test workflow #22
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ship | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| on: | |
| push: | |
| branches: ["main2"] | |
| paths: | |
| - .github/workflows/ship.yml | |
| - "**" | |
| jobs: | |
| image-build-push: | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Generate .env.production file | |
| run: | | |
| cat << EOF > .env.production | |
| # Environment | |
| NEXT_PUBLIC_ENVIRONMENT=${{ vars.NEXT_PUBLIC_ENVIRONMENT }} | |
| # Sentry | |
| NEXT_PUBLIC_SENTRY_DSN=${{ secrets.NEXT_PUBLIC_SENTRY_DSN }} | |
| SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} | |
| # GTM | |
| NEXT_PUBLIC_GTM_ID=${{ secrets.NEXT_PUBLIC_GTM_ID }} | |
| # Braze | |
| BRAZE_INSTANCE_URL=${{ secrets.BRAZE_INSTANCE_URL }} | |
| BRAZE_API_KEY=${{ secrets.BRAZE_API_KEY }} | |
| BRAZE_GENERAL_WAITLIST_GROUP_ID=${{ secrets.BRAZE_GENERAL_WAITLIST_GROUP_ID }} | |
| BRAZE_DEVELOPERS_WAITLIST_GROUP_ID=${{ secrets.BRAZE_DEVELOPERS_WAITLIST_GROUP_ID }} | |
| # OneTrust | |
| NEXT_PUBLIC_ONE_TRUST_ID=${{ secrets.NEXT_PUBLIC_ONE_TRUST_ID }} | |
| # Dune | |
| NEXT_PUBLIC_DUNE_API_KEY=${{ secrets.NEXT_PUBLIC_DUNE_API_KEY }} | |
| # WalletConnect | |
| NEXT_PUBLIC_WC_PROJECT_ID=${{ secrets.NEXT_PUBLIC_WC_PROJECT_ID }} | |
| # hCaptcha | |
| HCAPTCHA_SECRET=${{ secrets.HCAPTCHA_SECRET }} | |
| NEXT_PUBLIC_HCAPTCHA_SITEKEY=${{ secrets.NEXT_PUBLIC_HCAPTCHA_SITEKEY }} | |
| # Segment | |
| NEXT_PUBLIC_SEGMENT_WRITE_KEY=${{ secrets.NEXT_PUBLIC_SEGMENT_WRITE_KEY }} | |
| # Kraken Connect | |
| NEXT_PUBLIC_KRAKEN_CLIENT_ID=${{ secrets.NEXT_PUBLIC_KRAKEN_CLIENT_ID }} | |
| KRAKEN_CLIENT_SECRET=${{ secrets.KRAKEN_CLIENT_SECRET }} | |
| # App Submission Bot | |
| INK_APP_SUBMISSION_BOT_GITHUB_APP_ID=${{ secrets.INK_APP_SUBMISSION_BOT_GITHUB_APP_ID }} | |
| INK_APP_SUBMISSION_BOT_GITHUB_PRIVATE_KEY=${{ secrets.INK_APP_SUBMISSION_BOT_GITHUB_PRIVATE_KEY }} | |
| INK_APP_SUBMISSION_BOT_GITHUB_INSTALLATION_ID=${{ secrets.INK_APP_SUBMISSION_BOT_GITHUB_INSTALLATION_ID }} | |
| INK_APP_SUBMISSION_TARGET_ORG=${{ secrets.INK_APP_SUBMISSION_TARGET_ORG }} | |
| INK_APP_SUBMISSION_TARGET_REPO=${{ secrets.INK_APP_SUBMISSION_TARGET_REPO }} | |
| INK_APP_SUBMISSION_TARGET_BRANCH=${{ secrets.INK_APP_SUBMISSION_TARGET_BRANCH }} | |
| INK_APP_SUBMISSION_SLACK_NOTIFICATION_CHANNEL=${{ secrets.INK_APP_SUBMISSION_SLACK_NOTIFICATION_CHANNEL }} | |
| INK_APP_SUBMISSION_SLACK_BOT_TOKEN=${{ secrets.INK_APP_SUBMISSION_SLACK_BOT_TOKEN }} | |
| # Smart Account Experiment | |
| NEXT_PUBLIC_BUNDLER_URL=${{ secrets.NEXT_PUBLIC_BUNDLER_URL }} | |
| NEXT_PUBLIC_PASSKEY_SERVER_URL=${{ secrets.NEXT_PUBLIC_PASSKEY_SERVER_URL }} | |
| NEXT_PUBLIC_PAYMASTER_URL=${{ secrets.NEXT_PUBLIC_PAYMASTER_URL }} | |
| NEXT_PUBLIC_GELATO_BRIDGE_URL=${{ secrets.NEXT_PUBLIC_GELATO_BRIDGE_URL }} | |
| NEXT_PUBLIC_FAUCET_API_URL=${{ secrets.NEXT_PUBLIC_FAUCET_API_URL }} | |
| # Testnet Faucet Experiment | |
| MULTIPLIER_JWT_SECRET=${{ secrets.MULTIPLIER_JWT_SECRET }} | |
| EOF | |
| # - uses: ./.github/actions/image-build-push | |
| # with: | |
| # repository-name: ink-web-app | |
| # dockerfile-path: ./Dockerfile | |
| # docker-context: ./ | |
| # github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate GitHub App Token | |
| id: generate-token | |
| run: | | |
| # Create a JWT using the app ID and private key | |
| JWT_PAYLOAD=$(echo -n '{"iat":'"$(($(date +%s) - 60))"',"exp":'"$(($(date +%s) + 600))"',"iss":"${{ secrets.INK_APP_SUBMISSION_BOT_GITHUB_APP_ID }}"}' | base64 | tr -d '=' | tr '/+' '_-') | |
| JWT_HEADER=$(echo -n '{"alg":"RS256","typ":"JWT"}' | base64 | tr -d '=' | tr '/+' '_-') | |
| # Write private key to temp file | |
| echo "${{ secrets.INK_APP_SUBMISSION_BOT_GITHUB_PRIVATE_KEY }}" > private-key.pem | |
| # Sign the JWT | |
| JWT_SIGNATURE=$(echo -n "${JWT_HEADER}.${JWT_PAYLOAD}" | openssl dgst -binary -sha256 -sign private-key.pem | openssl base64 | tr -d '=' | tr '/+' '_-') | |
| JWT="${JWT_HEADER}.${JWT_PAYLOAD}.${JWT_SIGNATURE}" | |
| # Exchange JWT for installation token | |
| INSTALLATION_TOKEN=$(curl -s -X POST \ | |
| -H "Authorization: Bearer ${JWT}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| "https://api.github.com/app/installations/${{ secrets.INK_APP_SUBMISSION_BOT_GITHUB_INSTALLATION_ID }}/access_tokens" \ | |
| | jq -r .token) | |
| # Clean up | |
| rm private-key.pem | |
| # Set output | |
| echo "token=${INSTALLATION_TOKEN}" >> $GITHUB_OUTPUT | |
| - name: Trigger infra update | |
| if: github.ref == 'refs/heads/main2' | |
| run: | | |
| curl -X POST \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| -H "Authorization: Bearer ${{ steps.generate-token.outputs.token }}" \ | |
| ${{ secrets.TARGET_REPOSITORY_DISPATCH_URL }} \ | |
| -d '{"event_type": "update-test-file", "client_payload": {"message": "Test commit from GitHub Actions"}}' |