-
-
Notifications
You must be signed in to change notification settings - Fork 51
105 lines (93 loc) · 3.66 KB
/
console_cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# Copyright (c) 2022 Sharezone UG (haftungsbeschränkt)
# Licensed under the EUPL-1.2-or-later.
#
# You may obtain a copy of the Licence at:
# https://joinup.ec.europa.eu/software/page/eupl
#
# SPDX-License-Identifier: EUPL-1.2
name: console-cd
concurrency:
# Avoids running multiple deployments at the same time which would cause
# conflicts.
group: console-release
on:
push:
branches:
- main
paths:
# We only build and deploy a new version, when a user relevant files
# changed.
- "console/**"
- "lib/**"
# We trigger also this workflow, if this workflow is changed, so that new
# changes will be applied.
- ".github/workflows/console_cd.yml"
# The following paths are excluded from the above paths. It's important to
# list the paths at the end of the file, so that the exclude paths are
# applied.
#
# See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-including-and-excluding-paths.
- "!**/*.md"
- "!**/*.mdx"
- "!**/*.gitignore"
# Test files are not relevant for the console deployment.
- "!**/test/**"
- "!**/test_goldens/**"
- "!**/test_driver/**"
- "!**/integration_test/**"
- "!**/analysis_options.yaml"
- "!**/dart_test.yaml"
# Allows you to run this workflow manually from the Actions tab.
#
# Since the console depends on the /lib folder, it could be that the console
# requires a new deployment. In this case, the developer needs to trigger the
# deployment manually or wait until the next change "console/**" is pushed. We
# do this to avoid unnecessary deployments since a new deployment invalidates
# the cache.
workflow_dispatch:
# Set permissions to none.
#
# Using the broad default permissions is considered a bad security practice
# and would cause alerts from our scanning tools.
permissions: {}
env:
CI_CD_DART_SCRIPTS_PACKAGE_PATH: "tools/sz_repo_cli/"
jobs:
deploy:
runs-on: ubuntu-22.04
name: console-deploy-${{ matrix.environment.flavor }}
permissions:
checks: write # for FirebaseExtended/action-hosting-deploy
strategy:
matrix:
environment:
- flavor: dev
projectId: sharezone-debug
serviceAccountSecret: FIREBASE_SERVICE_ACCOUNT_SHAREZONE_DEBUG
- flavor: prod
projectId: sharezone-c2bd8
serviceAccountSecret: FIREBASE_HOSTING_PROD_KEY
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Set Flutter version from FVM config file to environment variables
id: fvm-config-action
uses: kuhnroyal/flutter-fvm-config-action@60c14af316b09f8819202d845391260cf3b979c9
- uses: subosito/flutter-action@74af56c5ed2697ba4621264652728e8d217e53d3
with:
flutter-version: ${{ steps.fvm-config-action.outputs.FLUTTER_VERSION }}
channel: ${{ steps.fvm-config-action.outputs.FLUTTER_CHANNEL }}
- name: Install Sharezone CLI
run: |
flutter pub global activate --source path "$CI_CD_DART_SCRIPTS_PACKAGE_PATH"
echo $(pwd)/bin >> $GITHUB_PATH
- name: Install Firebase CLI
run: npm i -g [email protected]
- name: Build and deploy console
env:
FIREBASE_HOSTING_KEY: ${{ secrets[matrix.environment.serviceAccountSecret] }}
run: |
echo $FIREBASE_HOSTING_KEY > firebase-hosting-key.json
export GOOGLE_APPLICATION_CREDENTIALS=$(pwd)/firebase-hosting-key.json
sz deploy console \
--message "Workflow $GITHUB_JOB, commit $GITHUB_SHA" \
--flavor ${{ matrix.environment.flavor }}