[FX-NULL] Pass parameter to build-push-release-image (#361) #332
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
branches: | |
- master | |
env: | |
GITHUB_WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
jobs: | |
release: | |
name: Release | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
id-token: write | |
actions: write | |
pull-requests: write | |
issues: write | |
steps: | |
- name: Checkout Repo | |
uses: actions/[email protected] | |
with: | |
# This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits | |
fetch-depth: 0 | |
# This forces changesets to use git user, provided by GITHUB_TOKEN env var | |
persist-credentials: false | |
- name: GSM Secrets | |
id: secrets_manager | |
uses: toptal/davinci-github-actions/gsm-secrets@master | |
with: | |
workload_identity_provider: ${{ secrets.IDENTITY_POOL }} | |
service_account: ${{ secrets.SA_IDENTITY_POOL }} | |
secrets_name: |- | |
JENKINS_URL:toptal-ci/JENKINS_URL | |
JENKINS_CLIENT_ID:toptal-ci/JENKINS_CLIENT_ID | |
JENKINS_SA_CREDENTIALS:toptal-ci/JENKINS_SA_CREDENTIALS | |
SLACK_BOT_TOKEN:toptal-ci/SLACK_BOT_TOKEN | |
TOPTAL_DEVBOT_TOKEN:toptal-ci/TOPTAL_DEVBOT_TOKEN | |
TOPTAL_REPOACCESSBOT_TOKEN:toptal-ci/TOPTAL_REPOACCESSBOT_TOKEN | |
TOPTAL_TRIGGERBOT_TOKEN:toptal-ci/TOPTAL_TRIGGERBOT_TOKEN | |
TOPTAL_TRIGGERBOT_USERNAME:toptal-ci/TOPTAL_TRIGGERBOT_USERNAME | |
- name: Parse secrets | |
id: parse_secrets | |
uses: toptal/davinci-github-actions/expose-json-outputs@master | |
with: | |
json: ${{ steps.secrets_manager.outputs.secrets }} | |
- name: Set ENV Variables | |
run: |- | |
echo "SLACK_BOT_TOKEN=${{ steps.parse_secrets.outputs.SLACK_BOT_TOKEN }}" >> $GITHUB_ENV | |
echo "DEVBOT_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_DEVBOT_TOKEN }}" >> $GITHUB_ENV | |
- name: Set up node | |
uses: actions/[email protected] | |
with: | |
node-version: 20 | |
- uses: ./yarn-install | |
- name: Create Release Pull Request or Publish to npm | |
id: changesets | |
uses: changesets/[email protected] | |
with: | |
publish: yarn release | |
commit: 'chore: version packages' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Add no-jira label to "Version Package" PR | |
if: ${{ steps.changesets.outputs.published != 'true' }} | |
uses: actions/github-script@v7 | |
with: | |
github-token: ${{secrets.GITHUB_TOKEN}} | |
script: | | |
// Get list of all open PRs with | |
// head branch "changeset-release/master" | |
// (there should be max 1 PR with such condition) | |
const { data } = await github.rest.pulls.list({ | |
owner: 'toptal', | |
repo: 'davinci-github-actions', | |
state: 'open', | |
head: 'toptal:changeset-release/master' | |
}) | |
// add to all of them label "no-jira" | |
for await (let pr of data) { | |
github.rest.issues.addLabels({ | |
owner: 'toptal', | |
repo: 'davinci-github-actions', | |
issue_number: pr.number, | |
labels: [ | |
'no-jira' | |
] | |
}) | |
} | |
- name: Send a Slack notification on failure | |
if: ${{ failure() }} | |
uses: slackapi/[email protected] | |
with: | |
channel-id: '-frontend-exp-team-notifications' | |
slack-message: ":x: <!here> Current master version of davinci-github-actions is <${{ env.GITHUB_WORKFLOW_URL }}|broken>." | |
env: | |
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }} | |
- name: Send a Slack notification on success release | |
if: ${{ success() && steps.changesets.outputs.published == 'true' }} | |
uses: slackapi/[email protected] | |
with: | |
channel-id: '-frontend-exp-team-notifications' | |
slack-message: "Current master version of davinci-github-actions successfully released :green_heart:" | |
env: | |
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }} | |
- name: Send a Slack notification on success PR merge | |
if: ${{ success() && steps.changesets.outputs.published != 'true'}} | |
uses: slackapi/[email protected] | |
with: | |
channel-id: '-frontend-exp-team-notifications' | |
slack-message: "A new PR was merged to davinci-github-actions :parrotspin:" | |
env: | |
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }} | |
- name: Get new tag version | |
id: tag-version | |
if: ${{ steps.changesets.outputs.published == 'true' }} | |
run: | | |
echo LATEST_TAG=$(git describe --tags --abbrev=0) >> $GITHUB_OUTPUT | |
- name: Get toptal/actions | |
uses: actions/checkout@v4 | |
with: | |
repository: toptal/actions | |
token: ${{ steps.parse_secrets.outputs.TOPTAL_REPOACCESSBOT_TOKEN }} | |
path: ./.github/actions/ | |
- name: Replace toptal/actions/get-job-url@main from trigger-jenkins-job/action.yml | |
shell: bash | |
run: | | |
sed -i 's|toptal/actions/get-job-url@main|./.github/actions/get-job-url|' ./.github/actions/trigger-jenkins-job/action.yml | |
sed -i 's|toptal/actions/trigger-jenkins-job@main|./.github/actions/trigger-jenkins-job|' ./.github/actions/create-jira-deployment/action.yml | |
- name: Create Jira Deployment | |
uses: ./.github/actions/create-jira-deployment/ | |
if: ${{ always() && steps.changesets.outputs.published == 'true'}} | |
with: | |
jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_URL }} | |
jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }} | |
jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_TOKEN }} | |
jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_CLIENT_ID }} | |
jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }} | |
token: ${{ env.DEVBOT_TOKEN }} | |
environment: production | |
environment-url: https://github.com/toptal/davinci-github-actions/releases/tag/${{ steps.tag-version.outputs.LATEST_TAG }} | |
transient-environment: false | |
auto-inactive: false |