-
Notifications
You must be signed in to change notification settings - Fork 15
242 lines (219 loc) · 10.4 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
name: Release
on:
workflow_dispatch:
push:
branches:
- master
env:
REPOSITORY_NAME: ${{ github.event.repository.name }}
jobs:
release:
name: Release
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
actions: write
issues: write
pull-requests: write
steps:
- name: Checkout Repo
uses: actions/checkout@v4
with:
# This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits
fetch-depth: 0
# This forces changesets to use git user, provided by GITHUB_TOKEN env var
persist-credentials: false
- name: GSM Secrets
id: secrets_manager
uses: toptal/davinci-github-actions/[email protected]
with:
workload_identity_provider: ${{ secrets.IDENTITY_POOL }}
service_account: ${{ secrets.SA_IDENTITY_POOL }}
secrets_name: |-
DOCKER_BUILDX_ENDPOINT:toptal-ci/DOCKER_BUILDX_ENDPOINT
GCR_ACCOUNT_KEY:toptal-ci/GCR_ACCOUNT_KEY
NPM_TOKEN_PUBLISH:toptal-ci/NPM_TOKEN_PUBLISH
SLACK_BOT_TOKEN:toptal-ci/SLACK_BOT_TOKEN
TOPTAL_BUILD_BOT_SSH_KEY:toptal-ci/TOPTAL_BUILD_BOT_SSH_KEY
TOPTAL_BUILD_BOT_TOKEN:toptal-ci/TOPTAL_BUILD_BOT_TOKEN
TOPTAL_DEFAULT_REGISTRY:toptal-ci/TOPTAL_DEFAULT_REGISTRY
TOPTAL_DEVBOT_TOKEN:toptal-ci/TOPTAL_DEVBOT_TOKEN
TOPTAL_REPOACCESSBOT_TOKEN:toptal-ci/TOPTAL_REPOACCESSBOT_TOKEN
TOPTAL_TRIGGERBOT_BUILD_TOKEN:toptal-ci/TOPTAL_TRIGGERBOT_BUILD_TOKEN
TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN:toptal-ci/TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN
TOPTAL_TRIGGERBOT_USERNAME:toptal-ci/TOPTAL_TRIGGERBOT_USERNAME
JENKINS_DEPLOYMENT_CLIENT_ID:toptal-ci/JENKINS_DEPLOYMENT_CLIENT_ID
JENKINS_DEPLOYMENT_URL:toptal-ci/JENKINS_DEPLOYMENT_URL
JENKINS_BUILD_CLIENT_ID:toptal-ci/JENKINS_BUILD_CLIENT_ID
JENKINS_BUILD_URL:toptal-ci/JENKINS_BUILD_URL
JENKINS_SA_CREDENTIALS:toptal-ci/JENKINS_SA_CREDENTIALS
- name: Parse secrets
id: parse_secrets
uses: toptal/davinci-github-actions/[email protected]
with:
json: ${{ steps.secrets_manager.outputs.secrets }}
- name: Set ENV Variables
shell: bash
run: |-
echo "DOCKER_BUILDX_ENDPOINT=${{ steps.parse_secrets.outputs.DOCKER_BUILDX_ENDPOINT }}" >> $GITHUB_ENV
echo "SLACK_BOT_TOKEN=${{ steps.parse_secrets.outputs.SLACK_BOT_TOKEN }}" >> $GITHUB_ENV
echo "TOPTAL_BOT_USERNAME=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}" >> $GITHUB_ENV
echo "TOPTAL_BOT_JENKINS_DEPLOYMENT_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN }}" >> $GITHUB_ENV
echo "TOPTAL_JENKINS_BUILD_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_BUILD_TOKEN }}" >> $GITHUB_ENV
echo "DEVBOT_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_DEVBOT_TOKEN }}" >> $GITHUB_ENV
echo 'GCR_ACCOUNT_KEY<<EOF' >> $GITHUB_ENV
echo '${{ steps.parse_secrets.outputs.GCR_ACCOUNT_KEY }}' >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
echo "GITHUB_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_DEVBOT_TOKEN }}" >> $GITHUB_ENV
echo 'TOPTAL_BUILD_BOT_SSH_KEY<<EOF' >> $GITHUB_ENV
echo '${{ steps.parse_secrets.outputs.TOPTAL_BUILD_BOT_SSH_KEY }}' >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: 18
- name: Get yarn cache directory path
id: yarn-cache-dir-path
run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
- name: Check yarn cache
uses: actions/cache@v3
id: yarn-cache
with:
path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-yarn-
- name: Install Dependencies (from network)
if: ${{ steps.yarn-cache.outputs.cache-hit != 'true' }}
run: |
yarn policies set-version
yarn install --frozen-lockfile
- name: Install Dependencies (from cache)
if: ${{ steps.yarn-cache.outputs.cache-hit == 'true' }}
run: |
yarn policies set-version
yarn install --frozen-lockfile --offline
- name: Create Release Pull Request or Publish to npm
id: changesets
uses: changesets/action@e9cc34b540dd3ad1b030c57fd97269e8f6ad905a
with:
publish: yarn release
env:
GITHUB_TOKEN: ${{ steps.parse_secrets.outputs.TOPTAL_BUILD_BOT_TOKEN }}
NPM_TOKEN: ${{ steps.parse_secrets.outputs.NPM_TOKEN_PUBLISH }}
- name: Edit "Version Package" PR
if: ${{ steps.changesets.outputs.published != 'true' }}
uses: actions/github-script@v7
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
// Get list of all open PRs with
// head branch "changeset-release/master"
// (there should be max 1 PR with such condition)
const { data } = await github.rest.pulls.list({
owner: 'toptal',
repo: 'picasso',
state: 'open',
head: 'toptal:changeset-release/master'
})
for await (let pr of data) {
// add to all of them label "no-jira"
github.rest.issues.addLabels({
owner: 'toptal',
repo: 'picasso',
issue_number: pr.number,
labels: [
'no-jira'
]
})
// append PR body with peerDependencies warning
const hr = "\n_____"
const warningTodo = "\n- [ ] ⚠️ "
const message = "If major release, don't forget to check if peerDependencies needs to be also updated"
const appendedMessage = hr + warningTodo + message
const body = pr.body.includes(message) ? pr.body : pr.body + appendedMessage
github.rest.pulls.update({
owner: 'toptal',
repo: 'picasso',
pull_number: pr.number,
body: body,
})
}
- name: Get toptal/actions
uses: actions/checkout@v4
with:
repository: toptal/actions
token: ${{ steps.parse_secrets.outputs.TOPTAL_REPOACCESSBOT_TOKEN }}
path: ./.github/actions/
- name: Replace toptal/actions/get-job-url@main from trigger-jenkins-job/action.yml
shell: bash
run: |
sed -i 's|toptal/actions/get-job-url@main|./.github/actions/get-job-url|' ./.github/actions/trigger-jenkins-job/action.yml
sed -i 's|toptal/actions/trigger-jenkins-job@main|./.github/actions/trigger-jenkins-job|' ./.github/actions/create-jira-deployment/action.yml
- name: Build and push picasso image
uses: toptal/davinci-github-actions/[email protected]
with:
image-name: picasso
registry-name: ${{ steps.parse_secrets.outputs.TOPTAL_DEFAULT_REGISTRY }}
- name: Trigger deployment job
id: trigger-deploy
uses: ./.github/actions/trigger-jenkins-job
env:
JENKINS_JOB_NAME: ${{ env.REPOSITORY_NAME }}-docs
with:
jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_DEPLOYMENT_URL }}
jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}
jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN }}
jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_DEPLOYMENT_CLIENT_ID }}
jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }}
job_name: ${{ env.JENKINS_JOB_NAME }}
job_params: |
{
"COMMIT_ID": "${{ github.sha }}"
}
job_timeout: "7200"
- name: Send a Slack notification on failure
if: ${{ failure() }}
uses: slackapi/[email protected]
env:
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }}
FAILURE_URL: ${{ steps.trigger-deploy.outputs.jenkins_job_url || steps.trigger-build.outputs.jenkins_job_url }}
FALLBACK_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}?check_suite_focus=true
with:
channel-id: "-frontend-exp-team-notifications"
slack-message: ":x: <!here> Current master version of Picasso is <${{ env.FAILURE_URL || env.FALLBACK_URL }}|broken>."
- name: Send a Slack notification on success release
if: ${{ success() && steps.changesets.outputs.published == 'true' }}
uses: slackapi/[email protected]
with:
channel-id: "-frontend-exp-team-notifications"
slack-message: "Current master version of Picasso successfully released :green_heart:"
env:
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }}
- name: Send a Slack notification on success PR merge
if: ${{ success() && steps.changesets.outputs.published != 'true'}}
uses: slackapi/[email protected]
with:
channel-id: "-frontend-exp-team-notifications"
slack-message: "A new PR was merged to Picasso :parrotspin:"
env:
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }}
- name: Create Jira deployment
uses: ./.github/actions/create-jira-deployment/
if: ${{ steps.changesets.outputs.published == 'true' }}
with:
jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_BUILD_URL }}
jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}
jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_BUILD_TOKEN }}
jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_BUILD_CLIENT_ID }}
jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }}
token: ${{ env.DEVBOT_TOKEN }}
environment: production
environment-url: https://www.npmjs.com/package/@toptal/picasso?activeTab=versions
integration-tests:
name: Integration Tests
uses: ./.github/workflows/davinci-integration-tests.yml
secrets:
IDENTITY_POOL: ${{ secrets.IDENTITY_POOL }}
SA_IDENTITY_POOL: ${{ secrets.SA_IDENTITY_POOL }}