Skip to content
Publish and deploy

Publish and deploy #23

Sign in to view logs

Publish and deploy

Publish and deploy #23

Workflow file for this run

.github/workflows/publish.yml at a47a826
name: Publish and deploy
on: create
env:
SERVICE_NAME: ${{ github.event.repository.name }}
GOOGLE_PROJECT: broad-dsp-gcr-public
jobs:
publish-job:
if: startsWith(github.ref, 'refs/tags/')
permissions:
contents: 'read'
id-token: 'write'
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.tag.outputs.tag }}
steps:
- uses: actions/checkout@v3
- name: Set up JDK
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'
cache: 'gradle'
- name: Parse tag
id: tag
run: echo "tag=$(git describe --tags)" >> $GITHUB_OUTPUT
- name: Publish to Artifactory
run: ./gradlew --build-cache :client:artifactoryPublish
env:
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
ARTIFACTORY_REPO_KEY: "libs-release-local"
- name: Auth to Google
uses: google-github-actions/auth@v1
with:
workload_identity_provider: projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider
service_account: gcr-publish@broad-dsp-gcr-public.iam.gserviceaccount.com
- name: Setup gcloud
uses: google-github-actions/setup-gcloud@v1
- name: Explicitly auth Docker for GCR
run: gcloud auth configure-docker --quiet
- name: Construct docker image name and tag
id: image-name
run: echo "name=gcr.io/${GOOGLE_PROJECT}/${SERVICE_NAME}:${{ steps.tag.outputs.tag }}" >> $GITHUB_OUTPUT
- name: Build image locally with jib
run: |
DOCKER_IMAGE_NAME_AND_TAG=${{ steps.image-name.outputs.name }} \
./scripts/build docker
- name: Push GCR image
run: docker push ${{ steps.image-name.outputs.name }}
#
# Hey! You'll probably want to adjust below this point: it deploys newly published versions to dev!
#
# You'll need to create a new chart entry in Beehive first, at https://broad.io/beehive/charts/new (chart
# names can't be changed, so be sure beforehand). Replace 'javatemplate' below with whatever name you choose.
#
# You'll also need to add some access to your new repo to allow it to run these steps. We have docs on the
# whole process here: https://docs.google.com/document/d/1lkUkN2KOpHKWufaqw_RIE7EN3vN4G2xMnYBU83gi8VA/edit#heading=h.ipfs1speial
#
# Lastly, the deployment part won't work until your app has an actual chart and is deployed in dev. We can
# help with that, ping #dsp-devops-champions and we can point you in the right direction.
#
report-to-sherlock:
# Report new version to Broad DevOps
uses: broadinstitute/sherlock/.github/workflows/client-report-app-version.yaml@main
needs: publish-job
with:
new-version: ${{ needs.publish-job.outputs.tag }}
chart-name: 'appmanager'
permissions:
contents: 'read'
id-token: 'write'
set-version-in-dev:
# Put new version in Broad dev environment
uses: broadinstitute/sherlock/.github/workflows/client-set-environment-app-version.yaml@main
needs: [publish-job, report-to-sherlock]
with:
new-version: ${{ needs.publish-job.outputs.tag }}
chart-name: 'appmanager'
environment-name: 'dev'
secrets:
sync-git-token: ${{ secrets.BROADBOT_TOKEN }}
permissions:
id-token: 'write'
# report workflow status in slack
# see https://docs.google.com/document/d/1G6-whnNJvON6Qq1b3VvRJFC7M9M-gu2dAVrQHDyp9Us/edit?usp=sharing
report-workflow:
uses: broadinstitute/sherlock/.github/workflows/client-report-workflow.yaml@main
with:
# Channels to notify upon workflow success or failure
notify-slack-channels-upon-workflow-completion: '#dsp-app-manager-builds'
# Channels to notify upon workflow success only
# notify-slack-channels-upon-workflow-success: "#channel-here"
# Channels to notify upon workflow failure only
# notify-slack-channels-upon-workflow-failure: "#channel-here"
permissions:
id-token: 'write'