-
Notifications
You must be signed in to change notification settings - Fork 1
159 lines (142 loc) · 6.21 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
name: Release
on:
push:
branches:
- master
env:
GITHUB_WORKFLOW_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
jobs:
release:
name: Release
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
actions: write
pull-requests: write
issues: write
steps:
- name: Checkout Repo
uses: actions/[email protected]
with:
# This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits
fetch-depth: 0
# This forces changesets to use git user, provided by GITHUB_TOKEN env var
persist-credentials: false
- name: GSM Secrets
id: secrets_manager
uses: toptal/davinci-github-actions/gsm-secrets@master
with:
workload_identity_provider: ${{ secrets.IDENTITY_POOL }}
service_account: ${{ secrets.SA_IDENTITY_POOL }}
secrets_name: |-
JENKINS_URL:toptal-ci/JENKINS_URL
JENKINS_CLIENT_ID:toptal-ci/JENKINS_CLIENT_ID
JENKINS_SA_CREDENTIALS:toptal-ci/JENKINS_SA_CREDENTIALS
SLACK_BOT_TOKEN:toptal-ci/SLACK_BOT_TOKEN
TOPTAL_DEVBOT_TOKEN:toptal-ci/TOPTAL_DEVBOT_TOKEN
TOPTAL_REPOACCESSBOT_TOKEN:toptal-ci/TOPTAL_REPOACCESSBOT_TOKEN
TOPTAL_TRIGGERBOT_TOKEN:toptal-ci/TOPTAL_TRIGGERBOT_TOKEN
TOPTAL_TRIGGERBOT_USERNAME:toptal-ci/TOPTAL_TRIGGERBOT_USERNAME
- name: Parse secrets
id: parse_secrets
uses: toptal/davinci-github-actions/expose-json-outputs@master
with:
json: ${{ steps.secrets_manager.outputs.secrets }}
- name: Set ENV Variables
run: |-
echo "SLACK_BOT_TOKEN=${{ steps.parse_secrets.outputs.SLACK_BOT_TOKEN }}" >> $GITHUB_ENV
echo "DEVBOT_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_DEVBOT_TOKEN }}" >> $GITHUB_ENV
- name: Set up node
uses: actions/[email protected]
with:
node-version: 20
- uses: ./yarn-install
- name: Create Release Pull Request or Publish to npm
id: changesets
uses: changesets/[email protected]
with:
publish: yarn release
commit: 'chore: version packages'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Add no-jira label to "Version Package" PR
if: ${{ steps.changesets.outputs.published != 'true' }}
uses: actions/github-script@v7
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
// Get list of all open PRs with
// head branch "changeset-release/master"
// (there should be max 1 PR with such condition)
const { data } = await github.rest.pulls.list({
owner: 'toptal',
repo: 'davinci-github-actions',
state: 'open',
head: 'toptal:changeset-release/master'
})
// add to all of them label "no-jira"
for await (let pr of data) {
github.rest.issues.addLabels({
owner: 'toptal',
repo: 'davinci-github-actions',
issue_number: pr.number,
labels: [
'no-jira'
]
})
}
- name: Send a Slack notification on failure
if: ${{ failure() }}
uses: slackapi/[email protected]
with:
channel-id: '-frontend-exp-team-notifications'
slack-message: ":x: <!here> Current master version of davinci-github-actions is <${{ env.GITHUB_WORKFLOW_URL }}|broken>."
env:
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }}
- name: Send a Slack notification on success release
if: ${{ success() && steps.changesets.outputs.published == 'true' }}
uses: slackapi/[email protected]
with:
channel-id: '-frontend-exp-team-notifications'
slack-message: "Current master version of davinci-github-actions successfully released :green_heart:"
env:
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }}
- name: Send a Slack notification on success PR merge
if: ${{ success() && steps.changesets.outputs.published != 'true'}}
uses: slackapi/[email protected]
with:
channel-id: '-frontend-exp-team-notifications'
slack-message: "A new PR was merged to davinci-github-actions :parrotspin:"
env:
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }}
- name: Get new tag version
id: tag-version
if: ${{ steps.changesets.outputs.published == 'true' }}
run: |
echo LATEST_TAG=$(git describe --tags --abbrev=0) >> $GITHUB_OUTPUT
- name: Get toptal/actions
uses: actions/checkout@v4
with:
repository: toptal/actions
token: ${{ steps.parse_secrets.outputs.TOPTAL_REPOACCESSBOT_TOKEN }}
path: ./.github/actions/
- name: Replace toptal/actions/get-job-url@main from trigger-jenkins-job/action.yml
shell: bash
run: |
sed -i 's|toptal/actions/get-job-url@main|./.github/actions/get-job-url|' ./.github/actions/trigger-jenkins-job/action.yml
sed -i 's|toptal/actions/trigger-jenkins-job@main|./.github/actions/trigger-jenkins-job|' ./.github/actions/create-jira-deployment/action.yml
- name: Create Jira Deployment
uses: ./.github/actions/create-jira-deployment/
if: ${{ always() && steps.changesets.outputs.published == 'true'}}
with:
jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_URL }}
jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}
jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_TOKEN }}
jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_CLIENT_ID }}
jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }}
token: ${{ env.DEVBOT_TOKEN }}
environment: production
environment-url: https://github.com/toptal/davinci-github-actions/releases/tag/${{ steps.tag-version.outputs.LATEST_TAG }}
transient-environment: false
auto-inactive: false