Full CI Build (and Release) #588
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Full CI Build (and Release) | |
on: | |
push: | |
branches: | |
- '**' | |
# The workflow is tagging commits on master so we don't want the tag to | |
# spawn a new build | |
tags-ignore: | |
- 'docs-v*' | |
pull_request: | |
schedule: | |
# Nightly release run using last commit on default branch, i.e. 'master' | |
- cron: '32 23 * * *' | |
jobs: | |
build-project: | |
runs-on: ubuntu-20.04 | |
env: | |
# Static env vars | |
# Github runners limited to 2 cores, 7Gb RAM | |
# https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources | |
MAX_WORKERS: 3 | |
# Fixed ssh-agent socket so multiple steps can use the same agent | |
# if needs be. Used by update_gh_pages.sh | |
SSH_AUTH_SOCK: "/tmp/ssh-agent-stroom.sock" | |
steps: | |
- name: Install dependencies | |
id: install_dependencies | |
run: | | |
# libxml2-utils needed for xmllint | |
sudo apt-get update | |
sudo apt-get install -y libxml2-utils | |
- name: Checkout code | |
id: checkout_code | |
uses: actions/checkout@v3 | |
with: | |
# Set this so it gets the annotated commit, not the commit being tagged. | |
# Which means we can get the release msg | |
# See https://github.com/actions/runner/issues/712 | |
ref: ${{ github.ref }} | |
# Make sure the wrapper jar has not been tampered with | |
- name: Validate gradle wrapper jar | |
id: validate_gradle_wrapper | |
uses: gradle/wrapper-validation-action@v1 | |
- name: Set Environment Variables | |
id: set_env_var | |
env: | |
# Needed for authenticated api calls to avoid rate limit | |
# Github provides this temporary token automatically | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
${GITHUB_WORKSPACE}/.github/workflows/scripts/setup_env_vars.sh | |
# Separate step to show what is visible across steps | |
- name: Build Environment Info | |
id: build_info | |
run: | | |
${ACTIONS_SCRIPTS_DIR}/dump_env_vars.sh | |
# Gen a hash of the bits of the builder image that may require it to be rebuilt | |
# We can then use this as the gh actions cache key to retrieve the docker buildx cache | |
- name: Generate buildx cache key | |
id: generate_buildx_cache_key | |
run: | | |
echo "cache_key=$(./container_build/generate_buildx_cache_key.sh)" >> $GITHUB_OUTPUT | |
shell: bash | |
- name: Cache Hugo Docker layers | |
uses: actions/cache@v3 | |
with: | |
path: /tmp/schema_hugo_buildx_caches | |
key: ${{ runner.os }}-buildx-${{ steps.generate_buildx_cache_key.outputs.cache_key }} | |
- name: Cache Puppeteer Docker layers | |
uses: actions/cache@v3 | |
with: | |
path: /tmp/schema_puppeteer_buildx_caches | |
key: ${{ runner.os }}-buildx-${{ steps.generate_buildx_cache_key.outputs.cache_key }} | |
- name: Run full build | |
id: run_build | |
env: | |
# Docker creds for dockerhub authenticated push/pull | |
# Manually added secrets in github | |
# https://github.com/gchq/stroom/settings/secrets/actions | |
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
# ssh private key (corresponding to the public key in github deploy keys | |
# for the stroom repo), manually added to secrets | |
# https://github.com/gchq/stroom/settings/secrets/actions | |
# https://github.com/gchq/stroom/settings/keys | |
SSH_DEPLOY_KEY: ${{ secrets.SSH_DEPLOY_KEY }} | |
# Needed for authenticated api calls to avoid rate limit | |
# Github provides this temporary token automatically | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
pushd "${BUILD_DIR}" > /dev/null | |
echo -e "${GREEN}Running ${BLUE}ci_build.sh${NC}" | |
./ci_build.sh | |
echo -e "${GREEN}Finished running build script${NC}" | |
- name: Release to GitHub | |
id: create_release | |
if: ${{ env.BUILD_IS_SCHEMA_RELEASE == 'true' || (env.BUILD_IS_DOCS_RELEASE == 'true' && env.DOCS_CONTENT_HAS_CHANGED == 'true')}} | |
env: | |
# Github provided secret | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: "${ACTIONS_SCRIPTS_DIR}/create_github_release.sh" | |
- name: Update gh-pages | |
id: update_gh-pages | |
if: ${{ env.BUILD_IS_DOCS_RELEASE == 'true' && env.DOCS_CONTENT_HAS_CHANGED == 'true' }} | |
env: | |
# ssh private key (corresponding to the public key in github deploy keys | |
# for the stroom repo), manually added to secrets | |
# Use 'ssh-keygen -t rsa -b 4096' to create a key pair | |
# then add the public key (with write access) to: | |
# https://github.com/gchq/event-logging-schema/settings/keys | |
# and the private key to: | |
# https://github.com/gchq/event-logging-schema/settings/secrets/actions | |
SSH_DEPLOY_KEY: ${{ secrets.SSH_DEPLOY_KEY }} | |
run: "${ACTIONS_SCRIPTS_DIR}/update_gh_pages.sh" | |