Publish and deploy #36
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish and deploy | |
on: create | |
env: | |
SERVICE_NAME: ${{ github.event.repository.name }} | |
GOOGLE_PROJECT: broad-dsp-gcr-public | |
jobs: | |
publish-job: | |
if: startsWith(github.ref, 'refs/tags/') | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
runs-on: ubuntu-latest | |
outputs: | |
tag: ${{ steps.tag.outputs.tag }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: 'gradle' | |
- name: Parse tag | |
id: tag | |
run: echo "tag=$(git describe --tags)" >> $GITHUB_OUTPUT | |
- name: Publish to Artifactory | |
run: ./gradlew --build-cache :client:artifactoryPublish | |
env: | |
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }} | |
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }} | |
ARTIFACTORY_REPO_KEY: "libs-release-local" | |
- name: Auth to Google | |
uses: google-github-actions/auth@v1 | |
with: | |
workload_identity_provider: projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider | |
service_account: gcr-publish@broad-dsp-gcr-public.iam.gserviceaccount.com | |
- name: Setup gcloud | |
uses: google-github-actions/setup-gcloud@v1 | |
- name: Explicitly auth Docker for GCR | |
run: gcloud auth configure-docker --quiet | |
- name: Construct docker image name and tag | |
id: image-name | |
run: echo "name=gcr.io/${GOOGLE_PROJECT}/${SERVICE_NAME}:${{ steps.tag.outputs.tag }}" >> $GITHUB_OUTPUT | |
- name: Build image locally with jib | |
run: | | |
DOCKER_IMAGE_NAME_AND_TAG=${{ steps.image-name.outputs.name }} \ | |
./scripts/build docker | |
- name: Push GCR image | |
run: docker push ${{ steps.image-name.outputs.name }} | |
# | |
# Hey! You'll probably want to adjust below this point: it deploys newly published versions to dev! | |
# | |
# You'll need to create a new chart entry in Beehive first, at https://broad.io/beehive/charts/new (chart | |
# names can't be changed, so be sure beforehand). Replace 'javatemplate' below with whatever name you choose. | |
# | |
# You'll also need to add some access to your new repo to allow it to run these steps. We have docs on the | |
# whole process here: https://docs.google.com/document/d/1lkUkN2KOpHKWufaqw_RIE7EN3vN4G2xMnYBU83gi8VA/edit#heading=h.ipfs1speial | |
# | |
# Lastly, the deployment part won't work until your app has an actual chart and is deployed in dev. We can | |
# help with that, ping #dsp-devops-champions and we can point you in the right direction. | |
# | |
report-to-sherlock: | |
# Report new version to Broad DevOps | |
uses: broadinstitute/sherlock/.github/workflows/client-report-app-version.yaml@main | |
needs: publish-job | |
with: | |
new-version: ${{ needs.publish-job.outputs.tag }} | |
chart-name: 'appmanager' | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
set-version-in-dev: | |
# Put new version in Broad dev environment | |
uses: broadinstitute/sherlock/.github/workflows/client-set-environment-app-version.yaml@main | |
needs: [publish-job, report-to-sherlock] | |
with: | |
new-version: ${{ needs.publish-job.outputs.tag }} | |
chart-name: 'appmanager' | |
environment-name: 'dev' | |
secrets: | |
sync-git-token: ${{ secrets.BROADBOT_TOKEN }} | |
permissions: | |
id-token: 'write' | |
# report workflow status in slack | |
# see https://docs.google.com/document/d/1G6-whnNJvON6Qq1b3VvRJFC7M9M-gu2dAVrQHDyp9Us/edit?usp=sharing | |
report-workflow: | |
uses: broadinstitute/sherlock/.github/workflows/client-report-workflow.yaml@main | |
with: | |
# Channels to notify upon workflow success or failure | |
notify-slack-channels-upon-workflow-completion: '#dsp-app-manager-builds' | |
# Channels to notify upon workflow success only | |
# notify-slack-channels-upon-workflow-success: "#channel-here" | |
# Channels to notify upon workflow failure only | |
# notify-slack-channels-upon-workflow-failure: "#channel-here" | |
permissions: | |
id-token: 'write' |