-
Notifications
You must be signed in to change notification settings - Fork 3
192 lines (165 loc) · 6.19 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
name: Build and Deploy Registry Providers
on:
push:
branches:
- main
- dev
pull_request:
branches:
- main
- dev
workflow_dispatch:
jobs:
build-and-deploy:
name: build-and-deploy
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
env:
AWS_DEFAULT_REGION: us-west-1
REG_MAX_VERSIONS: 3
REG_MAX_AGE_MONTHS: 6
REG_WEBSITE_DIR: _deno_website
REG_PROVIDER_PATH: providers/dist
REG_ARTIFACT_REPO_BUCKET: stackql-registry-artifacts
REG_DENO_DEPLOY_ASSET_REPO: deno-deploy-registry
REG_DENO_DEPLOY_API_DEV: stackql-dev-registry
REG_DENO_DEPLOY_API_PROD: stackql-registry
steps:
- uses: actions/checkout@v4.1.1
name: "[SETUP] checkout repo"
with:
fetch-depth: 0
- name: "[SETUP] setup job"
run: |
echo "REG_COMMIT_DATETIME=$(date -d @`git show -s --format=%ct` +'%Y-%m-%d %H:%M:%S')" >> $GITHUB_ENV
echo "REG_COMMIT_YEAR=$(date -d @`git show -s --format=%ct` +'%y')" >> $GITHUB_ENV
echo "REG_COMMIT_MONTH=$(date -d @`git show -s --format=%ct` +'%m')" >> $GITHUB_ENV
cd scripts/setup-js; npm i
node setup-job.js
- name: "[SETUP] print env vars"
run: |
node scripts/setup-js/print-env-vars.js
- name: "[SETUP] get version"
run: |
node scripts/setup-js/get-version.js
- name: "[SETUP] find changed files"
run: |
cd $GITHUB_WORKSPACE; git diff --name-status --diff-filter=ACMRT $REG_BASE_SHA $REG_COMMIT_SHA > diff.txt
- name: "[SETUP] get updated providers"
run: |
pip install -q -r scripts/setup/requirements.txt
python scripts/setup/get-updated-providers.py
- name: "[SETUP] prepare dist and test dirs"
run: |
mkdir -p "${REG_WEBSITE_DIR}/${REG_PROVIDER_PATH}"
mkdir -p "provider-tests/src"
- name: '[PACKAGE] set up golang'
if: env.NUM_PROVIDERS > 0
uses: actions/setup-go@v5.0.0
with:
go-version: ^1.19
check-latest: true
cache: true
id: go
- name: "[PACKAGE] build sign tool"
if: env.NUM_PROVIDERS > 0
run: |
go build -o ed25519tool ./signing/Ed25519/app/cmd/main
- name: "[PACKAGE] prepare provider dirs"
if: env.NUM_PROVIDERS > 0
run: |
while IFS= read -r provider_dir
do
echo "creating dist dir: ${provider_dir}..."
mkdir "${REG_WEBSITE_DIR}/${REG_PROVIDER_PATH}/${provider_dir}"
mkdir "provider-tests/src/${provider_dir}"
done < provider_dirs.txt
- name: "[PACKAGE] update versions"
if: env.NUM_PROVIDERS > 0
run: |
python scripts/package/update-versions.py
- name: "[PACKAGE] sign provider docs"
if: env.NUM_PROVIDERS > 0
env:
SIGNING_VERSION: v1
SIGNING_CERT: ${{ secrets.V1_SIGNING_CERT }}
SIGNING_PRIV_KEY: '${{ secrets.V1_SIGNING_PRIV_KEY }}'
SIGNING_PUB_KEY: ${{ secrets.V1_SIGNING_PUB_KEY }}
run: |
python scripts/package/sign-provider-docs.py
- name: "[PACKAGE] package provider docs"
if: env.NUM_PROVIDERS > 0
run: |
python scripts/package/package-provider-docs.py
- name: "[TESTS] simulate REGISTRY PULL"
if: env.NUM_PROVIDERS > 0
run: |
python scripts/tests/simulate-REGISTRY-PULL.py
- name: "[TESTS] test provider(s)"
if: env.NUM_PROVIDERS > 0
run: |
echo "cloning test repo"
providersdir="$(pwd)/provider-tests"
git clone https://github.com/stackql/stackql-provider-tests.git
cd stackql-provider-tests
while IFS= read -r provider
do
echo "testing ${provider}..."
sh test-provider.sh $provider false $providersdir true
done < ../providers.txt
#
# run the following steps only on pushes to protected branches (merge commits)
#
- name: "[PUBLISH] configure aws credentials"
uses: aws-actions/configure-aws-credentials@v4
if: env.REG_EVENT == 'push'
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: "[PUBLISH] publish provider docs to artifact repo"
if: env.NUM_PROVIDERS > 0 && env.REG_EVENT == 'push'
run: |
python scripts/publish/publish-provider-docs-to-artifact-repo.py
- name: "[DEPLOY] setup SSH"
uses: MrSquaare/ssh-setup-action@v3.1.0
if: env.REG_EVENT == 'push'
with:
host: github.com
private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- name: "[DEPLOY] pull deno deploy assets"
if: env.REG_EVENT == 'push'
run: |
git clone git@github.com:stackql/${REG_DENO_DEPLOY_ASSET_REPO}.git
cp ${REG_DENO_DEPLOY_ASSET_REPO}/website/index.ts $REG_WEBSITE_DIR
- name: "[DEPLOY] pull additional docs from artifact repo"
if: env.REG_EVENT == 'push'
run: |
python scripts/deploy/pull-additional-docs-from-artifact-repo.py
- name: "[DEPLOY] install deno"
if: env.REG_EVENT == 'push'
uses: denoland/setup-deno@main
with:
deno-version: 1.18.2
- name: "[DEPLOY] clean deploy dir"
if: env.REG_EVENT == 'push'
run: |
python scripts/deploy/clean-deploy-dir.py
echo "deployment dir contents: "
tree .
echo "providers.yaml contents: "
cat ${REG_PROVIDER_PATH}/providers.yaml
- name: "[DEPLOY] deploy to deno deploy (dev)"
if: env.REG_TARGET_BRANCH == 'dev' && env.REG_EVENT == 'push'
uses: denoland/deployctl@v1
with:
project: ${{ env.REG_DENO_DEPLOY_API_DEV }}
entrypoint: index.ts
- name: "[DEPLOY] deploy to deno deploy (prod)"
if: env.REG_TARGET_BRANCH == 'main' && env.REG_EVENT == 'push'
uses: denoland/deployctl@v1
with:
project: ${{ env.REG_DENO_DEPLOY_API_PROD }}
entrypoint: index.ts