Skip to content

refactor(secret): add app id to update (#1995) #5851

refactor(secret): add app id to update (#1995)

refactor(secret): add app id to update (#1995) #5851

Workflow file for this run

name: CI
on:
push:
branches: [main]
pull_request:
permissions:
contents: read
env:
DAGGER_VERSION: 0.14.0
jobs:
build:
name: Build
runs-on: depot-ubuntu-latest-8
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Nix
uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # v27
with:
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- name: Set up magic Nix cache
uses: DeterminateSystems/magic-nix-cache-action@87b14cf437d03d37989d87f0fa5ce4f5dc1a330b # v8
- name: Prepare Nix shell
run: nix develop --impure .#ci
- name: Build Server
run: nix develop --impure .#ci -c make build-server
- name: Build Sink Worker
run: nix develop --impure .#ci -c make build-sink-worker
test:
name: Test
runs-on: depot-ubuntu-latest-8
steps:
# Required as a workaround for Dagger to properly detect Git metadata
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run pipeline
uses: dagger/dagger-for-github@e5153f5610d82ac9f3f848f3a25ad9d696641068 # v7.0.1
with:
verb: call
args: test
cloud-token: ${{ secrets.DAGGER_CLOUD_TOKEN }}
version: ${{ env.DAGGER_VERSION }}
- name: Export Dagger Engine logs
id: export-dagger-engine-logs
run: docker logs $(docker container list --all --filter 'name=^dagger-engine-*' --format '{{.Names}}') > engine.stdout.log 2> engine.stderr.log
if: always()
continue-on-error: true
- name: Upload Dagger Engine logs as artifact
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: always() && steps.export-dagger-engine-logs.outcome == 'success'
with:
name: "[${{ github.job }}] Dagger Engine logs"
path: |
engine.stdout.log
engine.stderr.log
retention-days: 14
migrations:
name: Migration Checks
runs-on: depot-ubuntu-latest-8
steps:
# Required as a workaround for Dagger to properly detect Git metadata
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0 # Needed to compare against base branch
- name: Run pipeline
uses: dagger/dagger-for-github@e5153f5610d82ac9f3f848f3a25ad9d696641068 # v7.0.1
with:
verb: call
args: migrate check
cloud-token: ${{ secrets.DAGGER_CLOUD_TOKEN }}
version: ${{ env.DAGGER_VERSION }}
- name: Export Dagger Engine logs
id: export-dagger-engine-logs
run: docker logs $(docker container list --all --filter 'name=^dagger-engine-*' --format '{{.Names}}') > engine.stdout.log 2> engine.stderr.log
if: always()
continue-on-error: true
- name: Upload Dagger Engine logs as artifact
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: always() && steps.export-dagger-engine-logs.outcome == 'success'
with:
name: "[${{ github.job }}] Dagger Engine logs"
path: |
engine.stdout.log
engine.stderr.log
retention-days: 14
lint:
name: Lint
runs-on: depot-ubuntu-latest-8
steps:
# Required as a workaround for Dagger to properly detect Git metadata
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run pipeline
uses: dagger/dagger-for-github@e5153f5610d82ac9f3f848f3a25ad9d696641068 # v7.0.1
with:
verb: call
args: lint all
cloud-token: ${{ secrets.DAGGER_CLOUD_TOKEN }}
version: ${{ env.DAGGER_VERSION }}
- name: Export Dagger Engine logs
id: export-dagger-engine-logs
run: docker logs $(docker container list --all --filter 'name=^dagger-engine-*' --format '{{.Names}}') > engine.stdout.log 2> engine.stderr.log
if: always()
continue-on-error: true
- name: Upload Dagger Engine logs as artifact
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: always() && steps.export-dagger-engine-logs.outcome == 'success'
with:
name: "[${{ github.job }}] Dagger Engine logs"
path: |
engine.stdout.log
engine.stderr.log
retention-days: 14
commit-hooks:
name: Commit hooks
runs-on: depot-ubuntu-latest-4
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 0
- name: Set up Nix
uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # v27
with:
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- name: Set up magic Nix cache
uses: DeterminateSystems/magic-nix-cache-action@87b14cf437d03d37989d87f0fa5ce4f5dc1a330b # v8
- name: Prepare Nix shell
run: nix develop --impure .#ci
- name: Pre-commit hooks
run: nix develop --impure .#ci -c pre-commit run -a
- name: Check commit messages
run: nix develop --impure .#ci -c pre-commit run --hook-stage manual
dev:
name: Developer environment
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up Nix
uses: cachix/install-nix-action@3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 # v27
with:
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- name: Set up magic Nix cache
uses: DeterminateSystems/magic-nix-cache-action@87b14cf437d03d37989d87f0fa5ce4f5dc1a330b # v8
- name: Check
run: nix flake check --impure
- name: Dev shell
run: nix develop --impure
artifacts:
name: Artifacts
uses: ./.github/workflows/artifacts.yaml
with:
publish: ${{ github.event_name == 'push' }}
permissions:
contents: read
packages: write
id-token: write
security-events: write
dependency-review:
name: Dependency review
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Dependency Review
uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
fossa-scan:
name: FOSSA Scan
runs-on: ubuntu-latest
if: github.event_name == 'push'
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run FOSSA Scan
uses: fossas/fossa-action@09bcf127dc0ccb4b5a023f6f906728878e8610ba # v1.4.0
with:
api-key: ${{secrets.FOSSA_API_KEY}}
quickstart:
name: Quickstart
runs-on: depot-ubuntu-latest-8
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Launch Docker Compose
run: docker compose -f docker-compose.yaml -f docker-compose.ci.yaml up -d
working-directory: quickstart
- name: Check container health
run: docker inspect --format "{{json .State.Health }}" $(docker container list --all --filter 'name=^*-openmeter-*' --format '{{.Names}}')
if: always()
continue-on-error: true
- name: Wait for worker to become ready
run: curl --retry 10 --retry-max-time 120 --retry-all-errors http://localhost:10000/healthz
- name: Run tests
uses: dagger/dagger-for-github@e5153f5610d82ac9f3f848f3a25ad9d696641068 # v7.0.1
with:
verb: call
args: --source .:default quickstart-test --service tcp://localhost:8888 --port 8888
cloud-token: ${{ secrets.DAGGER_CLOUD_TOKEN }}
version: ${{ env.DAGGER_VERSION }}
- name: Export Container Logs
id: export-container-logs
run: docker logs $(docker container list --all --filter 'name=^*-openmeter-*' --format '{{.Names}}') > container.stdout.log 2> container.stderr.log
if: always()
continue-on-error: true
- name: Upload Container logs as artifact
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: always() && steps.export-container-logs.outcome == 'success'
with:
name: "[${{ github.job }}] Container logs"
path: |
container.stdout.log
container.stderr.log
retention-days: 14
- name: Cleanup Docker Compose
run: docker compose -f docker-compose.yaml -f docker-compose.ci.yaml down -v
working-directory: quickstart
if: always()
e2e:
name: E2E
runs-on: depot-ubuntu-latest-16
steps:
# Required as a workaround for Dagger to properly detect Git metadata
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run pipeline
uses: dagger/dagger-for-github@e5153f5610d82ac9f3f848f3a25ad9d696641068 # v7.0.1
with:
verb: call
args: etoe
cloud-token: ${{ secrets.DAGGER_CLOUD_TOKEN }}
version: ${{ env.DAGGER_VERSION }}
- name: Export Dagger Engine logs
id: export-dagger-engine-logs
run: docker logs $(docker container list --all --filter 'name=^dagger-engine-*' --format '{{.Names}}') > engine.stdout.log 2> engine.stderr.log
if: always()
continue-on-error: true
- name: Upload Dagger Engine logs as artifact
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: always() && steps.export-dagger-engine-logs.outcome == 'success'
with:
name: "[${{ github.job }}] Dagger Engine logs"
path: |
engine.stdout.log
engine.stderr.log
retention-days: 14
dagger:
name: CI
runs-on: depot-ubuntu-latest-16
steps:
# Required as a workaround for Dagger to properly detect Git metadata
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Run pipeline
uses: dagger/dagger-for-github@e5153f5610d82ac9f3f848f3a25ad9d696641068 # v7.0.1
with:
verb: call
args: ci
cloud-token: ${{ secrets.DAGGER_CLOUD_TOKEN }}
version: ${{ env.DAGGER_VERSION }}
- name: Export Dagger Engine logs
id: export-dagger-engine-logs
run: docker logs $(docker container list --all --filter 'name=^dagger-engine-*' --format '{{.Names}}') > engine.stdout.log 2> engine.stderr.log
if: always()
continue-on-error: true
- name: Upload Dagger Engine logs as artifact
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: always() && steps.export-dagger-engine-logs.outcome == 'success'
with:
name: "[${{ github.job }}] Dagger Engine logs"
path: |
engine.stdout.log
engine.stderr.log
retention-days: 14