Skip to content

Hand off open-source to dev-infra #2274

Hand off open-source to dev-infra

Hand off open-source to dev-infra #2274

Workflow file for this run

# This workflow will deploy to Google Cloud Run
#
# To configure this workflow, set up the following secrets in your workspace
#
# * `GITHUB_APP_IDENTIFIER` - GitHub App identifier
# * `GITHUB_APP_PRIVATE_KEY` - GitHub App private key
# * `GOOGLE_SERVICE_ACCOUNT_EMAIL` - Google service account email
# * `GOOGLE_APPLICATION_CREDENTIALS` - Google service account private key
# * `GITHUB_WEBHOOK_SECRET` - GitHub webhook secret to confirm that webhooks come from GitHub
name: CI
on:
push:
branches:
- main
paths:
- '.github/workflows/ci.yml'
- 'Dockerfile'
- 'package.json'
- 'src/**/*.ts'
- 'tsconfig.json'
- 'yarn.lock'
- 'bin/deploy.sh'
- 'holidays.yml'
- 'product-owners.yml'
- 'github-orgs.yml'
pull_request:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
timeout-minutes: 10
services:
# Label used to access the service container
postgres:
# Docker Hub image
image: postgres:12
# Provide the password for postgres
env:
POSTGRES_PASSWORD: docker
ports:
- 5434:5432
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: '18'
- name: yarn install
run: yarn install --immutable
- name: tsc
run: yarn build
- name: test
run: yarn test:ci --coverage
- name: Codecov
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
- name: eslint
run: yarn lint
docker:
runs-on: ubuntu-latest
timeout-minutes: 10
if: github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v3
- name: Builds docker image
run: docker build -t ci-tooling .
build-deploy:
name: build and deploy
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
timeout-minutes: 10
needs: [test]
environment: 'production'
env:
VERSION: ${{ github.sha }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
# for Sentry releases
fetch-depth: 0
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: '18'
- name: yarn install
run: yarn install --immutable
- name: tsc
run: yarn build
- id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: projects/868781662168/locations/global/workloadIdentityPools/prod-github/providers/github-oidc-pool
service_account: [email protected]
# Setup gcloud CLI
- name: Setup gcloud CLI
uses: google-github-actions/setup-gcloud@v1
# Deploy to Google Cloud Functions
- name: Deploy
id: deploy
env:
SLACK_BOT_USER_ACCESS_TOKEN: ${{ secrets.SLACK_BOT_USER_ACCESS_TOKEN }}
SLACK_SIGNING_SECRET: ${{ secrets.SLACK_SIGNING_SECRET }}
SLACK_BOT_APP_ID: ${{ secrets.SLACK_BOT_APP_ID }}
DD_API_KEY: ${{ secrets.DD_API_KEY }}
DD_APP_KEY: ${{ secrets.DD_APP_KEY }}
GH_APP_PRIVATE_KEY_FOR_GETSENTRY: ${{ secrets.GH_APP_PRIVATE_KEY_FOR_GETSENTRY}}
GH_APP_PRIVATE_KEY_FOR_CODECOV: ${{ secrets.GH_APP_PRIVATE_KEY_FOR_CODECOV}}
GH_APP_IDENTIFIER: ${{ secrets.GH_APP_IDENTIFIER }}
GH_WEBHOOK_SECRET: ${{ secrets.GH_WEBHOOK_SECRET }}
SENTRY_WEBPACK_WEBHOOK_SECRET: ${{ secrets.SENTRY_WEBPACK_WEBHOOK_SECRET }}
DB_USER: ${{ secrets.DB_USER }}
DB_NAME: ${{ secrets.DB_NAME }}
DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
DB_INSTANCE_CONNECTION_NAME: ${{ secrets.DB_INSTANCE_CONNECTION_NAME }}
GH_USER_TOKEN: ${{ secrets.GH_USER_TOKEN }}
GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }}
PREDICT_ENDPOINT: ${{ vars.PREDICT_ENDPOINT }}
run: |
echo "deploy-start=$(date +%s)" >> "$GITHUB_OUTPUT"
bin/deploy.sh
- name: Sentry Release
uses: getsentry/[email protected]
with:
environment: 'production'
sourcemaps: './lib'
url_prefix: 'app:///lib/'