Build and Release #76
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Release | |
| on: | |
| push: | |
| tags: | |
| - '*' | |
| workflow_dispatch: | |
| inputs: | |
| publish: | |
| description: 'Create Production Release' | |
| required: true | |
| type: boolean | |
| deploy: | |
| description: 'Deploy to K8S' | |
| default: 'Skip' | |
| required: true | |
| type: choice | |
| options: | |
| - Skip | |
| - Staging Only | |
| - Staging + Prod | |
| sandbox: | |
| description: 'Deploy to Sandbox' | |
| default: false | |
| required: true | |
| type: boolean | |
| sandboxNoDbRefresh: | |
| description: 'Sandbox Disable Daily DB Refresh' | |
| default: false | |
| required: true | |
| type: boolean | |
| jobs: | |
| # ----------------------------------------------------------------- | |
| # PREPARE | |
| # ----------------------------------------------------------------- | |
| prepare: | |
| name: Prepare Release | |
| runs-on: ubuntu-latest | |
| outputs: | |
| should_deploy: ${{ steps.buildvars.outputs.should_deploy }} | |
| pkg_version: ${{ steps.buildvars.outputs.pkg_version }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| fetch-tags: false | |
| - name: Get Next Version | |
| if: ${{ github.event.inputs.publish == 'true' }} | |
| id: semver | |
| uses: ietf-tools/semver-action@v1 | |
| with: | |
| token: ${{ github.token }} | |
| branch: main | |
| - name: Set Next Version Env Var | |
| if: ${{ github.event.inputs.publish == 'true' }} | |
| run: | | |
| echo "NEXT_VERSION=$nextStrict" >> "$GITHUB_ENV" | |
| - name: Create Draft Release | |
| uses: ncipollo/release-action@v1 | |
| if: ${{ github.event.inputs.publish == 'true' }} | |
| with: | |
| prerelease: true | |
| draft: false | |
| commit: ${{ github.sha }} | |
| tag: ${{ env.NEXT_VERSION }} | |
| name: v${{ env.NEXT_VERSION }} | |
| body: '*pending*' | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set Build Variables | |
| id: buildvars | |
| run: | | |
| if [[ $NEXT_VERSION ]]; then | |
| echo "Using AUTO SEMVER mode: $NEXT_VERSION" | |
| echo "should_deploy=true" >> "$GITHUB_OUTPUT" | |
| echo "pkg_version=$NEXT_VERSION" >> "$GITHUB_OUTPUT" | |
| echo "::notice::Release created using branch $GITHUB_REF_NAME" | |
| elif [[ "$GITHUB_REF" =~ ^refs/tags/* ]]; then | |
| echo "Using TAG mode: $GITHUB_REF_NAME" | |
| echo "should_deploy=true" >> "$GITHUB_OUTPUT" | |
| echo "pkg_version=$GITHUB_REF_NAME" >> "$GITHUB_OUTPUT" | |
| echo "::notice::Release created using tag $GITHUB_REF_NAME" | |
| else | |
| echo "Using TEST mode: v2.0.0-dev.$GITHUB_RUN_NUMBER" | |
| echo "should_deploy=false" >> "$GITHUB_OUTPUT" | |
| echo "pkg_version=2.0.0-dev.$GITHUB_RUN_NUMBER" >> "$GITHUB_OUTPUT" | |
| echo "::notice::Non-production build created using branch $GITHUB_REF_NAME" | |
| fi | |
| # ----------------------------------------------------------------- | |
| # RELEASE | |
| # ----------------------------------------------------------------- | |
| release: | |
| name: Make Release | |
| if: ${{ !failure() && !cancelled() }} | |
| needs: [prepare] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| packages: write | |
| env: | |
| SHOULD_DEPLOY: ${{needs.prepare.outputs.should_deploy}} | |
| PKG_VERSION: ${{needs.prepare.outputs.pkg_version}} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| fetch-tags: false | |
| - name: Setup Node.js | |
| uses: actions/[email protected] | |
| with: | |
| node-version: 16.x | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.x' | |
| - name: Make Release Build | |
| env: | |
| DEBIAN_FRONTEND: noninteractive | |
| run: | | |
| echo "Building assets..." | |
| cd frontend | |
| npm ci | |
| npm run build | |
| cd .. | |
| echo "Setting version" | |
| echo "PKG_VERSION: $PKG_VERSION" | |
| echo "GITHUB_SHA: $GITHUB_SHA" | |
| echo "GITHUB_REF_NAME: $GITHUB_REF_NAME" | |
| sed -i -r -e "s|^__version__ += '.*'$|__version__ = '$PKG_VERSION'|" backend/mlarchive/__init__.py | |
| sed -i -r -e "s|^__release_hash__ += '.*'$|__release_hash__ = '$GITHUB_SHA'|" backend/mlarchive/__init__.py | |
| sed -i -r -e "s|^__release_branch__ += '.*'$|__release_branch__ = '$GITHUB_REF_NAME'|" backend/mlarchive/__init__.py | |
| echo "Build release tarball..." | |
| mkdir -p /home/runner/work/release | |
| tar -czf /home/runner/work/release/release.tar.gz -X dev/deploy/exclude-patterns.txt . | |
| - name: Collect + Push Statics | |
| env: | |
| DEBIAN_FRONTEND: noninteractive | |
| AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_STATIC_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_STATIC_KEY_SECRET }} | |
| AWS_DEFAULT_REGION: auto | |
| AWS_ENDPOINT_URL: ${{ secrets.CF_R2_ENDPOINT }} | |
| run: | | |
| echo "Collecting statics..." | |
| docker run --rm --name collectstatics -v $(pwd):/workspace ghcr.io/ietf-tools/mailarchive-app-base:latest sh build/app/collectstatics.sh | |
| echo "Pushing statics..." | |
| cd static | |
| aws s3 sync . s3://static/mailarchive/$PKG_VERSION --only-show-errors | |
| - name: Augment dockerignore for docker image build | |
| env: | |
| DEBIAN_FRONTEND: noninteractive | |
| run: | | |
| cat >> .dockerignore <<EOL | |
| .devcontainer | |
| .github | |
| .vscode | |
| helm | |
| charts | |
| playwright | |
| svn-history | |
| docker-compose.yml | |
| EOL | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build Release Docker Image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: build/app/Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ghcr.io/ietf-tools/mailarchive:${{ env.PKG_VERSION }} | |
| - name: Update CHANGELOG | |
| id: changelog | |
| uses: Requarks/changelog-action@v1 | |
| if: ${{ env.SHOULD_DEPLOY == 'true' }} | |
| with: | |
| token: ${{ github.token }} | |
| tag: ${{ env.PKG_VERSION }} | |
| writeToFile: false | |
| - name: Create Release | |
| uses: ncipollo/[email protected] | |
| if: ${{ env.SHOULD_DEPLOY == 'true' }} | |
| with: | |
| allowUpdates: true | |
| draft: false | |
| tag: ${{ env.PKG_VERSION }} | |
| name: v${{ env.PKG_VERSION }} | |
| body: ${{ steps.changelog.outputs.changes }} | |
| artifacts: "/home/runner/work/release/release.tar.gz" | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Upload Build Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: release-${{ env.PKG_VERSION }} | |
| path: /home/runner/work/release/release.tar.gz | |
| # ----------------------------------------------------------------- | |
| # STAGING | |
| # ----------------------------------------------------------------- | |
| staging: | |
| name: Deploy to Staging | |
| if: ${{ !failure() && !cancelled() && (github.event.inputs.deploy == 'Staging Only' || github.event.inputs.deploy == 'Staging + Prod') }} | |
| needs: [prepare, release] | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: staging | |
| env: | |
| PKG_VERSION: ${{needs.prepare.outputs.pkg_version}} | |
| steps: | |
| - name: Deploy to staging | |
| uses: the-actions-org/workflow-dispatch@v4 | |
| with: | |
| workflow: deploy.yml | |
| repo: ietf-tools/infra-k8s | |
| ref: main | |
| token: ${{ secrets.GH_INFRA_K8S_TOKEN }} | |
| inputs: '{ "environment":"${{ secrets.GHA_K8S_CLUSTER }}", "app":"mailarchive", "appVersion":"${{ env.PKG_VERSION }}", "remoteRef":"${{ github.sha }}" }' | |
| wait-for-completion: true | |
| wait-for-completion-timeout: 10m | |
| display-workflow-run-url: false | |
| # ----------------------------------------------------------------- | |
| # PROD | |
| # ----------------------------------------------------------------- | |
| prod: | |
| name: Deploy to Production | |
| if: ${{ !failure() && !cancelled() && github.event.inputs.deploy == 'Staging + Prod' }} | |
| needs: [staging] | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: production | |
| env: | |
| PKG_VERSION: ${{needs.prepare.outputs.pkg_version}} | |
| steps: | |
| - name: Deploy to production | |
| uses: the-actions-org/workflow-dispatch@v4 | |
| with: | |
| workflow: deploy.yml | |
| repo: ietf-tools/infra-k8s | |
| ref: main | |
| token: ${{ secrets.GH_INFRA_K8S_TOKEN }} | |
| inputs: '{ "environment":"${{ secrets.GHA_K8S_CLUSTER }}", "app":"mailarchive", "appVersion":"${{ env.PKG_VERSION }}", "remoteRef":"${{ github.sha }}" }' | |
| wait-for-completion: true | |
| wait-for-completion-timeout: 10m | |
| display-workflow-run-url: false | |
| # ----------------------------------------------------------------- | |
| # SANDBOX | |
| # ----------------------------------------------------------------- | |
| sandbox: | |
| name: Deploy to Sandbox | |
| if: ${{ !failure() && !cancelled() && github.event.inputs.sandbox == 'true' }} | |
| needs: [prepare, release] | |
| runs-on: [self-hosted, dev-server] | |
| environment: | |
| name: sandbox | |
| env: | |
| PKG_VERSION: ${{needs.prepare.outputs.pkg_version}} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download a Release Artifact | |
| uses: actions/[email protected] | |
| with: | |
| name: release-${{ env.PKG_VERSION }} | |
| - name: Deploy to containers | |
| env: | |
| DEBIAN_FRONTEND: noninteractive | |
| run: | | |
| # echo "Reset production flags in settings.py..." | |
| # sed -i -r -e 's/^DEBUG *= *.*$/DEBUG = True/' -e "s/^SERVER_MODE *= *.*\$/SERVER_MODE = 'development'/" backend/mlarchive/settings/base.py | |
| echo "Install Deploy to Container CLI dependencies..." | |
| cd dev/deploy-to-container | |
| npm ci | |
| cd ../.. | |
| echo "Start Deploy..." | |
| node ./dev/deploy-to-container/cli.js --branch ${{ github.ref_name }} --domain dev.ietf.org --appversion ${{ env.PKG_VERSION }} --commit ${{ github.sha }} --ghrunid ${{ github.run_id }} --nodbrefresh ${{ github.event.inputs.sandboxNoDbRefresh }} | |
| - name: Cleanup old docker resources | |
| env: | |
| DEBIAN_FRONTEND: noninteractive | |
| run: | | |
| docker image prune -a -f |