Deploy #1515
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| flavor: | |
| description: 'Select what enverionment to deploy to' | |
| type: choice | |
| default: canary | |
| options: | |
| - canary | |
| - beta | |
| - stable | |
| - internal | |
| env: | |
| NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }} | |
| permissions: | |
| contents: 'write' | |
| id-token: 'write' | |
| packages: 'write' | |
| jobs: | |
| output-prev-version: | |
| name: Output previous version | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.event.inputs.flavor }} | |
| outputs: | |
| prev: ${{ steps.print.outputs.version }} | |
| namespace: ${{ steps.print.outputs.namespace }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Auth to Cluster | |
| uses: './.github/actions/cluster-auth' | |
| with: | |
| gcp-project-number: ${{ secrets.GCP_PROJECT_NUMBER }} | |
| gcp-project-id: ${{ secrets.GCP_PROJECT_ID }} | |
| service-account: ${{ secrets.GCP_HELM_DEPLOY_SERVICE_ACCOUNT }} | |
| cluster-name: ${{ secrets.GCP_CLUSTER_NAME }} | |
| cluster-location: ${{ secrets.GCP_CLUSTER_LOCATION }} | |
| - name: Output previous version | |
| id: print | |
| run: | | |
| namespace="" | |
| if [ "${{ github.event.inputs.flavor }}" = "canary" ]; then | |
| namespace="dev" | |
| elif [ "${{ github.event.inputs.flavor }}" = "beta" ]; then | |
| namespace="beta" | |
| elif [ "${{ github.event.inputs.flavor }}" = "stable" ]; then | |
| namespace="production" | |
| else | |
| echo "Invalid flavor: ${{ github.event.inputs.flavor }}" | |
| exit 1 | |
| fi | |
| echo "Namespace set to: $namespace" | |
| # Get the previous version from the deployment | |
| prev_version=$(kubectl get deployment -n $namespace affine-graphql -o=jsonpath='{.spec.template.spec.containers[0].image}' | awk -F '-' '{print $3}') | |
| echo "Previous version: $prev_version" | |
| echo "version=$prev_version" >> $GITHUB_OUTPUT | |
| echo "namesapce=$namespace" >> $GITHUB_OUTPUT | |
| build-server-image: | |
| name: Build Server Image | |
| uses: ./.github/workflows/build-server-image.yml | |
| with: | |
| flavor: ${{ github.event.inputs.flavor }} | |
| build-web: | |
| name: Build @affine/web | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.event.inputs.flavor }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Version | |
| id: version | |
| uses: ./.github/actions/setup-version | |
| - name: Setup Node.js | |
| uses: ./.github/actions/setup-node | |
| - name: Build Core | |
| run: yarn nx build @affine/web --skip-nx-cache | |
| env: | |
| R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} | |
| R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} | |
| R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
| BUILD_TYPE: ${{ github.event.inputs.flavor }} | |
| CAPTCHA_SITE_KEY: ${{ secrets.CAPTCHA_SITE_KEY }} | |
| SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
| SENTRY_PROJECT: 'affine-web' | |
| SENTRY_RELEASE: ${{ steps.version.outputs.APP_VERSION }} | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }} | |
| MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }} | |
| - name: Upload web artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: web | |
| path: ./packages/frontend/web/dist | |
| if-no-files-found: error | |
| build-admin: | |
| name: Build @affine/admin | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.event.inputs.flavor }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Version | |
| id: version | |
| uses: ./.github/actions/setup-version | |
| - name: Setup Node.js | |
| uses: ./.github/actions/setup-node | |
| - name: Build Admin | |
| run: yarn nx build @affine/admin --skip-nx-cache | |
| env: | |
| R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} | |
| R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} | |
| R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
| BUILD_TYPE: ${{ github.event.inputs.flavor }} | |
| CAPTCHA_SITE_KEY: ${{ secrets.CAPTCHA_SITE_KEY }} | |
| SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
| SENTRY_PROJECT: 'affine-admin' | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }} | |
| MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }} | |
| - name: Upload admin artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: admin | |
| path: ./packages/frontend/admin/dist | |
| if-no-files-found: error | |
| build-mobile: | |
| name: Build @affine/mobile | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.event.inputs.flavor }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Version | |
| id: version | |
| uses: ./.github/actions/setup-version | |
| - name: Setup Node.js | |
| uses: ./.github/actions/setup-node | |
| - name: Build Mobile | |
| run: yarn nx build @affine/mobile --skip-nx-cache | |
| env: | |
| R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} | |
| R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} | |
| R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
| BUILD_TYPE: ${{ github.event.inputs.flavor }} | |
| CAPTCHA_SITE_KEY: ${{ secrets.CAPTCHA_SITE_KEY }} | |
| SENTRY_ORG: ${{ secrets.SENTRY_ORG }} | |
| SENTRY_PROJECT: 'affine-mobile' | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }} | |
| MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }} | |
| - name: Upload mobile artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: mobile | |
| path: ./packages/frontend/mobile/dist | |
| if-no-files-found: error | |
| build-frontend-image: | |
| name: Build Frontend Image | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-web | |
| - build-admin | |
| - build-mobile | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download web artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: web | |
| path: ./packages/frontend/web/dist | |
| - name: Download admin artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: admin | |
| path: ./packages/frontend/admin/dist | |
| - name: Download mobile artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: mobile | |
| path: ./packages/frontend/mobile/dist | |
| - name: Setup env | |
| run: | | |
| echo "GIT_SHORT_HASH=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV" | |
| if [ -z "${{ inputs.flavor }}" ] | |
| then | |
| echo "RELEASE_FLAVOR=canary" >> "$GITHUB_ENV" | |
| else | |
| echo "RELEASE_FLAVOR=${{ inputs.flavor }}" >> "$GITHUB_ENV" | |
| fi | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| logout: false | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build front Dockerfile | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: true | |
| pull: true | |
| platforms: linux/amd64,linux/arm64 | |
| provenance: true | |
| file: .github/deployment/front/Dockerfile | |
| tags: ghcr.io/toeverything/affine-front:${{env.RELEASE_FLAVOR}}-${{ env.GIT_SHORT_HASH }},ghcr.io/toeverything/affine-front:${{env.RELEASE_FLAVOR}} | |
| deploy: | |
| name: Deploy to cluster | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| environment: ${{ github.event.inputs.flavor }} | |
| needs: | |
| - build-frontend-image | |
| - build-server-image | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Version | |
| id: version | |
| uses: ./.github/actions/setup-version | |
| - name: Deploy to ${{ github.event.inputs.flavor }} | |
| uses: ./.github/actions/deploy | |
| with: | |
| build-type: ${{ github.event.inputs.flavor }} | |
| gcp-project-number: ${{ secrets.GCP_PROJECT_NUMBER }} | |
| gcp-project-id: ${{ secrets.GCP_PROJECT_ID }} | |
| service-account: ${{ secrets.GCP_HELM_DEPLOY_SERVICE_ACCOUNT }} | |
| cluster-name: ${{ secrets.GCP_CLUSTER_NAME }} | |
| cluster-location: ${{ secrets.GCP_CLUSTER_LOCATION }} | |
| env: | |
| APP_VERSION: ${{ steps.version.outputs.APP_VERSION }} | |
| DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }} | |
| CANARY_DEPLOY_HOST: ${{ secrets.CANARY_DEPLOY_HOST }} | |
| R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} | |
| R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} | |
| R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
| CAPTCHA_TURNSTILE_SECRET: ${{ secrets.CAPTCHA_TURNSTILE_SECRET }} | |
| COPILOT_OPENAI_API_KEY: ${{ secrets.COPILOT_OPENAI_API_KEY }} | |
| COPILOT_FAL_API_KEY: ${{ secrets.COPILOT_FAL_API_KEY }} | |
| COPILOT_UNSPLASH_API_KEY: ${{ secrets.COPILOT_UNSPLASH_API_KEY }} | |
| METRICS_CUSTOMER_IO_TOKEN: ${{ secrets.METRICS_CUSTOMER_IO_TOKEN }} | |
| MAILER_SENDER: ${{ secrets.OAUTH_EMAIL_SENDER }} | |
| MAILER_USER: ${{ secrets.OAUTH_EMAIL_LOGIN }} | |
| MAILER_PASSWORD: ${{ secrets.OAUTH_EMAIL_PASSWORD }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AFFINE_GOOGLE_CLIENT_ID: ${{ secrets.AFFINE_GOOGLE_CLIENT_ID }} | |
| AFFINE_GOOGLE_CLIENT_SECRET: ${{ secrets.AFFINE_GOOGLE_CLIENT_SECRET }} | |
| DATABASE_URL: ${{ secrets.DATABASE_URL }} | |
| DATABASE_USERNAME: ${{ secrets.DATABASE_USERNAME }} | |
| DATABASE_PASSWORD: ${{ secrets.DATABASE_PASSWORD }} | |
| DATABASE_NAME: ${{ secrets.DATABASE_NAME }} | |
| GCLOUD_CONNECTION_NAME: ${{ secrets.GCLOUD_CONNECTION_NAME }} | |
| GCLOUD_CLOUD_SQL_INTERNAL_ENDPOINT: ${{ secrets.GCLOUD_CLOUD_SQL_INTERNAL_ENDPOINT }} | |
| REDIS_HOST: ${{ secrets.REDIS_HOST }} | |
| REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }} | |
| CLOUD_SQL_IAM_ACCOUNT: ${{ secrets.CLOUD_SQL_IAM_ACCOUNT }} | |
| STRIPE_API_KEY: ${{ secrets.STRIPE_API_KEY }} | |
| STRIPE_WEBHOOK_KEY: ${{ secrets.STRIPE_WEBHOOK_KEY }} | |
| STATIC_IP_NAME: ${{ secrets.STATIC_IP_NAME }} | |
| deploy-done: | |
| needs: | |
| - output-prev-version | |
| - build-web | |
| - build-admin | |
| - build-mobile | |
| - build-frontend-image | |
| - build-server-image | |
| - deploy | |
| if: always() | |
| runs-on: ubuntu-latest | |
| name: Post deploy message | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: toeverything/blocksuite | |
| path: blocksuite | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Setup Node.js | |
| uses: ./.github/actions/setup-node | |
| with: | |
| extra-flags: 'workspaces focus @affine/changelog' | |
| electron-install: false | |
| - name: Output deployed info | |
| if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} | |
| id: set_info | |
| run: | | |
| if [ "${{ github.event.inputs.flavor }}" = "canary" ]; then | |
| echo "deployed_url=https://affine.fail" >> $GITHUB_OUTPUT | |
| elif [ "${{ github.event.inputs.flavor }}" = "beta" ]; then | |
| echo "deployed_url=https://insider.affine.pro" >> $GITHUB_OUTPUT | |
| elif [ "${{ github.event.inputs.flavor }}" = "stable" ]; then | |
| echo "deployed_url=https://app.affine.pro" >> $GITHUB_OUTPUT | |
| else | |
| exit 1 | |
| fi | |
| env: | |
| GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} | |
| - name: Post Success event to a Slack channel | |
| if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} | |
| run: node ./tools/changelog/index.js | |
| env: | |
| CHANNEL_ID: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }} | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| DEPLOYED_URL: ${{ steps.set_info.outputs.deployed_url }} | |
| PREV_VERSION: ${{ needs.output-prev-version.outputs.prev }} | |
| NAMESPACE: ${{ needs.output-prev-version.outputs.namespace }} | |
| DEPLOYMENT: 'SERVER' | |
| FLAVOR: ${{ github.event.inputs.flavor }} | |
| BLOCKSUITE_REPO_PATH: ${{ github.workspace }}/blocksuite | |
| - name: Post Failed event to a Slack channel | |
| id: failed-slack | |
| uses: slackapi/[email protected] | |
| if: ${{ always() && contains(needs.*.result, 'failure') }} | |
| with: | |
| channel-id: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }} | |
| payload: | | |
| { | |
| "blocks": [ | |
| { | |
| "type": "section", | |
| "text": { | |
| "text": "<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Backend deploy failed `${{ github.event.inputs.flavor }}`>", | |
| "type": "mrkdwn" | |
| } | |
| } | |
| ] | |
| } | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |
| - name: Post Cancel event to a Slack channel | |
| id: cancel-slack | |
| uses: slackapi/[email protected] | |
| if: ${{ always() && contains(needs.*.result, 'cancelled') && !contains(needs.*.result, 'failure') }} | |
| with: | |
| channel-id: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }} | |
| payload: | | |
| { | |
| "blocks": [ | |
| { | |
| "type": "section", | |
| "text": { | |
| "text": "<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Backend deploy cancelled `${{ github.event.inputs.flavor }}`>", | |
| "type": "mrkdwn" | |
| } | |
| } | |
| ] | |
| } | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} |