Skip to content

Commit

Permalink
chore: disable quantic release, split production targets (#3741)
Browse files Browse the repository at this point in the history 
Currently, we're doing the following operation sequentially:
1. Move the latest tag of our npm package to the beta tag we created
earlier
2. Promote the SFDX package in production
3. Notify the doc website to do their release

All those operations can and should occur in parallel:
- We want to promote NPM into production as soon as it's available in
production through our CDN
- We want our documentation to be updated when we release new versions
in production, even if it's only in the CDN (if the NPM promotion were
to fail let's say)
- Quantic package does not depend on the two other operations

This PR does that by splitting the three tasks into separate jobs,
controlled by different GitHub Environments. Those Environments are just
a split of Production into 3, with a separation of concern applied to
all.

By that account. GitHub package releases, while currently disabled
should follow NPM logic as well, and so I moved the disabled part of the
script into its own, commented, job.

Quantic deployment is also disabled in this PR, as we need to ensure we
have updated credentials for the publication and set up proper processes
-human or automated- to renew those credentials in time. (fix-it-twice)

KIT-3070
  • Loading branch information
@louis-bompart
louis-bompart authored Mar 25, 2024
1 parent 3713ca9 commit bcd1ffd
Show file tree
Hide file tree
Showing 2 changed files with 79 additions and 33 deletions.
79 changes: 55 additions & 24 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,22 +40,13 @@ jobs:
RELEASER_INSTALLATION_ID: ${{ secrets.RELEASER_INSTALLATION_ID }}
DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
# - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4
# with:
# registry-url: 'https://npm.pkg.github.com'
# node-version-file: '.nvmrc'
# - name: Publish to GitHub Packages
# run: npm run release:phase5
# env:
# NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# DEBUG: ${{ inputs.debug && '*' || '' }}
- name: Call ui-kit-cd
run: node ./scripts/deploy/trigger-ui-kit-cd.mjs
env:
GH_TOKEN: ${{ secrets.UI_KIT_CD_DISPATCHER }}
promote-prod:
npm-prod:
needs: release
environment: 'Production'
environment: 'NPM Production'
runs-on: 'ubuntu-latest'
permissions:
contents: read
Expand All @@ -67,20 +58,60 @@ jobs:
with:
ref: 'release/v2'
- uses: ./.github/actions/setup
- uses: ./.github/actions/setup-sfdx
- name: Promote NPM package to production
run: npm run promote:npm:latest
- name: Promote SFDX package to production
run: |
echo "${{ secrets.SFDX_AUTH_PACKAGE_JWT_KEY }}" > server.key
npx --no-install nx run quantic:"promote:sfdx:ci"
rm server.key
env:
SFDX_AUTH_CLIENT_ID: ${{ secrets.SFDX_AUTH_CLIENT_ID }}
SFDX_AUTH_JWT_KEY: ${{ secrets.SFDX_AUTH_JWT_KEY }}
SFDX_AUTH_JWT_USERNAME: ${{ secrets.SFDX_AUTH_JWT_USERNAME }}
SFDX_AUTH_JWT_KEY_FILE: server.key
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
working-directory: ./packages/quantic
docs-prod:
needs: release
runs-on: ubuntu-latest
environment: 'Docs Production'
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
ref: 'release/v2'
- uses: ./.github/actions/setup
- name: Notify Docs
run: npm run notify:docs
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
# TODO: KIT-3072, uncomment
# quantic-prod:
# needs: release
# runs-on: ubuntu-latest
# environment: 'Quantic Production'
# permissions:
# contents: read
# packages: write
# steps:
# - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
# with:
# ref: 'release/v2'
# - uses: ./.github/actions/setup
# - uses: ./.github/actions/setup-sfdx
# - name: Promote SFDX package to production
# run: |
# echo "${{ secrets.SFDX_AUTH_PACKAGE_JWT_KEY }}" > server.key
# npx --no-install nx run quantic:"promote:sfdx:ci"
# rm server.key
# env:
# SFDX_AUTH_CLIENT_ID: ${{ secrets.SFDX_AUTH_CLIENT_ID }}
# SFDX_AUTH_JWT_KEY: ${{ secrets.SFDX_AUTH_JWT_KEY }}
# SFDX_AUTH_JWT_USERNAME: ${{ secrets.SFDX_AUTH_JWT_USERNAME }}
# SFDX_AUTH_JWT_KEY_FILE: server.key
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# working-directory: ./packages/quantic

# TODO KIT-3074 Fix the publication into the GitHub Packages, and uncomment
# github-prod:
# needs: release
# runs-on: ubuntu-latest
# environment: 'GitHub Production'
# steps:
# - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4
# with:
# registry-url: 'https://npm.pkg.github.com'
# node-version-file: '.nvmrc'
# - name: Publish to GitHub Packages
# run: npm run release:phase5
# env:
# NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# DEBUG: ${{ inputs.debug && '*' || '' }}
33 changes: 24 additions & 9 deletions scripts/deploy/approve-production-release.mjs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,32 @@ const authSecrets = {
installationId: process.env.RELEASER_INSTALLATION_ID,
};

const productionEnvironments = [
'NPM Production',
'Docs Production',
// TODO KIT-3072: uncomment
// 'Quantic Production',

// TODO KIT-3074: uncomment
// 'GitHub Production',
];

const octokit = new Octokit({
authStrategy: createAppAuth,
auth: authSecrets,
});
await octokit.request(
`POST /repos/coveo/ui-kit/actions/runs/${process.argv[2]}/deployment_protection_rule`,
{
state: 'approved',
environment_name: 'Production',
headers: {
'X-GitHub-Api-Version': '2022-11-28',
},
}

await Promise.allSettled(
productionEnvironments.map((environment_name) =>
octokit.request(
`POST /repos/coveo/ui-kit/actions/runs/${process.argv[2]}/deployment_protection_rule`,
{
state: 'approved',
environment_name,
headers: {
'X-GitHub-Api-Version': '2022-11-28',
},
}
)
)
);

0 comments on commit bcd1ffd

Please sign in to comment.