fix: fd ns grants #125311
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Monorepo pipeline - build and deploy | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - labeled | |
| defaults: | |
| run: | |
| shell: bash | |
| concurrency: | |
| # See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-a-fallback-value | |
| group: push-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: false | |
| env: | |
| DOCKER_REGISTRY: 821090935708.dkr.ecr.eu-west-1.amazonaws.com | |
| DOCKER_BASE_IMAGE_REGISTRY: 821090935708.dkr.ecr.eu-west-1.amazonaws.com/ecr-public | |
| SPINNAKER_URL: https://spinnaker-gate.shared.devland.is | |
| COMPOSE_HTTP_TIMEOUT: 180 | |
| GITHUB_ACTIONS_CACHE_URL: https://cache.dev01.devland.is/ | |
| SKIP_GENERATED_CACHE: ${{ contains(github.event.pull_request.labels.*.name, 'skip-generated-cache') }} | |
| NX_AFFECTED_ALL: ${{ contains(github.event.pull_request.labels.*.name, 'nx-affected-all') }} | |
| NX_SKIP_NX_CACHE: ${{ contains(github.event.pull_request.labels.*.name, 'skip-nx-cache') }} | |
| NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }} | |
| NX_TASKS_RUNNER: ci | |
| CONFIGCAT_MAIN_CONFIG_ID: 08d8c761-021c-46f0-8671-6244663a372f | |
| CONFIGCAT_MOBILE_APP_CONFIG_ID: 08daf234-7573-4b3b-85f6-189fc7502542 | |
| DISABLE_CHUNKS: 'false' | |
| DISABLE_GROUPING: 'false' | |
| DISABLE_PROBLEMATIC: 'false' | |
| CHUNK_SIZE: '3' | |
| MAX_JOBS: '2' | |
| NX_PARALLEL: '2' | |
| NX_MAX_PARALLEL: '4' | |
| NODE_IMAGE_VERSION: 20 | |
| S3_DOCKER_CACHE_BUCKET: ${{ secrets.S3_DOCKER_CACHE_BUCKET }} | |
| RUNS_ON_S3_BUCKET_CACHE: ${{ secrets.S3_DOCKER_CACHE_BUCKET }} | |
| AWS_REGION: eu-west-1 | |
| GENERATED_FILES: ${{ github.sha }}.tar.gz | |
| CYPRESS_CACHE_FOLDER: ${{ github.workspace }}/.cypress-cache | |
| YARN_ENABLE_HARDENED_MODE: '0' | |
| jobs: | |
| pre-checks: | |
| uses: ./.github/workflows/pre-checks.yml | |
| secrets: inherit | |
| prepare: | |
| runs-on: arc-runners | |
| timeout-minutes: 90 | |
| if: needs.pre-checks.outputs.PRE_CHECK | |
| needs: | |
| - pre-checks | |
| env: | |
| AFFECTED_ALL: ${{ secrets.AFFECTED_ALL }} | |
| GIT_BRANCH: ${{ needs.pre-checks.outputs.GIT_BRANCH }} | |
| GIT_BASE_BRANCH: ${{ needs.pre-checks.outputs.GIT_BASE_BRANCH }} | |
| SERVERSIDE_FEATURES_ON: '' | |
| outputs: | |
| TEST_CHUNKS: ${{ steps.test_projects.outputs.CHUNKS }} | |
| DOCKER_TAG: ${{ steps.docker_tags.outputs.DOCKER_TAG }} | |
| NODE_IMAGE_VERSION: ${{ steps.nodejs_image.outputs.NODE_IMAGE_VERSION }} | |
| LAST_GOOD_BUILD_DOCKER_TAG: ${{ steps.git_nx_base.outputs.LAST_GOOD_BUILD_DOCKER_TAG }} | |
| BUILD_CHUNKS: ${{ steps.build_map.outputs.BUILD_CHUNKS }} | |
| IMAGES: ${{ steps.deploy_map.outputs.IMAGES }} | |
| node-modules-hash: ${{ steps.calculate_node_modules_hash.outputs.node-modules-hash }} | |
| DEPLOY_FEATURE: ${{ contains(github.event.pull_request.labels.*.name, 'deploy-feature') }} | |
| CACHE_KEY: ${{ steps.set-cache-key.outputs.CACHE_KEY }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Derive appropriate SHAs | |
| uses: ./.github/actions/set-shas | |
| - name: Prepare feature deployment | |
| if: needs.pre-checks.outputs.PRE_CHECK == 'feature-deploy' && needs.pre-checks.outputs.PRE_RELEASE == 'false' | |
| uses: ./.github/actions/feature-checkout | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| slack_webhook_url: ${{ secrets.SLACK_BUILD_ISSUES_REPORTING_WEBHOOK_URL }} | |
| - name: Prepare pre-release | |
| if: needs.pre-checks.outputs.PRE_CHECK && needs.pre-checks.outputs.PRE_RELEASE == 'true' | |
| id: git_nx_base | |
| uses: ./.github/actions/prerelease-checkout | |
| # NOTE: checkout main | |
| - name: Checkout main branch | |
| if: ${{ !(needs.pre-checks.outputs.PRE_CHECK && needs.pre-checks.outputs.PRE_CHECK == 'feature-deploy') }} | |
| run: | | |
| set -euo pipefail | |
| git checkout main | |
| git checkout "$GITHUB_SHA" | |
| # This is to increase the retention days for our GitHub Actions run events | |
| # See this for more information: | |
| # https://github.blog/changelog/2020-10-08-github-actions-ability-to-change-retention-days-for-artifacts-and-logs/ | |
| - name: Keep PR run event | |
| uses: actions/upload-artifact@b18b1d32f3f31abcdc29dee3f2484801fe7822f4 | |
| if: needs.pre-checks.outputs.PRE_CHECK && needs.pre-checks.outputs.PRE_CHECK == 'feature-deploy' && !(needs.pre-checks.outputs.PRE_RELEASE == 'true') | |
| with: | |
| name: pr-event | |
| path: event.json | |
| retention-days: 90 | |
| include-hidden-files: true | |
| if-no-files-found: error | |
| - name: Generate nodejs image tag | |
| id: nodejs_image | |
| continue-on-error: false | |
| run: | | |
| set -euo pipefail | |
| export NODE_IMAGE_VERSION="$NODE_IMAGE_VERSION" | |
| echo "NODE_IMAGE_VERSION: '${NODE_IMAGE_VERSION}'" | |
| echo NODE_IMAGE_VERSION="${NODE_IMAGE_VERSION}" >> "$GITHUB_OUTPUT" | |
| echo NODE_IMAGE_VERSION="${NODE_IMAGE_VERSION}" >> "$GITHUB_ENV" | |
| echo "**NODE_IMAGE_VERSION** '${NODE_IMAGE_VERSION}'" >> "$GITHUB_STEP_SUMMARY" | |
| - name: Generate docker image tag | |
| id: docker_tags | |
| run: | | |
| set -euo pipefail | |
| export DOCKER_BRANCH_TAG="$(echo "${GIT_BRANCH:0:45}" | tr "/." "-" )" | |
| SHA="${{ github.event.pull_request.head.sha }}" | |
| echo "SHA='$SHA' retrieved from event" | |
| if [[ "$SHA" == "" ]]; then | |
| SHA="$GITHUB_SHA" | |
| echo "SHA='$SHA', retrived from action environment" | |
| fi | |
| echo "Using SHA='$SHA' as docker tag SHA" | |
| export DOCKER_TAG="${DOCKER_BRANCH_TAG}_${SHA:0:10}_${GITHUB_RUN_NUMBER}" | |
| echo "Docker tag will be '${DOCKER_TAG}'" | |
| echo DOCKER_TAG="${DOCKER_TAG}" >> "$GITHUB_OUTPUT" | |
| echo DOCKER_TAG="$DOCKER_TAG" >> "$GITHUB_ENV" | |
| echo "**Monorepo tag:** '${DOCKER_TAG}'" >> "$GITHUB_STEP_SUMMARY" | |
| - name: Send Slack notification | |
| id: slack | |
| if: ${{ startsWith( github.env.GIT_BASE_BRANCH, 'release/' ) }} | |
| uses: 8398a7/action-slack@v3 | |
| with: | |
| status: custom | |
| fields: repo,message # selectable (default: repo,message) | |
| custom_payload: | | |
| { | |
| attachments: [{ | |
| color: 'good', | |
| text: `Monorepo Release Tag is: ${process.env.DOCKER_TAG}`, | |
| }] | |
| } | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_RELEASE_WEBHOOK_URL }} # required | |
| - name: Setup yarn | |
| uses: ./.github/actions/setup-yarn | |
| with: | |
| RUNS_ON_S3_BUCKET_CACHE: ${{ secrets.S3_DOCKER_CACHE_BUCKET }} | |
| - name: Install infra modules | |
| working-directory: infra | |
| run: | | |
| corepack enable && CI=true yarn install --immutable | |
| - name: load-deps | |
| uses: ./.github/actions/load-deps | |
| - name: test-everything | |
| uses: ./.github/actions/test-everything | |
| - name: Docker login to ECR repo | |
| run: ./scripts/ci/docker-login-ecr.sh | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - name: set BRANCH env var | |
| id: set-branch-env | |
| run: echo BRANCH="$GIT_BRANCH" >> "$GITHUB_ENV" | |
| - name: Prepare test targets | |
| id: test_projects | |
| run: | | |
| set -euo pipefail | |
| CHUNKS="$(./scripts/ci/generate-chunks.sh test)" | |
| if [[ "$CHUNKS" != "[]" ]]; then | |
| echo CHUNKS="{\"projects\":$CHUNKS}" >> "$GITHUB_OUTPUT" | |
| fi | |
| env: | |
| SKIP_TESTS_ON_BRANCH: ${{ secrets.SKIP_TESTS_ON_BRANCH }} | |
| - name: Set AFFECTED_ALL env | |
| if: ${{ needs.pre-checks.outputs.PRE_RELEASE == 'true' }} | |
| run: | | |
| echo "AFFECTED_ALL=7913-$GIT_BRANCH" >> "$GITHUB_ENV" | |
| - name: Prepare docker build targets | |
| id: build_map | |
| run: | | |
| set -euo pipefail | |
| AFFECTED_TARGETS="$(yarn nx show projects --affected --base $BASE --head $HEAD --json | jq -r '. | join(",")')" | |
| cd infra | |
| ADDITIONAL_PROJECTS="$(yarn feature-env downstream --feature tmp --images $AFFECTED_TARGETS --chart islandis)" | |
| cd .. | |
| export ADDITIONAL_PROJECTS | |
| echo "Additional Projects: $ADDITIONAL_PROJECTS" | |
| CHUNKS="$(ADDITIONAL_PROJECTS="$ADDITIONAL_PROJECTS" ./scripts/ci/generate-docker-chunks.sh docker-express docker-next docker-static docker-playwright docker-jest)" | |
| echo "CHUNKS: '$CHUNKS'" | |
| if [[ "$CHUNKS" != "[]" ]]; then | |
| echo BUILD_CHUNKS=$(echo "$CHUNKS" | jq -cM '. | map("\(.|tostring)")') >> "$GITHUB_OUTPUT" | |
| echo "CHUNKS='$CHUNKS'" >> "$GITHUB_OUTPUT" | |
| fi | |
| # NOTE: only on PRs | |
| - name: Prepare deployment targets | |
| id: deploy_map | |
| if: needs.pre-checks.outputs.PRE_CHECK != 'push' | |
| run: | | |
| set -euo pipefail | |
| CHUNKS=${{ steps.build_map.outputs.CHUNKS }} | |
| echo "CHUNKS: '$CHUNKS'" | |
| if [[ "$CHUNKS" != "[]" ]]; then | |
| # NOTE: validate the jq command to trigger failure | |
| echo "$CHUNKS" | jq -r 'map(.projects) | join(",")' | |
| IMAGES=$(echo "$CHUNKS" | jq -r 'map(.projects) | join(",")') | |
| echo "IMAGES='$IMAGES'" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Prepare docker deps | |
| id: docker-deps | |
| run: | | |
| ./scripts/ci/10_prepare-docker-deps.sh | |
| - name: Generate docker tags for feature deployments | |
| id: prepare-docker-feature-deployment | |
| if: needs.pre-checks.outputs.PRE_CHECK == 'feature-deploy' | |
| run: | | |
| node scripts/ci/docker/generate-tag.mjs | |
| docker-build: | |
| needs: | |
| - pre-checks | |
| - prepare | |
| runs-on: arc-docker | |
| timeout-minutes: 45 | |
| if: needs.prepare.outputs.BUILD_CHUNKS | |
| permissions: | |
| actions: read | |
| contents: read | |
| outputs: | |
| json: ${{ steps.matrix-output.outputs.json }} | |
| env: | |
| AFFECTED_ALL: ${{ secrets.AFFECTED_ALL }} | |
| GIT_BRANCH: ${{ needs.pre-checks.outputs.GIT_BRANCH}} | |
| DOCKER_TAG: ${{ needs.prepare.outputs.DOCKER_TAG}} | |
| NODE_IMAGE_VERSION: ${{ needs.prepare.outputs.NODE_IMAGE_VERSION}} | |
| PUBLISH: true | |
| DISABLE_CHUNKS: true | |
| MAX_JOBS: 3 | |
| NX_PARALLEL: 1 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| chunk: ${{ fromJson(needs.prepare.outputs.BUILD_CHUNKS) }} | |
| steps: | |
| - name: Gather apps | |
| id: gather | |
| run: | | |
| set -euo pipefail | |
| AFFECTED_PROJECTS="$(echo '${{ matrix.chunk }}' | jq -r '.projects')" | |
| DOCKER_TYPE="$(echo '${{ matrix.chunk }}' | jq -r '.docker_type')" | |
| APP_HOME="$(echo '${{ matrix.chunk }}' | jq -r '.home')" | |
| APP_DIST_HOME="$(echo '${{ matrix.chunk }}' | jq -r '.dist')" | |
| echo AFFECTED_PROJECTS="$AFFECTED_PROJECTS" >> "$GITHUB_ENV" | |
| echo DOCKER_TYPE="$DOCKER_TYPE" >> "$GITHUB_ENV" | |
| echo APP_HOME="$APP_HOME" >> "$GITHUB_ENV" | |
| echo APP_DIST_HOME="$APP_DIST_HOME" >> "$GITHUB_ENV" | |
| continue-on-error: true | |
| - uses: actions/checkout@v4 | |
| if: steps.gather.outcome == 'success' | |
| - name: Setup yarn | |
| uses: ./.github/actions/setup-yarn | |
| with: | |
| RUNS_ON_S3_BUCKET_CACHE: ${{ secrets.S3_DOCKER_CACHE_BUCKET }} | |
| - name: Set id for matrix | |
| run: | | |
| node ./scripts/ci/docker/create-id.mjs | |
| - name: load-deps | |
| uses: ./.github/actions/load-deps | |
| - name: Restore generated files | |
| uses: runs-on/cache/restore@v4 | |
| id: restore-generated-files-cache | |
| with: | |
| path: | | |
| ${{ env.GENERATED_FILES }} | |
| key: generated-files-${{ github.sha }} | |
| - name: Extract generated files | |
| run: | | |
| tar -xzvf ${{ env.GENERATED_FILES }} | |
| - name: Docker login to ECR repo | |
| if: steps.gather.outcome == 'success' | |
| run: ./scripts/ci/docker-login-ecr.sh | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - name: Prepare Docker build arguments | |
| id: dockerargs | |
| if: steps.gather.outcome == 'success' | |
| env: | |
| NODE_IMAGE_VERSION: ${{ needs.prepare.outputs.NODE_IMAGE_VERSION }} | |
| GIT_COMMIT_SHA: ${{ github.sha }} | |
| DOCKER_BASE_IMAGE_REGISTRY: ${{ env.DOCKER_BASE_IMAGE_REGISTRY }} | |
| run: | | |
| set -x | |
| # Strip protocol prefix and .git postfix | |
| SERVER_URL="${{ github.server_url }}/${{ github.repository }}" | |
| SERVER_URL="${SERVER_URL#*://}" | |
| SERVER_URL="${SERVER_URL%.git}" | |
| build_args=( | |
| --build-arg="DOCKER_IMAGE_REGISTRY=${DOCKER_BASE_IMAGE_REGISTRY}" | |
| --build-arg="NODE_IMAGE_VERSION=${NODE_IMAGE_VERSION}" | |
| --build-arg="GIT_BRANCH=${GIT_BRANCH}" | |
| --build-arg="GIT_COMMIT_SHA=${GIT_COMMIT_SHA}" | |
| --build-arg="GIT_REPOSITORY_URL=${SERVER_URL}" | |
| --build-arg="NX_PARALLEL=${NX_PARALLEL}" | |
| --build-arg="NX_MAX_PARALLEL=${NX_MAX_PARALLEL}" | |
| --build-arg="NX_TASKS_RUNNER=ci" | |
| ) | |
| export EXTRA_DOCKER_BUILD_ARGS="${build_args[*]}" | |
| echo "EXTRA_DOCKER_BUILD_ARGS=${EXTRA_DOCKER_BUILD_ARGS}" >> "${GITHUB_ENV}" | |
| # Create a temporary file with the NX_CLOUD_ACCESS_TOKEN | |
| echo "${{ secrets.NX_CLOUD_ACCESS_TOKEN }}" > nx_cloud_access_token.txt | |
| # Add secret to EXTRA_DOCKER_BUILD_ARGS | |
| echo "EXTRA_DOCKER_BUILD_ARGS=${EXTRA_DOCKER_BUILD_ARGS} --secret id=nx_cloud_access_token,src=nx_cloud_access_token.txt" >> "${GITHUB_ENV}" | |
| - name: Check if cached buildx image exists | |
| id: cache-check | |
| run: | | |
| if ! docker pull ${{vars.AWS_ECR_REPO_BASE}}/moby/buildkit:buildx-stable-1 ; then | |
| docker pull docker.io/moby/buildkit:buildx-stable-1 | |
| docker tag docker.io/moby/buildkit:buildx-stable-1 ${{vars.AWS_ECR_REPO_BASE}}/moby/buildkit:buildx-stable-1 | |
| docker push ${{vars.AWS_ECR_REPO_BASE}}/moby/buildkit:buildx-stable-1 | |
| fi | |
| - name: Setup yarn | |
| uses: ./.github/actions/setup-yarn | |
| with: | |
| RUNS_ON_S3_BUCKET_CACHE: ${{ secrets.S3_DOCKER_CACHE_BUCKET }} | |
| - name: Building Docker images | |
| continue-on-error: true | |
| id: dockerbuild | |
| if: steps.gather.outcome == 'success' | |
| env: | |
| NODE_IMAGE_VERSION: ${{ needs.prepare.outputs.NODE_IMAGE_VERSION }} | |
| GIT_COMMIT_SHA: ${{ github.sha }} | |
| DOCKER_BASE_IMAGE_REGISTRY: ${{ env.DOCKER_BASE_IMAGE_REGISTRY }} | |
| run: | | |
| set -x | |
| echo "Node image tag is: '${NODE_IMAGE_VERSION}'" | |
| echo "Docker build args are: 'EXTRA_DOCKER_BUILD_ARGS'" | |
| export EXTRA_DOCKER_BUILD_ARGS | |
| ./scripts/ci/run-in-parallel.sh "90_${DOCKER_TYPE}" | |
| - name: Building Docker images Retry | |
| if: steps.gather.outcome == 'success' && steps.dockerbuild.outcome == 'failure' | |
| env: | |
| NODE_IMAGE_VERSION: ${{ needs.prepare.outputs.NODE_IMAGE_VERSION }} | |
| GIT_COMMIT_SHA: ${{ github.sha }} | |
| DOCKER_BASE_IMAGE_REGISTRY: ${{ env.DOCKER_BASE_IMAGE_REGISTRY }} | |
| run: | | |
| set -x | |
| echo "Node image tag is: '${NODE_IMAGE_VERSION}'" | |
| echo "Docker build args are: 'EXTRA_DOCKER_BUILD_ARGS'" | |
| export EXTRA_DOCKER_BUILD_ARGS | |
| ./scripts/ci/run-in-parallel.sh "90_${DOCKER_TYPE}" | |
| - name: Docker build output | |
| uses: cloudposse/github-action-matrix-outputs-write@v1 | |
| with: | |
| matrix-step-name: ${{ github.job }} | |
| matrix-key: ${{ env.MATRIX_ID }} | |
| outputs: |- | |
| value: ${{ env.JSON_value }} | |
| project: ${{ env.JSON_project }} | |
| target: ${{ env.JSON_target }} | |
| imageName: ${{ env.JSON_imageName }} | |
| imageTag: ${{ env.JSON_imageTag }} | |
| helm-docker-build: | |
| needs: | |
| - prepare | |
| - pre-checks | |
| if: needs.prepare.outputs.IMAGES && needs.pre-checks.outputs.PRE_CHECK != 'push' | |
| runs-on: arc-docker | |
| timeout-minutes: 30 | |
| env: | |
| FEATURE_NAME: ${{ needs.pre-checks.outputs.FEATURE_NAME }} | |
| DOCKER_TAG: ${{ needs.prepare.outputs.DOCKER_TAG}} | |
| GIT_BRANCH: ${{ needs.pre-checks.outputs.GIT_BRANCH }} | |
| NODE_IMAGE_VERSION: ${{ needs.prepare.outputs.NODE_IMAGE_VERSION }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Docker login | |
| run: ./scripts/ci/docker-login-ecr.sh | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-west-1 | |
| - name: Setup yarn | |
| uses: ./.github/actions/setup-yarn | |
| with: | |
| RUNS_ON_S3_BUCKET_CACHE: ${{ secrets.S3_DOCKER_CACHE_BUCKET }} | |
| - name: Docker build image | |
| working-directory: infra | |
| run: | | |
| echo Registry is: ${{env.DOCKER_BASE_IMAGE_REGISTRY}} | |
| echo Image tag is: ${{env.NODE_IMAGE_VERSION}} | |
| ./scripts/build-docker-container.sh "$DOCKER_TAG" | |
| echo "COMMENT<<EOF" >> "$GITHUB_ENV" | |
| echo "Affected services are: ${{needs.prepare.outputs.IMAGES}}" >> "$GITHUB_ENV" | |
| docker run --rm "${DOCKER_REGISTRY}/helm-config:$DOCKER_TAG" ingress-comment --images=${{needs.prepare.outputs.IMAGES}} --chart=islandis --feature="$FEATURE_NAME" >> "$GITHUB_ENV" | |
| echo 'EOF' >> "$GITHUB_ENV" | |
| env: | |
| PUBLISH: 'true' | |
| - name: Comment on PR | |
| if: needs.pre-checks.outputs.PRE_CHECK == 'feature-deploy' && !(needs.pre-checks.outputs.PRE_RELEASE == 'true') | |
| uses: actions/github-script@v7 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const updateComment = require('./.github/actions/update-comment.js') | |
| const { COMMENT } = process.env | |
| await updateComment({github, context, comment: COMMENT}) | |
| deploy-feature: | |
| runs-on: arc-runners | |
| if: ${{ !cancelled() | |
| && needs.pre-checks.result == 'success' | |
| && needs.pre-checks.outputs.PRE_CHECK == 'feature-deploy' | |
| && needs.helm-docker-build.result != 'failure' | |
| && needs.prepare.outputs.IMAGES != '' | |
| && needs.docker-build.result == 'success' }} | |
| permissions: | |
| id-token: write | |
| contents: write | |
| needs: | |
| - pre-checks | |
| - prepare | |
| - docker-build | |
| - helm-docker-build | |
| env: | |
| GIT_BRANCH_DEPLOY: ${{ needs.pre-checks.outputs.GIT_BRANCH_DEPLOY }} | |
| FEATURE_NAME: ${{ needs.pre-checks.outputs.FEATURE_NAME }} | |
| DOCKER_TAG: ${{ needs.prepare.outputs.DOCKER_TAG }} | |
| IMAGES: ${{ needs.prepare.outputs.IMAGES }} | |
| STAGE: 'dev' | |
| steps: | |
| - name: Checkout monorepo | |
| uses: actions/checkout@v4 | |
| with: | |
| path: monorepo | |
| fetch-depth: 0 | |
| - name: Get docker-build output | |
| uses: cloudposse/github-action-matrix-outputs-read@v1 | |
| id: read | |
| with: | |
| matrix-step-name: docker-build | |
| - name: Setup yarn | |
| uses: ./monorepo/.github/actions/setup-yarn | |
| with: | |
| working-directory: monorepo | |
| RUNS_ON_S3_BUCKET_CACHE: ${{ secrets.S3_DOCKER_CACHE_BUCKET }} | |
| - name: Install infra modules | |
| if: steps.infra-node-modules.outputs.cache-hit != 'true' | |
| working-directory: monorepo/infra | |
| run: | | |
| corepack enable && CI=true yarn install --immutable | |
| - name: Generate islandis feature-deployment charts for ArgoCD | |
| working-directory: monorepo/infra | |
| env: | |
| FEATURE_NAME: ${{ needs.pre-checks.outputs.FEATURE_NAME }} | |
| IMAGES: ${{ needs.prepare.outputs.IMAGES }} | |
| DOCKER_TAG: ${{ needs.prepare.outputs.DOCKER_TAG }} | |
| run: | | |
| for image in ${IMAGES//,/ }; do | |
| image=$(echo "$image" | tr -d "'") | |
| ./scripts/generate-feature-values.sh "$FEATURE_NAME" "$DOCKER_TAG" "$image" "$DOCKER_REGISTRY" | |
| done | |
| echo "Change directory to root" | |
| cd ../ | |
| git config user.name andes-it | |
| git config user.email [email protected] | |
| git add . | |
| git commit -m "feat: feature-deployment" | |
| - name: load-deps | |
| uses: ./monorepo/.github/actions/load-deps | |
| with: | |
| working-directory: monorepo | |
| - name: Prepare artifact to be uploaded | |
| working-directory: monorepo | |
| env: | |
| JSON_DATA: ${{ steps.read.outputs.result }} | |
| run: | | |
| node scripts/ci/docker/write-data.mjs | |
| - name: Get manifest data | |
| id: manifest | |
| working-directory: monorepo | |
| env: | |
| FEATURE_NAME: ${{ env.FEATURE_NAME }} | |
| DOCKER_TAG: ${{ env.DOCKER_TAG }} | |
| run: | | |
| node scripts/ci/docker/feature-deploy-bootstrap.mjs "$FEATURE_NAME" | |
| node scripts/ci/docker/feature-deploy-get-data.mjs | |
| - name: Commit and push to helm-values | |
| uses: ./monorepo/.github/actions/update-helm-values | |
| if: ${{ steps.manifest.outputs.MQ_HAS_OUTPUT == 'true' }} | |
| with: | |
| files: ${{ steps.manifest.outputs.MQ_CHANGED_FILES }} | |
| ssh-key: ${{ secrets.HELM_VALUES_SSH_KEY }} | |
| app-id: ${{ secrets.HELM_VALUES_APP_ID }} | |
| commit-msg: ${{ steps.manifest.outputs.MQ_COMMIT_MSG }} | |
| working-directory: monorepo | |
| - name: Get token | |
| id: get-token | |
| working-directory: monorepo | |
| shell: bash | |
| env: | |
| APP_ID: ${{ secrets.HELM_VALUES_APP_ID }} | |
| PRIVATE_KEY: ${{ secrets.HELM_VALUES_SSH_KEY }} | |
| run: | | |
| node scripts/ci/docker/get-github-token.mjs | |
| - name: Dispatch workflow to helm-values repository | |
| env: | |
| HELM_VALUES_TOKEN: ${{ steps.get-token.outputs.token }} | |
| FEATURE_NAME: ${{ env.FEATURE_NAME }} | |
| run: | | |
| repo_owner="island-is" | |
| repository="helm-values" | |
| echo "Dispatch workflow for feature name: $FEATURE_NAME" | |
| curl -X POST \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -H "Authorization: Bearer $HELM_VALUES_TOKEN" \ | |
| "https://api.github.com/repos/$repo_owner/$repository/dispatches" \ | |
| -d "{\"event_type\":\"deploy-feature\", \"client_payload\":{ \"feature_name\":\"$FEATURE_NAME\"}}" | |
| push-success: | |
| runs-on: arc-runners | |
| if: ${{ !cancelled() }} | |
| needs: | |
| - pre-checks | |
| - docker-build | |
| - deploy-feature | |
| steps: | |
| - name: Announce success | |
| if: needs.pre-checks.outputs.PRE_CHECK | |
| run: echo "Build is successful" | |
| - name: Announce skipped | |
| if: '!needs.pre-checks.outputs.PRE_CHECK' | |
| run: echo "Build was skipped" | |
| failure-notification: | |
| runs-on: arc-runners | |
| if: failure() && needs.pre-checks.outputs.PRE_CHECK && needs.pre-checks.outputs.PRE_CHECK != 'feature-deploy' | |
| needs: | |
| - pre-checks | |
| - prepare | |
| - docker-build | |
| - deploy-feature | |
| steps: | |
| - name: Send Slack notification | |
| uses: 8398a7/action-slack@v3 | |
| with: | |
| status: failure | |
| icon_emoji: ':broken_heart:' | |
| fields: repo,message,commit,author,action,eventName,ref,workflow,took # selectable (default: repo,message) | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # optional | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} # required | |
| scanflags: | |
| if: github.ref == 'ref/heads/main' | |
| runs-on: arc-runners | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Scan & upload main config | |
| uses: configcat/scan-repository@v2 | |
| with: | |
| api-user: ${{ secrets.CONFIGCAT_API_USER }} | |
| api-pass: ${{ secrets.CONFIGCAT_API_PASS }} | |
| config-id: ${{ env.CONFIGCAT_MAIN_CONFIG_ID }} | |
| - name: Scan & upload mobile app config | |
| uses: configcat/scan-repository@v2 | |
| with: | |
| api-user: ${{ secrets.CONFIGCAT_API_USER }} | |
| api-pass: ${{ secrets.CONFIGCAT_API_PASS }} | |
| config-id: ${{ env.CONFIGCAT_MOBILE_APP_CONFIG_ID }} | |
| sub-folder: apps/native |