Skip to content

v0.22.0

v0.22.0 #226

name: Demo Production
on:
workflow_dispatch:
release:
types: [published]
permissions:
id-token: write # This is required for requesting the OIDC JWT for authing with Azure
contents: read # This is required for actions/checkout
jobs:
build:
if: ${{ github.repository == 'primer/view_components' }}
runs-on: ubuntu-latest
environment: production
steps:
- uses: actions/checkout@v4
- name: Setup Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: '3.2'
bundler-cache: true
working-directory: 'demo/'
- name: Docker login
env:
AZURE_ACR_PASSWORD: ${{ secrets.AZURE_ACR_PASSWORD }}
run: echo $AZURE_ACR_PASSWORD | docker login primer.azurecr.io --username GitHubActions --password-stdin
- uses: Azure/login@v2
with:
# excluding a client secret here will cause a login via OpenID Connect (OIDC),
# which prevents us from having to rotate client credentials, etc
client-id: "5ad1a188-b944-40eb-a2f8-cc683a6a65a0"
tenant-id: "398a6654-997b-47e9-b12b-9515b896b4de"
subscription-id: "550eb99d-d0c7-4651-a337-f53fa6520c4f"
- name: Purge tags
run: |
# only delete tags that aren't "latest" or "latest-assets"
CMD=$(cat <<CMD
acr purge --filter 'primer/view_components_storybook:^(?!latest(-assets)?$).*' --ago 0d --keep 20
CMD
)
az acr run --cmd "$CMD" --registry primer /dev/null
- name: Bundle
run: |
gem install bundler -v '~> 2.3'
bundle install --jobs 4 --retry 3 --gemfile demo/gemfiles/kuby.gemfile --path vendor/bundle
- name: Pull latest
run: |
docker pull primer.azurecr.io/primer/view_components_storybook:latest || true
docker pull primer.azurecr.io/primer/view_components_storybook:latest-assets || true
- name: Build
env:
RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
run: |
bin/kuby -e production build --only app -- --cache-from primer.azurecr.io/primer/view_components_storybook:latest
bin/kuby -e production build --only assets -- --cache-from primer.azurecr.io/primer/view_components_storybook:latest-assets
- name: Push
run: bin/kuby -e production push
deploy:
runs-on: ubuntu-latest
environment: production
needs: build
steps:
- uses: actions/checkout@v4
- name: Setup Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: '3.2'
bundler-cache: true
- uses: actions/[email protected]
with:
path: demo/gemfiles/vendor/bundle
key: gems-build-kuby-main-ruby-3.2.x-${{ hashFiles('demo/gemfiles/kuby.gemfile.lock') }}
- name: Bundle
run: |
gem install bundler -v '~> 2.3'
bundle install --jobs 4 --retry 3 --gemfile demo/gemfiles/kuby.gemfile --path vendor/bundle
- uses: Azure/login@v2
with:
# excluding a client secret here will cause a login via OpenID Connect (OIDC),
# which prevents us from having to rotate client credentials, etc
client-id: "5ad1a188-b944-40eb-a2f8-cc683a6a65a0"
tenant-id: "398a6654-997b-47e9-b12b-9515b896b4de"
subscription-id: "550eb99d-d0c7-4651-a337-f53fa6520c4f"
- name: Deploy
env:
RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
AZURE_ACR_PASSWORD: ${{ secrets.AZURE_ACR_PASSWORD }}
run: |
export AZURE_ACCESS_TOKEN=$(az account get-access-token --subscription 550eb99d-d0c7-4651-a337-f53fa6520c4f | jq -r .accessToken)
bin/kuby -e production deploy