ci: deploying to argocd

.github/actions/update-helm-values/action.yml

@@ -0,0 +1,61 @@
+name: 'Update helm-values charts'
+description: 'Copys the changeset in charts folder to helm-values repository'
+
+inputs:
+  files:
+    description: 'Comma seperated string of paths to copy'
+    default: ''
+    required: false
+  ssh-key:
+    description: 'SSH key so the action can fetch and push to the helm-values repository'
+    required: true
+  app-id:
+    description: 'App ID for the GitHub App'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Get token
+      id: get-token
+      shell: bash
+      env: 
+        APP_ID: ${{ inputs.app-id }}
+        PRIVATE_KEY: ${{ inputs.ssh-key }}
+      run: |
+        node scripts/ci/docker/get-github-token.mjs
+    - name: Checkout helm-values repository
+      uses: actions/checkout@v4
+      with:
+        repository: island-is/helm-values
+        ref: main
+        token: ${{ steps.get-token.outputs.token }}
+        path: helm-values
+    - name: Copy affected helm charts from island.is repository to helm-values repository
+      shell: bash
+      env:
+        files: ${{ inputs.files }}
+      run: |
+        IFS=$IFS,
+        paths=()
+        read -a paths <<< $files
+        echo "$files\n$paths"
+        for path in ${paths[@]}; do
+          export DEST="helm-values/charts/${path#charts/}"
+          export DEST_PATH=$(dirname $DEST)
+          mkdir -p $DEST_PATH
+          echo "Copying filepath: ${path} to $DEST"
+          cp "$path" "$DEST"
+        done
+    - name: Commit and push changes to helm-values repository
+      if: ${{ inputs.files != '' }}
+      shell: bash
+      run: |
+        cd helm-values
+        git config --global user.email "[email protected]"
+        git config --global user.name "CI Bot"
+
+        git add .
+        git commit -m "Updated helm charts"
+        echo "Showing changeset\n $(git show)"
+        git push

.github/workflows/install.yml

@@ -1,7 +1,26 @@
 name: 'Prep Dependencies'
 on:
   workflow_call:
+    inputs:
+      main_branch:
+        default: 'main'
+        type: string
+      run_merge_queue:
+        description: 'Should the merge que step run'
+        required: false
+        type: boolean
+        default: false
     outputs:
+      MQ_SHA:
+        value: ${{ jobs.install.outputs.MQ_SHA}}
+      MQ_DOCKER_TAG:
+        value: ${{ jobs.install.outputs.MQ_DOCKER_TAG }}
+      MQ_ARTIFACT_NAME:
+        value: ${{ jobs.install.outputs.MQ_ARTIFACT_NAME }}
+      MQ_GIT_BRANCH:
+        value: ${{ jobs.install.outputs.MQ_GIT_BRANCH }}
+      MQ_SHOULD_RUN_BUILD:
+        value: ${{ jobs.install.outputs.MQ_SHOULD_RUN_BUILD}}
       TEST_CHUNKS:
         value: ${{ jobs.install.outputs.TEST_CHUNKS }}
       E2E_CHUNKS:
@@ -53,16 +72,24 @@ env:
 jobs:
   install:
     outputs:
+      MQ_SHA: ${{ steps.prepare-merge-queue.outputs.GIT_SHA }}
+      MQ_DOCKER_TAG: ${{ steps.prepare-merge-queue.outputs.DOCKER_TAG }}
+      MQ_ARTIFACT_NAME: ${{ steps.prepare-merge-queue.outputs.ARTIFACT_NAME }}
+      MQ_GIT_BRANCH: ${{ steps.prepare-merge-queue.outputs.GIT_BRANCH }}
+      MQ_SHOULD_RUN_BUILD: ${{ steps.prepare-merge-queue.outputs.SHOULD_RUN_BUILD }}
       LINT_CHUNKS: ${{ steps.lint_projects.outputs.CHUNKS }}
       TEST_CHUNKS: ${{ steps.test_projects.outputs.CHUNKS }}
       E2E_CHUNKS: ${{ steps.e2e_projects.outputs.CHUNKS }}
       BUILD_CHUNKS: ${{ steps.build_projects.outputs.CHUNKS }}
-      DOCKER_CHUNKS: ${{ steps.docker_projects.outputs.CHUNKS }}
+      DOCKER_CHUNKS: ${{ steps.docker_projects.outputs.BUILD_CHUNKS }}
       E2E_BUILD_ID: ${{ steps.e2e_projects.outputs.E2E_BUILD_ID }}
       NX_HEAD: ${{ steps.export-sha.outputs.NX_HEAD }}
       NX_BASE: ${{ steps.export-sha.outputs.NX_BASE }}
       DEPLOY_FEATURE: ${{ steps.set-outputs.outputs.DEPLOY_FEATURE }}
     runs-on: arc-runners
+    permissions:
+      contents: 'read'
+      actions: 'read'
     steps:
       - name: Set outputs
         id: set-outputs
@@ -73,21 +100,44 @@ jobs:
       - name: checkout
         uses: actions/checkout@v4
         with:
-          fetch-depth: 0
-
+          fetch-depth: 0  
       - name: Setup yarn
         uses: ./.github/actions/setup-yarn
-
       - name: load-deps
         uses: ./.github/actions/load-deps
-
+      - id: get-branch
+        env:
+          RAW_REF: ${{ inputs.main_branch }}
+        run: |
+          echo "MAIN_BRANCH=${RAW_REF#refs/heads/}" >> $GITHUB_OUTPUT
+          echo "MAIN_BRANCH=${RAW_REF#refs/heads/}"
       - name: Derive appropriate SHAs
+        if: ${{ inputs.run_merge_queue == false }}
         uses: nrwl/nx-set-shas@v4
+        with:
+          main-branch-name: ${{ steps.get-branch.outputs.MAIN_BRANCH }}
 
       - name: Set base/head sha output
         id: export-sha
         shell: bash
         run: |
+          if [[ "${{ inputs.run_merge_queue }}" == "true" ]]; then
+            # In merge que we always want to use the last 
+            # commit as head - last commit sha is alway succesful
+            # since else it won't get merged!
+            # checkout this PR: https://github.com/nrwl/nx-set-shas/pull/145/files
+            # when this gets merged we can remove this hack!
+            #
+            # If we do not do this we will get the wrong base sha
+            # :(
+            export NX_HEAD=${{ github.sha }}
+            export NX_BASE=$(git rev-parse HEAD^1)
+            echo NX_HEAD="$NX_HEAD" >> "$GITHUB_OUTPUT"
+            echo NX_BASE="$NX_BASE" >> "$GITHUB_OUTPUT"
+            echo HEAD="$NX_HEAD" >> "$GITHUB_ENV"
+            echo BASE="$NX_BASE" >> "$GITHUB_ENV"
+            exit 0
+          fi
           echo NX_HEAD="${{ env.NX_HEAD }}" >> "$GITHUB_OUTPUT"
           echo NX_BASE="${{ env.NX_BASE }}" >> "$GITHUB_OUTPUT"
           # NOTE: we reference BASE and HEAD elsewhere
@@ -102,6 +152,11 @@ jobs:
         run: |
           git config --global user.email "[email protected]"
           git config --global user.name "CI Bot"
+      - name: Prepare merge queue
+        id: prepare-merge-queue
+        if: ${{ inputs.run_merge_queue == true }}
+        run: |
+          node scripts/ci/docker/generate-tag.mjs
 
       # This is to increase the retention days for our GitHub Actions run events
       # See this for more information:
@@ -110,7 +165,7 @@ jobs:
         uses: actions/upload-artifact@b18b1d32f3f31abcdc29dee3f2484801fe7822f4
 
         # Don't run this step locally
-        if: ${{ !github.event.localrun }}
+        if: ${{ !github.event.localrun && inputs.run_merge_queue == false }}
         with:
           name: pr-event
           path: event.json
@@ -167,7 +222,6 @@ jobs:
           if [[ "$CHUNKS" != "[]" ]]; then
             echo "CHUNKS={\"projects\":$CHUNKS}" >> "$GITHUB_OUTPUT"
           fi
-
       - name: Prepare docker build targets
         id: docker_projects
         if: ${{ steps.set-outputs.outputs.DEPLOY_FEATURE != 'true' }}
@@ -176,7 +230,8 @@ jobs:
           CHUNKS="$(./scripts/ci/generate-docker-chunks.sh docker-express docker-next docker-static docker-playwright docker-jest)"
           echo "CHUNKS: '$CHUNKS'"
           if [[ "$CHUNKS" != "[]" ]]; then
-            echo CHUNKS="$CHUNKS" >> "$GITHUB_OUTPUT"
+            echo BUILD_CHUNKS=$(echo "$CHUNKS" | jq -cM '. | map("\(.|tostring)")') >> "$GITHUB_OUTPUT"
+            echo "CHUNKS='$CHUNKS'" >> "$GITHUB_OUTPUT"
           fi
 
       - name: License audit Node modules