-
-
Notifications
You must be signed in to change notification settings - Fork 1
220 lines (207 loc) · 8.59 KB
/
release.yml
File metadata and controls
220 lines (207 loc) · 8.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
name: "Release"
on:
workflow_dispatch:
inputs:
tag:
description: override release tag
required: false
push:
branches:
- main
- canary
- experimental
env:
CI: true
STORM_REPOSITORY: ${{ github.repositoryUrl }}
STORM_WORKSPACE_ROOT: ${{ github.workspace }}
GITHUB_ACTOR: ${{ github.actor }}
GITHUB_TOKEN: ${{ github.token }}
NPM_TOKEN: ${{ secrets.STORM_BOT_NPM_TOKEN }}
CARGO_REGISTRY_TOKEN: ${{ secrets.STORM_BOT_CARGO_TOKEN }}
jobs:
start:
name: "Send in process notification"
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
if:
github.repository == 'storm-software/storm-stack' && (github.ref ==
'refs/heads/main' || github.ref == 'refs/heads/canary' || github.ref ==
'refs/heads/experimental')
steps:
- name: Send notification - Deployment started
uses: storm-software/action-notify@main
with:
title:
"Deployment for ${{ github.repository }} has started (In Progress)"
subtitle:
"Deployment for ${{ github.repository }} has started - #${{
github.run_number }}"
description:
"Deployment for ${{ github.repository }} is currently in process -
#${{ github.run_number }}. Click here to view the changes associated
with this deployment: ${{ github.event.pull_request.html_url ||
github.event.head_commit.url }} "
color: 2077350
status: "In Progress"
slack-token: ${{ secrets.STORM_BOT_SLACK_TOKEN }}
telegram-token: ${{ secrets.STORM_BOT_TELEGRAM_TOKEN }}
telegram-chat: ${{ secrets.STORM_BOT_TELEGRAM_NOTIFICATION_CHAT }}
discord-webhook: ${{ secrets.STORM_BOT_DISCORD_WEBHOOK}}
process:
name: "Continuous Integration"
if:
always() && !cancelled() && !contains(needs.*.result, 'failure') &&
github.event.pull_request.draft == false
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
needs:
- start
steps:
# Determine if the triggering_actor is allowed to run this action
# We only permit maintainers
# Not only is 'triggering_actor' common between the trigger events it will also change if someone re-runs an old job
- name: check if triggering_actor is allowed to run releases
env:
GITHUB_TOKEN: ${{ github.token }}
COMMENTER: ${{ github.triggering_actor && github.triggering_actor || 'empty_triggering_actor' }}
API_ENDPOINT: /repos/${{ github.repository }}/collaborators?permission=maintain
shell: bash
run: |
if [ $COMMENTER = "empty_triggering_actor" ]; then exit 1; fi
set -o pipefail
if gh api "$API_ENDPOINT" --paginate --jq ".[].login" | grep -q "^$COMMENTER\$"; then
echo "$COMMENTER permitted to run Storm Stack releases!" && exit 0
else
echo "$COMMENTER not permitted to run Storm Stack releases" && exit 1
fi
- name: Checkout [Pull Request]
uses: actions/checkout@v4
if: ${{ github.event_name == 'pull_request' }}
with:
# By default, PRs will be checked-out based on the Merge Commit, but we want the actual branch HEAD.
ref: ${{ github.event.pull_request.head.sha }}
# We need to fetch all branches and commits so that Nx affected has a base to compare against.
fetch-depth: 0
token: ${{ secrets.STORM_BOT_GITHUB_TOKEN }}
persist-credentials: false
- name: Checkout `main` branch
uses: actions/checkout@v4
if: ${{ github.event_name != 'pull_request' }}
with:
# We need to fetch all branches and commits so that Nx affected has a base to compare against.
fetch-depth: 0
token: ${{ secrets.STORM_BOT_GITHUB_TOKEN }}
persist-credentials: false
- name: Setup workspace
uses: storm-software/action-devenv-setup@main
with:
gpg-sign-key: ${{ secrets.STORM_BOT_GPG_SIGN_KEY }}
gpg-private-key: ${{ secrets.STORM_BOT_GPG_PRIVATE_KEY }}
gpg-passphrase: ${{ secrets.STORM_BOT_GPG_PASSPHRASE }}
storm-bot-github-token: ${{ secrets.STORM_BOT_GITHUB_TOKEN }}
- name: Get appropriate base and head commits for `nx affected` commands
uses: nrwl/nx-set-shas@v4
with:
main-branch-name: "main"
- name: Set appropriate base and head commits for `nx affected` commands
run: |
echo "BASE: ${{ env.NX_BASE }}"
echo "HEAD: ${{ env.NX_HEAD }}"
shell: bash
- name: Release repository updates
run: devenv shell release ${{ env.NX_BASE }} ${{ env.NX_HEAD }}
env:
NX_BASE: ${{ env.NX_BASE }}
NX_HEAD: ${{ env.NX_HEAD }}
GITHUB_ACTOR: ${{ github.actor }}
GITHUB_TOKEN: ${{ github.token }}
NPM_TOKEN: ${{ secrets.STORM_BOT_NPM_TOKEN }}
CARGO_REGISTRY_TOKEN: ${{ secrets.STORM_BOT_CARGO_TOKEN }}
CLOUDFLARE_API_TOKEN: ${{ secrets.STORM_BOT_CLOUDFLARE_TOKEN }}
STORM_BOT_GITHUB_TOKEN: ${{ secrets.STORM_BOT_GITHUB_TOKEN }}
STORM_WORKSPACE_ROOT: ${{ github.workspace }}
STORM_REPOSITORY: ${{ github.repositoryUrl }}
TAG: ${{ inputs.tag }}
success:
needs:
- process
if: ${{ success() }}
name: Send success notification
runs-on: ubuntu-latest
steps:
- name: Send notification - Deployment successful
uses: storm-software/action-notify@main
with:
title:
"Deployment for ${{ github.repository }} has finished (Success)"
subtitle:
"Deployment for ${{ github.repository }} has finished successfully -
#${{ github.run_number }}"
description:
"Deployment for ${{ github.repository }} has finished successfully -
#${{ github.run_number }}. Click here to view the changes associated
with this deployment: ${{ github.event.pull_request.html_url ||
github.event.head_commit.url }} "
color: 556891
status: "Success"
slack-token: ${{ secrets.STORM_BOT_SLACK_TOKEN }}
telegram-token: ${{ secrets.STORM_BOT_TELEGRAM_TOKEN }}
telegram-chat: ${{ secrets.STORM_BOT_TELEGRAM_NOTIFICATION_CHAT }}
discord-webhook: ${{ secrets.STORM_BOT_DISCORD_WEBHOOK}}
failure:
needs:
- process
if: ${{ failure() }}
name: Send failure notification
runs-on: ubuntu-latest
steps:
- name: Send notification - Deployment successful
uses: storm-software/action-notify@main
with:
title:
"Deployment for ${{ github.repository }} has finished (Failure)"
subtitle:
"Deployment for ${{ github.repository }} finished with failures -
#${{ github.run_number }}"
description:
"Deployment for ${{ github.repository }} finished with failures -
#${{ github.run_number }}. Click here to view the changes associated
with this deployment: ${{ github.event.pull_request.html_url ||
github.event.head_commit.url }} "
color: 10027008
status: "Failure"
slack-token: ${{ secrets.STORM_BOT_SLACK_TOKEN }}
telegram-token: ${{ secrets.STORM_BOT_TELEGRAM_TOKEN }}
telegram-chat: ${{ secrets.STORM_BOT_TELEGRAM_NOTIFICATION_CHAT }}
discord-webhook: ${{ secrets.STORM_BOT_DISCORD_WEBHOOK}}
cancelled:
needs:
- process
if: ${{ cancelled() }}
name: Send cancelled notification
runs-on: ubuntu-latest
steps:
- name: Send notification - Deployment cancelled
uses: storm-software/action-notify@main
with:
title:
"Deployment for ${{ github.repository }} has finished (Cancelled)"
subtitle:
"Deployment for ${{ github.repository }} has been cancelled - #${{
github.run_number }}"
description:
"Deployment for ${{ github.repository }} was stopped before it could
complete - #${{ github.run_number }}. Click here to view the changes
associated with this deployment: ${{
github.event.pull_request.html_url || github.event.head_commit.url
}}."
color: 16565273
status: "Cancelled"
slack-token: ${{ secrets.STORM_BOT_SLACK_TOKEN }}
telegram-token: ${{ secrets.STORM_BOT_TELEGRAM_TOKEN }}
telegram-chat: ${{ secrets.STORM_BOT_TELEGRAM_NOTIFICATION_CHAT }}
discord-webhook: ${{ secrets.STORM_BOT_DISCORD_WEBHOOK}}