Skip to content

Full CI Build (and Release) #587

Full CI Build (and Release)

Full CI Build (and Release) #587

name: Full CI Build (and Release)
on:
push:
branches:
- '**'
# The workflow is tagging commits on master so we don't want the tag to
# spawn a new build
tags-ignore:
- 'docs-v*'
pull_request:
schedule:
# Nightly release run using last commit on default branch, i.e. 'master'
- cron: '32 23 * * *'
jobs:
build-project:
runs-on: ubuntu-20.04
env:
# Static env vars
# Github runners limited to 2 cores, 7Gb RAM
# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
MAX_WORKERS: 3
# Fixed ssh-agent socket so multiple steps can use the same agent
# if needs be. Used by update_gh_pages.sh
SSH_AUTH_SOCK: "/tmp/ssh-agent-stroom.sock"
steps:
- name: Install dependencies
id: install_dependencies
run: |
# libxml2-utils needed for xmllint
sudo apt-get update
sudo apt-get install -y libxml2-utils
- name: Checkout code
id: checkout_code
uses: actions/checkout@v3
with:
# Set this so it gets the annotated commit, not the commit being tagged.
# Which means we can get the release msg
# See https://github.com/actions/runner/issues/712
ref: ${{ github.ref }}
# Make sure the wrapper jar has not been tampered with
- name: Validate gradle wrapper jar
id: validate_gradle_wrapper
uses: gradle/wrapper-validation-action@v1
- name: Set Environment Variables
id: set_env_var
env:
# Needed for authenticated api calls to avoid rate limit
# Github provides this temporary token automatically
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
${GITHUB_WORKSPACE}/.github/workflows/scripts/setup_env_vars.sh
# Separate step to show what is visible across steps
- name: Build Environment Info
id: build_info
run: |
${ACTIONS_SCRIPTS_DIR}/dump_env_vars.sh
# Gen a hash of the bits of the builder image that may require it to be rebuilt
# We can then use this as the gh actions cache key to retrieve the docker buildx cache
- name: Generate buildx cache key
id: generate_buildx_cache_key
run: |
echo "cache_key=$(./container_build/generate_buildx_cache_key.sh)" >> $GITHUB_OUTPUT
shell: bash
- name: Cache Hugo Docker layers
uses: actions/cache@v3
with:
path: /tmp/schema_hugo_buildx_caches
key: ${{ runner.os }}-buildx-${{ steps.generate_buildx_cache_key.outputs.cache_key }}
- name: Cache Puppeteer Docker layers
uses: actions/cache@v3
with:
path: /tmp/schema_puppeteer_buildx_caches
key: ${{ runner.os }}-buildx-${{ steps.generate_buildx_cache_key.outputs.cache_key }}
- name: Run full build
id: run_build
env:
# Docker creds for dockerhub authenticated push/pull
# Manually added secrets in github
# https://github.com/gchq/stroom/settings/secrets/actions
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
# ssh private key (corresponding to the public key in github deploy keys
# for the stroom repo), manually added to secrets
# https://github.com/gchq/stroom/settings/secrets/actions
# https://github.com/gchq/stroom/settings/keys
SSH_DEPLOY_KEY: ${{ secrets.SSH_DEPLOY_KEY }}
# Needed for authenticated api calls to avoid rate limit
# Github provides this temporary token automatically
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
pushd "${BUILD_DIR}" > /dev/null
echo -e "${GREEN}Running ${BLUE}ci_build.sh${NC}"
./ci_build.sh
echo -e "${GREEN}Finished running build script${NC}"
- name: Release to GitHub
id: create_release
if: ${{ env.BUILD_IS_SCHEMA_RELEASE == 'true' || (env.BUILD_IS_DOCS_RELEASE == 'true' && env.DOCS_CONTENT_HAS_CHANGED == 'true')}}
env:
# Github provided secret
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: "${ACTIONS_SCRIPTS_DIR}/create_github_release.sh"
- name: Update gh-pages
id: update_gh-pages
if: ${{ env.BUILD_IS_DOCS_RELEASE == 'true' && env.DOCS_CONTENT_HAS_CHANGED == 'true' }}
env:
# ssh private key (corresponding to the public key in github deploy keys
# for the stroom repo), manually added to secrets
# Use 'ssh-keygen -t rsa -b 4096' to create a key pair
# then add the public key (with write access) to:
# https://github.com/gchq/event-logging-schema/settings/keys
# and the private key to:
# https://github.com/gchq/event-logging-schema/settings/secrets/actions
SSH_DEPLOY_KEY: ${{ secrets.SSH_DEPLOY_KEY }}
run: "${ACTIONS_SCRIPTS_DIR}/update_gh_pages.sh"