From 40df01dc90a4b797d49cea555881afe73ca6ac26 Mon Sep 17 00:00:00 2001 From: Joey Orlando Date: Thu, 13 Jun 2024 15:28:41 -0400 Subject: [PATCH] debugging helm release github actions workflow --- .github/workflows/on-release-published.yml | 146 ++++++++++----------- 1 file changed, 72 insertions(+), 74 deletions(-) diff --git a/.github/workflows/on-release-published.yml b/.github/workflows/on-release-published.yml index 87cf9c59..6dc680a1 100644 --- a/.github/workflows/on-release-published.yml +++ b/.github/workflows/on-release-published.yml @@ -4,88 +4,86 @@ on: release: types: - published - # TODO: remove when done testing - workflow_dispatch: jobs: - # linting-and-tests: - # name: Linting and tests - # uses: ./.github/workflows/linting-and-tests.yml + linting-and-tests: + name: Linting and tests + uses: ./.github/workflows/linting-and-tests.yml - # snyk-security-scan: - # name: Snyk security scan - # uses: ./.github/workflows/snyk-security-scan.yml + snyk-security-scan: + name: Snyk security scan + uses: ./.github/workflows/snyk-security-scan.yml - # build-sign-and-publish-plugin-to-gcom: - # name: Build, sign, and publish frontend plugin to grafana.com - # needs: - # - linting-and-tests - # - snyk-security-scan - # runs-on: ubuntu-latest - # # These permissions are needed to assume roles from Github's OIDC. - # # https://github.com/grafana/shared-workflows/tree/main/actions/get-vault-secrets - # permissions: - # contents: read - # id-token: write - # steps: - # - name: Checkout project - # uses: actions/checkout@v4 - # - name: Install frontend dependencies - # uses: ./.github/actions/install-frontend-dependencies - # # This will fetch the secret keys from vault and set them as environment variables for subsequent steps - # - name: Get Vault secrets - # uses: grafana/shared-workflows/actions/get-vault-secrets@main - # with: - # repo_secrets: | - # GRAFANA_ACCESS_POLICY_TOKEN=github_actions:cloud-access-policy-token - # GCS_PLUGIN_PUBLISHER_SERVICE_ACCOUNT_JSON=github_actions:gcs-plugin-publisher - # GCOM_PLUGIN_PUBLISHER_API_KEY=github_actions:gcom-plugin-publisher-api-key - # - name: Build, sign, and package plugin - # id: build-sign-and-package-plugin - # uses: ./.github/actions/build-sign-and-package-plugin - # with: - # plugin_version_number: ${{ github.ref_name }} - # grafana_access_policy_token: ${{ env.GRAFANA_ACCESS_POLICY_TOKEN }} - # working_directory: grafana-plugin - # - name: Authenticate with GCS - # uses: google-github-actions/auth@v2 - # with: - # credentials_json: ${{ env.GCS_PLUGIN_PUBLISHER_SERVICE_ACCOUNT_JSON }} - # - name: Publish plugin artifact to GCS - # uses: google-github-actions/upload-cloud-storage@v2 - # with: - # path: grafana-plugin/${{ steps.build-sign-and-package-plugin.outputs.artifact_filename }} - # destination: grafana-oncall-app/releases - # predefinedAcl: publicRead - # - name: Determine GCS artifact URL - # shell: bash - # id: gcs-artifact-url - # # yamllint disable rule:line-length - # run: | - # echo url="https://storage.googleapis.com/grafana-oncall-app/releases/grafana-oncall-app-${{ github.ref_name }}.zip" >> $GITHUB_OUTPUT - # - name: Publish plugin to grafana.com - # run: | - # curl -f -w "status=%{http_code}" -s -H "Authorization: Bearer ${{ env.GCOM_PLUGIN_PUBLISHER_API_KEY }}" -d "download[any][url]=${{ steps.gcs-artifact-url.outputs.url }}" -d "download[any][md5]=$(curl -sL ${{ steps.gcs-artifact-url.outputs.url }} | md5sum | cut -d'' '' -f1)" -d url=https://github.com/grafana/oncall/grafana-plugin https://grafana.com/api/plugins - # # yamllint enable rule:line-length + build-sign-and-publish-plugin-to-gcom: + name: Build, sign, and publish frontend plugin to grafana.com + needs: + - linting-and-tests + - snyk-security-scan + runs-on: ubuntu-latest + # These permissions are needed to assume roles from Github's OIDC. + # https://github.com/grafana/shared-workflows/tree/main/actions/get-vault-secrets + permissions: + contents: read + id-token: write + steps: + - name: Checkout project + uses: actions/checkout@v4 + - name: Install frontend dependencies + uses: ./.github/actions/install-frontend-dependencies + # This will fetch the secret keys from vault and set them as environment variables for subsequent steps + - name: Get Vault secrets + uses: grafana/shared-workflows/actions/get-vault-secrets@main + with: + repo_secrets: | + GRAFANA_ACCESS_POLICY_TOKEN=github_actions:cloud-access-policy-token + GCS_PLUGIN_PUBLISHER_SERVICE_ACCOUNT_JSON=github_actions:gcs-plugin-publisher + GCOM_PLUGIN_PUBLISHER_API_KEY=github_actions:gcom-plugin-publisher-api-key + - name: Build, sign, and package plugin + id: build-sign-and-package-plugin + uses: ./.github/actions/build-sign-and-package-plugin + with: + plugin_version_number: ${{ github.ref_name }} + grafana_access_policy_token: ${{ env.GRAFANA_ACCESS_POLICY_TOKEN }} + working_directory: grafana-plugin + - name: Authenticate with GCS + uses: google-github-actions/auth@v2 + with: + credentials_json: ${{ env.GCS_PLUGIN_PUBLISHER_SERVICE_ACCOUNT_JSON }} + - name: Publish plugin artifact to GCS + uses: google-github-actions/upload-cloud-storage@v2 + with: + path: grafana-plugin/${{ steps.build-sign-and-package-plugin.outputs.artifact_filename }} + destination: grafana-oncall-app/releases + predefinedAcl: publicRead + - name: Determine GCS artifact URL + shell: bash + id: gcs-artifact-url + # yamllint disable rule:line-length + run: | + echo url="https://storage.googleapis.com/grafana-oncall-app/releases/grafana-oncall-app-${{ github.ref_name }}.zip" >> $GITHUB_OUTPUT + - name: Publish plugin to grafana.com + run: | + curl -f -w "status=%{http_code}" -s -H "Authorization: Bearer ${{ env.GCOM_PLUGIN_PUBLISHER_API_KEY }}" -d "download[any][url]=${{ steps.gcs-artifact-url.outputs.url }}" -d "download[any][md5]=$(curl -sL ${{ steps.gcs-artifact-url.outputs.url }} | md5sum | cut -d'' '' -f1)" -d url=https://github.com/grafana/oncall/grafana-plugin https://grafana.com/api/plugins + # yamllint enable rule:line-length - # build-engine-docker-image-and-publish-to-dockerhub: - # name: Build engine Docker image and publish to Dockerhub - # needs: - # - linting-and-tests - # - snyk-security-scan - # uses: ./.github/workflows/build-engine-docker-image-and-publish-to-dockerhub.yml - # with: - # engine_version: ${{ github.ref_name }} - # # https://github.com/docker/metadata-action?tab=readme-ov-file#tags-input - # docker_image_tags: | - # type=raw,value=${{ github.ref_name }} - # type=raw,value=latest + build-engine-docker-image-and-publish-to-dockerhub: + name: Build engine Docker image and publish to Dockerhub + needs: + - linting-and-tests + - snyk-security-scan + uses: ./.github/workflows/build-engine-docker-image-and-publish-to-dockerhub.yml + with: + engine_version: ${{ github.ref_name }} + # https://github.com/docker/metadata-action?tab=readme-ov-file#tags-input + docker_image_tags: | + type=raw,value=${{ github.ref_name }} + type=raw,value=latest create-helm-release-pr: name: Create Helm release PR - # needs: - # - build-sign-and-publish-plugin-to-gcom - # - build-engine-docker-image-and-publish-to-dockerhub + needs: + - build-sign-and-publish-plugin-to-gcom + - build-engine-docker-image-and-publish-to-dockerhub runs-on: ubuntu-latest outputs: helm_release_pr_number: ${{ fromJSON(steps.update-helm-chart-pr.outputs.pull_request).number }}