-
Notifications
You must be signed in to change notification settings - Fork 26
150 lines (147 loc) · 5.47 KB
/
release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
name: Release ThirdEye
on:
# a release must be triggered manually
workflow_dispatch:
jobs:
# cache things?
release-thirdeye-ui:
runs-on: ubuntu-latest
environment: github-production
timeout-minutes: 20
steps:
- name: Pull repository
uses: actions/checkout@v4
with:
sparse-checkout: |
thirdeye-ui
- name: Set git ci user info
run: |
git config --global user.email "[email protected]"
git config --global user.name "ThirdEye CI"
- name: Install node and npm
uses: actions/setup-node@v3
with:
node-version: 14
cache: "npm"
cache-dependency-path: './thirdeye-ui/package-lock.json'
- name: Release UI
run: |
cd thirdeye-ui
npm ci --legacy-peer-deps
npm run build
export GH_SHA=$(git log -1 --format="%H")
npm run release
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
SLACK_WEBHOOK: ${{ secrets.UI_SLACK_WEBHOOK }}
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
SENTRY_AUTH_TOKEN: ${{ secrets.UI_SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ secrets.UI_SENTRY_ORG }}
SENTRY_PROJECT : ${{ secrets.UI_SENTRY_PROJECT }}
- name: Slack - Notify Success
uses: rtCamp/action-slack-notify@v2
env:
SLACK_COLOR: ${{ job.status }}
SLACK_MESSAGE: "ThirdEye frontend release succeeded."
SLACK_TITLE: SUCCESS
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
- name: Slack - Notify Failure
uses: rtCamp/action-slack-notify@v2
if: failure()
env:
SLACK_COLOR: ${{ job.status }}
SLACK_MESSAGE: "@here - ThirdEye frontend release failed."
SLACK_TITLE: FAILURE
SLACK_LINK_NAMES: true
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
release-thirdeye:
runs-on: ubuntu-latest
environment: github-production
timeout-minutes: 20
# This workflow pushes a branch to origin/master which would break the ui release. Wait for the ui release to finish
needs: release-thirdeye-ui
steps:
- name: Pull repository
uses: actions/checkout@v4
- name: Install JDK 21
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'
- name: Set git ci user info
run: |
git config --global user.email "[email protected]"
git config --global user.name "ThirdEye CI"
- name: Setup SSH key of privileged github ci account
# an action is available for this, but it's not an official one, need to perform security checks before using it
run: |
mkdir -p ~/.ssh
ssh-keyscan github.com > ~/.ssh/known_hosts
echo "${{ secrets.GH_THIRDEYE_CI_PRIVATE_KEY }}" > ~/.ssh/github_key
chmod 400 ~/.ssh/github_key
cat > ~/.ssh/config <<EOF
Host github.com
HostName github.com
IdentityFile ~/.ssh/github_key
EOF
if (ssh -T [email protected] 2>&1 | grep -q 'successfully'); then
echo "SSH connection to github successful."
else
echo "Could not connect to github with ssh" || exit 1
fi
- name: Cache - restore local Maven repository
id: cache-restore
uses: actions/cache/restore@v3
with:
path: |
~/.m2/repository
~/.m2/wrapper
key: publish-${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: release-${{ runner.os }}-maven-
- name: Set maven repository settings
uses: s4u/[email protected]
with:
servers: >
[
{
"id": "startree-snapshots",
"username": "${{ env.MVN_REPOSITORY_USERNAME }}",
"password": "${{ env.MVN_REPOSITORY_PASSWORD }}"
},
{
"id": "startree-releases",
"username": "${{ env.MVN_REPOSITORY_USERNAME }}",
"password": "${{ env.MVN_REPOSITORY_PASSWORD }}"
}
]
env:
MVN_REPOSITORY_USERNAME: ${{ secrets.MVN_ARTIFACTORY_USERNAME }}
MVN_REPOSITORY_PASSWORD: ${{ secrets.MVN_ARTIFACTORY_TOKEN }}
- name: Perform Maven release
run: |
./mvnw -B -DskipTests -Darguments=-DskipTests release:clean initialize release:prepare
- name: Cache - save local Maven repository
uses: actions/cache/save@v3
# save to cache only if necessary - cache even if failed (useful if some steps are flaky)
if: steps.cache-restore.outputs.cache-hit != 'true' && ( failure() || success())
with:
path: |
~/.m2/repository
~/.m2/wrapper
key: publish-${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
- name: Slack - Notify Success
uses: rtCamp/action-slack-notify@v2
env:
SLACK_COLOR: ${{ job.status }}
SLACK_MESSAGE: "ThirdEye backend release succeeded."
SLACK_TITLE: SUCCESS
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
- name: Slack - Notify Failure
uses: rtCamp/action-slack-notify@v2
if: failure()
env:
SLACK_COLOR: ${{ job.status }}
SLACK_MESSAGE: "@here - ThirdEye backend release failed."
SLACK_TITLE: FAILURE
SLACK_LINK_NAMES: true
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}