Skip to content

publish to wire-builds (#4445) #8566

publish to wire-builds (#4445)

publish to wire-builds (#4445) #8566

name: Test, Build & Deploy
on:
push:
branches: [staging, main]
tags:
- v*
jobs:
test_build_deploy:
runs-on: ubuntu-latest
strategy:
matrix:
DISTRIBUTION: ['DISTRIBUTION_0']
env:
DEPLOYMENT_RECOVERY_TIMEOUT_SECONDS: 150
AWS_APPLICATION_NAME: Account
AWS_BUILD_ZIP_PATH: 'wire-account.zip'
outputs:
wire_builds_target_branches: ${{ steps.output_target_branches.outputs.wire_builds_target_branches }}
chart_version: ${{ steps.publish_helm_chart.outputs.chart_version }}
image_tag: ${{ steps.push_docker_image.outputs.image_tag }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set environment variables
env:
# DISTRIBUTIONS are saved in the format `distribution-{name}`
DISTRIBUTION: ${{secrets[matrix.DISTRIBUTION]}}
run: |
echo "BRANCH_NAME=$(git branch --show-current)" >> $GITHUB_ENV
echo "TAG=$(git tag --points-at ${{github.sha}})" >> $GITHUB_ENV
echo "COMMIT_MESSAGE=$(git log --format=%B -n 1 ${{github.event.after}} | head -n 1)" >> $GITHUB_ENV
echo "DISTRIBUTION=${DISTRIBUTION/distribution-/}" >> $GITHUB_ENV
- name: Set TITLE
env:
PR_TITLE: ${{github.event.pull_request.title || env.COMMIT_MESSAGE}}
run: echo "TITLE=$PR_TITLE" >> $GITHUB_ENV
- name: Print environment variables
env:
GITHUB_CONTEXT: ${{toJson(github)}}
run: |
echo -e "BRANCH_NAME = ${BRANCH_NAME}"
echo -e "TAG = ${TAG}"
echo -e "TITLE = ${TITLE}"
echo -e "COMMIT_MESSAGE = ${COMMIT_MESSAGE}"
echo -e "GITHUB_CONTEXT = ${GITHUB_CONTEXT}"
- name: Skip CI
if: contains(env.TITLE || env.COMMIT_MESSAGE, '[skip ci]') || contains(env.TITLE || env.COMMIT_MESSAGE, '[ci skip]')
uses: andymckay/[email protected]
- name: Define target branches in wireapp/wire-builds to bump
id: output_target_branches
shell: bash
run: |
# NOTE: make sure that wire_builds_target_branches is valid JSON
wire_builds_target_branches='[]'
version_tag="${TAG:-$BRANCH_NAME}"
if [[ "$version_tag" == *"production"* ]]; then
echo "FUTUREWORK: bump some production branch on wire-builds once it exists"
fi
if [ "$version_tag" == "staging" ]; then
wire_builds_target_branches='["dev"]'
fi
echo "wire_builds_target_branches: $wire_builds_target_branches"
echo "wire_builds_target_branches=$wire_builds_target_branches" >> $GITHUB_OUTPUT
- name: Cancel Previous Runs
uses: styfle/[email protected]
with:
access_token: ${{github.token}}
- name: Yarn cache
uses: c-hive/[email protected]
- name: Authenticate git clone
env:
GH_TOKEN: ${{secrets.OTTO_THE_BOT_GH_TOKEN}}
run: echo -e "machine github.com\n login ${GH_TOKEN}" > ~/.netrc
- name: Install JS dependencies
run: yarn --immutable
- name: Test
run: yarn test
- name: Create commit file
run: |
mkdir -p ./dist
echo -e "$GITHUB_SHA" > "./dist/commit"
- name: Build staging
if: ${{env.BRANCH_NAME == 'staging'}}
run: yarn bundle:staging
- name: Build production
if: env.TAG != ''
run: yarn bundle:prod
- name: Deploy staging build to Elastic Beanstalk
if: env.BRANCH_NAME == 'staging' && matrix.DISTRIBUTION == 'DISTRIBUTION_0'
uses: einaregilsson/beanstalk-deploy@v20
with:
aws_access_key: ${{secrets.WEBTEAM_AWS_ACCESS_KEY_ID}}
aws_secret_key: ${{secrets.WEBTEAM_AWS_SECRET_ACCESS_KEY}}
application_name: ${{env.AWS_APPLICATION_NAME}}
environment_name: wire-account-staging-al2
region: eu-central-1
deployment_package: ${{env.AWS_BUILD_ZIP_PATH}}
wait_for_deployment: false
wait_for_environment_recovery: ${{env.DEPLOYMENT_RECOVERY_TIMEOUT_SECONDS}}
version_label: ${{github.run_id}}
version_description: ${{github.sha}}
- name: Deploy production build to Elastic Beanstalk
if: env.TAG != '' && matrix.DISTRIBUTION == 'DISTRIBUTION_0'
uses: einaregilsson/beanstalk-deploy@v20
with:
aws_access_key: ${{secrets.WEBTEAM_AWS_ACCESS_KEY_ID}}
aws_secret_key: ${{secrets.WEBTEAM_AWS_SECRET_ACCESS_KEY}}
application_name: ${{env.AWS_APPLICATION_NAME}}
environment_name: wire-account-prod-al2
region: eu-central-1
deployment_package: ${{env.AWS_BUILD_ZIP_PATH}}
wait_for_deployment: false
wait_for_environment_recovery: ${{env.DEPLOYMENT_RECOVERY_TIMEOUT_SECONDS}}
version_label: ${{env.TAG}}-${{github.run_id}}
version_description: ${{github.sha}}
- name: Push Docker image
id: push_docker_image
env:
DOCKER_PASSWORD: ${{secrets.WEBTEAM_QUAY_PASSWORD}}
DOCKER_USERNAME: ${{secrets.WEBTEAM_QUAY_USERNAME}}
run: |
dist=$DISTRIBUTION
if [ "$DISTRIBUTION" == "wire" ]; then
dist=""
fi
stage="$BRANCH_NAME"
if [ "$TAG" != "" ]; then
stage="production"
fi
yarn docker "$dist" "$stage" ${GITHUB_SHA} ./tag.txt
echo "image_tag=$(cat ./tag.txt)" >> $GITHUB_OUTPUT
echo "Pushed also unique docker tag $image_tag"
- uses: azure/setup-helm@v3
with:
version: '3.12.2'
id: install
- name: Publish Helm chart
shell: bash
id: publish_helm_chart
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CHARTS_WEBAPP_AUTOMATION_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CHARTS_WEBAPP_AUTOMATION_AWS_SECRET_ACCESS_KEY }}
run: |
set -eo pipefail
image_tag="${{steps.push_docker_image.outputs.image_tag}}"
helm plugin install https://github.com/hypnoglow/helm-s3.git --version 0.15.1
helm repo add charts-webapp s3://public.wire.com/charts-webapp
if [ "$TAG" != "" ]; then
chart_version="$(./bin/chart-next-version.sh release)"
else
chart_version="$(./bin/chart-next-version.sh prerelease)"
fi
echo "chart_version=$chart_version" >> $GITHUB_OUTPUT
chart_patched="$(yq -Mr ".version = \"$chart_version\" | .appVersion = \"$image_tag\"" ./charts/account-pages/Chart.yaml)"
echo "$chart_patched" > ./charts/account-pages/Chart.yaml
helm package ./charts/account-pages
helm s3 push account-pages-*.tgz charts-webapp
- name: Create GitHub release
id: create_release
if: env.TAG != '' && matrix.DISTRIBUTION == 'DISTRIBUTION_0'
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{github.token}}
with:
tag_name: ${{env.TAG}}
release_name: ${{env.TAG}}
body_path: ./CHANGELOG.md
draft: false
prerelease: false
publish_wire_builds:
name: Bump account-pages chart in wire-builds
runs-on: ubuntu-latest
needs: test_build_deploy
strategy:
matrix:
target_branch: ${{fromJSON(needs.test_build_deploy.outputs.wire_builds_target_branches)}}
steps:
- name: Check out wire-builds
uses: actions/checkout@v4
with:
repository: wireapp/wire-builds
token: ${{secrets.WIRE_BUILDS_WRITE_ACCESS_GH_TOKEN}}
ref: ${{matrix.target_branch}}
fetch-depth: 1
- name: Create new build in wire-build
shell: bash
run: |
set -eo pipefail
chart_version="${{needs.test_build_deploy.outputs.chart_version}}"
git config --global user.email "[email protected]"
git config --global user.name "Zebot"
image_tag="${{needs.test_build_deploy.outputs.image_tag}}"
for retry in $(seq 3); do
(
set -e
if (( retry > 1 )); then
echo "Retrying..."
fi
git fetch --depth 1 origin "${{ matrix.target_branch }}"
git checkout "${{ matrix.target_branch }}"
git reset --hard @{upstream}
build_json=$(cat ./build.json | \
./bin/set-chart-fields account-pages \
"version=$chart_version" \
"repo=https://s3-eu-west-1.amazonaws.com/public.wire.com/charts-webapp" \
"meta.appVersion=$image_tag" \
"meta.commitURL=${{github.event.head_commit.url}}" \
"meta.commit=${{github.event.head_commit.id}}" \
| ./bin/bump-prerelease )
echo "$build_json" > ./build.json
git add build.json
git commit -m "Bump account-pages to $chart_version"
git push origin "${{ matrix.target_branch }}"
) && break
done
if (( $? != 0 )); then
echo "Retrying didn't help. Failing the step."
exit 1
fi