ID-1193 Fix Local Docker Postgres (#99) #175
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Bump, Tag, Publish, and Deploy | |
| # The purpose of the workflow is to: | |
| # 1. Bump the version number and tag the release | |
| # 2. Build and publish the client to Artifactory | |
| # 3. Build docker image and publish to GCR | |
| # 4. Trigger deployment to the dev environment | |
| # | |
| # When run on merge to main, it tags and bumps the patch version by default. You can | |
| # bump other parts of the version by putting #major, #minor, or #patch in your commit | |
| # message. | |
| # | |
| # When run on a hotfix branch, it tags and generates the hotfix version | |
| # | |
| # When run manually, you can specify the part of the semantic version to bump | |
| # | |
| # The workflow relies on github secrets: | |
| # - ARTIFACTORY_PASSWORD - password for publishing the client to artifactory | |
| # - ARTIFACTORY_USERNAME - username for publishing the client to artifactory | |
| # - GCR_PUBLISH_EMAIL - email for publishing the docker to GCR | |
| # - GCR_PUBLISH_KEY_B64 - key for publishing the docker to GCR | |
| # - BROADBOT_TOKEN - the broadbot token, so we can avoid two reviewer rule on GHA operations | |
| # - SLACKBOT_TOKEN - the app token for posting to slack | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - 'README.md' | |
| - '.github/**' | |
| - 'local-dev/**' | |
| workflow_dispatch: | |
| inputs: | |
| bump: | |
| description: 'Part of the version to bump: major, minor, patch' | |
| required: false | |
| default: 'patch' | |
| type: choice | |
| options: | |
| - patch | |
| - minor | |
| - major | |
| branch: | |
| description: 'Branch to run the workflow on' | |
| required: false | |
| default: 'main' | |
| env: | |
| SERVICE_NAME: ${{ github.event.repository.name }} | |
| GOOGLE_PROJECT: broad-dsp-gcr-public | |
| jobs: | |
| bump-check: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| is-bump: ${{ steps.skiptest.outputs.is-bump }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Skip version bump merges | |
| id: skiptest | |
| uses: ./.github/actions/bump-skip | |
| with: | |
| event-name: ${{ github.event_name }} | |
| tag-publish-docker-deploy: | |
| needs: [ bump-check ] | |
| runs-on: ubuntu-latest | |
| if: needs.bump-check.outputs.is-bump == 'no' | |
| outputs: | |
| tag: ${{ steps.tag.outputs.tag }} | |
| steps: | |
| - name: Set part of semantic version to bump | |
| id: controls | |
| run: | | |
| SEMVER_PART="" | |
| CHECKOUT_BRANCH="$GITHUB_REF" | |
| if ${{github.event_name == 'push' }}; then | |
| SEMVER_PART="patch" | |
| elif ${{github.event_name == 'workflow_dispatch' }}; then | |
| SEMVER_PART=${{ github.event.inputs.bump }} | |
| CHECKOUT_BRANCH=${{ github.event.inputs.branch }} | |
| fi | |
| echo "semver-part=$SEMVER_PART" >> $GITHUB_OUTPUT | |
| echo "checkout-branch=$CHECKOUT_BRANCH" >> $GITHUB_OUTPUT | |
| - name: Checkout current code | |
| uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ steps.controls.outputs.checkout-branch }} | |
| token: ${{ secrets.BROADBOT_TOKEN }} | |
| - name: Bump the tag to a new version | |
| uses: databiosphere/github-actions/actions/bumper@bumper-0.1.0 | |
| id: tag | |
| env: | |
| DEFAULT_BUMP: patch | |
| GITHUB_TOKEN: ${{ secrets.BROADBOT_TOKEN }} | |
| HOTFIX_BRANCHES: hotfix.* | |
| OVERRIDE_BUMP: ${{ steps.controls.outputs.semver-part }} | |
| RELEASE_BRANCHES: main | |
| VERSION_FILE_PATH: settings.gradle | |
| VERSION_LINE_MATCH: "^gradle.ext.releaseVersion\\s*=\\s*\".*\"" | |
| VERSION_SUFFIX: SNAPSHOT | |
| - name: Set up AdoptOpenJDK | |
| uses: actions/setup-java@v3 | |
| with: | |
| distribution: 'temurin' | |
| java-version: 17 | |
| - name: Cache Gradle packages | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: v1-${{ runner.os }}-gradle-${{ hashfiles('**/gradle-wrapper.properties') }}-${{ hashFiles('**/*.gradle') }} | |
| restore-keys: v1-${{ runner.os }}-gradle-${{ hashfiles('**/gradle-wrapper.properties') }} | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x gradlew | |
| - name: Publish to Artifactory | |
| run: ./gradlew :client:artifactoryPublish --scan | |
| env: | |
| ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }} | |
| ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }} | |
| ARTIFACTORY_REPO_KEY: "libs-snapshot-local" | |
| - name: Make release | |
| uses: ncipollo/release-action@v1 | |
| id: create_release | |
| with: | |
| tag: ${{ steps.tag.outputs.tag }} | |
| - name: Auth to GCR | |
| uses: google-github-actions/setup-gcloud@v0 | |
| with: | |
| service_account_email: ${{ secrets.GCR_PUBLISH_EMAIL }} | |
| service_account_key: ${{ secrets.GCR_PUBLISH_KEY_B64 }} | |
| - name: Explicitly auth Docker for GCR | |
| run: gcloud auth configure-docker --quiet | |
| - name: Construct docker image name and tag | |
| id: image-name | |
| run: echo "name=gcr.io/${GOOGLE_PROJECT}/${SERVICE_NAME}:${{ steps.tag.outputs.tag }}" >> $GITHUB_OUTPUT | |
| - name: Build image locally with jib | |
| run: | | |
| ./gradlew --build-cache :service:jibDockerBuild \ | |
| --image=${{ steps.image-name.outputs.name }} \ | |
| -Djib.console=plain | |
| - name: Push GCR image | |
| run: docker push ${{ steps.image-name.outputs.name }} | |
| - name: Notify slack on failure | |
| id: slack | |
| if: failure() | |
| uses: slackapi/slack-github-action@v1.23.0 | |
| with: | |
| # Channel is for platform-foundation-alerts | |
| channel-id: 'C01B0NLTYQ5' | |
| slack-message: "Tag-Publish failed for tag: ${{ steps.tag.outputs.tag }} eventUrl: ${{ github.event.pull_request.html_url || github.event.head_commit.url }}" | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACKBOT_TOKEN }} | |
| report-to-sherlock: | |
| # Report new TPS version to Broad DevOps | |
| uses: broadinstitute/sherlock/.github/workflows/client-report-app-version.yaml@main | |
| needs: [ bump-check, tag-publish-docker-deploy ] | |
| if: ${{ needs.bump-check.outputs.is-bump == 'no' }} | |
| with: | |
| new-version: ${{ needs.tag-publish-docker-deploy.outputs.tag }} | |
| chart-name: 'tps' | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| set-version-in-dev: | |
| # Put new TPS version in Broad dev environment | |
| uses: broadinstitute/sherlock/.github/workflows/client-set-environment-app-version.yaml@main | |
| needs: [ bump-check, tag-publish-docker-deploy, report-to-sherlock ] | |
| if: ${{ needs.bump-check.outputs.is-bump == 'no' }} | |
| with: | |
| new-version: ${{ needs.tag-publish-docker-deploy.outputs.tag }} | |
| chart-name: 'tps' | |
| environment-name: 'dev' | |
| secrets: | |
| sync-git-token: ${{ secrets.BROADBOT_TOKEN }} | |
| permissions: | |
| id-token: 'write' |