Build, Test, Deploy #262
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Build, Test, Deploy' | |
permissions: | |
id-token: write | |
contents: read | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- 'main' | |
- 'beta' | |
- 'feature/*' | |
paths-ignore: | |
- '.github/**' | |
- 'featuresets.js' | |
env: | |
WORKSPACE_ARTIFACT_UI: 'gw2auth_ui_artifact' | |
WORKSPACE_ARTIFACT_API: 'gw2auth_api_artifact' | |
WORKSPACE_ARTIFACT_OAUTH2_SERVER: 'gw2auth_oauth2_server_artifact' | |
WORKSPACE_ARTIFACT_OTEL_COLLECTOR: 'otel_collector_artifact' | |
WORKSPACE_ARTIFACT_CDK: 'gw2auth_cdk_artifact' | |
jobs: | |
build_ui: | |
name: 'Build UI' | |
runs-on: ubuntu-latest | |
steps: | |
- name: 'Checkout' | |
uses: actions/checkout@v4 | |
with: | |
ssh-key: ${{ secrets.CDK_SSH_KEY }} | |
submodules: true | |
- name: 'Build UI' | |
id: build_ui | |
uses: './gw2auth.com-ui/.github/actions/build_and_test' | |
with: | |
working-directory: 'gw2auth.com-ui' | |
base-url: ${{ (github.ref == 'refs/heads/beta' && 'https://beta.gw2auth.com') || (github.ref == 'refs/heads/main' && 'https://gw2auth.com') || 'https://feature.gw2auth.com' }} | |
- name: 'Prepare UI resources bundle' | |
working-directory: 'gw2auth.com-ui/${{ steps.build_ui.outputs.output_dir }}' | |
run: 'zip -r ../${{ env.WORKSPACE_ARTIFACT_UI }}.zip .' | |
- name: 'Store UI artifact' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.WORKSPACE_ARTIFACT_UI }} | |
path: 'gw2auth.com-ui/${{ env.WORKSPACE_ARTIFACT_UI }}.zip' | |
retention-days: 1 | |
build_api: | |
name: 'Build API' | |
runs-on: ubuntu-latest | |
steps: | |
- name: 'Checkout' | |
uses: actions/checkout@v4 | |
with: | |
ssh-key: ${{ secrets.CDK_SSH_KEY }} | |
submodules: true | |
- name: 'Build API' | |
uses: './gw2auth.com-api/.github/actions/build_and_test' | |
with: | |
working-directory: 'gw2auth.com-api' | |
output: 'bootstrap' | |
- name: 'Prepare lambda bundle' | |
working-directory: 'gw2auth.com-api' | |
run: '(chmod +x bootstrap && zip -q ${{ env.WORKSPACE_ARTIFACT_API }}.zip bootstrap && rm bootstrap)' | |
- name: 'Store API artifact' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.WORKSPACE_ARTIFACT_API }} | |
path: 'gw2auth.com-api/${{ env.WORKSPACE_ARTIFACT_API }}.zip' | |
retention-days: 1 | |
build_oauth2_server: | |
name: 'Build oauth2-server' | |
runs-on: ubuntu-latest | |
steps: | |
- name: 'Checkout' | |
uses: actions/checkout@v4 | |
with: | |
ssh-key: ${{ secrets.CDK_SSH_KEY }} | |
submodules: true | |
- name: 'Setup java' | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: '21' | |
cache: 'maven' | |
- name: 'Build' | |
working-directory: 'oauth2-server' | |
run: './mvnw clean package -Dmaven.test.skip' | |
- name: 'Prepare lambda bundle' | |
working-directory: 'oauth2-server' | |
run: '(mv target/oauth2-server.jar oauth2-server.jar && chmod +x lambda-run.sh && zip -q ${{ env.WORKSPACE_ARTIFACT_OAUTH2_SERVER }}.zip lambda-run.sh oauth2-server.jar)' | |
- name: 'Store oauth2-server artifact' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.WORKSPACE_ARTIFACT_OAUTH2_SERVER }} | |
path: 'oauth2-server/${{ env.WORKSPACE_ARTIFACT_OAUTH2_SERVER }}.zip' | |
retention-days: 1 | |
build_otel_collector: | |
name: 'Build otel collector' | |
runs-on: ubuntu-latest | |
steps: | |
- name: 'Checkout' | |
uses: actions/checkout@v4 | |
with: | |
ssh-key: ${{ secrets.CDK_SSH_KEY }} | |
submodules: true | |
- name: 'Setup go' | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: 'opentelemetry-lambda/collector/go.mod' | |
cache-dependency-path: 'opentelemetry-lambda/collector/go.sum' | |
- name: 'Build otel collector' | |
working-directory: 'opentelemetry-lambda/collector' | |
env: | |
GOOS: 'linux' | |
GOARCH: 'amd64' # keep this in sync with the arch configured in CDK! | |
CGO_ENABLED: '0' | |
run: 'go build -o otel_collector' | |
- name: 'Prepare lambda extension bundle' | |
working-directory: 'opentelemetry-lambda/collector' | |
run: | | |
mkdir lambda_layer_bundle | |
mkdir lambda_layer_bundle/extensions | |
cp otel_collector lambda_layer_bundle/extensions/layer | |
cp ../../collector.yaml lambda_layer_bundle/ | |
chmod +x lambda_layer_bundle/extensions/layer | |
(cd lambda_layer_bundle && zip -r ../${{ env.WORKSPACE_ARTIFACT_OTEL_COLLECTOR }}.zip .) | |
- name: 'Store otel collector artifact' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.WORKSPACE_ARTIFACT_OTEL_COLLECTOR }} | |
path: 'opentelemetry-lambda/collector/${{ env.WORKSPACE_ARTIFACT_OTEL_COLLECTOR }}.zip' | |
retention-days: 1 | |
build_and_synth_cdk: | |
name: 'Build and synth cdk' | |
runs-on: ubuntu-latest | |
needs: | |
- build_ui | |
- build_api | |
- build_oauth2_server | |
- build_otel_collector | |
steps: | |
- name: 'Checkout' | |
uses: actions/checkout@v4 | |
with: | |
ssh-key: ${{ secrets.CDK_SSH_KEY }} | |
submodules: true | |
- name: 'Download artifacts' | |
uses: actions/download-artifact@v4 | |
with: | |
path: './gw2auth.com-cdk/resources' | |
- name: 'Build and synth cdk' | |
uses: './gw2auth.com-cdk/.github/actions/build_and_synth' | |
with: | |
working-directory: 'gw2auth.com-cdk' | |
- name: 'Store cdk synth artifact' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.WORKSPACE_ARTIFACT_CDK }} | |
path: | | |
gw2auth.com-cdk/cdk.out/ | |
gw2auth.com-cdk/cdk.json | |
retention-days: 1 | |
deploy: | |
name: 'Deploy' | |
if: github.ref == 'refs/heads/beta' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/feature/') | |
runs-on: ubuntu-latest | |
environment: | |
name: ${{ (github.ref == 'refs/heads/beta' && 'beta') || (github.ref == 'refs/heads/main' && 'prod') || 'feature' }} | |
url: ${{ (github.ref == 'refs/heads/beta' && 'https://beta.gw2auth.com') || (github.ref == 'refs/heads/main' && 'https://gw2auth.com') || 'https://feature.gw2auth.com' }} | |
needs: | |
- build_and_synth_cdk | |
steps: | |
- name: 'Checkout' | |
uses: actions/checkout@v4 | |
with: | |
ssh-key: ${{ secrets.CDK_SSH_KEY }} | |
submodules: true | |
- name: 'Download cdk synth artifact' | |
uses: actions/download-artifact@v4 | |
with: | |
name: ${{ env.WORKSPACE_ARTIFACT_CDK }} | |
path: . | |
- name: 'Deploy' | |
uses: './gw2auth.com-cdk/.github/actions/deploy' | |
with: | |
role-to-assume: ${{ secrets.AWS_CDK_ROLE }} | |
aws-region: ${{ secrets.AWS_CDK_REGION }} | |
cdk-out-path: './cdk.out' | |
stack: ${{ vars.CDK_STACK }} | |
grafana-cloud-auth: ${{ secrets.GRAFANA_CLOUD_AUTH }} | |
secrets-bucket: ${{ secrets.SECRETS_BUCKET }} | |
secrets-key-prefix: ${{ secrets.SECRETS_KEY_PREFIX }} | |
create_pull_request: | |
name: 'Create PR' | |
if: github.ref == 'refs/heads/beta' | |
runs-on: ubuntu-latest | |
needs: | |
- deploy | |
permissions: | |
pull-requests: write | |
steps: | |
- name: 'Create PR' | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const { repo, owner } = context.repo; | |
const pulls = await github.rest.pulls.list({ | |
owner: owner, | |
repo: repo, | |
head: context.ref, | |
base: 'main', | |
state: 'open', | |
}); | |
if (pulls.data.length < 1) { | |
await github.rest.pulls.create({ | |
title: '[CI] Merge beta into main', | |
owner: owner, | |
repo: repo, | |
head: context.ref, | |
base: 'main', | |
body: [ | |
'This PR is auto-generated by', | |
'[actions/github-script](https://github.com/actions/github-script)', | |
].join('\n'), | |
}); | |
} else { | |
const existingPR = pulls.data[0]; | |
await github.rest.issues.createComment({ | |
owner: owner, | |
repo: repo, | |
issue_number: existingPR.number, | |
body: [ | |
`Updated by Job ${context.job}`, | |
].join('\n'), | |
}); | |
} |