build(deps): bump algoliasearch from 3.0.0 to 4.11.2 in /api #9059
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "1 [on_pull_request] Initiate workflow" | |
on: | |
pull_request: | |
branches-ignore: | |
- docs | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number }} | |
cancel-in-progress: true | |
permissions: write-all | |
env: | |
docker_registry: "europe-west1-docker.pkg.dev/passculture-infra-prod/pass-culture-artifact-registry" | |
jobs: | |
pcapi-init-job: | |
name: "Init job" | |
runs-on: ubuntu-22.04 | |
outputs: | |
api-changed: ${{ steps.check-api-changes.outputs.any_modified }} | |
api-documentation-changed: ${{ steps.check-api-documentation-changes.outputs.any_modified }} | |
pro-changed: ${{ steps.check-pro-changes.outputs.any_modified }} | |
dependencies-changed: ${{ steps.check-dependencies-changes.outputs.any_modified }} | |
push-tags: ${{ steps.pcapi-tags.outputs.push-tags }} | |
checksum-tag: ${{ steps.pcapi-tags.outputs.checksum-tag }} | |
checksum-tag-exists: ${{ steps.check-checksum-tag.outputs.tag-exists }} | |
checksum-console-tag-exists: ${{ steps.check-console-checksum-tag.outputs.tag-exists }} | |
steps: | |
- uses: actions/[email protected] | |
with: | |
fetch-depth: 0 | |
fetch-tags: false | |
- name: "Check api folder changes" | |
id: check-api-changes | |
uses: tj-actions/changed-files@v45 | |
with: | |
files: | | |
api/** | |
!api/documentation/** | |
!api/src/pcapi/scripts/**/main.py | |
!api/src/pcapi/scripts/**/main.sql | |
- name: "Check api documentation folder changes" | |
id: check-api-documentation-changes | |
uses: tj-actions/changed-files@v45 | |
with: | |
files: api/documentation/** | |
- name: "Check pro folder changes" | |
id: check-pro-changes | |
uses: tj-actions/changed-files@v45 | |
with: | |
files: pro/** | |
- name: "Check changes in dependencies (frontend + backend)" | |
id: check-dependencies-changes | |
uses: tj-actions/changed-files@v45 | |
with: | |
files: | | |
api/poetry.lock | |
pro/yarn.lock | |
# checkout source branch of the pull request | |
- uses: actions/[email protected] | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
fetch-depth: 0 | |
fetch-tags: false | |
- name: "Define pcapi image tags." | |
id: pcapi-tags | |
run: | | |
DOCKER_IMAGE="${{ env.docker_registry }}/pcapi" | |
API_CHECKSUM=`tar --sort=name --owner=0 --group=0 --mtime='UTC 2019-01-01' -cf - api | sha1sum | awk '{ print $1 }'` | |
PUSH_TAGS="push-tags=$DOCKER_IMAGE:${{ github.event.pull_request.head.sha }},$DOCKER_IMAGE:$API_CHECKSUM" | |
API_TAG="checksum-tag=$API_CHECKSUM" | |
echo "PUSH_TAGS=$PUSH_TAGS" | |
echo "API_TAG=$API_TAG" | |
echo $PUSH_TAGS >> "$GITHUB_OUTPUT" | |
echo $API_TAG >> "$GITHUB_OUTPUT" | |
- name: "Authentification to Google" | |
uses: 'google-github-actions/auth@v2' | |
with: | |
workload_identity_provider: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
service_account: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
- name: "Get Secret" | |
id: 'secrets' | |
uses: 'google-github-actions/get-secretmanager-secrets@v2' | |
with: | |
secrets: |- | |
ARTIFACT_REGISTRY_WORKLOAD_IDENTITY_PROVIDER:passculture-metier-ehp/passculture-main-gcp-workload-identity-provider | |
ARTIFACT_REGISTRY_SERVICE_ACCOUNT:passculture-metier-ehp/passculture-main-artifact-registry-service-account | |
- name: "OpenID Connect Authentication" | |
id: "openid-auth" | |
uses: "google-github-actions/auth@v2" | |
with: | |
create_credentials_file: false | |
token_format: "access_token" | |
workload_identity_provider: ${{ steps.secrets.outputs.ARTIFACT_REGISTRY_WORKLOAD_IDENTITY_PROVIDER }} | |
service_account: ${{ steps.secrets.outputs.ARTIFACT_REGISTRY_SERVICE_ACCOUNT }} | |
- name: "Docker login" | |
id: "docker-login" | |
uses: "docker/login-action@v3" | |
with: | |
registry: "europe-west1-docker.pkg.dev" | |
username: "oauth2accesstoken" | |
password: "${{ steps.openid-auth.outputs.access_token }}" | |
- name: "pcapi" | |
id: check-checksum-tag | |
run: bash ./.github/workflows/scripts/check-image-tag-exists.sh | |
env: | |
image: pcapi | |
tag: ${{ steps.pcapi-tags.outputs.checksum-tag }} | |
token: ${{ steps.openid-auth.outputs.access_token }} | |
- name: "pcapi-console" | |
id: check-console-checksum-tag | |
run: bash ./.github/workflows/scripts/check-image-tag-exists.sh | |
env: | |
image: pcapi-console | |
tag: ${{ steps.pcapi-tags.outputs.checksum-tag }} | |
token: ${{ steps.openid-auth.outputs.access_token }} | |
- name: "Publish Summary" | |
run: | | |
{ | |
echo "### :rocket: Init Job summary" | |
echo "| Results | Value |" | |
echo "| ------------------------------------ | ----- |" | |
echo "| commit sha | ${{ github.sha }} |" | |
echo "| [api] content changed | ${{ steps.check-api-documentation-changes.outputs.any_modified }} |" | |
echo "| [api-documentation] content changed | ${{ steps.check-api-documentation-changes.outputs.any_modified }} |" | |
echo "| [pro] content changed | ${{ steps.check-pro-changes.outputs.any_modified }} |" | |
echo "| [dependencies] content changed | ${{ steps.check-dependencies-changes.outputs.any_modified }} |" | |
echo "| [pcapi] image tag | ${{ steps.pcapi-tags.outputs.checksum-tag }} |" | |
echo "| [pcapi] image already exists | ${{ steps.check-checksum-tag.outputs.tag-exists }} |" | |
echo "| [pcapi-console] image already exists | ${{ steps.check-console-checksum-tag.outputs.tag-exists }} |" | |
} >> $GITHUB_STEP_SUMMARY | |
build-pcapi: | |
name: "[pcapi] build docker image." | |
needs: [pcapi-init-job] | |
if: needs.pcapi-init-job.outputs.api-changed == 'true' && needs.pcapi-init-job.outputs.checksum-tag-exists == 'false' | |
uses: ./.github/workflows/dev_on_workflow_build_docker_image.yml | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
image: pcapi | |
tag: ${{ needs.pcapi-init-job.outputs.checksum-tag }} | |
secrets: | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
# Always build pcapi-tests image if api changed | |
build-pcapi-tests: | |
name: "[pcapi-tests] build docker image." | |
needs: [pcapi-init-job] | |
if: needs.pcapi-init-job.outputs.api-changed == 'true' && needs.pcapi-init-job.outputs.checksum-tag-exists == 'false' | |
uses: ./.github/workflows/dev_on_workflow_build_docker_image.yml | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
image: pcapi-tests | |
tag: ${{ needs.pcapi-init-job.outputs.checksum-tag }} | |
secrets: | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
build-pcapi-console: | |
name: "[pcapi-console] build docker image." | |
needs: [pcapi-init-job] | |
if: (needs.pcapi-init-job.outputs.api-changed == 'true' || needs.pcapi-init-job.outputs.pro-changed == 'true') && needs.pcapi-init-job.outputs.checksum-console-tag-exists == 'false' | |
uses: ./.github/workflows/dev_on_workflow_build_docker_image.yml | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
image: pcapi-console | |
tag: ${{ needs.pcapi-init-job.outputs.checksum-tag }} | |
secrets: | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
run-mypy-cop: | |
name: "MyPy cop" | |
needs: [pcapi-init-job] | |
if: | | |
github.event_name == 'pull_request' && | |
needs.pcapi-init-job.outputs.api-changed == 'true' | |
uses: ./.github/workflows/dev_on_workflow_mypy_cop.yml | |
update-api-client-template: | |
name: "Update api client template" | |
needs: [pcapi-init-job, build-pcapi] | |
uses: ./.github/workflows/dev_on_workflow_update_api_client_template.yml | |
concurrency: | |
group: update-api-client-template-${{ github.ref }} | |
cancel-in-progress: true | |
with: | |
PCAPI_DOCKER_TAG: ${{ needs.pcapi-init-job.outputs.checksum-tag }} | |
TRIGGER_ONLY_ON_API_CHANGE: true | |
TRIGGER_ONLY_ON_DEPENDENCY_CHANGE: true | |
CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache" | |
api-changed: ${{ needs.pcapi-init-job.outputs.api-changed }} | |
dependencies-changed: ${{ needs.pcapi-init-job.outputs.dependencies-changed }} | |
secrets: | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
test-api: | |
name: "Tests api" | |
needs: [pcapi-init-job, build-pcapi-tests] | |
uses: ./.github/workflows/dev_on_workflow_tests_api.yml | |
with: | |
tag: ${{ needs.pcapi-init-job.outputs.checksum-tag }} | |
secrets: | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
test-api-documentation: | |
name: "Tests API documentation" | |
needs: [pcapi-init-job] | |
if: needs.pcapi-init-job.outputs.api-documentation-changed == 'true' | |
uses: ./.github/workflows/dev_on_workflow_tests_api_documentation.yml | |
secrets: | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
test-pro: | |
name: "Tests pro" | |
needs: [pcapi-init-job] | |
if: needs.pcapi-init-job.outputs.pro-changed == 'true' | |
uses: ./.github/workflows/dev_on_workflow_tests_pro.yml | |
with: | |
CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache" | |
secrets: | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
test-pro-e2e: | |
name: "Tests pro E2E" | |
needs: [pcapi-init-job, build-pcapi] | |
uses: ./.github/workflows/dev_on_workflow_tests_pro_e2e.yml | |
if: | |
always() && | |
!cancelled() && | |
needs.pcapi-init-job.outputs.api-changed == 'true' || | |
needs.pcapi-init-job.outputs.pro-changed == 'true' | |
with: | |
tag: ${{ needs.build-pcapi.result == 'skipped' && 'latest' || needs.pcapi-init-job.outputs.checksum-tag }} | |
CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache" | |
secrets: | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
dependabot-auto-merge: | |
name: "Dependabot" | |
needs: test-pro | |
if: github.actor == 'dependabot[bot]' | |
uses: ./.github/workflows/dev_on_workflow_dependabot_auto_merge.yml | |
# Deploy on firebase if pro tests are ok OR job was skipped (= no changes in pro folder) | |
deploy-pro-on-firebase-pullrequest: | |
name: "[PRO] Deploy PR version for validation" | |
needs: [pcapi-init-job, test-pro] | |
if: always() && (needs.test-pro.result == 'success' || needs.test-pro.result == 'skipped') | |
uses: ./.github/workflows/dev_on_workflow_deploy_pro_pr_version_generic.yml | |
secrets: | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
with: | |
ENV: "testing" | |
CHANNEL: "" | |
REF: "${{ github.ref }}" | |
CACHE_BUCKET_NAME: "passculture-infra-prod-github-runner-cache" | |
is_pull_request: true | |
# Push docker images to registry | |
push-pcapi: | |
name: "Push pcapi docker image to registry" | |
needs: [pcapi-init-job, test-api, test-pro-e2e] | |
uses: ./.github/workflows/dev_on_workflow_push_docker_image.yml | |
with: | |
image: pcapi | |
commit-hash: ${{ github.event.pull_request.head.sha }} | |
checksum-tag: ${{ needs.pcapi-init-job.outputs.checksum-tag }} | |
secrets: | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
push-pcapi-console: | |
name: "Push pcapi-console docker image to registry" | |
needs: [pcapi-init-job, test-api, test-pro-e2e] | |
uses: ./.github/workflows/dev_on_workflow_push_docker_image.yml | |
with: | |
image: pcapi-console | |
commit-hash: ${{ github.event.pull_request.head.sha }} | |
checksum-tag: ${{ needs.pcapi-init-job.outputs.checksum-tag }} | |
secrets: | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} | |
# Deploy pullrequest to testing environment | |
# If image builds were successfull OR image was already present in registry | |
deploy: | |
name: "Deploy PullRequest to testing environment" | |
needs: [pcapi-init-job, push-pcapi, push-pcapi-console, deploy-pro-on-firebase-pullrequest] | |
if: | | |
always() && | |
!cancelled() && | |
github.actor != 'dependabot[bot]' && | |
(needs.push-pcapi.result == 'success' && needs.push-pcapi-console.result == 'success') || | |
(needs.pcapi-init-job.outputs.checksum-console-tag-exists == 'true' && needs.pcapi-init-job.outputs.checksum-console-tag-exists == 'true') | |
uses: ./.github/workflows/dev_on_workflow_deploy_pullrequests.yml | |
with: | |
environment: pullrequest | |
app_version: ${{ needs.pcapi-init-job.outputs.checksum-tag }} | |
pro_url: ${{ needs.deploy-pro-on-firebase-pullrequest.outputs.pro_url }} | |
secrets: | |
GCP_EHP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_EHP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_EHP_SERVICE_ACCOUNT: ${{ secrets.GCP_EHP_SERVICE_ACCOUNT }} |