Skip to content

Commit

Permalink
Move trigger build image step to GHA
Browse files Browse the repository at this point in the history
  • Loading branch information
@jcobarreto
jcobarreto committed May 13, 2024
1 parent 511e3d3 commit 0a733e9
Show file tree
Hide file tree
Showing 3 changed files with 192 additions and 138 deletions.
8 changes: 4 additions & 4 deletions .github/workflows/ci.yaml
View file
Expand Up @@ -2,10 +2,10 @@ name: CI

on:
workflow_dispatch:
pull_request:
branches:
- master # triggers the flow for every PR to master
- "feature/**" # triggers the flow for a PR to a branch like feature/v9
# pull_request:
# branches:
# - master # triggers the flow for every PR to master
# - "feature/**" # triggers the flow for a PR to a branch like feature/v9

types:
- synchronize # PR was updated
Expand Down
321 changes: 187 additions & 134 deletions .github/workflows/release.yml
View file
Expand Up @@ -5,6 +5,7 @@ on:
push:
branches:
- master
- ci-3421-move-build-image-to-gha

env:
REPOSITORY_NAME: ${{ github.event.repository.name }}
Expand Down Expand Up @@ -34,8 +35,10 @@ jobs:
workload_identity_provider: ${{ secrets.IDENTITY_POOL }}
service_account: ${{ secrets.SA_IDENTITY_POOL }}
secrets_name: |-
GCR_ACCOUNT_KEY:toptal-ci/GCR_ACCOUNT_KEY
NPM_TOKEN_PUBLISH:toptal-ci/NPM_TOKEN_PUBLISH
SLACK_BOT_TOKEN:toptal-ci/SLACK_BOT_TOKEN
TOPTAL_BUILD_BOT_SSH_KEY:toptal-ci/TOPTAL_BUILD_BOT_SSH_KEY
TOPTAL_BUILD_BOT_TOKEN:toptal-ci/TOPTAL_BUILD_BOT_TOKEN
TOPTAL_DEVBOT_TOKEN:toptal-ci/TOPTAL_DEVBOT_TOKEN
TOPTAL_REPOACCESSBOT_TOKEN:toptal-ci/TOPTAL_REPOACCESSBOT_TOKEN
Expand All @@ -61,6 +64,12 @@ jobs:
echo "TOPTAL_BOT_JENKINS_DEPLOYMENT_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN }}" >> $GITHUB_ENV
echo "TOPTAL_JENKINS_BUILD_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_BUILD_TOKEN }}" >> $GITHUB_ENV
echo "DEVBOT_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_DEVBOT_TOKEN }}" >> $GITHUB_ENV
echo 'GCR_ACCOUNT_KEY<<EOF' >> $GITHUB_ENV
echo '${{ steps.parse_secrets.outputs.GCR_ACCOUNT_KEY }}' >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
echo 'TOPTAL_BUILD_BOT_SSH_KEY<<EOF' >> $GITHUB_ENV
echo '${{ steps.parse_secrets.outputs.TOPTAL_BUILD_BOT_SSH_KEY }}' >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
- name: Set up Node.js
uses: actions/setup-node@v4
Expand Down Expand Up @@ -92,55 +101,55 @@ jobs:
yarn policies set-version
yarn install --frozen-lockfile --offline
- name: Create Release Pull Request or Publish to npm
id: changesets
uses: changesets/action@e9cc34b540dd3ad1b030c57fd97269e8f6ad905a
with:
publish: yarn release
env:
GITHUB_TOKEN: ${{ steps.parse_secrets.outputs.TOPTAL_BUILD_BOT_TOKEN }}
NPM_TOKEN: ${{ steps.parse_secrets.outputs.NPM_TOKEN_PUBLISH }}

- name: Edit "Version Package" PR
if: ${{ steps.changesets.outputs.published != 'true' }}
uses: actions/github-script@v7
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
// Get list of all open PRs with
// head branch "changeset-release/master"
// (there should be max 1 PR with such condition)
const { data } = await github.rest.pulls.list({
owner: 'toptal',
repo: 'picasso',
state: 'open',
head: 'toptal:changeset-release/master'
})
for await (let pr of data) {
// add to all of them label "no-jira"
github.rest.issues.addLabels({
owner: 'toptal',
repo: 'picasso',
issue_number: pr.number,
labels: [
'no-jira'
]
})
// append PR body with peerDependencies warning
const hr = "\n_____"
const warningTodo = "\n- [ ] ⚠️ "
const message = "If major release, don't forget to check if peerDependencies needs to be also updated"
const appendedMessage = hr + warningTodo + message
const body = pr.body.includes(message) ? pr.body : pr.body + appendedMessage
github.rest.pulls.update({
owner: 'toptal',
repo: 'picasso',
pull_number: pr.number,
body: body,
})
}
# - name: Create Release Pull Request or Publish to npm
# id: changesets
# uses: changesets/action@e9cc34b540dd3ad1b030c57fd97269e8f6ad905a
# with:
# publish: yarn release
# env:
# GITHUB_TOKEN: ${{ steps.parse_secrets.outputs.TOPTAL_BUILD_BOT_TOKEN }}
# NPM_TOKEN: ${{ steps.parse_secrets.outputs.NPM_TOKEN_PUBLISH }}

# - name: Edit "Version Package" PR
# if: ${{ steps.changesets.outputs.published != 'true' }}
# uses: actions/github-script@v7
# with:
# github-token: ${{secrets.GITHUB_TOKEN}}
# script: |
# // Get list of all open PRs with
# // head branch "changeset-release/master"
# // (there should be max 1 PR with such condition)
# const { data } = await github.rest.pulls.list({
# owner: 'toptal',
# repo: 'picasso',
# state: 'open',
# head: 'toptal:changeset-release/master'
# })
# for await (let pr of data) {
# // add to all of them label "no-jira"
# github.rest.issues.addLabels({
# owner: 'toptal',
# repo: 'picasso',
# issue_number: pr.number,
# labels: [
# 'no-jira'
# ]
# })

# // append PR body with peerDependencies warning
# const hr = "\n_____"
# const warningTodo = "\n- [ ] ⚠️ "
# const message = "If major release, don't forget to check if peerDependencies needs to be also updated"
# const appendedMessage = hr + warningTodo + message
# const body = pr.body.includes(message) ? pr.body : pr.body + appendedMessage

# github.rest.pulls.update({
# owner: 'toptal',
# repo: 'picasso',
# pull_number: pr.number,
# body: body,
# })
# }

- name: Get toptal/actions
uses: actions/checkout@v4
Expand All @@ -155,90 +164,134 @@ jobs:
sed -i 's|toptal/actions/get-job-url@main|./.github/actions/get-job-url|' ./.github/actions/trigger-jenkins-job/action.yml
sed -i 's|toptal/actions/trigger-jenkins-job@main|./.github/actions/trigger-jenkins-job|' ./.github/actions/create-jira-deployment/action.yml
- name: Trigger build image job
uses: ./.github/actions/trigger-jenkins-job
id: trigger-build
env:
JENKINS_JOB_NAME: ${{ env.REPOSITORY_NAME }}-build-image
JENKINS_USER: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}
with:
jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_BUILD_URL }}
jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}
jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_BUILD_TOKEN }}
jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_BUILD_CLIENT_ID }}
jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }}
job_name: ${{ env.JENKINS_JOB_NAME }}
job_params: |
{
"BRANCH": "master",
"VERSION": "${{ github.sha }}",
"IMAGE_NAME": "${{ env.REPOSITORY_NAME }}"
}
job_timeout: "7200"

- name: Trigger deployment job
id: trigger-deploy
uses: ./.github/actions/trigger-jenkins-job
env:
JENKINS_JOB_NAME: ${{ env.REPOSITORY_NAME }}-docs
with:
jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_DEPLOYMENT_URL }}
jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}
jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN }}
jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_DEPLOYMENT_CLIENT_ID }}
jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }}
job_name: ${{ env.JENKINS_JOB_NAME }}
job_params: |
{
"COMMIT_ID": "${{ github.sha }}"
}
job_timeout: "7200"

- name: Send a Slack notification on failure
if: ${{ failure() }}
uses: slackapi/slack-github-action@v1.26.0
env:
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }}
FAILURE_URL: ${{ steps.trigger-deploy.outputs.jenkins_job_url || steps.trigger-build.outputs.jenkins_job_url }}
FALLBACK_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}?check_suite_focus=true
with:
channel-id: "-frontend-exp-team-notifications"
slack-message: ":x: <!here> Current master version of Picasso is <${{ env.FAILURE_URL || env.FALLBACK_URL }}|broken>."
# - uses: docker/setup-buildx-action@v3
# id: buildx

- name: Send a Slack notification on success release
if: ${{ success() && steps.changesets.outputs.published == 'true' }}
uses: slackapi/slack-github-action@v1.26.0
with:
channel-id: "-frontend-exp-team-notifications"
slack-message: "Current master version of Picasso successfully released :green_heart:"
env:
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }}

- name: Send a Slack notification on success PR merge
if: ${{ success() && steps.changesets.outputs.published != 'true'}}
uses: slackapi/slack-github-action@v1.26.0
with:
channel-id: "-frontend-exp-team-notifications"
slack-message: "A new PR was merged to Picasso :parrotspin:"
env:
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }}

- name: Create Jira deployment
uses: ./.github/actions/create-jira-deployment/
if: ${{ steps.changesets.outputs.published == 'true' }}
# - name: Use SSH key
# uses: toptal/ssh-agent@v0.4.1
# with:
# ssh-private-key: ${{ steps.parse_secrets.outputs.TOPTAL_BUILD_BOT_SSH_KEY }}

# - name: Docker meta
# id: meta
# uses: docker/metadata-action@v5
# with:
# images: us-central1-docker.pkg.dev/toptal-hub/containers/picasso
# tags: |
# type=raw,value=${{ env.APP_VERSION }}
# flavor: |
# latest=true

- name: Build and push picasso image
uses: toptal/davinci-github-actions/build-push-image@refs/heads/ci-3516-change-build-push-image-action
with:
jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_BUILD_URL }}
jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}
jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_BUILD_TOKEN }}
jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_BUILD_CLIENT_ID }}
jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }}
token: ${{ env.DEVBOT_TOKEN }}
environment: production
environment-url: https://www.npmjs.com/package/@toptal/picasso?activeTab=versions

integration-tests:
name: Integration Tests
uses: ./.github/workflows/davinci-integration-tests.yml
secrets:
IDENTITY_POOL: ${{ secrets.IDENTITY_POOL }}
SA_IDENTITY_POOL: ${{ secrets.SA_IDENTITY_POOL }}
sha: ${{ inputs.sha }}
image-name: picasso
build-args: |
VERSION=${{ github.sha }}
# - name: Build and push picasso image
# uses: toptal/davinci-github-actions/build-push-image@v13.0.2
# with:
# sha: ${{ inputs.sha }}
# image-name: ${{ env.REPOSITORY_NAME }}
# docker-file: ./Dockerfile
# build-args: |
# VERSION=${{ inputs.sha }}

# - name: Build and push picasso image
# uses: docker/build-push-action@v5
# with:
# tags: |
# ${{ steps.meta.outputs.tags }}
# context: .
# push: true
# ssh: default

# - name: Trigger build image job
# uses: ./.github/actions/trigger-jenkins-job
# id: trigger-build
# env:
# JENKINS_JOB_NAME: ${{ env.REPOSITORY_NAME }}-build-image
# JENKINS_USER: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}
# with:
# jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_BUILD_URL }}
# jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}
# jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_BUILD_TOKEN }}
# jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_BUILD_CLIENT_ID }}
# jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }}
# job_name: ${{ env.JENKINS_JOB_NAME }}
# job_params: |
# {
# "BRANCH": "master",
# "VERSION": "${{ github.sha }}",
# "IMAGE_NAME": "${{ env.REPOSITORY_NAME }}"
# }
# job_timeout: "7200"

# - name: Trigger deployment job
# id: trigger-deploy
# uses: ./.github/actions/trigger-jenkins-job
# env:
# JENKINS_JOB_NAME: ${{ env.REPOSITORY_NAME }}-docs
# with:
# jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_DEPLOYMENT_URL }}
# jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}
# jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN }}
# jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_DEPLOYMENT_CLIENT_ID }}
# jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }}
# job_name: ${{ env.JENKINS_JOB_NAME }}
# job_params: |
# {
# "COMMIT_ID": "${{ github.sha }}"
# }
# job_timeout: "7200"

# - name: Send a Slack notification on failure
# if: ${{ failure() }}
# uses: slackapi/slack-github-action@v1.26.0
# env:
# SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }}
# FAILURE_URL: ${{ steps.trigger-deploy.outputs.jenkins_job_url || steps.trigger-build.outputs.jenkins_job_url }}
# FALLBACK_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}?check_suite_focus=true
# with:
# channel-id: "-frontend-exp-team-notifications"
# slack-message: ":x: <!here> Current master version of Picasso is <${{ env.FAILURE_URL || env.FALLBACK_URL }}|broken>."

# - name: Send a Slack notification on success release
# if: ${{ success() && steps.changesets.outputs.published == 'true' }}
# uses: slackapi/slack-github-action@v1.26.0
# with:
# channel-id: "-frontend-exp-team-notifications"
# slack-message: "Current master version of Picasso successfully released :green_heart:"
# env:
# SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }}

# - name: Send a Slack notification on success PR merge
# if: ${{ success() && steps.changesets.outputs.published != 'true'}}
# uses: slackapi/slack-github-action@v1.26.0
# with:
# channel-id: "-frontend-exp-team-notifications"
# slack-message: "A new PR was merged to Picasso :parrotspin:"
# env:
# SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }}

# - name: Create Jira deployment
# uses: ./.github/actions/create-jira-deployment/
# if: ${{ steps.changesets.outputs.published == 'true' }}
# with:
# jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_BUILD_URL }}
# jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}
# jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_BUILD_TOKEN }}
# jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_BUILD_CLIENT_ID }}
# jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }}
# token: ${{ env.DEVBOT_TOKEN }}
# environment: production
# environment-url: https://www.npmjs.com/package/@toptal/picasso?activeTab=versions

# integration-tests:
# name: Integration Tests
# uses: ./.github/workflows/davinci-integration-tests.yml
# secrets:
# IDENTITY_POOL: ${{ secrets.IDENTITY_POOL }}
# SA_IDENTITY_POOL: ${{ secrets.SA_IDENTITY_POOL }}
1 change: 1 addition & 0 deletions Dockerfile
View file
@@ -1,3 +1,4 @@
# syntax=docker/dockerfile:1
FROM node:18-alpine

ENV PATH="${PATH}:/app/node_modules/.bin" \
Expand Down

0 comments on commit 0a733e9

Please sign in to comment.