build(deps): bump google-auth from 2.34.0 to 2.35.0 in /api #12806

Workflow file for this run

.github/workflows/dev_on_push_workflow_main.yml at 5506288

	name: "1 [on_push] Initiate workflow"

	on:
	push:
	branches:
	- master
	- "maint/**"

	permissions: write-all

	jobs:
	pcapi-init-job:
	name: "pcapi init job"
	runs-on: ubuntu-latest
	outputs:
	api-changed: ${{ steps.check-api-changes.outputs.any_modified }}
	api-documentation-changed: ${{ steps.check-api-documentation-changes.outputs.any_modified }}
	pro-changed: ${{ steps.check-pro-changes.outputs.any_modified }}
	dependencies-changed: ${{ steps.check-dependencies-changes.outputs.any_modified }}
	push-tags: ${{ steps.pcapi-tags.outputs.push-tags }}
	checksum-tag: ${{ steps.pcapi-tags.outputs.checksum-tag }}
	checksum-tag-exists: ${{ steps.check-checksum-tag.outputs.tag-exists }}
	checksum-console-tag-exists: ${{ steps.check-console-checksum-tag.outputs.tag-exists }}
	steps:
	- uses: actions/[email protected]
	with:
	fetch-depth: 0
	fetch-tags: false
	- name: "Check api folder changes"
	id: check-api-changes
	uses: tj-actions/changed-files@v45
	with:
	files: \|
	api/**
	!api/documentation/**
	!api/src/pcapi/scripts/**/main.py
	!api/src/pcapi/scripts/**/main.sql
	- name: "Check api documentation folder changes"
	id: check-api-documentation-changes
	uses: tj-actions/changed-files@v45
	with:
	files: api/documentation/**
	- name: "Check pro folder changes"
	id: check-pro-changes
	uses: tj-actions/changed-files@v45
	with:
	files: pro/**
	- name: "Check changes in dependencies (frontend + backend)"
	id: check-dependencies-changes
	uses: tj-actions/changed-files@v45
	with:
	files: \|
	api/poetry.lock
	pro/yarn.lock
	- name: "Define pcapi image tags."
	id: pcapi-tags
	run: \|
	DOCKER_IMAGE="${{ env.docker_registry }}/pcapi"
	API_CHECKSUM=`tar --sort=name --owner=0 --group=0 --mtime='UTC 2019-01-01' -cf - api \| sha1sum \| awk '{ print $1 }'`
	PUSH_TAGS="push-tags=$DOCKER_IMAGE:${{ github.sha }},$DOCKER_IMAGE:$API_CHECKSUM,$DOCKER_IMAGE:latest"
	API_TAG="checksum-tag=$API_CHECKSUM"
	echo "PUSH_TAGS=$PUSH_TAGS"
	echo "API_TAG=$API_TAG"
	echo $PUSH_TAGS >> "$GITHUB_OUTPUT"
	echo $API_TAG >> "$GITHUB_OUTPUT"
	- name: "Authentification to Google"
	uses: 'google-github-actions/auth@v2'
	with:
	workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
	- name: "Get Secret"
	id: 'secrets'
	uses: 'google-github-actions/get-secretmanager-secrets@v2'
	with:
	secrets: \|-
	ARTIFACT_REGISTRY_WORKLOAD_IDENTITY_PROVIDER:passculture-metier-ehp/passculture-main-gcp-workload-identity-provider
	ARTIFACT_REGISTRY_SERVICE_ACCOUNT:passculture-metier-ehp/passculture-main-artifact-registry-service-account
	- name: "OpenID Connect Authentication"
	id: "openid-auth"
	uses: "google-github-actions/auth@v2"
	with:
	create_credentials_file: false
	token_format: "access_token"
	workload_identity_provider: ${{ steps.secrets.outputs.ARTIFACT_REGISTRY_WORKLOAD_IDENTITY_PROVIDER }}
	service_account: ${{ steps.secrets.outputs.ARTIFACT_REGISTRY_SERVICE_ACCOUNT }}
	- name: "Docker login"
	id: "docker-login"
	uses: "docker/login-action@v3"
	with:
	registry: "europe-west1-docker.pkg.dev"
	username: "oauth2accesstoken"
	password: "${{ steps.openid-auth.outputs.access_token }}"
	- name: "pcapi"
	id: check-checksum-tag
	run: ./.github/workflows/scripts/check-image-tag-exists.sh
	env:
	image: pcapi
	tag: ${{ steps.pcapi-tags.outputs.checksum-tag }}
	- name: "pcapi-console"
	id: check-console-checksum-tag
	run: ./.github/workflows/scripts/check-image-tag-exists.sh
	env:
	image: pcapi-console
	tag: ${{ steps.pcapi-tags.outputs.checksum-tag }}
	- name: "Summary"
	run: \|
	echo "[api] folder changed : ${{ steps.check-api-changes.outputs.any_modified }}"
	echo "[pcapi] push-tags : ${{ steps.pcapi-tags.outputs.push-tags }}"
	echo "[pcapi] checksum-tag : ${{ steps.pcapi-tags.outputs.checksum-tag }}"
	echo "[pcapi] image tag ${{ steps.pcapi-tags.outputs.checksum-tag }} exists : ${{ steps.check-checksum-tag.outputs.tag-exists }}"
	echo "[pcapi-console] image tag ${{ steps.pcapi-tags.outputs.checksum-tag }} exists : ${{ steps.check-console-checksum-tag.outputs.tag-exists }}"

	check-folders-changes:
	# Perform all changes checks at once to remove the need for multiple checkouts accross jobs
	name: "Check changes in folders"
	runs-on: ubuntu-latest
	outputs:
	maintenance-site-changed: ${{ steps.check-maintenance-site-changes.outputs.any_modified }}
	db-migrations-changed: ${{ steps.check-db-migrations-changes.outputs.any_modified }}
	steps:
	- uses: actions/[email protected]
	with:
	fetch-depth: 0
	fetch-tags: false
	- name: "Check maintenance-site folder changes"
	id: check-maintenance-site-changes
	uses: tj-actions/changed-files@v45
	with:
	files: maintenance-site/**
	- name: "Check db migration folder changes"
	id: check-db-migrations-changes
	uses: tj-actions/changed-files@v45
	with:
	files: \|-
	api/src/pcapi/alembic/versions/**
	api/src/pcapi/alembic/run_migrations.py

	build-pcapi:
	name: "[pcapi] build docker image."
	needs: [pcapi-init-job]
	if: needs.pcapi-init-job.outputs.api-changed == 'true' && needs.pcapi-init-job.outputs.checksum-tag-exists == 'false'
	uses: ./.github/workflows/dev_on_workflow_build_docker_image.yml
	with:
	ref: ${{ github.sha }}
	image: pcapi
	tag: ${{ needs.pcapi-init-job.outputs.checksum-tag }}
	secrets:
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

	build-pcapi-tests:
	name: "[pcapi-tests] build docker image."
	needs: [pcapi-init-job]
	if: needs.pcapi-init-job.outputs.api-changed == 'true'
	uses: ./.github/workflows/dev_on_workflow_build_docker_image.yml
	with:
	ref: ${{ github.sha }}
	image: pcapi-tests
	tag: ${{ needs.pcapi-init-job.outputs.checksum-tag }}
	secrets:
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

	build-pcapi-console:
	name: "[pcapi-console] build docker image."
	needs: [pcapi-init-job]
	if: \|
	( needs.pcapi-init-job.outputs.api-changed == 'true' \|\|
	needs.pcapi-init-job.outputs.pro-changed == 'true' ) &&
	needs.pcapi-init-job.outputs.checksum-console-tag-exists == 'false' &&
	github.ref == 'refs/heads/master'
	uses: ./.github/workflows/dev_on_workflow_build_docker_image.yml
	with:
	ref: ${{ github.sha }}
	image: pcapi-console
	tag: ${{ needs.pcapi-init-job.outputs.checksum-tag }}
	secrets:
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

	prepare-cache-master: # on "master" branch only
	name: "Reset cache on master on dependency update"
	needs: [build-pcapi]
	uses: ./.github/workflows/dev_on_workflow_update_api_client_template.yml
	if: github.ref == 'refs/heads/master'
	with:
	PCAPI_DOCKER_TAG: ${{ needs.pcapi-init-job.outputs.checksum-tag }}
	TRIGGER_ONLY_ON_API_CHANGE: false
	TRIGGER_ONLY_ON_DEPENDENCY_CHANGE: true
	CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache"
	api-changed: ${{ needs.pcapi-init-job.outputs.api-changed }}
	dependencies-changed: ${{ needs.pcapi-init-job.outputs.dependencies-changed }}
	secrets:
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}

	test-api:
	name: "Test api"
	needs: [pcapi-init-job, build-pcapi-tests]
	uses: ./.github/workflows/dev_on_workflow_tests_api.yml
	with:
	tag: ${{ needs.build-pcapi-tests.result == 'skipped' && 'latest' \|\| needs.pcapi-init-job.outputs.checksum-tag }}
	secrets:
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}

	test-api-documentation:
	name: "Tests API documentation"
	needs: [pcapi-init-job]
	if: needs.pcapi-init-job.outputs.api-documentation-changed == 'true'
	uses: ./.github/workflows/dev_on_workflow_tests_api_documentation.yml
	secrets:
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}

	test-pro:
	name: "Tests pro"
	needs: [pcapi-init-job]
	if: needs.pcapi-init-job.outputs.pro-changed == 'true'
	uses: ./.github/workflows/dev_on_workflow_tests_pro.yml
	with:
	CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache"
	secrets:
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

	test-pro-e2e:
	name: "Tests pro E2E"
	needs: [pcapi-init-job, build-pcapi]
	uses: ./.github/workflows/dev_on_workflow_tests_pro_e2e.yml
	if: \|
	always() &&
	needs.pcapi-init-job.outputs.api-changed == 'true' \|\|
	needs.pcapi-init-job.outputs.pro-changed == 'true'
	with:
	tag: ${{ needs.build-pcapi.result == 'skipped' && 'latest' \|\| needs.pcapi-init-job.outputs.checksum-tag }}
	CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache"
	secrets:
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

	deploy-storybook:
	name: "Deploy Storybook"
	needs: [pcapi-init-job]
	if: ${{ github.ref == 'refs/heads/master' && needs.pcapi-init-job.outputs.pro-changed == 'true' }}
	uses: ./.github/workflows/dev_on_workflow_deploy_storybook.yml

	push-pcapi:
	name: "Push pcapi docker image to registry"
	needs: [build-pcapi, pcapi-init-job, test-api]
	uses: ./.github/workflows/dev_on_workflow_push_docker_image.yml
	with:
	image: pcapi
	commit-hash: ${{ github.sha }}
	checksum-tag: ${{ needs.pcapi-init-job.outputs.checksum-tag }}
	tag-latest: true
	secrets:
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

	push-pcapi-console:
	name: "Push pcapi-console docker image to registry"
	needs: [build-pcapi-console, pcapi-init-job, test-api]
	uses: ./.github/workflows/dev_on_workflow_push_docker_image.yml
	with:
	image: pcapi-console
	commit-hash: ${{ github.sha }}
	checksum-tag: ${{ needs.pcapi-init-job.outputs.checksum-tag }}
	tag-latest: true
	secrets:
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

	deploy-to-testing:
	name: "Deploy to testing"
	needs: [test-api, test-pro, push-pcapi-console, push-pcapi]
	if: \|
	always() &&
	github.ref == 'refs/heads/master' &&
	contains(fromJSON('["success", "skipped"]'), needs.test-api.result) &&
	contains(fromJSON('["success", "skipped"]'), needs.test-pro.result)
	uses: ./.github/workflows/dev_on_workflow_deploy.yml
	with:
	environment: testing
	app_version: ${{ github.sha }}
	teleport_proxy: teleport.ehp.passculture.team:443
	teleport_kubernetes_cluster: passculture-metier-ehp
	deploy_api: ${{ needs.test-api.result == 'success' }}
	deploy_pro: ${{ needs.test-pro.result == 'success' }}
	secrets:
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

	deploy-to-ops:
	name: "Deploy to ops"
	needs: [test-api, test-pro, push-pcapi-console, push-pcapi]
	if: \|
	always() &&
	github.ref == 'refs/heads/master' &&
	contains(fromJSON('["success", "skipped"]'), needs.test-api.result) &&
	contains(fromJSON('["success", "skipped"]'), needs.test-pro.result) &&
	vars.DISABLE_PCAPI_OPS_DEPLOY == 'false'
	uses: ./.github/workflows/dev_on_workflow_deploy.yml
	with:
	environment: ops
	app_version: ${{ github.sha }}
	teleport_proxy: teleport.ops.passculture.team:443
	teleport_kubernetes_cluster: passculture-metier-ops
	deploy_api: ${{ needs.test-api.result == 'success' }}
	deploy_pro: false
	secrets:
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

	deploy-maintenance-site:
	name: "Deploy maintenance site"
	needs: check-folders-changes
	if: \|
	always() &&
	github.ref == 'refs/heads/master' &&
	needs.check-folders-changes.outputs.maintenance-site-changed == 'true'
	uses: ./.github/workflows/dev_on_workflow_deploy_maintenance_site.yml
	secrets:
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}

	ping-data-team-on-slack:
	name: "Ping data team on slack"
	needs: check-folders-changes
	if: \|
	always() &&
	github.ref == 'refs/heads/master' &&
	needs.check-folders-changes.outputs.db-migrations-changed == 'true'
	uses: ./.github/workflows/dev_on_workflow_ping_data_team.yml
	secrets:
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}

	update-jira-issue:
	name: "Update Jira issue"
	if: ${{ always() && github.ref == 'refs/heads/master' }}
	concurrency: update-jira-issue-${{ github.workflow }}-${{ github.ref }}
	uses: ./.github/workflows/dev_on_workflow_update_jira_issues.yml
	secrets:
	GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}

	slack-notify:
	name: "Slack notification"
	runs-on: ubuntu-latest
	if: ${{ failure() && github.ref == 'refs/heads/master' }}
	needs: deploy-to-testing
	steps:
	- uses: technote-space/workflow-conclusion-action@v3
	- name: "Authentification to Google"
	uses: 'google-github-actions/auth@v2'
	with:
	workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }}
	service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }}
	- name: "Get Secret"
	id: 'secrets'
	uses: 'google-github-actions/get-secretmanager-secrets@v2'
	with:
	secrets: \|-
	SLACK_BOT_TOKEN:passculture-metier-ehp/passculture-ci-slack-bot-token
	- name: "Post to a Slack channel"
	uses: slackapi/[email protected]
	with:
	# channel #alertes-deploiement
	channel-id: "CQAMNFVPS"
	payload: \|
	{
	"attachments": [
	{
	"mrkdwn_in": ["text"],
	"color": "#A30002",
	"author_name": "${{github.actor}}",
	"author_link": "https://github.com/${{github.actor}}",
	"author_icon": "https://github.com/${{github.actor}}.png",
	"title": "PCAPI Deployment",
	"title_link": "https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}",
	"text": "Le déploiement de la version `master` a échoué sur `testing` :boom:"
	}
	],
	"unfurl_links": false,
	"unfurl_media": false
	}
	env:
	SLACK_BOT_TOKEN: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump google-auth from 2.34.0 to 2.35.0 in /api #12806

Workflow file

build(deps): bump google-auth from 2.34.0 to 2.35.0 in /api #12806

Jobs

Run details

Workflow file for this run