Move trigger build image step to GHA #1649
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - master | |
| - ci-3421-move-build-image-to-gha | |
| env: | |
| REPOSITORY_NAME: ${{ github.event.repository.name }} | |
| jobs: | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write | |
| actions: write | |
| issues: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v4 | |
| with: | |
| # This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits | |
| fetch-depth: 0 | |
| # This forces changesets to use git user, provided by GITHUB_TOKEN env var | |
| persist-credentials: false | |
| - name: GSM Secrets | |
| id: secrets_manager | |
| uses: toptal/davinci-github-actions/gsm-secrets@v13.0.2 | |
| with: | |
| workload_identity_provider: ${{ secrets.IDENTITY_POOL }} | |
| service_account: ${{ secrets.SA_IDENTITY_POOL }} | |
| secrets_name: |- | |
| GCR_ACCOUNT_KEY:toptal-ci/GCR_ACCOUNT_KEY | |
| NPM_TOKEN_PUBLISH:toptal-ci/NPM_TOKEN_PUBLISH | |
| SLACK_BOT_TOKEN:toptal-ci/SLACK_BOT_TOKEN | |
| TOPTAL_BUILD_BOT_SSH_KEY:toptal-ci/TOPTAL_BUILD_BOT_SSH_KEY | |
| TOPTAL_BUILD_BOT_TOKEN:toptal-ci/TOPTAL_BUILD_BOT_TOKEN | |
| TOPTAL_DEVBOT_TOKEN:toptal-ci/TOPTAL_DEVBOT_TOKEN | |
| TOPTAL_REPOACCESSBOT_TOKEN:toptal-ci/TOPTAL_REPOACCESSBOT_TOKEN | |
| TOPTAL_TRIGGERBOT_BUILD_TOKEN:toptal-ci/TOPTAL_TRIGGERBOT_BUILD_TOKEN | |
| TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN:toptal-ci/TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN | |
| TOPTAL_TRIGGERBOT_USERNAME:toptal-ci/TOPTAL_TRIGGERBOT_USERNAME | |
| JENKINS_DEPLOYMENT_CLIENT_ID:toptal-ci/JENKINS_DEPLOYMENT_CLIENT_ID | |
| JENKINS_DEPLOYMENT_URL:toptal-ci/JENKINS_DEPLOYMENT_URL | |
| JENKINS_BUILD_CLIENT_ID:toptal-ci/JENKINS_BUILD_CLIENT_ID | |
| JENKINS_BUILD_URL:toptal-ci/JENKINS_BUILD_URL | |
| JENKINS_SA_CREDENTIALS:toptal-ci/JENKINS_SA_CREDENTIALS | |
| - name: Parse secrets | |
| id: parse_secrets | |
| uses: toptal/davinci-github-actions/expose-json-outputs@v13.0.2 | |
| with: | |
| json: ${{ steps.secrets_manager.outputs.secrets }} | |
| - name: Set ENV Variables | |
| run: |- | |
| echo "SLACK_BOT_TOKEN=${{ steps.parse_secrets.outputs.SLACK_BOT_TOKEN }}" >> $GITHUB_ENV | |
| echo "TOPTAL_BOT_USERNAME=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}" >> $GITHUB_ENV | |
| echo "TOPTAL_BOT_JENKINS_DEPLOYMENT_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN }}" >> $GITHUB_ENV | |
| echo "TOPTAL_JENKINS_BUILD_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_BUILD_TOKEN }}" >> $GITHUB_ENV | |
| echo "DEVBOT_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_DEVBOT_TOKEN }}" >> $GITHUB_ENV | |
| echo 'GCR_ACCOUNT_KEY<<EOF' >> $GITHUB_ENV | |
| echo '${{ steps.parse_secrets.outputs.GCR_ACCOUNT_KEY }}' >> $GITHUB_ENV | |
| echo 'EOF' >> $GITHUB_ENV | |
| echo 'TOPTAL_BUILD_BOT_SSH_KEY<<EOF' >> $GITHUB_ENV | |
| echo '${{ steps.parse_secrets.outputs.TOPTAL_BUILD_BOT_SSH_KEY }}' >> $GITHUB_ENV | |
| echo 'EOF' >> $GITHUB_ENV | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 18 | |
| - name: Get yarn cache directory path | |
| id: yarn-cache-dir-path | |
| run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT | |
| - name: Check yarn cache | |
| uses: actions/cache@v3 | |
| id: yarn-cache | |
| with: | |
| path: ${{ steps.yarn-cache-dir-path.outputs.dir }} | |
| key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-yarn- | |
| - name: Install Dependencies (from network) | |
| if: ${{ steps.yarn-cache.outputs.cache-hit != 'true' }} | |
| run: | | |
| yarn policies set-version | |
| yarn install --frozen-lockfile | |
| - name: Install Dependencies (from cache) | |
| if: ${{ steps.yarn-cache.outputs.cache-hit == 'true' }} | |
| run: | | |
| yarn policies set-version | |
| yarn install --frozen-lockfile --offline | |
| # - name: Create Release Pull Request or Publish to npm | |
| # id: changesets | |
| # uses: changesets/action@e9cc34b540dd3ad1b030c57fd97269e8f6ad905a | |
| # with: | |
| # publish: yarn release | |
| # env: | |
| # GITHUB_TOKEN: ${{ steps.parse_secrets.outputs.TOPTAL_BUILD_BOT_TOKEN }} | |
| # NPM_TOKEN: ${{ steps.parse_secrets.outputs.NPM_TOKEN_PUBLISH }} | |
| # - name: Edit "Version Package" PR | |
| # if: ${{ steps.changesets.outputs.published != 'true' }} | |
| # uses: actions/github-script@v7 | |
| # with: | |
| # github-token: ${{secrets.GITHUB_TOKEN}} | |
| # script: | | |
| # // Get list of all open PRs with | |
| # // head branch "changeset-release/master" | |
| # // (there should be max 1 PR with such condition) | |
| # const { data } = await github.rest.pulls.list({ | |
| # owner: 'toptal', | |
| # repo: 'picasso', | |
| # state: 'open', | |
| # head: 'toptal:changeset-release/master' | |
| # }) | |
| # for await (let pr of data) { | |
| # // add to all of them label "no-jira" | |
| # github.rest.issues.addLabels({ | |
| # owner: 'toptal', | |
| # repo: 'picasso', | |
| # issue_number: pr.number, | |
| # labels: [ | |
| # 'no-jira' | |
| # ] | |
| # }) | |
| # // append PR body with peerDependencies warning | |
| # const hr = "\n_____" | |
| # const warningTodo = "\n- [ ] ⚠️ " | |
| # const message = "If major release, don't forget to check if peerDependencies needs to be also updated" | |
| # const appendedMessage = hr + warningTodo + message | |
| # const body = pr.body.includes(message) ? pr.body : pr.body + appendedMessage | |
| # github.rest.pulls.update({ | |
| # owner: 'toptal', | |
| # repo: 'picasso', | |
| # pull_number: pr.number, | |
| # body: body, | |
| # }) | |
| # } | |
| - name: Get toptal/actions | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: toptal/actions | |
| token: ${{ steps.parse_secrets.outputs.TOPTAL_REPOACCESSBOT_TOKEN }} | |
| path: ./.github/actions/ | |
| - name: Replace toptal/actions/get-job-url@main from trigger-jenkins-job/action.yml | |
| shell: bash | |
| run: | | |
| sed -i 's|toptal/actions/get-job-url@main|./.github/actions/get-job-url|' ./.github/actions/trigger-jenkins-job/action.yml | |
| sed -i 's|toptal/actions/trigger-jenkins-job@main|./.github/actions/trigger-jenkins-job|' ./.github/actions/create-jira-deployment/action.yml | |
| # - uses: docker/setup-buildx-action@v3 | |
| # id: buildx | |
| # - name: Use SSH key | |
| # uses: toptal/ssh-agent@v0.4.1 | |
| # with: | |
| # ssh-private-key: ${{ steps.parse_secrets.outputs.TOPTAL_BUILD_BOT_SSH_KEY }} | |
| # - name: Docker meta | |
| # id: meta | |
| # uses: docker/metadata-action@v5 | |
| # with: | |
| # images: us-central1-docker.pkg.dev/toptal-hub/containers/picasso | |
| # tags: | | |
| # type=raw,value=${{ env.APP_VERSION }} | |
| # flavor: | | |
| # latest=true | |
| - name: Build and push picasso image | |
| uses: toptal/davinci-github-actions/build-push-image@refs/heads/ci-3516-change-build-push-image-action | |
| with: | |
| sha: ${{ inputs.sha }} | |
| image-name: picasso | |
| build-args: | | |
| VERSION=${{ github.sha }} | |
| # - name: Build and push picasso image | |
| # uses: toptal/davinci-github-actions/build-push-image@v13.0.2 | |
| # with: | |
| # sha: ${{ inputs.sha }} | |
| # image-name: ${{ env.REPOSITORY_NAME }} | |
| # docker-file: ./Dockerfile | |
| # build-args: | | |
| # VERSION=${{ inputs.sha }} | |
| # - name: Build and push picasso image | |
| # uses: docker/build-push-action@v5 | |
| # with: | |
| # tags: | | |
| # ${{ steps.meta.outputs.tags }} | |
| # context: . | |
| # push: true | |
| # ssh: default | |
| # - name: Trigger build image job | |
| # uses: ./.github/actions/trigger-jenkins-job | |
| # id: trigger-build | |
| # env: | |
| # JENKINS_JOB_NAME: ${{ env.REPOSITORY_NAME }}-build-image | |
| # JENKINS_USER: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }} | |
| # with: | |
| # jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_BUILD_URL }} | |
| # jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }} | |
| # jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_BUILD_TOKEN }} | |
| # jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_BUILD_CLIENT_ID }} | |
| # jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }} | |
| # job_name: ${{ env.JENKINS_JOB_NAME }} | |
| # job_params: | | |
| # { | |
| # "BRANCH": "master", | |
| # "VERSION": "${{ github.sha }}", | |
| # "IMAGE_NAME": "${{ env.REPOSITORY_NAME }}" | |
| # } | |
| # job_timeout: "7200" | |
| # - name: Trigger deployment job | |
| # id: trigger-deploy | |
| # uses: ./.github/actions/trigger-jenkins-job | |
| # env: | |
| # JENKINS_JOB_NAME: ${{ env.REPOSITORY_NAME }}-docs | |
| # with: | |
| # jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_DEPLOYMENT_URL }} | |
| # jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }} | |
| # jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN }} | |
| # jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_DEPLOYMENT_CLIENT_ID }} | |
| # jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }} | |
| # job_name: ${{ env.JENKINS_JOB_NAME }} | |
| # job_params: | | |
| # { | |
| # "COMMIT_ID": "${{ github.sha }}" | |
| # } | |
| # job_timeout: "7200" | |
| # - name: Send a Slack notification on failure | |
| # if: ${{ failure() }} | |
| # uses: slackapi/slack-github-action@v1.26.0 | |
| # env: | |
| # SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }} | |
| # FAILURE_URL: ${{ steps.trigger-deploy.outputs.jenkins_job_url || steps.trigger-build.outputs.jenkins_job_url }} | |
| # FALLBACK_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}?check_suite_focus=true | |
| # with: | |
| # channel-id: "-frontend-exp-team-notifications" | |
| # slack-message: ":x: <!here> Current master version of Picasso is <${{ env.FAILURE_URL || env.FALLBACK_URL }}|broken>." | |
| # - name: Send a Slack notification on success release | |
| # if: ${{ success() && steps.changesets.outputs.published == 'true' }} | |
| # uses: slackapi/slack-github-action@v1.26.0 | |
| # with: | |
| # channel-id: "-frontend-exp-team-notifications" | |
| # slack-message: "Current master version of Picasso successfully released :green_heart:" | |
| # env: | |
| # SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }} | |
| # - name: Send a Slack notification on success PR merge | |
| # if: ${{ success() && steps.changesets.outputs.published != 'true'}} | |
| # uses: slackapi/slack-github-action@v1.26.0 | |
| # with: | |
| # channel-id: "-frontend-exp-team-notifications" | |
| # slack-message: "A new PR was merged to Picasso :parrotspin:" | |
| # env: | |
| # SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }} | |
| # - name: Create Jira deployment | |
| # uses: ./.github/actions/create-jira-deployment/ | |
| # if: ${{ steps.changesets.outputs.published == 'true' }} | |
| # with: | |
| # jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_BUILD_URL }} | |
| # jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }} | |
| # jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_BUILD_TOKEN }} | |
| # jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_BUILD_CLIENT_ID }} | |
| # jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }} | |
| # token: ${{ env.DEVBOT_TOKEN }} | |
| # environment: production | |
| # environment-url: https://www.npmjs.com/package/@toptal/picasso?activeTab=versions | |
| # integration-tests: | |
| # name: Integration Tests | |
| # uses: ./.github/workflows/davinci-integration-tests.yml | |
| # secrets: | |
| # IDENTITY_POOL: ${{ secrets.IDENTITY_POOL }} | |
| # SA_IDENTITY_POOL: ${{ secrets.SA_IDENTITY_POOL }} |