Deploy by @sebastian-quintero from develop #150
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release | |
| run-name: Deploy by @${{ github.actor }} from ${{ github.ref_name }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| TARGET_ENVIRONMENT: | |
| type: choice | |
| description: "The environment to release to (dev, staging, prod)" | |
| default: "dev" | |
| required: true | |
| options: | |
| - dev | |
| - staging | |
| - prod | |
| APPS: | |
| type: string | |
| description: "The apps to release, comma separated. E. g.: `go-highs-knapsack,java-ortools-knapsack`" | |
| required: true | |
| push: | |
| branches: | |
| - develop | |
| permissions: | |
| contents: read | |
| packages: read | |
| jobs: | |
| determine_environments: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| environments: ${{ steps.set-environments.outputs.environments }} | |
| steps: | |
| - name: Set environments | |
| id: set-environments | |
| run: | | |
| ENVIRONMENTS="" | |
| if [ "${{ inputs.TARGET_ENVIRONMENT }}" != "" ]; then | |
| echo "These are the environments to release => ${{ inputs.TARGET_ENVIRONMENT }}" | |
| ENVIRONMENTS="['${{ inputs.TARGET_ENVIRONMENT }}']" | |
| else | |
| ENVIRONMENTS="['dev', 'staging', 'prod']" | |
| fi | |
| echo "These are the environments to release => ${ENVIRONMENTS}" | |
| echo "environments=${ENVIRONMENTS}" >> $GITHUB_OUTPUT | |
| update_apps: | |
| runs-on: ubuntu-latest | |
| needs: determine_environments | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| environment: ${{fromJson(needs.determine_environments.outputs.environments)}} | |
| environment: ${{ matrix.environment }} | |
| env: | |
| BUCKET: ${{ secrets.S3_BUCKET }} | |
| FOLDER: ${{ secrets.S3_FOLDER }} | |
| MANIFEST: ${{ secrets.S3_MANIFEST }} | |
| ROLE: ${{ secrets.AWS_DEVTOOLS_ROLE }} | |
| REGION: ${{ secrets.AWS_REGION }} | |
| GH_TOKEN: ${{ github.token }} | |
| API_ENDPOINT: ${{ secrets.API_ENDPOINT }} | |
| CONSOLE_URL: ${{ secrets.CONSOLE_URL }} | |
| MARKETPLACE_API_KEY: ${{ secrets.MARKETPLACE_API_KEY }} | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| GO_VERSION: "" | |
| PYTHON_VERSION: "" | |
| APPS: "" | |
| APP_NAMES: "" | |
| FILTERS: "" | |
| AUTOMATIC_APP_NAMES: false | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: Configure git with the bot credentials | |
| run: | | |
| mkdir -p ~/.ssh | |
| ssh-keyscan github.com >> ~/.ssh/known_hosts | |
| ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
| ssh-add - <<< "${{ secrets.NEXTMVBOT_SSH_KEY }}" | |
| echo "${{ secrets.NEXTMVBOT_SIGNING_KEY }}" > ~/.ssh/signing.key | |
| chmod 600 ~/.ssh/signing.key | |
| git config --global user.name "nextmv-bot" | |
| git config --global user.email "tech+gh-nextmv-bot@nextmv.io" | |
| git config --global gpg.format ssh | |
| git config --global user.signingkey ~/.ssh/signing.key | |
| git clone git@github.com:nextmv-io/community-apps.git | |
| cd community-apps | |
| git fetch --all | |
| git checkout ${{ github.ref_name }} | |
| git pull | |
| - name: determine if apps are provided through inputs or we need filters | |
| run: | | |
| export APPS="${{ inputs.APPS }}" | |
| if [ $APPS != '' ]; then | |
| echo "These are the apps to release => $APPS" | |
| echo "APPS=${APPS}" >> $GITHUB_ENV | |
| exit 0 | |
| fi | |
| export AUTOMATIC_APP_NAMES=true | |
| echo "AUTOMATIC_APP_NAMES=${AUTOMATIC_APP_NAMES}" >> $GITHUB_ENV | |
| APP_NAMES_ARRAY=$(yq '.apps[].name' workflow-configuration.yml) | |
| APP_NAMES=$(echo ${APP_NAMES_ARRAY[@]} | tr '\n' ' ') | |
| echo "APP_NAMES=${APP_NAMES}" >> $GITHUB_ENV | |
| FILTERS_FILE="../.github/filters.yml" | |
| touch $FILTERS_FILE | |
| for app in ${APP_NAMES[@]}; do | |
| echo "${app}:" >> $FILTERS_FILE | |
| echo " - '${app}/**'" >> $FILTERS_FILE | |
| done | |
| echo "Successfully created filters and wrote them to ${FILTERS_FILE}" | |
| cat $FILTERS_FILE | |
| working-directory: ./community-apps/.nextmv | |
| - name: Filter changed directories | |
| id: filter | |
| if: ${{ env.AUTOMATIC_APP_NAMES == 'true' }} | |
| uses: dorny/paths-filter@v3 | |
| with: | |
| filters: .github/filters.yml | |
| working-directory: ./community-apps | |
| - name: Create comma-separated string of changed paths | |
| if: ${{ env.AUTOMATIC_APP_NAMES == 'true' }} | |
| run: | | |
| export APPS="" | |
| OUTPUTS=$(echo '${{ toJson(steps.filter.outputs) }}' | jq .) | |
| for app in $(echo "${{ env.APP_NAMES }}"); do | |
| if [ $(echo $OUTPUTS | jq -r --arg app "$app" '.[$app]') == "true" ]; then | |
| APPS="${APPS}${app}," | |
| fi | |
| done | |
| # Remove trailing comma | |
| APPS="${APPS%,}" | |
| echo "These are the apps to release => $APPS" | |
| echo "APPS=${APPS}" >> $GITHUB_ENV | |
| - name: set Python version | |
| if: ${{ env.APPS != '' }} | |
| run: | | |
| export PYTHON_VERSION=$(yq '.language-support.python.version' workflow-configuration.yml) | |
| echo "This is the Python version => $PYTHON_VERSION" | |
| echo "PYTHON_VERSION=${PYTHON_VERSION}" >> $GITHUB_ENV | |
| working-directory: ./community-apps/.nextmv | |
| - name: set up Python | |
| if: ${{ env.APPS != '' }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: set go version | |
| if: ${{ env.APPS != '' }} | |
| run: | | |
| export GO_VERSION=$(yq '.language-support.go.version' workflow-configuration.yml) | |
| echo "This is the Go version => $GO_VERSION" | |
| echo "GO_VERSION=${GO_VERSION}" >> $GITHUB_ENV | |
| working-directory: ./community-apps/.nextmv | |
| - name: set up go | |
| if: ${{ env.APPS != '' }} | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| - name: Install zig | |
| if: ${{ env.APPS != '' }} | |
| run: | | |
| SIGNATURE="2d00e789fec4f71790a6e7bf83ff91d564943c5ee843c5fd966efc474b423047 zig-linux-x86_64-0.11.0.tar.xz" | |
| curl -sSfL https://ziglang.org/download/0.11.0/zig-linux-x86_64-0.11.0.tar.xz -o zig-linux-x86_64-0.11.0.tar.xz | |
| echo $SIGNATURE | sha256sum -c | |
| tar -xf zig-linux-x86_64-0.11.0.tar.xz | |
| sudo ln -s $PWD/zig-linux-x86_64-0.11.0/zig /usr/local/bin/zig | |
| zig version | |
| - name: Install Python dependencies | |
| if: ${{ env.APPS != '' }} | |
| run: | | |
| pip install --upgrade pip | |
| pip install -r requirements.txt | |
| working-directory: ./community-apps/.nextmv/release | |
| - name: Set up AWS CLI | |
| if: ${{ env.APPS != '' }} | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ env.ROLE }} | |
| aws-region: ${{ env.REGION }} | |
| role-duration-seconds: 1200 | |
| - name: Set up JDK | |
| if: ${{ env.APPS != '' }} | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: 21 | |
| cache: "maven" | |
| - name: Install Nextmv CLI | |
| if: ${{ env.APPS != '' }} | |
| run: | | |
| export NEXTMV_API_KEY=$MARKETPLACE_API_KEY | |
| export NEXTMV_BASE_URL=https://$API_ENDPOINT | |
| curl -sS "https://$CONSOLE_URL/install-cli.txt" | bash - | |
| - name: Set up Nextmv CLI | |
| if: ${{ env.APPS != '' }} | |
| run: | | |
| export PATH=$PATH:~/.nextmv # Make CLI available in non-interactive shell | |
| nextmv configure \ | |
| --api-key $MARKETPLACE_API_KEY \ | |
| -e $API_ENDPOINT | |
| nextmv activate | |
| nextmv sdk install | |
| - name: Release the apps | |
| if: ${{ env.APPS != '' }} | |
| run: | | |
| export PATH=$PATH:~/.nextmv # Make CLI available in non-interactive shell | |
| export SLACK_NOTIFY_PARAM="" # Only notify slack for prod releases | |
| if [ ${{ matrix.environment }} == "prod" ]; then | |
| export SLACK_NOTIFY_PARAM="--slack-url ${{ secrets.SLACK_URL_MISSION_CONTROL }}" | |
| fi | |
| python main.py \ | |
| --apps "${{ env.APPS }}" \ | |
| --bucket "${{ env.BUCKET }}" \ | |
| --folder "${{ env.FOLDER }}" \ | |
| --manifest "${{ env.MANIFEST }}" \ | |
| $SLACK_NOTIFY_PARAM | |
| working-directory: ./community-apps/.nextmv/release |