124 lines
5.9 KiB
YAML
124 lines
5.9 KiB
YAML
name: On release published
|
|
|
|
on:
|
|
release:
|
|
types:
|
|
- published
|
|
|
|
jobs:
|
|
linting-and-tests:
|
|
name: Linting and tests
|
|
uses: ./.github/workflows/linting-and-tests.yml
|
|
|
|
build-sign-and-publish-plugin-to-gcom:
|
|
name: Build, sign, and publish frontend plugin to grafana.com
|
|
needs:
|
|
- linting-and-tests
|
|
runs-on: ubuntu-latest
|
|
# These permissions are needed to assume roles from Github's OIDC.
|
|
# https://github.com/grafana/shared-workflows/tree/main/actions/get-vault-secrets
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
steps:
|
|
- name: Checkout project
|
|
uses: actions/checkout@v3
|
|
- name: Install frontend dependencies
|
|
uses: ./.github/actions/install-frontend-dependencies
|
|
# This will fetch the secret keys from vault and set them as environment variables for subsequent steps
|
|
- name: Get Vault secrets
|
|
uses: grafana/shared-workflows/actions/get-vault-secrets@main
|
|
with:
|
|
repo_secrets: |
|
|
GRAFANA_ACCESS_POLICY_TOKEN=github_actions:cloud-access-policy-token
|
|
GCS_PLUGIN_PUBLISHER_SERVICE_ACCOUNT_JSON=github_actions:gcs-plugin-publisher
|
|
GCOM_PLUGIN_PUBLISHER_API_KEY=github_actions:gcom-plugin-publisher-api-key
|
|
- name: Build, sign, and package plugin
|
|
id: build-sign-and-package-plugin
|
|
uses: ./.github/actions/build-sign-and-package-plugin
|
|
with:
|
|
plugin_version_number: ${{ github.ref_name }}
|
|
grafana_access_policy_token: ${{ env.GRAFANA_ACCESS_POLICY_TOKEN }}
|
|
working_directory: grafana-plugin
|
|
- name: Authenticate with GCS
|
|
uses: google-github-actions/auth@v2
|
|
with:
|
|
credentials_json: ${{ env.GCS_PLUGIN_PUBLISHER_SERVICE_ACCOUNT_JSON }}
|
|
- name: Publish plugin artifact to GCS
|
|
uses: google-github-actions/upload-cloud-storage@v2
|
|
with:
|
|
path: grafana-plugin/${{ steps.build-sign-and-package-plugin.outputs.artifact_filename }}
|
|
destination: grafana-oncall-app/releases
|
|
predefinedAcl: publicRead
|
|
- name: Determine GCS artifact URL
|
|
shell: bash
|
|
id: gcs-artifact-url
|
|
# yamllint disable rule:line-length
|
|
run: |
|
|
echo url="https://storage.googleapis.com/grafana-oncall-app/releases/grafana-oncall-app-${{ github.ref_name }}.zip" >> $GITHUB_OUTPUT
|
|
- name: Publish plugin to grafana.com
|
|
run: |
|
|
curl -f -w "status=%{http_code}" -s -H "Authorization: Bearer $${{ env.GCOM_PLUGIN_PUBLISHER_API_KEY }}" -d "download[any][url]=${{ steps.gcs-artifact-url.outputs.url }}" -d "download[any][md5]=$$(curl -sL ${{ steps.gcs-artifact-url.outputs.url }} | md5sum | cut -d'' '' -f1)" -d url=https://github.com/grafana/oncall/grafana-plugin https://grafana.com/api/plugins
|
|
# yamllint enable rule:line-length
|
|
|
|
build-engine-docker-image-and-publish-to-dockerhub:
|
|
name: Build engine Docker image and publish to Dockerhub
|
|
needs:
|
|
- linting-and-tests
|
|
uses: ./.github/workflows/build-engine-docker-image-and-publish-to-dockerhub.yml
|
|
with:
|
|
engine_version: ${{ github.ref_name }}
|
|
# https://github.com/docker/metadata-action?tab=readme-ov-file#tags-input
|
|
docker_image_tags: |
|
|
type=raw,value=${{ github.ref_name }}
|
|
type=raw,value=latest
|
|
|
|
merge-helm-release-pr:
|
|
name: Merge Helm release PR
|
|
needs:
|
|
- linting-and-tests
|
|
runs-on: ubuntu-latest
|
|
# These permissions are needed to assume roles from Github's OIDC.
|
|
# https://github.com/grafana/shared-workflows/tree/main/actions/get-vault-secrets
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
steps:
|
|
- name: Checkout project
|
|
uses: actions/checkout@v3
|
|
# This will fetch the secret keys from vault and set them as environment variables for subsequent steps
|
|
- name: Get Vault secrets
|
|
uses: grafana/shared-workflows/actions/get-vault-secrets@main
|
|
with:
|
|
repo_secrets: |
|
|
GITHUB_API_KEY=github_actions:github-api-key
|
|
- name: Slice v from the tag
|
|
id: prepare-version-tag
|
|
run: |
|
|
echo processed-tag="${GITHUB_REF_NAME:1}" >> $GITHUB_OUTPUT
|
|
- name: Find Helm release pull request
|
|
uses: juliangruber/find-pull-request-action@v1
|
|
id: find-pull-request
|
|
with:
|
|
branch: helm-release/${{ steps.prepare-version-tag.outputs.processed-tag }}
|
|
- name: Merge pull Request
|
|
uses: juliangruber/merge-pull-request-action@v1
|
|
with:
|
|
github-token: ${{ env.GITHUB_API_KEY }}
|
|
number: ${{ steps.find-pull-request.outputs.number }}
|
|
# - name: Fetch PRs from GitHub's API
|
|
# # yamllint disable rule:line-length
|
|
# run: |
|
|
# # Step 1. Fetch PRs from GitHub's API that're open and have a particular head ref indicative of a helm release PR
|
|
# # API docs - https://docs.github.com/en/rest/pulls/pulls?apiVersion=2022-11-28#list-pull-requests
|
|
# # NOTE: ${github.ref_name:1} will slice off the "v" prefix from the tag
|
|
|
|
# curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $${GITHUB_API_KEY }" -H "X-GitHub-Api-Version: 2022-11-28" "https://api.github.com/repos/grafana/oncall/pulls?head=grafana:helm-release/$${GITHUB_REF_NAME}:1}&state=open" > prs.json
|
|
# cat prs.json
|
|
|
|
# # Step 2. Extract the PR number from the first PR in the list to be able to pass that to the next API call
|
|
# cat prs.json | jq -r ".[0].number" > pr_number.txt
|
|
# cat pr_number.txt
|
|
# # Step 3. Merge the PR (https://docs.github.com/en/rest/pulls/pulls?apiVersion=2022-11-28#merge-a-pull-request)
|
|
# cat pr_number.txt | xargs -r -I{pull_number} curl -L -X PUT -H "Accept: application/vnd.github+json" -H "Authorization: Bearer $${{ env.GITHUB_API_KEY }}" -H "X-GitHub-Api-Version: 2022-11-28" "https://api.github.com/repos/grafana/oncall/pulls/{pull_number}/merge"
|
|
# # yamllint enable rule:line-length
|