Skip to content

[sc-7936] rename api key roles labels (#1182) #1186

[sc-7936] rename api key roles labels (#1182)

[sc-7936] rename api key roles labels (#1182) #1186

Workflow file for this run

name: Deploy
on:
push:
branches:
- main
env:
APP_IMAGE_NAME: app
MANAGER_IMAGE_NAME: manager
CDN_STORAGE: ${{ secrets.CDN_STORAGE }}
DOCS_STORAGE: ${{ secrets.DOCS_STORAGE }}
CONTAINER_REGISTRY: eu.gcr.io/${{ secrets.PROJECT_ID }}
permissions:
contents: write
jobs:
build:
runs-on: ubuntu-latest
outputs:
deploy-widget: ${{ steps.check-deploy.outputs.deploy-widget }}
deploy-app: ${{ steps.check-deploy.outputs.deploy-app }}
deploy-nucliadb-admin: ${{ steps.check-deploy.outputs.deploy-nucliadb-admin }}
deploy-manager: ${{ steps.check-deploy.outputs.deploy-manager }}
deploy-desktop: ${{ steps.check-deploy.outputs.deploy-desktop }}
deploy-sistema: ${{ steps.check-deploy.outputs.deploy-sistema }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: nrwl/nx-set-shas@v3
- uses: actions/setup-node@v3
with:
node-version: 18
cache: 'yarn'
- name: Calculate short sha
run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV
- name: Install project dependencies
run: |-
yarn
yarn missdev
- name: Unit tests
run: npx nx affected --target=test --parallel=3 --exclude=sdk-demo,search-widget-demo,core,sistema-demo
- name: Build affected apps
run: npx nx affected --target=build --parallel=3 --configuration production --exclude=sdk-demo,search-widget-demo
- name: Get package version
run: node -p -e '`PACKAGE_VERSION=${require("./package.json").version}`' >> $GITHUB_ENV
- name: Tag if new version
uses: pkgdeps/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
github_repo: ${{ github.repository }}
version: ${{ env.PACKAGE_VERSION }}
git_commit_sha: ${{ github.sha }}
git_tag_prefix: 'v'
- name: Check apps to deploy
id: check-deploy
run: |-
(test -d dist/libs/search-widget && echo "deploy-widget=yes" >> $GITHUB_OUTPUT) || echo "Widget unchanged"
(test -d dist/apps/dashboard && echo "deploy-app=yes" >> $GITHUB_OUTPUT) || echo "Dashboard unchanged"
(test -d dist/apps/nucliadb-admin && echo "deploy-nucliadb-admin=yes" >> $GITHUB_OUTPUT) || echo "NucliaDB admin unchanged"
(test -d dist/apps/manager-v2 && echo "deploy-manager=yes" >> $GITHUB_OUTPUT) || echo "Manager unchanged"
((test -d dist/apps/desktop || test -d dist/apps/desktop-electron) && echo "deploy-desktop=yes" >> $GITHUB_OUTPUT) || echo "Desktop unchanged"
(test -d dist/apps/sistema-demo && echo "deploy-sistema=yes" >> $GITHUB_OUTPUT) || echo "Sistema demo unchanged"
(test -d dist/sdk-core && echo "deploy-sdk=yes" >> $GITHUB_OUTPUT) || echo "SDK unchanged"
- uses: google-github-actions/auth@v0
with:
credentials_json: '${{ secrets.GCP_CREDENTIALS }}'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v0'
- name: Configure Docker
run: gcloud auth configure-docker --quiet
- name: Publish widget
if: steps.check-deploy.outputs.deploy-widget == 'yes'
run: |-
find dist/libs/search-widget -type f -name *.umd.js -exec sed -i.bak "s,__NUCLIA_DEV_VERSION__,$GITHUB_SHA,g" {} \;
gsutil copy dist/libs/search-widget/*.umd.js gs://$CDN_STORAGE
gsutil copy dist/libs/search-widget/*.css gs://$CDN_STORAGE
gsutil copy -r libs/search-widget/public/* gs://$CDN_STORAGE
- name: Publish SDK
if: steps.check-deploy.outputs.deploy-sdk == 'yes'
uses: JS-DevTools/npm-publish@v1
with:
token: ${{ secrets.NPM_TOKEN }}
package: ./dist/sdk-core/package.json
- name: Generate and push SDK docs
if: steps.check-deploy.outputs.deploy-sdk == 'yes'
run: |-
sh ./tools/build-sdk-docs.sh
gsutil -m rsync -r ./libs/sdk-core/docs gs://$DOCS_STORAGE/js-sdk
- name: Build dashboard image
if: steps.check-deploy.outputs.deploy-app == 'yes'
run: |-
docker build -t $CONTAINER_REGISTRY/$APP_IMAGE_NAME:${SHORT_SHA} -f docker/Dockerfile --build-arg appId=app --build-arg appFolder=dashboard .
docker tag $CONTAINER_REGISTRY/$APP_IMAGE_NAME:${SHORT_SHA} $CONTAINER_REGISTRY/$APP_IMAGE_NAME:main
docker push $CONTAINER_REGISTRY/$APP_IMAGE_NAME:${SHORT_SHA}
docker push $CONTAINER_REGISTRY/$APP_IMAGE_NAME:main
- name: Publish NucliaDB admin app
if: steps.check-deploy.outputs.deploy-nucliadb-admin == 'yes'
run: |-
sed -i.bak "s,STF_DOCKER_CONFIG_VERSION,$GITHUB_SHA,g" dist/apps/nucliadb-admin/assets/deployment/app-config.json
cp -r dist/apps/nucliadb-admin/* tools/python-nucliadb-admin-dist/nucliadb_admin_assets/
make -C tools/python-nucliadb-admin-dist/ publish ARGS="--build=${{github.run_number}}"
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
- name: Build manager image
if: steps.check-deploy.outputs.deploy-manager == 'yes'
run: |-
docker build -t $CONTAINER_REGISTRY/$MANAGER_IMAGE_NAME:${SHORT_SHA} -f docker/Dockerfile --build-arg appId=manager --build-arg appFolder=manager-v2 .
docker tag $CONTAINER_REGISTRY/$MANAGER_IMAGE_NAME:${SHORT_SHA} $CONTAINER_REGISTRY/$MANAGER_IMAGE_NAME:main
docker push $CONTAINER_REGISTRY/$MANAGER_IMAGE_NAME:${SHORT_SHA}
docker push $CONTAINER_REGISTRY/$MANAGER_IMAGE_NAME:main
- name: Create 404 page for gh-pages
if: steps.check-deploy.outputs.deploy-sistema == 'yes'
run: |-
cp dist/apps/sistema-demo/index.html dist/apps/sistema-demo/404.html
- name: Deploy sistema-demo to GH pages
if: steps.check-deploy.outputs.deploy-sistema == 'yes'
uses: JamesIves/github-pages-deploy-action@v4
with:
folder: dist/apps/sistema-demo
- name: Upload sourcemaps to Sentry
uses: getsentry/[email protected]
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: nuclia
SENTRY_PROJECT: application
deploy-app:
name: Deploy dashboard
runs-on: ubuntu-latest
needs: build
if: needs.build.outputs.deploy-app == 'yes'
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Calculate short sha
run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV
- name: Set helm package image
id: version_step
run: |-
sed -i.bak "s#IMAGE_TO_REPLACE#$APP_IMAGE_NAME:${SHORT_SHA}#" ./charts/app/values.yaml
sed -i.bak "s#CONTAINER_REGISTRY_TO_REPLACE#$CONTAINER_REGISTRY#" ./charts/app/values.yaml
VERSION=`cat apps/dashboard/VERSION`
VERSION_SHA=$VERSION+${SHORT_SHA}
sed -i.bak "s#99999.99999.99999#$VERSION_SHA#" ./charts/app/Chart.yaml
echo "version_number=$VERSION_SHA" >> $GITHUB_OUTPUT
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Install Helm
uses: azure/setup-helm@v3
with:
version: v3.4.0
- name: Push helm package
run: |-
helm lint charts/app
helm package charts/app
curl --data-binary "@app-${{ steps.version_step.outputs.version_number }}.tgz" ${{ secrets.HELM_CHART_URL }}/api/charts
- name: Repository Dispatch
uses: peter-evans/repository-dispatch@v2
with:
token: ${{ secrets.GH_CICD_PUBLIC }}
repository: nuclia/frontend_deploy
event-type: promote
client-payload: '{"component": "app", "chart-version": "${{ steps.version_step.outputs.version_number }}" }'
deploy-manager:
name: Deploy manager
runs-on: ubuntu-latest
needs: build
if: needs.build.outputs.deploy-manager == 'yes'
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Calculate short sha
run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV
- name: Set helm package image
id: version_step
run: |-
sed -i.bak "s#IMAGE_TO_REPLACE#$MANAGER_IMAGE_NAME:${SHORT_SHA}#" ./charts/manager/values.yaml
sed -i.bak "s#CONTAINER_REGISTRY_TO_REPLACE#$CONTAINER_REGISTRY#" ./charts/manager/values.yaml
VERSION=`cat apps/manager-v2/VERSION`
VERSION_SHA=$VERSION+$SHORT_SHA
sed -i.bak "s#99999.99999.99999#$VERSION_SHA#" ./charts/manager/Chart.yaml
echo "version_number=$VERSION_SHA" >> $GITHUB_OUTPUT
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "[email protected]"
- name: Install Helm
uses: azure/setup-helm@v3
with:
version: v3.4.0
- name: Push helm package
run: |-
helm lint charts/manager
helm package charts/manager
curl --data-binary "@manager-${{ steps.version_step.outputs.version_number }}.tgz" ${{ secrets.HELM_CHART_URL }}/api/charts
- name: Repository Dispatch
uses: peter-evans/repository-dispatch@v2
with:
token: ${{ secrets.GH_CICD_PUBLIC }}
repository: nuclia/frontend_deploy
event-type: promote
client-payload: '{"component": "manager", "chart-version": "${{ steps.version_step.outputs.version_number }}" }'
pre-release:
name: 'Pre Release'
needs: build
if: needs.build.outputs.deploy-desktop == 'yes'
runs-on: 'ubuntu-latest'
outputs:
release-desktop: ${{ steps.release.outputs.released }}
release-tag: ${{ steps.release.outputs.release_tag }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Release
uses: justincy/[email protected]
id: release
deploy-desktop:
name: Deploy desktop
needs: pre-release
if: needs.pre-release.outputs.release-desktop == 'true'
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [macos-latest, ubuntu-latest, windows-latest]
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: nrwl/nx-set-shas@v3
- uses: actions/setup-node@v3
with:
node-version: 18
cache: 'yarn'
- name: Install project dependencies
run: |-
yarn
yarn missdev
- name: Build desktop app
run: |-
npx replace-in-file __SENTRY_URL__ ${{ secrets.SENTRY_URL }} ./apps/desktop/electron/src/environments/environment.prod.ts
npx replace-in-file __SENTRY_URL__ ${{ secrets.SENTRY_URL }} ./apps/desktop/src/environments_config/production/app-config.json
npx replace-in-file __SENTRY_RELEASE__ ${{ github.sha }} ./apps/desktop/electron/src/environments/environment.prod.ts
npx replace-in-file __SENTRY_RELEASE__ ${{ github.sha }} ./apps/desktop/src/environments_config/production/app-config.json
npx nx build desktop --configuration production
npx replace-in-file __VERSION__ ${{ github.sha }} ./dist/apps/desktop/assets/deployment/app-config.json
- name: Build electron app
run: |-
npx nx build desktop-electron --configuration production
npx tsc -p apps/desktop/electron/tsconfig.server.json
cp -r dist/service ./dist/apps/desktop-electron/assets
- name: Install the Apple certificate
if: startsWith(matrix.os, 'macos')
env:
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
run: |
# create variables
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
# import certificate from secrets
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
# import certificate to keychain
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
security list-keychain -d user -s $KEYCHAIN_PATH
- name: Prepare for app notarization
if: startsWith(matrix.os, 'macos')
run: |-
mkdir -p ~/private_keys/
echo '${{ secrets.APPLE_API_SECRET }}' > ~/private_keys/AuthKey_${{ secrets.APPLE_API_KEY }}.p8
echo "APPLE_API_ISSUER=${{ secrets.APPLE_API_ISSUER }}" > .env
echo "APPLE_API_KEY=${{ secrets.APPLE_API_KEY }}" >> .env
- name: Package electron app on MacOSX
if: startsWith(matrix.os, 'macos')
run: PYTHON_PATH=$(which python) npx nx run desktop-electron:make --publish always
- name: Package electron app on Windows
if: startsWith(matrix.os, 'windows')
run: npx nx run desktop-electron:make --publish always
- name: Package electron app on Ubuntu
if: startsWith(matrix.os, 'ubuntu')
run: npx nx run desktop-electron:make --publish always
- name: Release MacOSX installer
uses: softprops/action-gh-release@v1
if: startsWith(matrix.os, 'macos')
with:
tag_name: ${{ needs.pre-release.outputs.release-tag }}
files: |
dist/executables/*.dmg
dist/executables/*.zip
dist/executables/latest-*.yml
- name: Release Windows installer
uses: softprops/action-gh-release@v1
if: startsWith(matrix.os, 'windows')
with:
tag_name: ${{ needs.pre-release.outputs.release-tag }}
files: |
dist/executables/*.exe
dist/executables/*.exe.blockmap
dist/executables/*.yml
- name: Release Linux installer
uses: softprops/action-gh-release@v1
if: startsWith(matrix.os, 'ubuntu')
with:
tag_name: ${{ needs.pre-release.outputs.release-tag }}
files: |
dist/executables/*.snap
dist/executables/*.AppImage
dist/executables/latest-*.yml