ci: use builtin python action cache for pipenv (#796) #141
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: release-please | |
| on: | |
| push: | |
| branches: | |
| - master | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| env: | |
| ECOBALYSE_DATA_DIR: ./ecobalyse-private | |
| jobs: | |
| release-please: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [20.x] | |
| steps: | |
| - uses: googleapis/release-please-action@v4 | |
| id: release | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| release-type: node | |
| # The logic below handles the static assets publication | |
| - uses: actions/checkout@v4 | |
| if: ${{ steps.release.outputs.release_created }} | |
| - uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: 'npm' | |
| if: ${{ steps.release.outputs.release_created }} | |
| - name: Install Node dependencies | |
| if: ${{ steps.release.outputs.release_created }} | |
| run: npm ci --prefer-offline --no-audit | |
| - name: Clone the detailed impacts | |
| if: ${{ steps.release.outputs.release_created }} | |
| run: | | |
| eval `ssh-agent -s` | |
| ssh-add - <<< '${{ secrets.PRIVATE_SSH_KEY }}' | |
| git clone [email protected]:MTES-MCT/ecobalyse-private.git | |
| - name: Build app | |
| if: ${{ steps.release.outputs.release_created }} | |
| env: | |
| # Specify the created SHA to correctly update version.json | |
| SOURCE_VERSION: ${{ steps.release.outputs.sha }} | |
| TAG: ${{ steps.release.outputs.tag_name }} | |
| run: | | |
| npm run build:standalone-app | |
| - name: Encrypt the impacts files | |
| if: ${{ steps.release.outputs.release_created }} | |
| env: | |
| ENCRYPTION_KEY: ${{ secrets.ENCRYPTION_KEY }} | |
| run : | | |
| # We include the encrypted detailed processes with the dist | |
| # so that people with the encryption key could later on use the app with the exact | |
| # files it was using on production | |
| npm run encrypt $ECOBALYSE_DATA_DIR/data/textile/processes_impacts.json dist/processes_impacts_textile.json.enc | |
| npm run encrypt $ECOBALYSE_DATA_DIR/data/food/processes_impacts.json dist/processes_impacts_food.json.enc | |
| - name: Generate dist archive | |
| if: ${{ steps.release.outputs.release_created }} | |
| run: | | |
| tar czvf ${{ steps.release.outputs.tag_name }}-dist.tar.gz dist | |
| - name: Archive production artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist | |
| if: ${{ steps.release.outputs.release_created }} | |
| - name: Upload Release Artifact | |
| if: ${{ steps.release.outputs.release_created }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: gh release upload ${{ steps.release.outputs.tag_name }} ${{ steps.release.outputs.tag_name }}-dist.tar.gz |