Skip to content

add sentry to notify #55

add sentry to notify

add sentry to notify #55

Workflow file for this run

name: CI/CD
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
on:
# schedule:
# - cron: "43 23 * * *"
push:
branches: ["master"]
# Publish semver tags as releases.
tags: ["v*.*.*"]
pull_request:
branches: ["master"]
workflow_dispatch:
env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
# turbo
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
TURBO_TEAM: ${{ vars.TURBO_TEAM }}
TURBO_REMOTE_ONLY: true
jobs:
check:
runs-on: "ubuntu-22.04"
name: Check
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
lfs: false
fetch-depth: 0
submodules: "recursive"
# - name: Cache turbo build setup
# uses: actions/cache@v4
# with:
# path: .turbo
# key: ${{ runner.os }}-turbo-${{ github.sha }}
# restore-keys: |
# ${{ runner.os }}-turbo-
# Run CI tasks
- uses: pnpm/action-setup@v4
name: Install pnpm
with:
run_install: false
- name: Setup Node.js 22.4.0
uses: actions/setup-node@v4
with:
node-version: ">=22.4.0"
cache: "pnpm"
- name: Install dependencies with pnpm
run: pnpm install
- name: Turbo
run: pnpx turbo run lint type-check test
# we choose not to run tests in the CI/CD pipeline, it takes too long and requires a lot of resources as well as tokens
- name: Check formatting and fail if changes are detected
run: |
if pnpm run format --check | grep -q "Files were formatted"; then
echo "Formatting changes detected. Please run 'pnpx turbo run format' locally and commit the changes."
exit 1
fi
build-android:
runs-on: ubuntu-latest
name: Build ${{ matrix.tag }}
env:
JAVA_VERSION: "17"
DISTRIBUTION: "zulu"
MAIN_PROJECT_MODULE: app
GRADLE_OPTS: "-Dorg.gradle.daemon=false -Dorg.gradle.workers.max=2"
strategy:
fail-fast: true
matrix:
include:
- tag: "pheidippides-notify" # package.json name
context: "pheidippides/PheidippidesNotify"
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
lfs: false
fetch-depth: 0
submodules: "recursive"
- name: Set up JDK ${{ env.JAVA_VERSION }}
uses: actions/setup-java@v3
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: ${{ env.DISTRIBUTION }}
cache: gradle
- name: Setup Android SDK
uses: android-actions/setup-android@v3
- name: Setup Node.js 22.4.0
uses: actions/setup-node@v4
with:
node-version: ">=22.4.0"
cache: "pnpm"
- name: Build via turbo
run: pnpx turbo build --filter=${{ matrix.tag }}
env:
SENTRY_AUTH_TOKEN: ${{ secrets.NEFUM_SENTRY_AUTH_TOKEN }}
SENTRY_ORG: nefum
SENTRY_PROJECT: ${{ matrix.tag }}
SENTRY_RELEASE: ${{ github.sha }}
- name: Upload APK
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.tag }}
path: ${{ matrix.context }}/app/build/outputs/apk/debug/app-debug.apk
build-docker:
# GitHub does not yet offer native building on arm64 (https://github.blog/changelog/2023-10-30-accelerate-your-ci-cd-with-arm-based-hosted-runners-in-github-actions/)
runs-on: "ubuntu-22.04"
name: Build ${{ matrix.tag }}
needs:
- build-android
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
strategy:
fail-fast: true
matrix:
include:
- context: "apps/web"
tag: "web"
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
lfs: true
fetch-depth: 0
submodules: "recursive"
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 #v3.5.0
with:
cosign-release: "v2.2.4"
# Workaround: https://github.com/docker/build-push-action/issues/461
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
- name: Set up QEMU
uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0
# Login against a Docker registry except on PR
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
flavor: |
prefix=${{ matrix.tag }}-,onlatest=true
tags: |
type=schedule
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }}
# Download Android APKs
- uses: actions/download-artifact@v4
name: Download APKs
if: ${{ matrix.tag == 'web' }}
with:
path: apps/web/android
# Build and push Docker image with Buildx (don't push on PR)
# https://github.com/docker/build-push-action
- name: Build and push Docker image
id: build-and-push
uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
with:
context: ${{ matrix.context }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
platforms: linux/amd64,linux/arm64
build-args: |
SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_RELEASE=${{ github.sha }}
# Sign the resulting Docker image digest except on PRs.
# This will only write to the public Rekor transparency log when the Docker
# repository is public to avoid leaking data. If you would like to publish
# transparency data even for private images, pass --force to cosign below.
# https://github.com/sigstore/cosign
- name: Sign the published Docker image
if: ${{ github.event_name != 'pull_request' }}
env:
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
TAGS: ${{ steps.meta.outputs.tags }}
DIGEST: ${{ steps.build-and-push.outputs.digest }}
# This step uses the identity token to provision an ephemeral certificate
# against the sigstore community Fulcio instance.
run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
deploy:
needs:
- build

Check failure on line 244 in .github/workflows/ci-cd.yml

View workflow run for this annotation

GitHub Actions / CI/CD

Invalid workflow file

The workflow is not valid. .github/workflows/ci-cd.yml (Line: 244, Col: 9): Job 'deploy' depends on unknown job 'build'.
- check
runs-on: "ubuntu-22.04"
steps:
# Deploy changes on production server
- name: Deploy changes to prod
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
uses: appleboy/[email protected]
with:
host: ${{ secrets.SSH_HOST }}
username: ${{ secrets.SSH_USERNAME }}
key: ${{ secrets.SSH_KEY }}
port: ${{ secrets.SSH_PORT }}
script: |
cd ~/doppelganger
git pull
docker compose pull
docker compose up -d