update gw2auth.com-cdk to b361ebbd967effc66b6e374bfd8208ae5bd3491f #296
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Build, Test, Deploy' | |
| permissions: | |
| id-token: write | |
| contents: read | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - 'main' | |
| - 'beta' | |
| - 'feature/*' | |
| paths-ignore: | |
| - '.github/**' | |
| - 'featuresets.js' | |
| env: | |
| WORKSPACE_ARTIFACT_UI: 'gw2auth_ui_artifact' | |
| WORKSPACE_ARTIFACT_API: 'gw2auth_api_artifact' | |
| WORKSPACE_ARTIFACT_OTEL_COLLECTOR: 'otel_collector_artifact' | |
| WORKSPACE_ARTIFACT_CANARY: 'gw2auth_canary_artifact' | |
| WORKSPACE_ARTIFACT_CDK: 'gw2auth_cdk_artifact' | |
| jobs: | |
| build_ui: | |
| name: 'Build UI' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 'Checkout' | |
| uses: actions/checkout@v4 | |
| with: | |
| ssh-key: ${{ secrets.CDK_SSH_KEY }} | |
| submodules: true | |
| - name: 'Build UI' | |
| id: build_ui | |
| uses: './gw2auth.com-ui/.github/actions/build_and_test' | |
| with: | |
| working-directory: 'gw2auth.com-ui' | |
| base-url: ${{ (github.ref == 'refs/heads/beta' && 'https://beta.gw2auth.com') || (github.ref == 'refs/heads/main' && 'https://gw2auth.com') || 'https://feature.gw2auth.com' }} | |
| - name: 'Prepare UI resources bundle' | |
| working-directory: 'gw2auth.com-ui/${{ steps.build_ui.outputs.output_dir }}' | |
| run: 'zip -r ../${{ env.WORKSPACE_ARTIFACT_UI }}.zip .' | |
| - name: 'Store UI artifact' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.WORKSPACE_ARTIFACT_UI }} | |
| path: 'gw2auth.com-ui/${{ env.WORKSPACE_ARTIFACT_UI }}.zip' | |
| retention-days: 1 | |
| build_api: | |
| name: 'Build API' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 'Checkout' | |
| uses: actions/checkout@v4 | |
| with: | |
| ssh-key: ${{ secrets.CDK_SSH_KEY }} | |
| submodules: true | |
| - name: 'Build API' | |
| uses: './gw2auth.com-api/.github/actions/build_and_test' | |
| with: | |
| working-directory: 'gw2auth.com-api' | |
| output: 'bootstrap' | |
| - name: 'Prepare lambda bundle' | |
| working-directory: 'gw2auth.com-api' | |
| run: '(chmod +x bootstrap && zip -q ${{ env.WORKSPACE_ARTIFACT_API }}.zip bootstrap && rm bootstrap)' | |
| - name: 'Store API artifact' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.WORKSPACE_ARTIFACT_API }} | |
| path: 'gw2auth.com-api/${{ env.WORKSPACE_ARTIFACT_API }}.zip' | |
| retention-days: 1 | |
| build_otel_collector: | |
| name: 'Build otel collector' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 'Checkout' | |
| uses: actions/checkout@v4 | |
| with: | |
| ssh-key: ${{ secrets.CDK_SSH_KEY }} | |
| submodules: true | |
| - name: 'Setup go' | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: 'opentelemetry-lambda/collector/go.mod' | |
| cache-dependency-path: 'opentelemetry-lambda/collector/go.sum' | |
| - name: 'Build otel collector' | |
| working-directory: 'opentelemetry-lambda/collector' | |
| env: | |
| GOOS: 'linux' | |
| GOARCH: 'amd64' # keep this in sync with the arch configured in CDK! | |
| CGO_ENABLED: '0' | |
| BUILDTAGS: 'lambdacomponents.custom,lambdacomponents.receiver.otlp,lambdacomponents.processor.decouple,lambdacomponents.exporter.otlphttp,lambdacomponents.exporter.logging' | |
| run: 'make build' | |
| - name: 'Prepare lambda extension bundle' | |
| working-directory: 'opentelemetry-lambda/collector' | |
| run: | | |
| mkdir lambda_layer_bundle | |
| mkdir lambda_layer_bundle/extensions | |
| cp build/extensions/collector lambda_layer_bundle/extensions/layer | |
| cp ../../collector.yaml lambda_layer_bundle/ | |
| chmod +x lambda_layer_bundle/extensions/layer | |
| (cd lambda_layer_bundle && zip -r ../${{ env.WORKSPACE_ARTIFACT_OTEL_COLLECTOR }}.zip .) | |
| - name: 'Store otel collector artifact' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.WORKSPACE_ARTIFACT_OTEL_COLLECTOR }} | |
| path: 'opentelemetry-lambda/collector/${{ env.WORKSPACE_ARTIFACT_OTEL_COLLECTOR }}.zip' | |
| retention-days: 1 | |
| build_canary: | |
| name: 'Build Canary' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 'Checkout' | |
| uses: actions/checkout@v4 | |
| with: | |
| ssh-key: ${{ secrets.CDK_SSH_KEY }} | |
| submodules: true | |
| - name: 'Build Canary' | |
| uses: './gw2auth.com-canary/.github/actions/build_and_test' | |
| with: | |
| working-directory: 'gw2auth.com-canary' | |
| output: 'bootstrap' | |
| - name: 'Prepare lambda bundle' | |
| working-directory: 'gw2auth.com-canary' | |
| run: '(chmod +x bootstrap && zip -q ${{ env.WORKSPACE_ARTIFACT_CANARY }}.zip bootstrap && rm bootstrap)' | |
| - name: 'Store API artifact' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.WORKSPACE_ARTIFACT_CANARY }} | |
| path: 'gw2auth.com-canary/${{ env.WORKSPACE_ARTIFACT_CANARY }}.zip' | |
| build_and_synth_cdk: | |
| name: 'Build and synth cdk' | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build_ui | |
| - build_api | |
| - build_otel_collector | |
| - build_canary | |
| steps: | |
| - name: 'Checkout' | |
| uses: actions/checkout@v4 | |
| with: | |
| ssh-key: ${{ secrets.CDK_SSH_KEY }} | |
| submodules: true | |
| - name: 'Download artifacts' | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: './gw2auth.com-cdk/resources' | |
| - name: 'Build and synth cdk' | |
| uses: './gw2auth.com-cdk/.github/actions/build_and_synth' | |
| with: | |
| working-directory: 'gw2auth.com-cdk' | |
| - name: 'Store cdk synth artifact' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.WORKSPACE_ARTIFACT_CDK }} | |
| path: | | |
| gw2auth.com-cdk/cdk.out/ | |
| gw2auth.com-cdk/cdk.json | |
| retention-days: 1 | |
| deploy: | |
| name: 'Deploy' | |
| if: github.ref == 'refs/heads/beta' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/feature/') | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: ${{ (github.ref == 'refs/heads/beta' && 'beta') || (github.ref == 'refs/heads/main' && 'prod') || 'feature' }} | |
| url: ${{ (github.ref == 'refs/heads/beta' && 'https://beta.gw2auth.com') || (github.ref == 'refs/heads/main' && 'https://gw2auth.com') || 'https://feature.gw2auth.com' }} | |
| needs: | |
| - build_and_synth_cdk | |
| steps: | |
| - name: 'Checkout' | |
| uses: actions/checkout@v4 | |
| with: | |
| ssh-key: ${{ secrets.CDK_SSH_KEY }} | |
| submodules: true | |
| - name: 'Download cdk synth artifact' | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ env.WORKSPACE_ARTIFACT_CDK }} | |
| path: . | |
| - name: 'Deploy' | |
| uses: './gw2auth.com-cdk/.github/actions/deploy' | |
| with: | |
| role-to-assume: ${{ secrets.AWS_CDK_ROLE }} | |
| aws-region: ${{ secrets.AWS_CDK_REGION }} | |
| cdk-out-path: './cdk.out' | |
| stack: ${{ vars.CDK_STACK }} | |
| grafana-cloud-auth: ${{ secrets.GRAFANA_CLOUD_AUTH }} | |
| secrets-bucket: ${{ secrets.SECRETS_BUCKET }} | |
| secrets-key-prefix: ${{ secrets.SECRETS_KEY_PREFIX }} | |
| deploy_canary: | |
| name: 'Deploy Canary' | |
| if: github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: 'canary' | |
| needs: | |
| - build_and_synth_cdk | |
| steps: | |
| - name: 'Checkout' | |
| uses: actions/checkout@v4 | |
| with: | |
| ssh-key: ${{ secrets.CDK_SSH_KEY }} | |
| submodules: true | |
| - name: 'Download cdk synth artifact' | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: ${{ env.WORKSPACE_ARTIFACT_CDK }} | |
| path: . | |
| - name: 'Deploy' | |
| uses: './gw2auth.com-cdk/.github/actions/deploy' | |
| with: | |
| role-to-assume: ${{ secrets.AWS_CDK_ROLE }} | |
| aws-region: ${{ secrets.AWS_CDK_REGION }} | |
| cdk-out-path: './cdk.out' | |
| stack: ${{ vars.CDK_STACK }} | |
| grafana-cloud-auth: '__UNUSED__' | |
| secrets-bucket: '__UNUSED__' | |
| secrets-key-prefix: '__UNUSED__' | |
| create_pull_request: | |
| name: 'Create PR' | |
| if: github.ref == 'refs/heads/beta' | |
| runs-on: ubuntu-latest | |
| needs: | |
| - deploy | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: 'Create PR' | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const { repo, owner } = context.repo; | |
| const pulls = await github.rest.pulls.list({ | |
| owner: owner, | |
| repo: repo, | |
| head: context.ref, | |
| base: 'main', | |
| state: 'open', | |
| }); | |
| if (pulls.data.length < 1) { | |
| await github.rest.pulls.create({ | |
| title: '[CI] Merge beta into main', | |
| owner: owner, | |
| repo: repo, | |
| head: context.ref, | |
| base: 'main', | |
| body: [ | |
| 'This PR is auto-generated by', | |
| '[actions/github-script](https://github.com/actions/github-script)', | |
| ].join('\n'), | |
| }); | |
| } else { | |
| const existingPR = pulls.data[0]; | |
| await github.rest.issues.createComment({ | |
| owner: owner, | |
| repo: repo, | |
| issue_number: existingPR.number, | |
| body: [ | |
| `Updated by Job ${context.job}`, | |
| ].join('\n'), | |
| }); | |
| } |