[Prod] Build 742 of branch release by @rjsparks #742
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Release | |
run-name: ${{ github.ref_name == 'release' && '[Prod]' || '[Dev]' }} Build ${{ github.run_number }} of branch ${{ github.ref_name }} by @${{ github.actor }} | |
on: | |
push: | |
branches: [release] | |
workflow_dispatch: | |
inputs: | |
deploy: | |
description: 'Deploy to K8S' | |
default: 'Skip' | |
required: true | |
type: choice | |
options: | |
- Skip | |
- Staging Only | |
- Staging + Prod | |
sandbox: | |
description: 'Deploy to Sandbox' | |
default: true | |
required: true | |
type: boolean | |
sandboxNoDbRefresh: | |
description: 'Sandbox Disable Daily DB Refresh' | |
default: false | |
required: true | |
type: boolean | |
skiptests: | |
description: 'Skip Tests' | |
default: false | |
required: true | |
type: boolean | |
skiparm: | |
description: 'Skip ARM64 Build' | |
default: false | |
required: true | |
type: boolean | |
ignoreLowerCoverage: | |
description: 'Ignore Lower Coverage' | |
default: false | |
required: true | |
type: boolean | |
updateCoverage: | |
description: 'Update Baseline Coverage' | |
default: false | |
required: true | |
type: boolean | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
# ----------------------------------------------------------------- | |
# PREPARE | |
# ----------------------------------------------------------------- | |
prepare: | |
name: Prepare Release | |
runs-on: ubuntu-latest | |
outputs: | |
should_deploy: ${{ steps.buildvars.outputs.should_deploy }} | |
pkg_version: ${{ steps.buildvars.outputs.pkg_version }} | |
from_tag: ${{ steps.semver.outputs.nextStrict }} | |
to_tag: ${{ steps.semver.outputs.current }} | |
base_image_version: ${{ steps.baseimgversion.outputs.base_image_version }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
fetch-tags: false | |
- name: Get Next Version (Prod) | |
if: ${{ github.ref_name == 'release' }} | |
id: semver | |
uses: ietf-tools/semver-action@v1 | |
with: | |
token: ${{ github.token }} | |
branch: release | |
skipInvalidTags: true | |
- name: Get Dev Version | |
if: ${{ github.ref_name != 'release' }} | |
id: semverdev | |
uses: ietf-tools/semver-action@v1 | |
with: | |
token: ${{ github.token }} | |
branch: release | |
skipInvalidTags: true | |
noVersionBumpBehavior: 'current' | |
noNewCommitBehavior: 'current' | |
- name: Set Release Flag | |
if: ${{ github.ref_name == 'release' }} | |
run: | | |
echo "IS_RELEASE=true" >> $GITHUB_ENV | |
- name: Create Draft Release | |
uses: ncipollo/[email protected] | |
if: ${{ github.ref_name == 'release' }} | |
with: | |
prerelease: true | |
draft: false | |
commit: ${{ github.sha }} | |
tag: ${{ steps.semver.outputs.nextStrict }} | |
name: ${{ steps.semver.outputs.nextStrict }} | |
body: '*pending*' | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set Build Variables | |
id: buildvars | |
run: | | |
if [[ $IS_RELEASE ]]; then | |
echo "Using AUTO SEMVER mode: ${{ steps.semver.outputs.nextStrict }}" | |
echo "should_deploy=true" >> $GITHUB_OUTPUT | |
echo "pkg_version=${{ steps.semver.outputs.nextStrict }}" >> $GITHUB_OUTPUT | |
echo "::notice::Release ${{ steps.semver.outputs.nextStrict }} created using branch $GITHUB_REF_NAME" | |
else | |
echo "Using TEST mode: ${{ steps.semverdev.outputs.nextMajorStrict }}.0.0-dev.$GITHUB_RUN_NUMBER" | |
echo "should_deploy=false" >> $GITHUB_OUTPUT | |
echo "pkg_version=${{ steps.semverdev.outputs.nextMajorStrict }}.0.0-dev.$GITHUB_RUN_NUMBER" >> $GITHUB_OUTPUT | |
echo "::notice::Non-production build ${{ steps.semverdev.outputs.nextMajorStrict }}.0.0-dev.$GITHUB_RUN_NUMBER created using branch $GITHUB_REF_NAME" | |
fi | |
- name: Get Base Image Target Version | |
id: baseimgversion | |
run: | | |
echo "base_image_version=$(sed -n '1p' dev/build/TARGET_BASE)" >> $GITHUB_OUTPUT | |
# ----------------------------------------------------------------- | |
# TESTS | |
# ----------------------------------------------------------------- | |
tests: | |
name: Run Tests | |
uses: ./.github/workflows/tests.yml | |
if: ${{ github.event.inputs.skiptests == 'false' || github.ref_name == 'release' }} | |
needs: [prepare] | |
secrets: inherit | |
with: | |
ignoreLowerCoverage: ${{ github.event.inputs.ignoreLowerCoverage == 'true' }} | |
skipSelenium: true | |
targetBaseVersion: ${{ needs.prepare.outputs.base_image_version }} | |
# ----------------------------------------------------------------- | |
# RELEASE | |
# ----------------------------------------------------------------- | |
release: | |
name: Make Release | |
if: ${{ !failure() && !cancelled() }} | |
needs: [tests, prepare] | |
runs-on: | |
group: hperf-8c32r | |
permissions: | |
contents: write | |
packages: write | |
env: | |
SHOULD_DEPLOY: ${{needs.prepare.outputs.should_deploy}} | |
PKG_VERSION: ${{needs.prepare.outputs.pkg_version}} | |
FROM_TAG: ${{needs.prepare.outputs.from_tag}} | |
TO_TAG: ${{needs.prepare.outputs.to_tag}} | |
TARGET_BASE: ${{needs.prepare.outputs.base_image_version}} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
fetch-tags: false | |
- name: Setup Node.js environment | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18.x | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.x" | |
- name: Download a Coverage Results | |
if: ${{ github.event.inputs.skiptests == 'false' || github.ref_name == 'release' }} | |
uses: actions/[email protected] | |
with: | |
name: coverage | |
- name: Make Release Build | |
env: | |
DEBIAN_FRONTEND: noninteractive | |
BROWSERSLIST_IGNORE_OLD_DATA: 1 | |
run: | | |
echo "PKG_VERSION: $PKG_VERSION" | |
echo "GITHUB_SHA: $GITHUB_SHA" | |
echo "GITHUB_REF_NAME: $GITHUB_REF_NAME" | |
echo "Running frontend build script..." | |
echo "Compiling native node packages..." | |
yarn rebuild | |
echo "Packaging static assets..." | |
yarn build --base=https://static.ietf.org/dt/$PKG_VERSION/ | |
yarn legacy:build | |
echo "Setting version $PKG_VERSION..." | |
sed -i -r -e "s|^__version__ += '.*'$|__version__ = '$PKG_VERSION'|" ietf/__init__.py | |
sed -i -r -e "s|^__release_hash__ += '.*'$|__release_hash__ = '$GITHUB_SHA'|" ietf/__init__.py | |
sed -i -r -e "s|^__release_branch__ += '.*'$|__release_branch__ = '$GITHUB_REF_NAME'|" ietf/__init__.py | |
- name: Set Production Flags | |
if: ${{ env.SHOULD_DEPLOY == 'true' }} | |
run: | | |
echo "Setting production flags in settings.py..." | |
sed -i -r -e 's/^DEBUG *= *.*$/DEBUG = False/' -e "s/^SERVER_MODE *= *.*\$/SERVER_MODE = 'production'/" ietf/settings.py | |
- name: Make Release Tarball | |
env: | |
DEBIAN_FRONTEND: noninteractive | |
run: | | |
echo "Build release tarball..." | |
mkdir -p /home/runner/work/release | |
tar -czf /home/runner/work/release/release.tar.gz -X dev/build/exclude-patterns.txt . | |
- name: Collect + Push Statics | |
env: | |
DEBIAN_FRONTEND: noninteractive | |
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_STATIC_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_STATIC_KEY_SECRET }} | |
AWS_DEFAULT_REGION: auto | |
AWS_ENDPOINT_URL: ${{ secrets.CF_R2_ENDPOINT }} | |
run: | | |
echo "Collecting statics..." | |
echo "Using ghcr.io/ietf-tools/datatracker-app-base:${{ env.TARGET_BASE }}" | |
docker run --rm --name collectstatics -v $(pwd):/workspace ghcr.io/ietf-tools/datatracker-app-base:${{ env.TARGET_BASE }} sh dev/build/collectstatics.sh | |
echo "Pushing statics..." | |
cd static | |
aws s3 sync . s3://static/dt/$PKG_VERSION --only-show-errors | |
- name: Augment dockerignore for docker image build | |
env: | |
DEBIAN_FRONTEND: noninteractive | |
run: | | |
cat >> .dockerignore <<EOL | |
.devcontainer | |
.github | |
.vscode | |
k8s | |
playwright | |
svn-history | |
docker-compose.yml | |
EOL | |
- name: Setup Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Add feature-latest tag | |
if: ${{ startsWith(github.ref_name, 'feat/') }} | |
run: echo "FEATURE_LATEST_TAG=$(echo $GITHUB_REF_NAME | tr / -)" >> $GITHUB_ENV | |
- name: Build Images | |
uses: docker/build-push-action@v6 | |
env: | |
DOCKER_BUILD_SUMMARY: false | |
with: | |
context: . | |
file: dev/build/Dockerfile | |
platforms: ${{ github.event.inputs.skiparm == 'true' && 'linux/amd64' || 'linux/amd64,linux/arm64' }} | |
push: true | |
tags: | | |
ghcr.io/ietf-tools/datatracker:${{ env.PKG_VERSION }} | |
${{ env.FEATURE_LATEST_TAG && format('ghcr.io/ietf-tools/datatracker:{0}-latest', env.FEATURE_LATEST_TAG) || null }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- name: Update CHANGELOG | |
id: changelog | |
uses: Requarks/changelog-action@v1 | |
if: ${{ env.SHOULD_DEPLOY == 'true' }} | |
with: | |
token: ${{ github.token }} | |
fromTag: ${{ env.FROM_TAG }} | |
toTag: ${{ env.TO_TAG }} | |
writeToFile: false | |
- name: Download Coverage Results | |
if: ${{ github.event.inputs.skiptests == 'false' || github.ref_name == 'release' }} | |
uses: actions/[email protected] | |
with: | |
name: coverage | |
- name: Prepare Coverage Action | |
if: ${{ github.event.inputs.skiptests == 'false' || github.ref_name == 'release' }} | |
working-directory: ./dev/coverage-action | |
run: npm install | |
- name: Process Coverage Stats + Chart | |
id: covprocess | |
uses: ./dev/coverage-action/ | |
if: ${{ github.event.inputs.skiptests == 'false' || github.ref_name == 'release' }} | |
with: | |
token: ${{ github.token }} | |
tokenCommon: ${{ secrets.GH_COMMON_TOKEN }} | |
repoCommon: common | |
version: ${{needs.prepare.outputs.pkg_version}} | |
changelog: ${{ steps.changelog.outputs.changes }} | |
summary: '' | |
coverageResultsPath: coverage.json | |
histCoveragePath: historical-coverage.json | |
- name: Create Release | |
uses: ncipollo/[email protected] | |
if: ${{ env.SHOULD_DEPLOY == 'true' }} | |
with: | |
allowUpdates: true | |
makeLatest: true | |
draft: false | |
tag: ${{ env.PKG_VERSION }} | |
name: ${{ env.PKG_VERSION }} | |
body: ${{ steps.covprocess.outputs.changelog }} | |
artifacts: "/home/runner/work/release/release.tar.gz,coverage.json,historical-coverage.json" | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Update Baseline Coverage | |
uses: ncipollo/[email protected] | |
if: ${{ github.event.inputs.updateCoverage == 'true' || github.ref_name == 'release' }} | |
with: | |
allowUpdates: true | |
tag: baseline | |
omitBodyDuringUpdate: true | |
omitNameDuringUpdate: true | |
omitPrereleaseDuringUpdate: true | |
replacesArtifacts: true | |
artifacts: "coverage.json" | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Upload Build Artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: release-${{ env.PKG_VERSION }} | |
path: /home/runner/work/release/release.tar.gz | |
# ----------------------------------------------------------------- | |
# NOTIFY | |
# ----------------------------------------------------------------- | |
notify: | |
name: Notify | |
if: ${{ always() }} | |
needs: [prepare, tests, release] | |
runs-on: ubuntu-latest | |
env: | |
PKG_VERSION: ${{needs.prepare.outputs.pkg_version}} | |
steps: | |
- name: Notify on Slack (Success) | |
if: ${{ !contains(join(needs.*.result, ','), 'failure') }} | |
uses: slackapi/slack-github-action@v2 | |
with: | |
token: ${{ secrets.SLACK_GH_BOT }} | |
method: chat.postMessage | |
payload: | | |
channel: ${{ secrets.SLACK_GH_BUILDS_CHANNEL_ID }} | |
text: "Datatracker Build <https://github.com/ietf-tools/datatracker/actions/runs/${{ github.run_id }}|${{ env.PKG_VERSION }}> by ${{ github.triggering_actor }}" | |
attachments: | |
- color: "28a745" | |
fields: | |
- title: "Status" | |
short: true | |
value: "Completed" | |
- name: Notify on Slack (Failure) | |
if: ${{ contains(join(needs.*.result, ','), 'failure') }} | |
uses: slackapi/slack-github-action@v2 | |
with: | |
token: ${{ secrets.SLACK_GH_BOT }} | |
method: chat.postMessage | |
payload: | | |
channel: ${{ secrets.SLACK_GH_BUILDS_CHANNEL_ID }} | |
text: "Datatracker Build <https://github.com/ietf-tools/datatracker/actions/runs/${{ github.run_id }}|${{ env.PKG_VERSION }}> by ${{ github.triggering_actor }}" | |
attachments: | |
- color: "a82929" | |
fields: | |
- title: "Status" | |
short: true | |
value: "Failed" | |
# ----------------------------------------------------------------- | |
# SANDBOX | |
# ----------------------------------------------------------------- | |
sandbox: | |
name: Deploy to Sandbox | |
if: ${{ !failure() && !cancelled() && github.event.inputs.sandbox == 'true' }} | |
needs: [prepare, release] | |
runs-on: [self-hosted, dev-server] | |
environment: | |
name: sandbox | |
env: | |
PKG_VERSION: ${{needs.prepare.outputs.pkg_version}} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Download a Release Artifact | |
uses: actions/[email protected] | |
with: | |
name: release-${{ env.PKG_VERSION }} | |
- name: Deploy to containers | |
env: | |
DEBIAN_FRONTEND: noninteractive | |
run: | | |
echo "Reset production flags in settings.py..." | |
sed -i -r -e 's/^DEBUG *= *.*$/DEBUG = True/' -e "s/^SERVER_MODE *= *.*\$/SERVER_MODE = 'development'/" ietf/settings.py | |
echo "Install Deploy to Container CLI dependencies..." | |
cd dev/deploy-to-container | |
npm ci | |
cd ../.. | |
echo "Start Deploy..." | |
node ./dev/deploy-to-container/cli.js --branch ${{ github.ref_name }} --domain dev.ietf.org --appversion ${{ env.PKG_VERSION }} --commit ${{ github.sha }} --ghrunid ${{ github.run_id }} --nodbrefresh ${{ github.event.inputs.sandboxNoDbRefresh }} | |
- name: Cleanup old docker resources | |
env: | |
DEBIAN_FRONTEND: noninteractive | |
run: | | |
docker image prune -a -f | |
# ----------------------------------------------------------------- | |
# STAGING | |
# ----------------------------------------------------------------- | |
staging: | |
name: Deploy to Staging | |
if: ${{ !failure() && !cancelled() && (github.event.inputs.deploy == 'Staging Only' || github.event.inputs.deploy == 'Staging + Prod' || github.ref_name == 'release') }} | |
needs: [prepare, release] | |
runs-on: ubuntu-latest | |
environment: | |
name: staging | |
env: | |
PKG_VERSION: ${{needs.prepare.outputs.pkg_version}} | |
steps: | |
- name: Deploy to staging | |
uses: the-actions-org/workflow-dispatch@v4 | |
with: | |
workflow: deploy.yml | |
repo: ietf-tools/infra-k8s | |
ref: main | |
token: ${{ secrets.GH_INFRA_K8S_TOKEN }} | |
inputs: '{ "environment":"${{ secrets.GHA_K8S_CLUSTER }}", "app":"datatracker", "appVersion":"${{ env.PKG_VERSION }}", "remoteRef":"${{ github.sha }}" }' | |
wait-for-completion: true | |
wait-for-completion-timeout: 10m | |
wait-for-completion-interval: 30s | |
display-workflow-run-url: false | |
# ----------------------------------------------------------------- | |
# PROD | |
# ----------------------------------------------------------------- | |
prod: | |
name: Deploy to Production | |
if: ${{ !failure() && !cancelled() && (github.event.inputs.deploy == 'Staging + Prod' || github.ref_name == 'release') }} | |
needs: [prepare, staging] | |
runs-on: ubuntu-latest | |
environment: | |
name: production | |
env: | |
PKG_VERSION: ${{needs.prepare.outputs.pkg_version}} | |
steps: | |
- name: Deploy to production | |
uses: the-actions-org/workflow-dispatch@v4 | |
with: | |
workflow: deploy.yml | |
repo: ietf-tools/infra-k8s | |
ref: main | |
token: ${{ secrets.GH_INFRA_K8S_TOKEN }} | |
inputs: '{ "environment":"${{ secrets.GHA_K8S_CLUSTER }}", "app":"datatracker", "appVersion":"${{ env.PKG_VERSION }}", "remoteRef":"${{ github.sha }}" }' | |
wait-for-completion: true | |
wait-for-completion-timeout: 10m | |
wait-for-completion-interval: 30s | |
display-workflow-run-url: false |