Skip to content

Deploy by @merschformann from develop #134

Deploy by @merschformann from develop

Deploy by @merschformann from develop #134

Workflow file for this run

name: release
run-name: Deploy by @${{ github.actor }} from ${{ github.ref_name }}
on:
workflow_dispatch:
inputs:
TARGET_ENVIRONMENT:
type: choice
description: "The environment to release to (dev, staging, prod)"
default: "dev"
required: true
options:
- dev
- staging
- prod
APPS:
type: string
description: "The apps to release, comma separated. E. g.: `go-highs-knapsack,java-ortools-knapsack`"
required: true
push:
branches:
- develop
permissions:
contents: read
packages: read
jobs:
determine_environments:
runs-on: ubuntu-latest
outputs:
environments: ${{ steps.set-environments.outputs.environments }}
steps:
- name: Set environments
id: set-environments
run: |
ENVIRONMENTS=""
if [ "${{ inputs.TARGET_ENVIRONMENT }}" != "" ]; then
echo "These are the environments to release => ${{ inputs.TARGET_ENVIRONMENT }}"
ENVIRONMENTS="['${{ inputs.TARGET_ENVIRONMENT }}']"
else
ENVIRONMENTS="['dev', 'staging', 'prod']"
fi
echo "These are the environments to release => ${ENVIRONMENTS}"
echo "environments=${ENVIRONMENTS}" >> $GITHUB_OUTPUT
update_apps:
runs-on: ubuntu-latest
needs: determine_environments
strategy:
fail-fast: false
matrix:
environment: ${{fromJson(needs.determine_environments.outputs.environments)}}
environment: ${{ matrix.environment }}
env:
BUCKET: ${{ secrets.S3_BUCKET }}
FOLDER: ${{ secrets.S3_FOLDER }}
MANIFEST: ${{ secrets.S3_MANIFEST }}
ROLE: ${{ secrets.AWS_DEVTOOLS_ROLE }}
REGION: ${{ secrets.AWS_REGION }}
GH_TOKEN: ${{ github.token }}
API_ENDPOINT: ${{ secrets.API_ENDPOINT }}
CONSOLE_URL: ${{ secrets.CONSOLE_URL }}
MARKETPLACE_API_KEY: ${{ secrets.MARKETPLACE_API_KEY }}
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
GO_VERSION: ""
PYTHON_VERSION: ""
APPS: ""
APP_NAMES: ""
FILTERS: ""
AUTOMATIC_APP_NAMES: false
permissions:
id-token: write
contents: write
steps:
- name: Configure git with the bot credentials
run: |
mkdir -p ~/.ssh
ssh-keyscan github.com >> ~/.ssh/known_hosts
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-add - <<< "${{ secrets.NEXTMVBOT_SSH_KEY }}"
echo "${{ secrets.NEXTMVBOT_SIGNING_KEY }}" > ~/.ssh/signing.key
chmod 600 ~/.ssh/signing.key
git config --global user.name "nextmv-bot"
git config --global user.email "tech+gh-nextmv-bot@nextmv.io"
git config --global gpg.format ssh
git config --global user.signingkey ~/.ssh/signing.key
git clone git@github.com:nextmv-io/community-apps.git
cd community-apps
git fetch --all
git checkout ${{ github.ref_name }}
git pull
- name: determine if apps are provided through inputs or we need filters
run: |
export APPS="${{ inputs.APPS }}"
if [ $APPS != '' ]; then
echo "These are the apps to release => $APPS"
echo "APPS=${APPS}" >> $GITHUB_ENV
exit 0
fi
export AUTOMATIC_APP_NAMES=true
echo "AUTOMATIC_APP_NAMES=${AUTOMATIC_APP_NAMES}" >> $GITHUB_ENV
APP_NAMES_ARRAY=$(yq '.apps[].name' workflow-configuration.yml)
APP_NAMES=$(echo ${APP_NAMES_ARRAY[@]} | tr '\n' ' ')
echo "APP_NAMES=${APP_NAMES}" >> $GITHUB_ENV
FILTERS_FILE="../.github/filters.yml"
touch $FILTERS_FILE
for app in ${APP_NAMES[@]}; do
echo "${app}:" >> $FILTERS_FILE
echo " - '${app}/**'" >> $FILTERS_FILE
done
echo "Successfully created filters and wrote them to ${FILTERS_FILE}"
cat $FILTERS_FILE
working-directory: ./community-apps/.nextmv
- name: Filter changed directories
id: filter
if: ${{ env.AUTOMATIC_APP_NAMES == 'true' }}
uses: dorny/paths-filter@v3
with:
filters: .github/filters.yml
working-directory: ./community-apps
- name: Create comma-separated string of changed paths
if: ${{ env.AUTOMATIC_APP_NAMES == 'true' }}
run: |
export APPS=""
OUTPUTS=$(echo '${{ toJson(steps.filter.outputs) }}' | jq .)
for app in $(echo "${{ env.APP_NAMES }}"); do
if [ $(echo $OUTPUTS | jq -r --arg app "$app" '.[$app]') == "true" ]; then
APPS="${APPS}${app},"
fi
done
# Remove trailing comma
APPS="${APPS%,}"
echo "These are the apps to release => $APPS"
echo "APPS=${APPS}" >> $GITHUB_ENV
- name: set Python version
if: ${{ env.APPS != '' }}
run: |
export PYTHON_VERSION=$(yq '.language-support.python.version' workflow-configuration.yml)
echo "This is the Python version => $PYTHON_VERSION"
echo "PYTHON_VERSION=${PYTHON_VERSION}" >> $GITHUB_ENV
working-directory: ./community-apps/.nextmv
- name: set up Python
if: ${{ env.APPS != '' }}
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: set go version
if: ${{ env.APPS != '' }}
run: |
export GO_VERSION=$(yq '.language-support.go.version' workflow-configuration.yml)
echo "This is the Go version => $GO_VERSION"
echo "GO_VERSION=${GO_VERSION}" >> $GITHUB_ENV
working-directory: ./community-apps/.nextmv
- name: set up go
if: ${{ env.APPS != '' }}
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Install zig
if: ${{ env.APPS != '' }}
run: |
SIGNATURE="2d00e789fec4f71790a6e7bf83ff91d564943c5ee843c5fd966efc474b423047 zig-linux-x86_64-0.11.0.tar.xz"
curl -sSfL https://ziglang.org/download/0.11.0/zig-linux-x86_64-0.11.0.tar.xz -o zig-linux-x86_64-0.11.0.tar.xz
echo $SIGNATURE | sha256sum -c
tar -xf zig-linux-x86_64-0.11.0.tar.xz
sudo ln -s $PWD/zig-linux-x86_64-0.11.0/zig /usr/local/bin/zig
zig version
- name: Install Python dependencies
if: ${{ env.APPS != '' }}
run: |
pip install --upgrade pip
pip install -r requirements.txt
working-directory: ./community-apps/.nextmv/release
- name: Set up AWS CLI
if: ${{ env.APPS != '' }}
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.ROLE }}
aws-region: ${{ env.REGION }}
role-duration-seconds: 1200
- name: Set up JDK
if: ${{ env.APPS != '' }}
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 21
cache: "maven"
- name: Install Nextmv CLI
if: ${{ env.APPS != '' }}
run: |
export NEXTMV_API_KEY=$MARKETPLACE_API_KEY
export NEXTMV_BASE_URL=https://$API_ENDPOINT
curl -sS "https://$CONSOLE_URL/install-cli.txt" | bash -
- name: Set up Nextmv CLI
if: ${{ env.APPS != '' }}
run: |
export PATH=$PATH:~/.nextmv # Make CLI available in non-interactive shell
nextmv configure \
--api-key $MARKETPLACE_API_KEY \
-e $API_ENDPOINT
nextmv activate
nextmv sdk install
- name: Release the apps
if: ${{ env.APPS != '' }}
run: |
export PATH=$PATH:~/.nextmv # Make CLI available in non-interactive shell
export SLACK_NOTIFY_PARAM="" # Only notify slack for prod releases
if [ ${{ matrix.environment }} == "prod" ]; then
export SLACK_NOTIFY_PARAM="--slack-url ${{ secrets.SLACK_URL_MISSION_CONTROL }}"
fi
python main.py \
--apps "${{ env.APPS }}" \
--bucket "${{ env.BUCKET }}" \
--folder "${{ env.FOLDER }}" \
--manifest "${{ env.MANIFEST }}" \
$SLACK_NOTIFY_PARAM
working-directory: ./community-apps/.nextmv/release