Fix private KB warning in widget generator page [sc-7912] (#1186) #1190
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy | |
on: | |
push: | |
branches: | |
- main | |
env: | |
APP_IMAGE_NAME: app | |
MANAGER_IMAGE_NAME: manager | |
CDN_STORAGE: ${{ secrets.CDN_STORAGE }} | |
DOCS_STORAGE: ${{ secrets.DOCS_STORAGE }} | |
CONTAINER_REGISTRY: eu.gcr.io/${{ secrets.PROJECT_ID }} | |
permissions: | |
contents: write | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
outputs: | |
deploy-widget: ${{ steps.check-deploy.outputs.deploy-widget }} | |
deploy-app: ${{ steps.check-deploy.outputs.deploy-app }} | |
deploy-nucliadb-admin: ${{ steps.check-deploy.outputs.deploy-nucliadb-admin }} | |
deploy-manager: ${{ steps.check-deploy.outputs.deploy-manager }} | |
deploy-desktop: ${{ steps.check-deploy.outputs.deploy-desktop }} | |
deploy-sistema: ${{ steps.check-deploy.outputs.deploy-sistema }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: nrwl/nx-set-shas@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 18 | |
cache: 'yarn' | |
- name: Calculate short sha | |
run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV | |
- name: Install project dependencies | |
run: |- | |
yarn | |
yarn missdev | |
- name: Unit tests | |
run: npx nx affected --target=test --parallel=3 --exclude=sdk-demo,search-widget-demo,core,sistema-demo | |
- name: Build affected apps | |
run: npx nx affected --target=build --parallel=3 --configuration production --exclude=sdk-demo,search-widget-demo | |
- name: Get package version | |
run: node -p -e '`PACKAGE_VERSION=${require("./package.json").version}`' >> $GITHUB_ENV | |
- name: Tag if new version | |
uses: pkgdeps/[email protected] | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
github_repo: ${{ github.repository }} | |
version: ${{ env.PACKAGE_VERSION }} | |
git_commit_sha: ${{ github.sha }} | |
git_tag_prefix: 'v' | |
- name: Check apps to deploy | |
id: check-deploy | |
run: |- | |
(test -d dist/libs/search-widget && echo "deploy-widget=yes" >> $GITHUB_OUTPUT) || echo "Widget unchanged" | |
(test -d dist/apps/dashboard && echo "deploy-app=yes" >> $GITHUB_OUTPUT) || echo "Dashboard unchanged" | |
(test -d dist/apps/nucliadb-admin && echo "deploy-nucliadb-admin=yes" >> $GITHUB_OUTPUT) || echo "NucliaDB admin unchanged" | |
(test -d dist/apps/manager-v2 && echo "deploy-manager=yes" >> $GITHUB_OUTPUT) || echo "Manager unchanged" | |
((test -d dist/apps/desktop || test -d dist/apps/desktop-electron) && echo "deploy-desktop=yes" >> $GITHUB_OUTPUT) || echo "Desktop unchanged" | |
(test -d dist/apps/sistema-demo && echo "deploy-sistema=yes" >> $GITHUB_OUTPUT) || echo "Sistema demo unchanged" | |
(test -d dist/sdk-core && echo "deploy-sdk=yes" >> $GITHUB_OUTPUT) || echo "SDK unchanged" | |
- uses: google-github-actions/auth@v0 | |
with: | |
credentials_json: '${{ secrets.GCP_CREDENTIALS }}' | |
- name: 'Set up Cloud SDK' | |
uses: 'google-github-actions/setup-gcloud@v0' | |
- name: Configure Docker | |
run: gcloud auth configure-docker --quiet | |
- name: Publish widget | |
if: steps.check-deploy.outputs.deploy-widget == 'yes' | |
run: |- | |
find dist/libs/search-widget -type f -name *.umd.js -exec sed -i.bak "s,__NUCLIA_DEV_VERSION__,$GITHUB_SHA,g" {} \; | |
gsutil copy dist/libs/search-widget/*.umd.js gs://$CDN_STORAGE | |
gsutil copy dist/libs/search-widget/*.css gs://$CDN_STORAGE | |
gsutil copy -r libs/search-widget/public/* gs://$CDN_STORAGE | |
- name: Publish SDK | |
if: steps.check-deploy.outputs.deploy-sdk == 'yes' | |
uses: JS-DevTools/npm-publish@v1 | |
with: | |
token: ${{ secrets.NPM_TOKEN }} | |
package: ./dist/sdk-core/package.json | |
- name: Generate and push SDK docs | |
if: steps.check-deploy.outputs.deploy-sdk == 'yes' | |
run: |- | |
sh ./tools/build-sdk-docs.sh | |
gsutil -m rsync -r ./libs/sdk-core/docs gs://$DOCS_STORAGE/js-sdk | |
- name: Build dashboard image | |
if: steps.check-deploy.outputs.deploy-app == 'yes' | |
run: |- | |
docker build -t $CONTAINER_REGISTRY/$APP_IMAGE_NAME:${SHORT_SHA} -f docker/Dockerfile --build-arg appId=app --build-arg appFolder=dashboard . | |
docker tag $CONTAINER_REGISTRY/$APP_IMAGE_NAME:${SHORT_SHA} $CONTAINER_REGISTRY/$APP_IMAGE_NAME:main | |
docker push $CONTAINER_REGISTRY/$APP_IMAGE_NAME:${SHORT_SHA} | |
docker push $CONTAINER_REGISTRY/$APP_IMAGE_NAME:main | |
- name: Publish NucliaDB admin app | |
if: steps.check-deploy.outputs.deploy-nucliadb-admin == 'yes' | |
run: |- | |
sed -i.bak "s,STF_DOCKER_CONFIG_VERSION,$GITHUB_SHA,g" dist/apps/nucliadb-admin/assets/deployment/app-config.json | |
cp -r dist/apps/nucliadb-admin/* tools/python-nucliadb-admin-dist/nucliadb_admin_assets/ | |
make -C tools/python-nucliadb-admin-dist/ publish ARGS="--build=${{github.run_number}}" | |
env: | |
TWINE_USERNAME: __token__ | |
TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }} | |
- name: Build manager image | |
if: steps.check-deploy.outputs.deploy-manager == 'yes' | |
run: |- | |
docker build -t $CONTAINER_REGISTRY/$MANAGER_IMAGE_NAME:${SHORT_SHA} -f docker/Dockerfile --build-arg appId=manager --build-arg appFolder=manager-v2 . | |
docker tag $CONTAINER_REGISTRY/$MANAGER_IMAGE_NAME:${SHORT_SHA} $CONTAINER_REGISTRY/$MANAGER_IMAGE_NAME:main | |
docker push $CONTAINER_REGISTRY/$MANAGER_IMAGE_NAME:${SHORT_SHA} | |
docker push $CONTAINER_REGISTRY/$MANAGER_IMAGE_NAME:main | |
- name: Create 404 page for gh-pages | |
if: steps.check-deploy.outputs.deploy-sistema == 'yes' | |
run: |- | |
cp dist/apps/sistema-demo/index.html dist/apps/sistema-demo/404.html | |
- name: Deploy sistema-demo to GH pages | |
if: steps.check-deploy.outputs.deploy-sistema == 'yes' | |
uses: JamesIves/github-pages-deploy-action@v4 | |
with: | |
folder: dist/apps/sistema-demo | |
- name: Upload sourcemaps to Sentry | |
uses: getsentry/[email protected] | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_ORG: nuclia | |
SENTRY_PROJECT: application | |
deploy-app: | |
name: Deploy dashboard | |
runs-on: ubuntu-latest | |
needs: build | |
if: needs.build.outputs.deploy-app == 'yes' | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Calculate short sha | |
run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV | |
- name: Set helm package image | |
id: version_step | |
run: |- | |
sed -i.bak "s#IMAGE_TO_REPLACE#$APP_IMAGE_NAME:${SHORT_SHA}#" ./charts/app/values.yaml | |
sed -i.bak "s#CONTAINER_REGISTRY_TO_REPLACE#$CONTAINER_REGISTRY#" ./charts/app/values.yaml | |
VERSION=`cat apps/dashboard/VERSION` | |
VERSION_SHA=$VERSION+${SHORT_SHA} | |
sed -i.bak "s#99999.99999.99999#$VERSION_SHA#" ./charts/app/Chart.yaml | |
echo "version_number=$VERSION_SHA" >> $GITHUB_OUTPUT | |
- name: Configure Git | |
run: | | |
git config user.name "$GITHUB_ACTOR" | |
git config user.email "[email protected]" | |
- name: Install Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: v3.4.0 | |
- name: Push helm package | |
run: |- | |
helm lint charts/app | |
helm package charts/app | |
curl --data-binary "@app-${{ steps.version_step.outputs.version_number }}.tgz" ${{ secrets.HELM_CHART_URL }}/api/charts | |
- name: Repository Dispatch | |
uses: peter-evans/repository-dispatch@v2 | |
with: | |
token: ${{ secrets.GH_CICD_PUBLIC }} | |
repository: nuclia/frontend_deploy | |
event-type: promote | |
client-payload: '{"component": "app", "chart-version": "${{ steps.version_step.outputs.version_number }}" }' | |
deploy-manager: | |
name: Deploy manager | |
runs-on: ubuntu-latest | |
needs: build | |
if: needs.build.outputs.deploy-manager == 'yes' | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Calculate short sha | |
run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV | |
- name: Set helm package image | |
id: version_step | |
run: |- | |
sed -i.bak "s#IMAGE_TO_REPLACE#$MANAGER_IMAGE_NAME:${SHORT_SHA}#" ./charts/manager/values.yaml | |
sed -i.bak "s#CONTAINER_REGISTRY_TO_REPLACE#$CONTAINER_REGISTRY#" ./charts/manager/values.yaml | |
VERSION=`cat apps/manager-v2/VERSION` | |
VERSION_SHA=$VERSION+$SHORT_SHA | |
sed -i.bak "s#99999.99999.99999#$VERSION_SHA#" ./charts/manager/Chart.yaml | |
echo "version_number=$VERSION_SHA" >> $GITHUB_OUTPUT | |
- name: Configure Git | |
run: | | |
git config user.name "$GITHUB_ACTOR" | |
git config user.email "[email protected]" | |
- name: Install Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: v3.4.0 | |
- name: Push helm package | |
run: |- | |
helm lint charts/manager | |
helm package charts/manager | |
curl --data-binary "@manager-${{ steps.version_step.outputs.version_number }}.tgz" ${{ secrets.HELM_CHART_URL }}/api/charts | |
- name: Repository Dispatch | |
uses: peter-evans/repository-dispatch@v2 | |
with: | |
token: ${{ secrets.GH_CICD_PUBLIC }} | |
repository: nuclia/frontend_deploy | |
event-type: promote | |
client-payload: '{"component": "manager", "chart-version": "${{ steps.version_step.outputs.version_number }}" }' | |
pre-release: | |
name: 'Pre Release' | |
needs: build | |
if: needs.build.outputs.deploy-desktop == 'yes' | |
runs-on: 'ubuntu-latest' | |
outputs: | |
release-desktop: ${{ steps.release.outputs.released }} | |
release-tag: ${{ steps.release.outputs.release_tag }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Release | |
uses: justincy/[email protected] | |
id: release | |
deploy-desktop: | |
name: Deploy desktop | |
needs: pre-release | |
if: needs.pre-release.outputs.release-desktop == 'true' | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [macos-latest, ubuntu-latest, windows-latest] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: nrwl/nx-set-shas@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 18 | |
cache: 'yarn' | |
- name: Install project dependencies | |
run: |- | |
yarn | |
yarn missdev | |
- name: Build desktop app | |
run: |- | |
npx replace-in-file __SENTRY_URL__ ${{ secrets.SENTRY_URL }} ./apps/desktop/electron/src/environments/environment.prod.ts | |
npx replace-in-file __SENTRY_URL__ ${{ secrets.SENTRY_URL }} ./apps/desktop/src/environments_config/production/app-config.json | |
npx replace-in-file __SENTRY_RELEASE__ ${{ github.sha }} ./apps/desktop/electron/src/environments/environment.prod.ts | |
npx replace-in-file __SENTRY_RELEASE__ ${{ github.sha }} ./apps/desktop/src/environments_config/production/app-config.json | |
npx nx build desktop --configuration production | |
npx replace-in-file __VERSION__ ${{ github.sha }} ./dist/apps/desktop/assets/deployment/app-config.json | |
- name: Build electron app | |
run: |- | |
npx nx build desktop-electron --configuration production | |
npx tsc -p apps/desktop/electron/tsconfig.server.json | |
cp -r dist/service ./dist/apps/desktop-electron/assets | |
- name: Install the Apple certificate | |
if: startsWith(matrix.os, 'macos') | |
env: | |
BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }} | |
P12_PASSWORD: ${{ secrets.P12_PASSWORD }} | |
KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | |
run: | | |
# create variables | |
CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12 | |
KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db | |
# import certificate from secrets | |
echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH | |
# create temporary keychain | |
security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
security set-keychain-settings -lut 21600 $KEYCHAIN_PATH | |
security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH | |
# import certificate to keychain | |
security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH | |
security list-keychain -d user -s $KEYCHAIN_PATH | |
- name: Prepare for app notarization | |
if: startsWith(matrix.os, 'macos') | |
run: |- | |
mkdir -p ~/private_keys/ | |
echo '${{ secrets.APPLE_API_SECRET }}' > ~/private_keys/AuthKey_${{ secrets.APPLE_API_KEY }}.p8 | |
echo "APPLE_API_ISSUER=${{ secrets.APPLE_API_ISSUER }}" > .env | |
echo "APPLE_API_KEY=${{ secrets.APPLE_API_KEY }}" >> .env | |
- name: Package electron app on MacOSX | |
if: startsWith(matrix.os, 'macos') | |
run: PYTHON_PATH=$(which python) npx nx run desktop-electron:make --publish always | |
- name: Package electron app on Windows | |
if: startsWith(matrix.os, 'windows') | |
run: npx nx run desktop-electron:make --publish always | |
- name: Package electron app on Ubuntu | |
if: startsWith(matrix.os, 'ubuntu') | |
run: npx nx run desktop-electron:make --publish always | |
- name: Release MacOSX installer | |
uses: softprops/action-gh-release@v1 | |
if: startsWith(matrix.os, 'macos') | |
with: | |
tag_name: ${{ needs.pre-release.outputs.release-tag }} | |
files: | | |
dist/executables/*.dmg | |
dist/executables/*.zip | |
dist/executables/latest-*.yml | |
- name: Release Windows installer | |
uses: softprops/action-gh-release@v1 | |
if: startsWith(matrix.os, 'windows') | |
with: | |
tag_name: ${{ needs.pre-release.outputs.release-tag }} | |
files: | | |
dist/executables/*.exe | |
dist/executables/*.exe.blockmap | |
dist/executables/*.yml | |
- name: Release Linux installer | |
uses: softprops/action-gh-release@v1 | |
if: startsWith(matrix.os, 'ubuntu') | |
with: | |
tag_name: ${{ needs.pre-release.outputs.release-tag }} | |
files: | | |
dist/executables/*.snap | |
dist/executables/*.AppImage | |
dist/executables/latest-*.yml |