fix: github pat to bypass main push (#24) #25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Post-merge/release workflow | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
jobs: | |
post_merge: | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: write # Create a new release. | |
outputs: | |
new_release_published: ${{ steps.semantic.outputs.new_release_published }} | |
new_version: ${{ steps.semantic.outputs.new_release_version }} | |
steps: | |
# | |
# Checkout the source code. | |
# | |
- name: Checkout the source code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 | |
with: | |
fetch-depth: 0 | |
# | |
# Install Node. | |
# | |
- name: Install Node | |
uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af #v4.1.0 | |
with: | |
node-version: "20.18.0" | |
# | |
# Calculate of the new version (dry-run). | |
# | |
- name: Calculate of the new version (dry-run) | |
uses: cycjimmy/semantic-release-action@b1b432f13acb7768e0c8efdec416d363a57546f2 # 4.1.1 | |
id: semantic | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
semantic_version: 21.1.1 | |
branch: main | |
extra_plugins: | | |
@semantic-release/release-notes-generator@14.0.1 # 44c780c6f9c1bf2643fe48b6718bd9a84b820132 | |
@semantic-release/git@10.0.1 # 3e934d45f97fd07a63617c0fc098c9ed3e67d97a | |
dry_run: true | |
dev_deployment: | |
needs: post_merge | |
if: needs.post_merge.outputs.new_release_published == 'true' | |
runs-on: ubuntu-22.04 | |
environment: cstar-d-weu-rtp | |
permissions: | |
id-token: write # Get OIDC token to authenticate to Azure. | |
packages: write # Push container imaged to GHCR. | |
contents: write # Create a new release. | |
outputs: | |
digest: ${{ steps.stable-image.outputs.digest }} | |
steps: | |
# | |
# Checkout the source code. | |
# | |
- name: Checkout the source code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 | |
with: | |
token: ${{ secrets.GIT_PAT }} | |
# | |
# RELEASE CANDIDATE - Update of gradle.properties with the RC new version. | |
# | |
- name: RELEASE CANDIDATE - Update of gradle.properties with the new version | |
run: | | |
sed -i -e "s/version=.*/version=${{ needs.post_merge.outputs.new_version }}-RC/g" gradle.properties | |
# todo sonar | |
# | |
# RELEASE CANDIDATE - Build and push native container image. | |
# | |
- name: Log in to the Container registry | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: https://ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GIT_PAT }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 | |
- name: Build the app image | |
id: rc-image | |
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 | |
with: | |
push: true | |
context: . | |
file: src/main/docker/Dockerfile | |
platforms: linux/amd64 | |
tags: ghcr.io/${{ github.repository }}:latest, ghcr.io/${{ github.repository }}:${{ needs.post_merge.outputs.new_version }}-RC | |
secrets: | | |
"gh_token=${{ secrets.GIT_PAT }}" | |
# | |
# Setup Terraform | |
# | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 | |
with: | |
terraform_version: 1.9.7 | |
# | |
# RELEASE CANDIDATE - Update Container App. | |
# | |
- name: RELEASE CANDIDATE - Update Container App | |
shell: bash | |
working-directory: src/main/terraform | |
env: | |
ARM_CLIENT_ID: "${{ secrets.AZURE_CLIENT_ID }}" | |
ARM_SUBSCRIPTION_ID: "${{ secrets.AZURE_SUBSCRIPTION_ID }}" | |
ARM_TENANT_ID: "${{ secrets.AZURE_TENANT_ID }}" | |
run: | | |
terraform init -backend-config="env/cstar-d-weu-rtp/backend.tfvars" -reconfigure | |
terraform apply -var-file="env/cstar-d-weu-rtp/terraform.tfvars" -var="rtp_activator_image=ghcr.io/${{ github.repository }}:${{ needs.post_merge.outputs.new_version }}-RC@${{ steps.rc-image.outputs.digest }}" -auto-approve -lock-timeout=300s | |
# # | |
# # Install Newman. | |
# # | |
# - name: Install Newman | |
# if: steps.semantic.outputs.new_release_published == 'true' | |
# run: npm install -g newman | |
# | |
# # | |
# # Run Postman collection. | |
# # | |
# - name: Run Postman collection | |
# if: steps.semantic.outputs.new_release_published == 'true' | |
# run: | | |
# newman run src/test/postman/mil-auth.postman_collection.json \ | |
# -e src/test/postman/dev.postman_environment.json \ | |
# --env-var "correctPassword=${{ secrets.NEWMAN_IT__CORRECTPASSWORD }}" \ | |
# --env-var "correctClientSecret=${{ secrets.NEWMAN_IT__CORRECTCLIENTSECRET }}" \ | |
# --env-var "correctClientSecretForVasLayer=${{ secrets.NEWMAN_IT__CORRECTCLIENTSECRETFORVASLAYER }}" \ | |
# --env-var "clientSecretForMilDebtPosition=${{ secrets.NEWMAN_IT__CLIENTSECRETFORMILDEBTPOSITION }}" | |
# | |
# STABLE - Update of gradle.properties with the new version. | |
# | |
- name: STABLE - Update of gradle.properties with the new version | |
run: | | |
sed -i -e "s/version=.*/version=${{ needs.post_merge.outputs.new_version }}/g" gradle.properties | |
git config user.name "GitHub Workflow" | |
git config user.email "<>" | |
git add gradle.properties | |
git commit -m "Updated with new version ${{ needs.post_merge.outputs.new_version }}" | |
git push origin main | |
# | |
# Calculation of the new version (again) with tagging + releasing + etc. | |
# | |
- name: Calculation of the new version (w/o dry_run) and put tag | |
uses: cycjimmy/semantic-release-action@b1b432f13acb7768e0c8efdec416d363a57546f2 # 4.1.1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
semantic_version: 21.1.1 | |
branch: main | |
extra_plugins: | | |
@semantic-release/release-notes-generator@14.0.1 # 44c780c6f9c1bf2643fe48b6718bd9a84b820132 | |
@semantic-release/git@10.0.1 # 3e934d45f97fd07a63617c0fc098c9ed3e67d97a | |
dry_run: false | |
# | |
# STABLE - Build and push native container image. | |
# | |
- name: Log in to the Container registry | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
with: | |
registry: https://ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GIT_PAT }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 | |
- name: Build the app image | |
id: stable-image | |
uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 | |
with: | |
push: true | |
context: . | |
file: src/main/docker/Dockerfile | |
platforms: linux/amd64 | |
tags: ghcr.io/${{ github.repository }}:latest, ghcr.io/${{ github.repository }}:${{ needs.post_merge.outputs.new_version }} | |
secrets: | | |
"gh_token=${{ secrets.GIT_PAT }}" | |
# | |
# STABLE - Update Container App. | |
# | |
- name: STABLE - Update Container App | |
shell: bash | |
working-directory: src/main/terraform | |
env: | |
ARM_CLIENT_ID: "${{ secrets.AZURE_CLIENT_ID }}" | |
ARM_SUBSCRIPTION_ID: "${{ secrets.AZURE_SUBSCRIPTION_ID }}" | |
ARM_TENANT_ID: "${{ secrets.AZURE_TENANT_ID }}" | |
run: | | |
terraform init -backend-config="env/cstar-d-weu-rtp/backend.tfvars" -reconfigure | |
terraform apply -var-file="env/cstar-d-weu-rtp/terraform.tfvars" -var="rtp_activator_image=ghcr.io/${{ github.repository }}:${{ needs.post_merge.outputs.new_version }}@${{ steps.stable-image.outputs.digest }}" -auto-approve -lock-timeout=300s | |
uat_deployment: | |
needs: [ post_merge, dev_deployment] | |
if: needs.post_merge.outputs.new_release_published == 'true' | |
runs-on: ubuntu-22.04 | |
environment: cstar-u-weu-rtp | |
permissions: | |
id-token: write | |
steps: | |
# | |
# Checkout the source code. | |
# | |
- name: Checkout the source code | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2 | |
# | |
# Setup Terraform | |
# | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 | |
with: | |
terraform_version: 1.9.7 | |
# | |
# Update Container App. | |
# | |
- name: STABLE - Update Container App | |
shell: bash | |
working-directory: src/main/terraform | |
env: | |
ARM_CLIENT_ID: "${{ secrets.AZURE_CLIENT_ID }}" | |
ARM_SUBSCRIPTION_ID: "${{ secrets.AZURE_SUBSCRIPTION_ID }}" | |
ARM_TENANT_ID: "${{ secrets.AZURE_TENANT_ID }}" | |
run: | | |
terraform init -backend-config="env/cstar-u-weu-rtp/backend.tfvars" -reconfigure | |
terraform apply -var-file="env/cstar-u-weu-rtp/terraform.tfvars" -var="rtp_activator_image=ghcr.io/${{ github.repository }}:${{ needs.post_merge.outputs.new_version }}@${{ needs.dev_deployment.outputs.digest }}" -auto-approve -lock-timeout=300s |