Update contribution process (#4617) #1927
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- master | |
env: | |
REPOSITORY_NAME: ${{ github.event.repository.name }} | |
jobs: | |
release: | |
name: Release | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
id-token: write | |
actions: write | |
issues: write | |
pull-requests: write | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v4 | |
with: | |
# This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits | |
fetch-depth: 0 | |
# This forces changesets to use git user, provided by GITHUB_TOKEN env var | |
persist-credentials: false | |
- name: GSM Secrets | |
id: secrets_manager | |
uses: toptal/davinci-github-actions/[email protected] | |
with: | |
workload_identity_provider: ${{ secrets.IDENTITY_POOL }} | |
service_account: ${{ secrets.SA_IDENTITY_POOL }} | |
secrets_name: |- | |
DOCKER_BUILDX_ENDPOINT:toptal-ci/DOCKER_BUILDX_ENDPOINT | |
GCR_ACCOUNT_KEY:toptal-ci/GCR_ACCOUNT_KEY | |
NPM_TOKEN_PUBLISH:toptal-ci/NPM_TOKEN_PUBLISH | |
SLACK_BOT_TOKEN:toptal-ci/SLACK_BOT_TOKEN | |
TOPTAL_BUILD_BOT_SSH_KEY:toptal-ci/TOPTAL_BUILD_BOT_SSH_KEY | |
TOPTAL_BUILD_BOT_TOKEN:toptal-ci/TOPTAL_BUILD_BOT_TOKEN | |
TOPTAL_DEFAULT_REGISTRY:toptal-ci/TOPTAL_DEFAULT_REGISTRY | |
TOPTAL_DEVBOT_TOKEN:toptal-ci/TOPTAL_DEVBOT_TOKEN | |
TOPTAL_REPOACCESSBOT_TOKEN:toptal-ci/TOPTAL_REPOACCESSBOT_TOKEN | |
TOPTAL_TRIGGERBOT_TOKEN:toptal-ci/TOPTAL_TRIGGERBOT_TOKEN | |
TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN:toptal-ci/TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN | |
TOPTAL_TRIGGERBOT_USERNAME:toptal-ci/TOPTAL_TRIGGERBOT_USERNAME | |
JENKINS_DEPLOYMENT_CLIENT_ID:toptal-ci/JENKINS_DEPLOYMENT_CLIENT_ID | |
JENKINS_DEPLOYMENT_URL:toptal-ci/JENKINS_DEPLOYMENT_URL | |
JENKINS_CLIENT_ID:toptal-ci/JENKINS_CLIENT_ID | |
JENKINS_URL:toptal-ci/JENKINS_URL | |
JENKINS_SA_CREDENTIALS:toptal-ci/JENKINS_SA_CREDENTIALS | |
- name: Parse secrets | |
id: parse_secrets | |
uses: toptal/davinci-github-actions/[email protected] | |
with: | |
json: ${{ steps.secrets_manager.outputs.secrets }} | |
- name: Set ENV Variables | |
shell: bash | |
run: |- | |
echo "DOCKER_BUILDX_ENDPOINT=${{ steps.parse_secrets.outputs.DOCKER_BUILDX_ENDPOINT }}" >> $GITHUB_ENV | |
echo "SLACK_BOT_TOKEN=${{ steps.parse_secrets.outputs.SLACK_BOT_TOKEN }}" >> $GITHUB_ENV | |
echo "TOPTAL_BOT_USERNAME=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}" >> $GITHUB_ENV | |
echo "TOPTAL_BOT_JENKINS_DEPLOYMENT_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN }}" >> $GITHUB_ENV | |
echo "TOPTAL_JENKINS_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_TOKEN }}" >> $GITHUB_ENV | |
echo "DEVBOT_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_DEVBOT_TOKEN }}" >> $GITHUB_ENV | |
echo 'GCR_ACCOUNT_KEY<<EOF' >> $GITHUB_ENV | |
echo '${{ steps.parse_secrets.outputs.GCR_ACCOUNT_KEY }}' >> $GITHUB_ENV | |
echo 'EOF' >> $GITHUB_ENV | |
echo "GITHUB_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_DEVBOT_TOKEN }}" >> $GITHUB_ENV | |
echo 'TOPTAL_BUILD_BOT_SSH_KEY<<EOF' >> $GITHUB_ENV | |
echo '${{ steps.parse_secrets.outputs.TOPTAL_BUILD_BOT_SSH_KEY }}' >> $GITHUB_ENV | |
echo 'EOF' >> $GITHUB_ENV | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: Get yarn cache directory path | |
id: yarn-cache-dir-path | |
run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT | |
- name: Check yarn cache | |
uses: actions/cache@v3 | |
id: yarn-cache | |
with: | |
path: ${{ steps.yarn-cache-dir-path.outputs.dir }} | |
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-yarn- | |
- name: Install Dependencies (from network) | |
if: ${{ steps.yarn-cache.outputs.cache-hit != 'true' }} | |
run: | | |
yarn policies set-version | |
yarn install --frozen-lockfile | |
- name: Install Dependencies (from cache) | |
if: ${{ steps.yarn-cache.outputs.cache-hit == 'true' }} | |
run: | | |
yarn policies set-version | |
yarn install --frozen-lockfile --offline | |
- name: Create Release Pull Request or Publish to npm | |
id: changesets | |
uses: changesets/action@e9cc34b540dd3ad1b030c57fd97269e8f6ad905a | |
with: | |
publish: yarn release | |
env: | |
GITHUB_TOKEN: ${{ steps.parse_secrets.outputs.TOPTAL_BUILD_BOT_TOKEN }} | |
NPM_TOKEN: ${{ steps.parse_secrets.outputs.NPM_TOKEN_PUBLISH }} | |
- name: Edit "Version Package" PR | |
if: ${{ steps.changesets.outputs.published != 'true' }} | |
uses: actions/github-script@v7 | |
with: | |
github-token: ${{secrets.GITHUB_TOKEN}} | |
script: | | |
// Get list of all open PRs with | |
// head branch "changeset-release/master" | |
// (there should be max 1 PR with such condition) | |
const { data } = await github.rest.pulls.list({ | |
owner: 'toptal', | |
repo: 'picasso', | |
state: 'open', | |
head: 'toptal:changeset-release/master' | |
}) | |
for await (let pr of data) { | |
// add to all of them label "no-jira" | |
github.rest.issues.addLabels({ | |
owner: 'toptal', | |
repo: 'picasso', | |
issue_number: pr.number, | |
labels: [ | |
'no-jira' | |
] | |
}) | |
// append PR body with peerDependencies warning | |
const hr = "\n_____" | |
const warningTodo = "\n- [ ] ⚠️ " | |
const message = "If major release, don't forget to check if peerDependencies needs to be also updated" | |
const appendedMessage = hr + warningTodo + message | |
const body = pr.body.includes(message) ? pr.body : pr.body + appendedMessage | |
github.rest.pulls.update({ | |
owner: 'toptal', | |
repo: 'picasso', | |
pull_number: pr.number, | |
body: body, | |
}) | |
} | |
- name: Get toptal/actions | |
uses: actions/checkout@v4 | |
with: | |
repository: toptal/actions | |
token: ${{ steps.parse_secrets.outputs.TOPTAL_REPOACCESSBOT_TOKEN }} | |
path: ./.github/actions/ | |
- name: Replace toptal/actions/get-job-url@main from trigger-jenkins-job/action.yml | |
shell: bash | |
run: | | |
sed -i 's|toptal/actions/get-job-url@main|./.github/actions/get-job-url|' ./.github/actions/trigger-jenkins-job/action.yml | |
sed -i 's|toptal/actions/trigger-jenkins-job@main|./.github/actions/trigger-jenkins-job|' ./.github/actions/create-jira-deployment/action.yml | |
- name: Build and push picasso image | |
uses: toptal/davinci-github-actions/[email protected] | |
with: | |
image-name: picasso | |
registry-name: ${{ steps.parse_secrets.outputs.TOPTAL_DEFAULT_REGISTRY }} | |
- name: Trigger deployment job | |
id: trigger-deploy | |
uses: ./.github/actions/trigger-jenkins-job | |
env: | |
JENKINS_JOB_NAME: ${{ env.REPOSITORY_NAME }}-docs | |
with: | |
jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_DEPLOYMENT_URL }} | |
jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }} | |
jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN }} | |
jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_DEPLOYMENT_CLIENT_ID }} | |
jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }} | |
job_name: ${{ env.JENKINS_JOB_NAME }} | |
job_params: | | |
{ | |
"COMMIT_ID": "${{ github.sha }}" | |
} | |
job_timeout: "7200" | |
- name: Send a Slack notification on failure | |
if: ${{ failure() }} | |
uses: slackapi/[email protected] | |
env: | |
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }} | |
FAILURE_URL: ${{ steps.trigger-deploy.outputs.jenkins_job_url || steps.trigger-build.outputs.jenkins_job_url }} | |
FALLBACK_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}?check_suite_focus=true | |
with: | |
channel-id: "-frontend-exp-team-notifications" | |
slack-message: ":x: <!here> Current master version of Picasso is <${{ env.FAILURE_URL || env.FALLBACK_URL }}|broken>." | |
- name: Send a Slack notification on success release | |
if: ${{ success() && steps.changesets.outputs.published == 'true' }} | |
uses: slackapi/[email protected] | |
with: | |
channel-id: "-frontend-exp-team-notifications" | |
slack-message: "Current master version of Picasso successfully released :green_heart:" | |
env: | |
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }} | |
- name: Send a Slack notification on success PR merge | |
if: ${{ success() && steps.changesets.outputs.published != 'true'}} | |
uses: slackapi/[email protected] | |
with: | |
channel-id: "-frontend-exp-team-notifications" | |
slack-message: "A new PR was merged to Picasso :parrotspin:" | |
env: | |
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }} | |
- name: Create Jira deployment | |
uses: ./.github/actions/create-jira-deployment/ | |
if: ${{ steps.changesets.outputs.published == 'true' }} | |
with: | |
jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_URL }} | |
jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }} | |
jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_TOKEN }} | |
jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_CLIENT_ID }} | |
jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }} | |
token: ${{ env.DEVBOT_TOKEN }} | |
environment: production | |
environment-url: https://www.npmjs.com/package/@toptal/picasso?activeTab=versions | |
integration-tests: | |
name: Integration Tests | |
uses: ./.github/workflows/davinci-integration-tests.yml | |
secrets: | |
IDENTITY_POOL: ${{ secrets.IDENTITY_POOL }} | |
SA_IDENTITY_POOL: ${{ secrets.SA_IDENTITY_POOL }} |