Merge pull request #358 from planetarium/bugfix/put-nonce-first #819
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Works on NineChronicles.IAP | |
on: | |
push: | |
branches: | |
- development | |
- internal | |
- release/* | |
- main | |
- preview | |
pull_request: | |
branches: | |
- development | |
- internal | |
- release/* | |
- main | |
jobs: | |
test: | |
uses: ./.github/workflows/test.yml | |
with: | |
environment: ${{ github.ref == 'refs/heads/main' && 'mainnet' || ((startsWith(github.ref, 'refs/heads/release') || github.ref == 'refs/heads/internal' || github.ref == 'refs/heads/preview') && 'internal' || 'development') }} | |
secrets: | |
APPLE_CREDENTIAL: ${{ secrets.APPLE_CREDENTIAL }} | |
APPLE_KEY_ID: ${{ secrets.APPLE_KEY_ID }} | |
APPLE_ISSUER_ID: ${{ secrets.APPLE_ISSUER_ID }} | |
GOOGLE_CREDENTIAL: ${{ secrets.GOOGLE_CREDENTIAL }} | |
SEASON_PASS_JWT_SECRET: ${{ secrets.SEASON_PASS_JWT_SECRET }} | |
HEADLESS_GQL_JWT_SECRET: ${{ secrets.HEADLESS_GQL_JWT_SECRET }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
build_frontend: | |
uses: ./.github/workflows/build_frontend.yml | |
with: | |
environment: ${{ github.ref == 'refs/heads/main' && 'mainnet' || ((startsWith(github.ref, 'refs/heads/release') || github.ref == 'refs/heads/internal' || github.ref == 'refs/heads/preview') && 'internal' || 'development') }} | |
secrets: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
synth: | |
uses: ./.github/workflows/synth.yml | |
with: | |
environment: ${{ (startsWith(github.ref, 'refs/heads/release') || github.ref == 'refs/heads/internal' || github.ref == 'refs/heads/preview') && 'internal' || 'development' }} | |
secrets: | |
ACCOUNT_ID: ${{ secrets.ACCOUNT_ID }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
KMS_KEY_ID: ${{ secrets.KMS_KEY_ID }} | |
ADHOC_KMS_KEY_ID: ${{ secrets.ADHOC_KMS_KEY_ID }} | |
GOOGLE_CREDENTIAL: ${{ secrets.GOOGLE_CREDENTIAL }} | |
APPLE_CREDENTIAL: ${{ secrets.APPLE_CREDENTIAL }} | |
APPLE_KEY_ID: ${{ secrets.APPLE_KEY_ID }} | |
APPLE_ISSUER_ID: ${{ secrets.APPLE_ISSUER_ID }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
IAP_GARAGE_WEBHOOK_URL: ${{ secrets.IAP_GARAGE_WEBHOOK_URL }} | |
IAP_ALERT_WEBHOOK_URL: ${{ secrets.IAP_ALERT_WEBHOOK_URL }} | |
GOLDEN_DUST_REQUEST_SHEET_ID: ${{ secrets.GOLDEN_DUST_REQUEST_SHEET_ID }} | |
GOLDEN_DUST_WORK_SHEET_ID: ${{ secrets.GOLDEN_DUST_WORK_SHEET_ID }} | |
SEASON_PASS_JWT_SECRET: ${{ secrets.SEASON_PASS_JWT_SECRET }} | |
VOUCHER_URL: ${{ secrets.VOUCHER_URL }} | |
VOUCHER_JWT_SECRET: ${{ secrets.VOUCHER_JWT_SECRET }} | |
BRIDGE_DATA: ${{ secrets.BRIDGE_DATA }} | |
REFUND_SHEET_ID : ${{ secrets.REFUND_SHEET_ID }} | |
HEADLESS_GQL_JWT_SECRET: ${{ secrets.HEADLESS_GQL_JWT_SECRET }} | |
deploy_without_approval: | |
# This is for preview / internal deployment | |
if: ${{ github.ref == 'refs/heads/preview' || github.ref == 'refs/heads/internal' || startsWith(github.ref, 'refs/heads/release') }} | |
needs: [ "test", "build_frontend", "synth" ] | |
uses: ./.github/workflows/deploy.yml | |
with: | |
environment: ${{ (startsWith(github.ref, 'refs/heads/release') || github.ref == 'refs/heads/internal' || github.ref == 'refs/heads/preview') && 'internal' || 'development' }} | |
secrets: | |
ACCOUNT_ID: ${{ secrets.ACCOUNT_ID }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
KMS_KEY_ID: ${{ secrets.KMS_KEY_ID }} | |
ADHOC_KMS_KEY_ID: ${{ secrets.ADHOC_KMS_KEY_ID }} | |
GOOGLE_CREDENTIAL: ${{ secrets.GOOGLE_CREDENTIAL }} | |
APPLE_CREDENTIAL: ${{ secrets.APPLE_CREDENTIAL }} | |
APPLE_KEY_ID: ${{ secrets.APPLE_KEY_ID }} | |
APPLE_ISSUER_ID: ${{ secrets.APPLE_ISSUER_ID }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
IAP_GARAGE_WEBHOOK_URL: ${{ secrets.IAP_GARAGE_WEBHOOK_URL }} | |
IAP_ALERT_WEBHOOK_URL: ${{ secrets.IAP_ALERT_WEBHOOK_URL }} | |
GOLDEN_DUST_REQUEST_SHEET_ID: ${{ secrets.GOLDEN_DUST_REQUEST_SHEET_ID }} | |
GOLDEN_DUST_WORK_SHEET_ID: ${{ secrets.GOLDEN_DUST_WORK_SHEET_ID }} | |
SEASON_PASS_JWT_SECRET: ${{ secrets.SEASON_PASS_JWT_SECRET }} | |
VOUCHER_URL: ${{ secrets.VOUCHER_URL }} | |
VOUCHER_JWT_SECRET: ${{ secrets.VOUCHER_JWT_SECRET }} | |
BRIDGE_DATA: ${{ secrets.BRIDGE_DATA }} | |
REFUND_SHEET_ID : ${{ secrets.REFUND_SHEET_ID }} | |
HEADLESS_GQL_JWT_SECRET: ${{ secrets.HEADLESS_GQL_JWT_SECRET }} | |
approval: | |
runs-on: ubuntu-latest | |
if: ${{ github.ref == 'refs/heads/main' }} | |
needs: [ "test", "build_frontend", "synth" ] | |
environment: approval | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Echo | |
run: | | |
echo "Manual Approval" | |
deploy_with_approval: | |
# This is for mainnet deployment. It needs user approval | |
if: ${{ github.ref == 'refs/heads/main' }} | |
needs: approval | |
uses: ./.github/workflows/deploy.yml | |
with: | |
environment: mainnet | |
secrets: | |
ACCOUNT_ID: ${{ secrets.ACCOUNT_ID }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
KMS_KEY_ID: ${{ secrets.KMS_KEY_ID }} | |
ADHOC_KMS_KEY_ID: ${{ secrets.ADHOC_KMS_KEY_ID }} | |
GOOGLE_CREDENTIAL: ${{ secrets.GOOGLE_CREDENTIAL }} | |
APPLE_CREDENTIAL: ${{ secrets.APPLE_CREDENTIAL }} | |
APPLE_KEY_ID: ${{ secrets.APPLE_KEY_ID }} | |
APPLE_ISSUER_ID: ${{ secrets.APPLE_ISSUER_ID }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
IAP_GARAGE_WEBHOOK_URL: ${{ secrets.IAP_GARAGE_WEBHOOK_URL }} | |
IAP_ALERT_WEBHOOK_URL: ${{ secrets.IAP_ALERT_WEBHOOK_URL }} | |
GOLDEN_DUST_REQUEST_SHEET_ID: ${{ secrets.GOLDEN_DUST_REQUEST_SHEET_ID }} | |
GOLDEN_DUST_WORK_SHEET_ID: ${{ secrets.GOLDEN_DUST_WORK_SHEET_ID }} | |
SEASON_PASS_JWT_SECRET: ${{ secrets.SEASON_PASS_JWT_SECRET }} | |
VOUCHER_URL: ${{ secrets.VOUCHER_URL }} | |
VOUCHER_JWT_SECRET: ${{ secrets.VOUCHER_JWT_SECRET }} | |
BRIDGE_DATA: ${{ secrets.BRIDGE_DATA }} | |
REFUND_SHEET_ID : ${{ secrets.REFUND_SHEET_ID }} | |
HEADLESS_GQL_JWT_SECRET: ${{ secrets.HEADLESS_GQL_JWT_SECRET }} |