Skip to content

Build, Test, Deploy #262

Build, Test, Deploy

Build, Test, Deploy #262

name: 'Build, Test, Deploy'
permissions:
id-token: write
contents: read
on:
workflow_dispatch:
push:
branches:
- 'main'
- 'beta'
- 'feature/*'
paths-ignore:
- '.github/**'
- 'featuresets.js'
env:
WORKSPACE_ARTIFACT_UI: 'gw2auth_ui_artifact'
WORKSPACE_ARTIFACT_API: 'gw2auth_api_artifact'
WORKSPACE_ARTIFACT_OAUTH2_SERVER: 'gw2auth_oauth2_server_artifact'
WORKSPACE_ARTIFACT_OTEL_COLLECTOR: 'otel_collector_artifact'
WORKSPACE_ARTIFACT_CDK: 'gw2auth_cdk_artifact'
jobs:
build_ui:
name: 'Build UI'
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@v4
with:
ssh-key: ${{ secrets.CDK_SSH_KEY }}
submodules: true
- name: 'Build UI'
id: build_ui
uses: './gw2auth.com-ui/.github/actions/build_and_test'
with:
working-directory: 'gw2auth.com-ui'
base-url: ${{ (github.ref == 'refs/heads/beta' && 'https://beta.gw2auth.com') || (github.ref == 'refs/heads/main' && 'https://gw2auth.com') || 'https://feature.gw2auth.com' }}
- name: 'Prepare UI resources bundle'
working-directory: 'gw2auth.com-ui/${{ steps.build_ui.outputs.output_dir }}'
run: 'zip -r ../${{ env.WORKSPACE_ARTIFACT_UI }}.zip .'
- name: 'Store UI artifact'
uses: actions/upload-artifact@v4
with:
name: ${{ env.WORKSPACE_ARTIFACT_UI }}
path: 'gw2auth.com-ui/${{ env.WORKSPACE_ARTIFACT_UI }}.zip'
retention-days: 1
build_api:
name: 'Build API'
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@v4
with:
ssh-key: ${{ secrets.CDK_SSH_KEY }}
submodules: true
- name: 'Build API'
uses: './gw2auth.com-api/.github/actions/build_and_test'
with:
working-directory: 'gw2auth.com-api'
output: 'bootstrap'
- name: 'Prepare lambda bundle'
working-directory: 'gw2auth.com-api'
run: '(chmod +x bootstrap && zip -q ${{ env.WORKSPACE_ARTIFACT_API }}.zip bootstrap && rm bootstrap)'
- name: 'Store API artifact'
uses: actions/upload-artifact@v4
with:
name: ${{ env.WORKSPACE_ARTIFACT_API }}
path: 'gw2auth.com-api/${{ env.WORKSPACE_ARTIFACT_API }}.zip'
retention-days: 1
build_oauth2_server:
name: 'Build oauth2-server'
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@v4
with:
ssh-key: ${{ secrets.CDK_SSH_KEY }}
submodules: true
- name: 'Setup java'
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '21'
cache: 'maven'
- name: 'Build'
working-directory: 'oauth2-server'
run: './mvnw clean package -Dmaven.test.skip'
- name: 'Prepare lambda bundle'
working-directory: 'oauth2-server'
run: '(mv target/oauth2-server.jar oauth2-server.jar && chmod +x lambda-run.sh && zip -q ${{ env.WORKSPACE_ARTIFACT_OAUTH2_SERVER }}.zip lambda-run.sh oauth2-server.jar)'
- name: 'Store oauth2-server artifact'
uses: actions/upload-artifact@v4
with:
name: ${{ env.WORKSPACE_ARTIFACT_OAUTH2_SERVER }}
path: 'oauth2-server/${{ env.WORKSPACE_ARTIFACT_OAUTH2_SERVER }}.zip'
retention-days: 1
build_otel_collector:
name: 'Build otel collector'
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: actions/checkout@v4
with:
ssh-key: ${{ secrets.CDK_SSH_KEY }}
submodules: true
- name: 'Setup go'
uses: actions/setup-go@v5
with:
go-version-file: 'opentelemetry-lambda/collector/go.mod'
cache-dependency-path: 'opentelemetry-lambda/collector/go.sum'
- name: 'Build otel collector'
working-directory: 'opentelemetry-lambda/collector'
env:
GOOS: 'linux'
GOARCH: 'amd64' # keep this in sync with the arch configured in CDK!
CGO_ENABLED: '0'
run: 'go build -o otel_collector'
- name: 'Prepare lambda extension bundle'
working-directory: 'opentelemetry-lambda/collector'
run: |
mkdir lambda_layer_bundle
mkdir lambda_layer_bundle/extensions
cp otel_collector lambda_layer_bundle/extensions/layer
cp ../../collector.yaml lambda_layer_bundle/
chmod +x lambda_layer_bundle/extensions/layer
(cd lambda_layer_bundle && zip -r ../${{ env.WORKSPACE_ARTIFACT_OTEL_COLLECTOR }}.zip .)
- name: 'Store otel collector artifact'
uses: actions/upload-artifact@v4
with:
name: ${{ env.WORKSPACE_ARTIFACT_OTEL_COLLECTOR }}
path: 'opentelemetry-lambda/collector/${{ env.WORKSPACE_ARTIFACT_OTEL_COLLECTOR }}.zip'
retention-days: 1
build_and_synth_cdk:
name: 'Build and synth cdk'
runs-on: ubuntu-latest
needs:
- build_ui
- build_api
- build_oauth2_server
- build_otel_collector
steps:
- name: 'Checkout'
uses: actions/checkout@v4
with:
ssh-key: ${{ secrets.CDK_SSH_KEY }}
submodules: true
- name: 'Download artifacts'
uses: actions/download-artifact@v4
with:
path: './gw2auth.com-cdk/resources'
- name: 'Build and synth cdk'
uses: './gw2auth.com-cdk/.github/actions/build_and_synth'
with:
working-directory: 'gw2auth.com-cdk'
- name: 'Store cdk synth artifact'
uses: actions/upload-artifact@v4
with:
name: ${{ env.WORKSPACE_ARTIFACT_CDK }}
path: |
gw2auth.com-cdk/cdk.out/
gw2auth.com-cdk/cdk.json
retention-days: 1
deploy:
name: 'Deploy'
if: github.ref == 'refs/heads/beta' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/feature/')
runs-on: ubuntu-latest
environment:
name: ${{ (github.ref == 'refs/heads/beta' && 'beta') || (github.ref == 'refs/heads/main' && 'prod') || 'feature' }}
url: ${{ (github.ref == 'refs/heads/beta' && 'https://beta.gw2auth.com') || (github.ref == 'refs/heads/main' && 'https://gw2auth.com') || 'https://feature.gw2auth.com' }}
needs:
- build_and_synth_cdk
steps:
- name: 'Checkout'
uses: actions/checkout@v4
with:
ssh-key: ${{ secrets.CDK_SSH_KEY }}
submodules: true
- name: 'Download cdk synth artifact'
uses: actions/download-artifact@v4
with:
name: ${{ env.WORKSPACE_ARTIFACT_CDK }}
path: .
- name: 'Deploy'
uses: './gw2auth.com-cdk/.github/actions/deploy'
with:
role-to-assume: ${{ secrets.AWS_CDK_ROLE }}
aws-region: ${{ secrets.AWS_CDK_REGION }}
cdk-out-path: './cdk.out'
stack: ${{ vars.CDK_STACK }}
grafana-cloud-auth: ${{ secrets.GRAFANA_CLOUD_AUTH }}
secrets-bucket: ${{ secrets.SECRETS_BUCKET }}
secrets-key-prefix: ${{ secrets.SECRETS_KEY_PREFIX }}
create_pull_request:
name: 'Create PR'
if: github.ref == 'refs/heads/beta'
runs-on: ubuntu-latest
needs:
- deploy
permissions:
pull-requests: write
steps:
- name: 'Create PR'
uses: actions/github-script@v7
with:
script: |
const { repo, owner } = context.repo;
const pulls = await github.rest.pulls.list({
owner: owner,
repo: repo,
head: context.ref,
base: 'main',
state: 'open',
});
if (pulls.data.length < 1) {
await github.rest.pulls.create({
title: '[CI] Merge beta into main',
owner: owner,
repo: repo,
head: context.ref,
base: 'main',
body: [
'This PR is auto-generated by',
'[actions/github-script](https://github.com/actions/github-script)',
].join('\n'),
});
} else {
const existingPR = pulls.data[0];
await github.rest.issues.createComment({
owner: owner,
repo: repo,
issue_number: existingPR.number,
body: [
`Updated by Job ${context.job}`,
].join('\n'),
});
}