rebuild #818
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: deploy | |
| on: | |
| repository_dispatch: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| env: | |
| IMAGE_NAME: us-central1-docker.pkg.dev/analysis-tools-dev/analysis-tools/website | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| concurrency: | |
| # Only one execution per branch/PR can run at the same time. | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| test: | |
| if: github.event_name == 'pull_request' | |
| runs-on: ubuntu-latest | |
| env: | |
| NEXT_TELEMETRY_DISABLED: 1 | |
| CI: true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci --legacy-peer-deps | |
| - name: Run linting | |
| run: npm run lint | |
| - name: Build project | |
| run: npm run build | |
| deploy: | |
| if: github.event_name != 'pull_request' | |
| runs-on: ubuntu-latest | |
| env: | |
| NEXT_TELEMETRY_DISABLED: 1 | |
| CI: true | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: 'Authenticate to Google Cloud' | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| workload_identity_provider: 'projects/84699750544/locations/global/workloadIdentityPools/github/providers/github' | |
| service_account: '[email protected]' | |
| - name: 'Set up Cloud SDK' | |
| uses: 'google-github-actions/setup-gcloud@v2' | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: 'npm' | |
| - name: Install dependencies | |
| run: npm ci --legacy-peer-deps | |
| - name: Run linting | |
| run: npm run lint | |
| - name: Build project | |
| run: npm run build | |
| - name: 'Configure Docker' | |
| run: gcloud auth configure-docker us-central1-docker.pkg.dev | |
| - name: 'Generate GitHub Token' | |
| id: generate_token | |
| uses: tibdex/github-app-token@v2 | |
| with: | |
| app_id: ${{ secrets.GH_APP_ID }} | |
| private_key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
| # We want to redeploy, whenever the tools.json file changes | |
| # so make sure to hash the file and use it as a tag for the Docker image | |
| - name: 'Download tools.json File' | |
| run: curl -sL https://github.com/analysis-tools-dev/static-analysis/raw/master/data/api/tools.json -o ./tools.json | |
| - name: 'Generate Hash of tools.json File' | |
| id: tools_json_hash | |
| run: echo "tools_json_hash=$(sha256sum tools.json | cut -c1-7)" >> $GITHUB_ENV | |
| # Also take screenshots.json into account, which is at | |
| # https://github.com/analysis-tools-dev/assets/blob/master/screenshots.json | |
| - name: 'Download screenshots.json File' | |
| run: curl -sL https://github.com/analysis-tools-dev/assets/raw/master/screenshots.json -o ./screenshots.json | |
| - name: 'Generate Hash of screenshots.json File' | |
| id: screenshots_json_hash | |
| run: echo "screenshots_json_hash=$(sha256sum screenshots.json | cut -c1-7)" >> $GITHUB_ENV | |
| # Image hash is a combination of the hashes | |
| - name: 'Set IMAGE_NAME hash' | |
| run: | | |
| short_hash=$(echo "${{ github.sha }}" | cut -c1-7) | |
| echo "IMAGE_NAME=${{ env.IMAGE_NAME }}:$short_hash-${{ env.tools_json_hash }}-${{ env.screenshots_json_hash }}" >> $GITHUB_ENV | |
| - name: 'Build Docker Image' | |
| env: | |
| GH_TOKEN: ${{ steps.generate_token.outputs.token }} | |
| run: | | |
| echo ${{ secrets.FIREBASE_TOKEN }} | base64 -d > ./credentials.json | |
| echo "Building Docker Image with tag $IMAGE_NAME" | |
| docker build --build-arg GH_TOKEN=${{ env.GH_TOKEN }} \ | |
| --build-arg PROJECT_ID=analysis-tools-dev \ | |
| -t ${IMAGE_NAME} . | |
| rm ./credentials.json | |
| - name: 'Push Docker Image' | |
| run: | | |
| echo "Pushing Docker Image $IMAGE_NAME" | |
| docker push $IMAGE_NAME | |
| - name: 'Deploy' | |
| uses: pulumi/actions@v5 | |
| env: | |
| # TODO: Create a password for Pulumi stack during project bootstrap | |
| PULUMI_CONFIG_PASSPHRASE: '${{ secrets.PULUMI_SECRET }}' | |
| ALGOLIA_API_KEY: '${{ secrets.ALGOLIA_API_KEY }}' | |
| with: | |
| command: up | |
| work-dir: ./pulumi | |
| cloud-url: gs://analysis-tools-dev-pulumi | |
| # TODO: Fix the branch name | |
| stack-name: stage | |
| refresh: true | |
| - name: 'Deploy prod' | |
| uses: pulumi/actions@v5 | |
| if: github.ref == 'refs/heads/main' | |
| env: | |
| # TODO: Create a password for Pulumi stack during project bootstrap | |
| PULUMI_CONFIG_PASSPHRASE: '${{ secrets.PULUMI_SECRET_PROD }}' | |
| ALGOLIA_API_KEY: '${{ secrets.ALGOLIA_API_KEY }}' | |
| with: | |
| command: up | |
| work-dir: ./pulumi | |
| cloud-url: gs://analysis-tools-dev-pulumi | |
| stack-name: prod | |
| refresh: true | |
| # Node.js is already set up earlier in the workflow | |
| - name: 'Update Algolia index' | |
| if: github.ref == 'refs/heads/main' | |
| env: | |
| ALGOLIA_APP_ID: '${{ secrets.ALGOLIA_APP_ID }}' | |
| ALGOLIA_ADMIN_KEY: '${{ secrets.ALGOLIA_ADMIN_KEY }}' | |
| ALGOLIA_INDEX_NAME: 'tools' | |
| run: | | |
| npm run search-index |