-
Notifications
You must be signed in to change notification settings - Fork 0
165 lines (145 loc) · 4.77 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
# This workflow will deploy to Google Cloud Run
#
# To configure this workflow, set up the following secrets in your workspace
#
# * `GITHUB_APP_IDENTIFIER` - GitHub App identifier
# * `GITHUB_APP_PRIVATE_KEY` - GitHub App private key
# * `GOOGLE_SERVICE_ACCOUNT_EMAIL` - Google service account email
# * `GOOGLE_APPLICATION_CREDENTIALS` - Google service account private key
# * `GITHUB_WEBHOOK_SECRET` - GitHub webhook secret to confirm that webhooks come from GitHub
name: CI
on:
push:
branches:
- main
paths:
- '.github/workflows/ci.yml'
- 'Dockerfile'
- 'package.json'
- 'src/**/*.ts'
- 'tsconfig.json'
- 'yarn.lock'
- 'bin/deploy.sh'
- 'holidays.yml'
- 'product-owners.yml'
- 'github-orgs.yml'
pull_request:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
timeout-minutes: 10
services:
# Label used to access the service container
postgres:
# Docker Hub image
image: postgres:12
# Provide the password for postgres
env:
POSTGRES_PASSWORD: docker
ports:
- 5434:5432
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: '18'
- name: yarn install
run: yarn install --immutable
- name: tsc
run: yarn build
- name: test
run: yarn test:ci --coverage
- name: Codecov
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
- name: eslint
run: yarn lint
docker:
runs-on: ubuntu-latest
timeout-minutes: 10
if: github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v3
- name: Builds docker image
run: docker build -t ci-tooling .
build-deploy:
name: build and deploy
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
timeout-minutes: 10
needs: [test]
environment: 'production'
env:
VERSION: ${{ github.sha }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
# for Sentry releases
fetch-depth: 0
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: '18'
- name: yarn install
run: yarn install --immutable
- name: tsc
run: yarn build
- id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool
service_account: [email protected]
# Setup gcloud CLI
- name: Setup gcloud CLI
uses: google-github-actions/setup-gcloud@v1
# Deploy to Google Cloud Functions
- name: Deploy
id: deploy
env:
SLACK_BOT_USER_ACCESS_TOKEN: ${{ secrets.SLACK_BOT_USER_ACCESS_TOKEN }}
SLACK_SIGNING_SECRET: ${{ secrets.SLACK_SIGNING_SECRET }}
SLACK_BOT_APP_ID: ${{ secrets.SLACK_BOT_APP_ID }}
DD_API_KEY: ${{ secrets.DD_API_KEY }}
DD_APP_KEY: ${{ secrets.DD_APP_KEY }}
GH_APP_PRIVATE_KEY_FOR_GETSENTRY: ${{ secrets.GH_APP_PRIVATE_KEY_FOR_GETSENTRY}}
GH_APP_PRIVATE_KEY_FOR_CODECOV: ${{ secrets.GH_APP_PRIVATE_KEY_FOR_CODECOV}}
GH_APP_IDENTIFIER: ${{ secrets.GH_APP_IDENTIFIER }}
GH_WEBHOOK_SECRET: ${{ secrets.GH_WEBHOOK_SECRET }}
SENTRY_WEBPACK_WEBHOOK_SECRET: ${{ secrets.SENTRY_WEBPACK_WEBHOOK_SECRET }}
DB_USER: ${{ secrets.DB_USER }}
DB_NAME: ${{ secrets.DB_NAME }}
DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
DB_INSTANCE_CONNECTION_NAME: ${{ secrets.DB_INSTANCE_CONNECTION_NAME }}
GH_USER_TOKEN: ${{ secrets.GH_USER_TOKEN }}
GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }}
PREDICT_ENDPOINT: ${{ vars.PREDICT_ENDPOINT }}
run: |
echo "deploy-start=$(date +%s)" >> "$GITHUB_OUTPUT"
bin/deploy.sh
- name: Sentry Release
uses: getsentry/[email protected]
with:
environment: 'production'
sourcemaps: './lib'
url_prefix: 'app:///lib/'