id: gcloud | |
| env: | |
| ROLE_ID: ${{ secrets.ROLE_ID }} | |
| SECRET_ID: ${{ secrets.SECRET_ID }} | |
| VAULT_ADDR: ${{ secrets.VAULT_ADDR }} | |
| run: | | |
| # get vault token using role-id and secret-id | |
| VAULT_TOKEN=$(curl \ | |
| --request POST \ | |
| --data "{\"role_id\":\"${ROLE_ID}\",\"secret_id\":\"${SECRET_ID}\"}" \ | |
| ${VAULT_ADDR}/v1/auth/approle/login | jq -r .auth.client_token) | |
| if [ -z "${VAULT_TOKEN}" ] ; then | |
| echo "Vault authentication failed!" | |
| exit 1 | |
| fi | |
| echo ::add-mask::${VAULT_TOKEN} | |
| echo "VAULT_TOKEN=${VAULT_TOKEN}" >> $GITHUB_ENV | |
| echo ${VAULT_TOKEN} > ~/.vault-token | |
| # use vault token to read secret - service account json | |
| curl --silent -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET \ | |
| ${VAULT_ADDR}/v1/secret/dsde/gotc/dev/wfl/wfl-non-prod-service-account.json \ | |
| | jq .data > sa.json | |
| if [ ! -s sa.json ] ; then | |
| echo "Retrieval of Gcloud SA credentials failed" | |
| exit 1 | |
| fi | |
| # auth as service account | |
| gcloud auth activate-service-account --key-file=sa.json | |
| if [ $? -ne 0 ] ; then | |
| echo "Gcloud auth failed!" | |
| exit 1 | |
| fi | |
| # get bearer token and set it to a specific env var that | |
| # subsequent steps expect. bearer token good for 1 hour | |
| GOOGLE_OAUTH_ACCESS_TOKEN=$(gcloud auth print-access-token) | |
| if [ -z "${GOOGLE_OAUTH_ACCESS_TOKEN}" ] ; then | |
| echo "Generating Gcloud access token failed" | |
| exit 1 | |
| fi | |
| echo ::add-mask::${GOOGLE_OAUTH_ACCESS_TOKEN} | |
| echo "GOOGLE_OAUTH_ACCESS_TOKEN=${GOOGLE_OAUTH_ACCESS_TOKEN}" >> $GITHUB_ENV | |
| echo "GOOGLE_APPLICATION_CREDENTIALS=$(find `pwd` -maxdepth 1 -name sa.json)" >> $GITHUB_ENV | |
| - name: Docker Login | |
| run: | | |
| docker login \ | |
| --username "${{ secrets.dockerhub_username }}" \ | |
| --password "${{ secrets.dockerhub_password }}" | |
| - name: Pre-Build | |
| run: USER='Automated Release Action' make ${MODULES} TARGET=prebuild | |
| - name: Lint | |
| run: USER='Automated Release Action' make ${MODULES} TARGET=lint | |
| - name: Build | |
| run: USER='Automated Release Action' make ${MODULES} TARGET=build | |
| - name: Unit Test | |
| run: USER='Automated Release Action' make ${MODULES} TARGET=unit | |
| - name: Integration Test | |
| env: | |
| WFL_POSTGRES_USERNAME: postgres | |
| WFL_POSTGRES_PASSWORD: postgres | |
| # | |
| # Assign env variables from Atlantis-managed GitHub Secrets: | |
| # https://github.com/broadinstitute/terraform-ap-deployments/blob/master/github/tfvars/broadinstitute-wfl.tfvars | |
| # | |
| WFL_SLACK_TOKEN: ${{ secrets.WFL_SLACK_TOKEN }} | |
| run: USER='Automated Release Action' make ${MODULES} TARGET=integration | |
| - name: Images | |
| run: USER='Automated Release Action' make ${MODULES} TARGET=images | |
| - name: tag-and-push-images | |
| run: ./ops/cli.py tag-and-push-images | |
| - name: Read Version Data | |
| id: version | |
| run: | | |
| echo "::set-output name=VERSION::v$(cat version)" | |
| echo "::set-output name=CHANGELOG::$(sed -n '1d;/$#/!p;//q' CHANGELOG.md)" | |
| - name: Deploy Docs | |
| uses: peaceiris/actions-gh-pages@v3 | |
| with: | |
| personal_token: ${{ secrets.GITHUB_TOKEN }} | |
| publish_dir: derived/docs/site | |
| keep_files: true | |
| destination_dir: ${{ steps.version.outputs.VERSION }} | |
| - name: Add Release | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name: ${{ steps.version.outputs.VERSION }} | |
| body: | | |
| Docs available at [broadinstitute.github.io/wfl/${{ steps.version.outputs.VERSION }}](https://broadinstitute.github.io/wfl/${{ steps.version.outputs.VERSION }}) | |
| [Changes](https://github.com/broadinstitute/wfl/blob/${{ steps.version.outputs.VERSION }}/CHANGELOG.md): | |
| ${{ steps.version.outputs.CHANGELOG }} |