-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
88 additions
and
78 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -24,40 +24,44 @@ jobs: | |
| with: | ||
| ref: develop | ||
| token: ${{ secrets.BROADBOT_TOKEN }} | ||
| - name: "Bump the tag to a new version" | ||
| # - name: "Bump the tag to a new version" | ||
| # id: bumperstep | ||
| # uses: broadinstitute/datarepo-actions/actions/[email protected] | ||
| # with: | ||
| # actions_subcommand: 'bumper' | ||
| # sa_b64_credentials: ${{ secrets.SA_B64_CREDENTIALS }} | ||
| # version_file_path: build.gradle | ||
| # version_variable_name: version | ||
| # # Sets the author of the version bump commit to broadbot. This is used in our skip job logic. | ||
| # GITHUB_TOKEN: ${{ secrets.BROADBOT_TOKEN }} | ||
| - name: "Write api_image_tag to output" | ||
| id: bumperstep | ||
| uses: broadinstitute/datarepo-actions/actions/[email protected] | ||
| with: | ||
| actions_subcommand: 'bumper' | ||
| sa_b64_credentials: ${{ secrets.SA_B64_CREDENTIALS }} | ||
| version_file_path: build.gradle | ||
| version_variable_name: version | ||
| # Sets the author of the version bump commit to broadbot. This is used in our skip job logic. | ||
| GITHUB_TOKEN: ${{ secrets.BROADBOT_TOKEN }} | ||
| run: | | ||
| echo "api_image_tag=2.173.0" >> "$GITHUB_OUTPUT" | ||
| build_client_and_publish: | ||
| runs-on: ubuntu-latest | ||
| needs: | ||
| - bump_version | ||
| steps: | ||
| - name: Checkout tagged branch of jade-data-repo | ||
| uses: actions/checkout@v3 | ||
| with: | ||
| ref: ${{ needs.bump_version.outputs.api_image_tag }} | ||
| - name: Set up JDK | ||
| uses: actions/setup-java@v3 | ||
| with: | ||
| java-version: '17' | ||
| distribution: 'temurin' | ||
| cache: 'gradle' | ||
| - name: "Publish to Artifactory" | ||
| uses: gradle/gradle-build-action@v2 | ||
| with: | ||
| arguments: ':datarepo-client:artifactoryPublish' | ||
| env: | ||
| ARTIFACTORY_USER: ${{ secrets.ARTIFACTORY_USER }} | ||
| ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }} | ||
| ENABLE_SUBPROJECT_TASKS: true | ||
| # build_client_and_publish: | ||
| # runs-on: ubuntu-latest | ||
| # needs: | ||
| # - bump_version | ||
| # steps: | ||
| # - name: Checkout tagged branch of jade-data-repo | ||
| # uses: actions/checkout@v3 | ||
| # with: | ||
| # ref: ${{ needs.bump_version.outputs.api_image_tag }} | ||
| # - name: Set up JDK | ||
| # uses: actions/setup-java@v3 | ||
| # with: | ||
| # java-version: '17' | ||
| # distribution: 'temurin' | ||
| # cache: 'gradle' | ||
| # - name: "Publish to Artifactory" | ||
| # uses: gradle/gradle-build-action@v2 | ||
| # with: | ||
| # arguments: ':datarepo-client:artifactoryPublish' | ||
| # env: | ||
| # ARTIFACTORY_USER: ${{ secrets.ARTIFACTORY_USER }} | ||
| # ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }} | ||
| # ENABLE_SUBPROJECT_TASKS: true | ||
|
|
||
| build_container_and_publish: | ||
| runs-on: ubuntu-latest | ||
|
|
@@ -74,56 +78,62 @@ jobs: | |
| distribution: 'temurin' | ||
| java-version: '17' | ||
| cache: 'gradle' | ||
| - name: 'Auth as TDR Service Account' | ||
| uses: 'google-github-actions/auth@v2' | ||
| with: | ||
| # Centralized in dsp-tools-k8s; ask in #dsp-devops-champions for help troubleshooting | ||
| workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider' | ||
| service_account: '[email protected]' | ||
| - name: 'Release Candidate Container Build: Create release candidate images' | ||
| run: | | ||
| # extract service account credentials | ||
| base64 --decode <<< ${{ secrets.SA_B64_CREDENTIALS }} > ${GOOGLE_APPLICATION_CREDENTIALS} | ||
| jq -r .private_key ${GOOGLE_APPLICATION_CREDENTIALS} > ${GOOGLE_SA_CERT} | ||
| chmod 644 ${GOOGLE_SA_CERT} | ||
| # # extract service account credentials | ||
| # base64 --decode <<< ${{ secrets.SA_B64_CREDENTIALS }} > ${GOOGLE_APPLICATION_CREDENTIALS} | ||
| # jq -r .private_key ${GOOGLE_APPLICATION_CREDENTIALS} > ${GOOGLE_SA_CERT} | ||
| # chmod 644 ${GOOGLE_SA_CERT} | ||
| # Set tag to semver version | ||
| export GCR_TAG=${{ needs.bump_version.outputs.api_image_tag }} | ||
| # Build, tag and push the image | ||
| ./gradlew jib | ||
|
|
||
| cherry_pick_image_to_production_gcr: | ||
| needs: [bump_version, build_container_and_publish] | ||
| uses: ./.github/workflows/cherry-pick-image.yaml | ||
| secrets: inherit | ||
| with: | ||
| gcr_tag: ${{ needs.bump_version.outputs.api_image_tag }} | ||
| source_gcr_url: 'gcr.io/broad-jade-dev/jade-data-repo' | ||
| target_gcr_url: 'gcr.io/datarepo-public-gcr/jade-data-repo' | ||
|
|
||
| report-to-sherlock: | ||
| name: Report App Version to DevOps | ||
| uses: broadinstitute/sherlock/.github/workflows/client-report-app-version.yaml@main | ||
| needs: [bump_version, cherry_pick_image_to_production_gcr] | ||
| with: | ||
| new-version: ${{ needs.bump_version.outputs.api_image_tag }} | ||
| chart-name: datarepo | ||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
|
|
||
| set-app-version-in-dev: | ||
| uses: broadinstitute/sherlock/.github/workflows/client-set-environment-app-version.yaml@main | ||
| needs: | ||
| - bump_version | ||
| - report-to-sherlock | ||
| with: | ||
| new-version: ${{ needs.bump_version.outputs.api_image_tag }} | ||
| chart-name: datarepo | ||
| environment-name: dev | ||
| secrets: | ||
| sync-git-token: ${{ secrets.BROADBOT_TOKEN }} | ||
| permissions: | ||
| id-token: write | ||
|
|
||
| helm_tag_bumper: | ||
| needs: | ||
| - build_container_and_publish | ||
| # We block bumping the tag in datarepo-helm because that will cause a deployment to datarepo-dev | ||
| # too, and we don't want to be deploying to datarepo-dev twice simultaneously | ||
| - set-app-version-in-dev | ||
| uses: ./.github/workflows/helmtagbumper.yaml | ||
| secrets: inherit | ||
| # cherry_pick_image_to_production_gcr: | ||
| # needs: [bump_version, build_container_and_publish] | ||
| # uses: ./.github/workflows/cherry-pick-image.yaml | ||
| # secrets: inherit | ||
| # with: | ||
| # gcr_tag: ${{ needs.bump_version.outputs.api_image_tag }} | ||
| # source_gcr_url: 'gcr.io/broad-jade-dev/jade-data-repo' | ||
| # target_gcr_url: 'gcr.io/datarepo-public-gcr/jade-data-repo' | ||
| # | ||
| # report-to-sherlock: | ||
| # name: Report App Version to DevOps | ||
| # uses: broadinstitute/sherlock/.github/workflows/client-report-app-version.yaml@main | ||
| # needs: [bump_version, cherry_pick_image_to_production_gcr] | ||
| # with: | ||
| # new-version: ${{ needs.bump_version.outputs.api_image_tag }} | ||
| # chart-name: datarepo | ||
| # permissions: | ||
| # contents: read | ||
| # id-token: write | ||
| # | ||
| # set-app-version-in-dev: | ||
| # uses: broadinstitute/sherlock/.github/workflows/client-set-environment-app-version.yaml@main | ||
| # needs: | ||
| # - bump_version | ||
| # - report-to-sherlock | ||
| # with: | ||
| # new-version: ${{ needs.bump_version.outputs.api_image_tag }} | ||
| # chart-name: datarepo | ||
| # environment-name: dev | ||
| # secrets: | ||
| # sync-git-token: ${{ secrets.BROADBOT_TOKEN }} | ||
| # permissions: | ||
| # id-token: write | ||
| # | ||
| # helm_tag_bumper: | ||
| # needs: | ||
| # - build_container_and_publish | ||
| # # We block bumping the tag in datarepo-helm because that will cause a deployment to datarepo-dev | ||
| # # too, and we don't want to be deploying to datarepo-dev twice simultaneously | ||
| # - set-app-version-in-dev | ||
| # uses: ./.github/workflows/helmtagbumper.yaml | ||
| # secrets: inherit | ||