-
Notifications
You must be signed in to change notification settings - Fork 1
196 lines (163 loc) · 6.24 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
name: terraware-server
on:
push:
branches:
- main
# Renovate waits for CI builds to succeed before opening PRs, so we need to run builds on
# pushes to its branches.
- renovate/**
tags:
# Releases with date-based tags, e.g., v20230411.1
- v2[0-9]+.[0-9]+
pull_request:
branches-ignore:
# No need to run the workflow on Renovate PRs; it will have already run on the branches.
- renovate/**
permissions:
id-token: write
contents: read
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
# Cancel in-progress builds on PRs, but not on staging deploys.
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
jobs:
build:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Fetch tip of main branch to support diffing
run: git fetch --depth 1 origin main
- name: Set environment
run: ./.github/scripts/set-environment.sh
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets[env.AWS_ROLE_SECRET_NAME] }}
aws-region: ${{ secrets[env.AWS_REGION_SECRET_NAME] }}
- name: Set up Java
id: setup-java
uses: actions/setup-java@v4
with:
distribution: "corretto"
java-version: "23"
- name: Tell Gradle where the Java installation is
run: |
echo "org.gradle.java.installations.paths=${{ steps.setup-java.outputs.path }}" >> gradle.properties
- name: Cache dependencies
id: cache-gradle
uses: actions/cache@v4
with:
path: |
~/.gradle
~/.m2
node_modules
key: 4-${{ hashFiles('*.gradle.kts', 'gradle.properties', 'yarn.lock') }}
# The build/test process is broken out into individual steps here so it's easier to watch
# the progress of the build in the GitHub UI and so it's clearer what failed if the build
# has problems; locally, "./gradlew check" will do all this in a single command.
- name: Download dependencies
run: |
docker pull postgres:13
./gradlew downloadDependencies yarn
- name: Generate jOOQ classes
run: ./gradlew generateJooqClasses
- name: Check code style
run: ./gradlew spotlessCheck
- name: Compile main
run: ./gradlew classes
- name: Generate OpenAPI docs to test that server can start up
run: ./gradlew generateOpenApiDocs
# The "yq" command here removes some values that are always different between staging and
# CI but aren't actual changes to the API schema; that way the diff will show "no changes"
# if the schema itself hasn't changed.
- name: Diff OpenAPI docs against staging
run: |
if curl -f -s https://staging.terraware.io/v3/api-docs.yaml > /tmp/staging.yaml; then
for f in openapi.yaml /tmp/staging.yaml; do
yq -i '
.info.version = null |
.servers[0].url = null |
.components.securitySchemes.openId.openIdConnectUrl = null' "$f"
done
diff -u /tmp/staging.yaml openapi.yaml || true
else
echo Unable to fetch OpenAPI schema from staging
fi
- name: Compile tests
run: ./gradlew testClasses
- name: Run tests
run: ./gradlew test
- name: Run tests that depend on external services
# If there's a problem with an external service, we don't want the workflow to fail, but we
# still want errors flagged in the workflow's log.
continue-on-error: true
if: env.IS_CD == 'false'
run: ./gradlew test --tests='*ExternalTest'
env:
TERRAWARE_ATLASSIAN_ACCOUNT: ${{ secrets.TEST_ATLASSIAN_ACCOUNT }}
TERRAWARE_ATLASSIAN_APIHOST: ${{ secrets.TEST_ATLASSIAN_HOST }}
TERRAWARE_ATLASSIAN_APITOKEN: ${{ secrets.TEST_ATLASSIAN_TOKEN }}
TERRAWARE_ATLASSIAN_SERVICEDESKKEY: ${{ secrets.TEST_ATLASSIAN_SERVICE_DESK_KEY }}
TEST_BALENA_API_KEY: ${{ secrets.TEST_BALENA_API_KEY }}
TEST_S3_BUCKET_NAME: terraware-ci-test
- name: Extract Docker image layers
run: make -C docker prepare
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log into Docker Hub
if: env.DOCKER_TAGS != ''
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Cache Docker build layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: 2-buildx
- name: Build Docker image and push if on main branch or tag
uses: docker/build-push-action@v6
with:
context: build/docker
tags: ${{ env.DOCKER_TAGS }}
platforms: linux/amd64,linux/arm64
push: ${{ env.DOCKER_TAGS != '' }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,mode=max,dest=/tmp/.buildx-cache-new
- name: Move Docker build cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Connect to Tailscale
uses: tailscale/github-action@v2
with:
oauth-client-id: ${{ secrets.TAILSCALE_OAUTH_CLIENT_ID }}
oauth-secret: ${{ secrets.TAILSCALE_OAUTH_CLIENT_SECRET }}
tags: tag:github
- name: Deploy
if: env.IS_CD == 'true'
env:
SSH_KEY: ${{ secrets[env.SSH_KEY_SECRET_NAME] }}
SSH_USER: ${{ secrets[env.SSH_USER_SECRET_NAME] }}
run: ./.github/scripts/deploy.sh
- name: Log into Jira
if: env.TIER == 'PROD'
uses: atlassian/gajira-login@master
env:
JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
- name: Create Jira Transition List
if: env.TIER == 'PROD'
run: >
curl https://terraware.github.io/terraware-server/unreleased.log |
grep -E 'SW-[0-9]+' -o |
sort -u > ./docs/jiralist.txt
- name: Transition Jira Issues
if: env.TIER == 'PROD'
uses: terraware/gajira-transition-multiple@master
with:
issueList: ./docs/jiralist.txt
transition: "Released to Production from Done"