Skip to content

CI: Move jobs from build to main jenkins (#4599) #1912

CI: Move jobs from build to main jenkins (#4599)

CI: Move jobs from build to main jenkins (#4599) #1912

Workflow file for this run

name: Release
on:
workflow_dispatch:
push:
branches:
- master
env:
REPOSITORY_NAME: ${{ github.event.repository.name }}
jobs:
release:
name: Release
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
actions: write
issues: write
pull-requests: write
steps:
- name: Checkout Repo
uses: actions/checkout@v4
with:
# This makes Actions fetch all Git history so that Changesets can generate changelogs with the correct commits
fetch-depth: 0
# This forces changesets to use git user, provided by GITHUB_TOKEN env var
persist-credentials: false
- name: GSM Secrets
id: secrets_manager
uses: toptal/davinci-github-actions/[email protected]
with:
workload_identity_provider: ${{ secrets.IDENTITY_POOL }}
service_account: ${{ secrets.SA_IDENTITY_POOL }}
secrets_name: |-
DOCKER_BUILDX_ENDPOINT:toptal-ci/DOCKER_BUILDX_ENDPOINT
GCR_ACCOUNT_KEY:toptal-ci/GCR_ACCOUNT_KEY
NPM_TOKEN_PUBLISH:toptal-ci/NPM_TOKEN_PUBLISH
SLACK_BOT_TOKEN:toptal-ci/SLACK_BOT_TOKEN
TOPTAL_BUILD_BOT_SSH_KEY:toptal-ci/TOPTAL_BUILD_BOT_SSH_KEY
TOPTAL_BUILD_BOT_TOKEN:toptal-ci/TOPTAL_BUILD_BOT_TOKEN
TOPTAL_DEFAULT_REGISTRY:toptal-ci/TOPTAL_DEFAULT_REGISTRY
TOPTAL_DEVBOT_TOKEN:toptal-ci/TOPTAL_DEVBOT_TOKEN
TOPTAL_REPOACCESSBOT_TOKEN:toptal-ci/TOPTAL_REPOACCESSBOT_TOKEN
TOPTAL_TRIGGERBOT_TOKEN:toptal-ci/TOPTAL_TRIGGERBOT_TOKEN
TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN:toptal-ci/TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN
TOPTAL_TRIGGERBOT_USERNAME:toptal-ci/TOPTAL_TRIGGERBOT_USERNAME
JENKINS_DEPLOYMENT_CLIENT_ID:toptal-ci/JENKINS_DEPLOYMENT_CLIENT_ID
JENKINS_DEPLOYMENT_URL:toptal-ci/JENKINS_DEPLOYMENT_URL
JENKINS_CLIENT_ID:toptal-ci/JENKINS_CLIENT_ID
JENKINS_URL:toptal-ci/JENKINS_URL
JENKINS_SA_CREDENTIALS:toptal-ci/JENKINS_SA_CREDENTIALS
- name: Parse secrets
id: parse_secrets
uses: toptal/davinci-github-actions/[email protected]
with:
json: ${{ steps.secrets_manager.outputs.secrets }}
- name: Set ENV Variables
shell: bash
run: |-
echo "DOCKER_BUILDX_ENDPOINT=${{ steps.parse_secrets.outputs.DOCKER_BUILDX_ENDPOINT }}" >> $GITHUB_ENV
echo "SLACK_BOT_TOKEN=${{ steps.parse_secrets.outputs.SLACK_BOT_TOKEN }}" >> $GITHUB_ENV
echo "TOPTAL_BOT_USERNAME=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}" >> $GITHUB_ENV
echo "TOPTAL_BOT_JENKINS_DEPLOYMENT_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN }}" >> $GITHUB_ENV
echo "TOPTAL_JENKINS_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_TOKEN }}" >> $GITHUB_ENV
echo "DEVBOT_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_DEVBOT_TOKEN }}" >> $GITHUB_ENV
echo 'GCR_ACCOUNT_KEY<<EOF' >> $GITHUB_ENV
echo '${{ steps.parse_secrets.outputs.GCR_ACCOUNT_KEY }}' >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
echo "GITHUB_TOKEN=${{ steps.parse_secrets.outputs.TOPTAL_DEVBOT_TOKEN }}" >> $GITHUB_ENV
echo 'TOPTAL_BUILD_BOT_SSH_KEY<<EOF' >> $GITHUB_ENV
echo '${{ steps.parse_secrets.outputs.TOPTAL_BUILD_BOT_SSH_KEY }}' >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: 18
- name: Get yarn cache directory path
id: yarn-cache-dir-path
run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT
- name: Check yarn cache
uses: actions/cache@v3
id: yarn-cache
with:
path: ${{ steps.yarn-cache-dir-path.outputs.dir }}
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-yarn-
- name: Install Dependencies (from network)
if: ${{ steps.yarn-cache.outputs.cache-hit != 'true' }}
run: |
yarn policies set-version
yarn install --frozen-lockfile
- name: Install Dependencies (from cache)
if: ${{ steps.yarn-cache.outputs.cache-hit == 'true' }}
run: |
yarn policies set-version
yarn install --frozen-lockfile --offline
- name: Create Release Pull Request or Publish to npm
id: changesets
uses: changesets/action@e9cc34b540dd3ad1b030c57fd97269e8f6ad905a
with:
publish: yarn release
env:
GITHUB_TOKEN: ${{ steps.parse_secrets.outputs.TOPTAL_BUILD_BOT_TOKEN }}
NPM_TOKEN: ${{ steps.parse_secrets.outputs.NPM_TOKEN_PUBLISH }}
- name: Edit "Version Package" PR
if: ${{ steps.changesets.outputs.published != 'true' }}
uses: actions/github-script@v7
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
// Get list of all open PRs with
// head branch "changeset-release/master"
// (there should be max 1 PR with such condition)
const { data } = await github.rest.pulls.list({
owner: 'toptal',
repo: 'picasso',
state: 'open',
head: 'toptal:changeset-release/master'
})
for await (let pr of data) {
// add to all of them label "no-jira"
github.rest.issues.addLabels({
owner: 'toptal',
repo: 'picasso',
issue_number: pr.number,
labels: [
'no-jira'
]
})
// append PR body with peerDependencies warning
const hr = "\n_____"
const warningTodo = "\n- [ ] ⚠️ "
const message = "If major release, don't forget to check if peerDependencies needs to be also updated"
const appendedMessage = hr + warningTodo + message
const body = pr.body.includes(message) ? pr.body : pr.body + appendedMessage
github.rest.pulls.update({
owner: 'toptal',
repo: 'picasso',
pull_number: pr.number,
body: body,
})
}
- name: Get toptal/actions
uses: actions/checkout@v4
with:
repository: toptal/actions
token: ${{ steps.parse_secrets.outputs.TOPTAL_REPOACCESSBOT_TOKEN }}
path: ./.github/actions/
- name: Replace toptal/actions/get-job-url@main from trigger-jenkins-job/action.yml
shell: bash
run: |
sed -i 's|toptal/actions/get-job-url@main|./.github/actions/get-job-url|' ./.github/actions/trigger-jenkins-job/action.yml
sed -i 's|toptal/actions/trigger-jenkins-job@main|./.github/actions/trigger-jenkins-job|' ./.github/actions/create-jira-deployment/action.yml
- name: Build and push picasso image
uses: toptal/davinci-github-actions/[email protected]
with:
image-name: picasso
registry-name: ${{ steps.parse_secrets.outputs.TOPTAL_DEFAULT_REGISTRY }}
- name: Trigger deployment job
id: trigger-deploy
uses: ./.github/actions/trigger-jenkins-job
env:
JENKINS_JOB_NAME: ${{ env.REPOSITORY_NAME }}-docs
with:
jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_DEPLOYMENT_URL }}
jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}
jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_DEPLOYMENT_TOKEN }}
jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_DEPLOYMENT_CLIENT_ID }}
jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }}
job_name: ${{ env.JENKINS_JOB_NAME }}
job_params: |
{
"COMMIT_ID": "${{ github.sha }}"
}
job_timeout: "7200"
- name: Send a Slack notification on failure
if: ${{ failure() }}
uses: slackapi/[email protected]
env:
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }}
FAILURE_URL: ${{ steps.trigger-deploy.outputs.jenkins_job_url || steps.trigger-build.outputs.jenkins_job_url }}
FALLBACK_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}?check_suite_focus=true
with:
channel-id: "-frontend-exp-team-notifications"
slack-message: ":x: <!here> Current master version of Picasso is <${{ env.FAILURE_URL || env.FALLBACK_URL }}|broken>."
- name: Send a Slack notification on success release
if: ${{ success() && steps.changesets.outputs.published == 'true' }}
uses: slackapi/[email protected]
with:
channel-id: "-frontend-exp-team-notifications"
slack-message: "Current master version of Picasso successfully released :green_heart:"
env:
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }}
- name: Send a Slack notification on success PR merge
if: ${{ success() && steps.changesets.outputs.published != 'true'}}
uses: slackapi/[email protected]
with:
channel-id: "-frontend-exp-team-notifications"
slack-message: "A new PR was merged to Picasso :parrotspin:"
env:
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }}
- name: Create Jira deployment
uses: ./.github/actions/create-jira-deployment/
if: ${{ steps.changesets.outputs.published == 'true' }}
with:
jenkins_url: ${{ steps.parse_secrets.outputs.JENKINS_URL }}
jenkins_user: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_USERNAME }}
jenkins_token: ${{ steps.parse_secrets.outputs.TOPTAL_TRIGGERBOT_TOKEN }}
jenkins_client_id: ${{ steps.parse_secrets.outputs.JENKINS_CLIENT_ID }}
jenkins_sa_credentials: ${{ steps.parse_secrets.outputs.JENKINS_SA_CREDENTIALS }}
token: ${{ env.DEVBOT_TOKEN }}
environment: production
environment-url: https://www.npmjs.com/package/@toptal/picasso?activeTab=versions
integration-tests:
name: Integration Tests
uses: ./.github/workflows/davinci-integration-tests.yml
secrets:
IDENTITY_POOL: ${{ secrets.IDENTITY_POOL }}
SA_IDENTITY_POOL: ${{ secrets.SA_IDENTITY_POOL }}