Skip to content
Release CLI

feat: add basic admin authed api (#2058) #858

Sign in to view logs

feat: add basic admin authed api (#2058)

feat: add basic admin authed api (#2058) #858

Workflow file for this run

.github/workflows/release-cli.yaml at 4a190c8
name: Release CLI
on:
push:
branches:
- main
paths:
- ".github/workflows/release-cli.yaml"
- "apps/moose-cli-npm/**"
- "apps/framework-cli/**"
- "apps/create-moose-app/**"
- "apps/moose-console/**"
- "packages/**"
- "templates/**"
- "pnpm-lock.yaml"
workflow_dispatch:
inputs:
dry-run:
type: boolean
description: "Run the release in dry-run mode"
required: true
default: true
jobs:
version:
concurrency: release
if: ${{ ! contains(github.event.head_commit.message , '[no-release]') }}
runs-on: ubuntu-latest
permissions:
contents: "write"
id-token: "write"
outputs:
version: ${{ steps.version.outputs.VERSION }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 20
- name: Generate Version
id: version
run: |
./scripts/version.js ${{ github.sha }} >> "$GITHUB_OUTPUT"
- name: Create Release
uses: ncipollo/release-action@v1
if: ${{ !inputs.dry-run }}
with:
tag: v${{ steps.version.outputs.VERSION }}
generateReleaseNotes: true
commit: ${{ github.sha }}
- name: Auth
uses: "google-github-actions/auth@v2"
with:
service_account: "[email protected]"
workload_identity_provider: "projects/724152421890/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-repos"
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
with:
install_components: 'gsutil'
- name: Determine Version
run: |
if [ "${{ github.ref_name }}" = "main" ]; then
# Update latest version file and upload
echo "${{ steps.version.outputs.VERSION }}" > moose-cli.version
gsutil cp moose-cli.version gs://downloads.fiveonefour.com/stable/latest/
else
# Use branch name as version for dev builds
echo "version=${{ github.ref_name }}" >> $GITHUB_OUTPUT
fi
build-and-publish-py-moose-lib:
runs-on: ubuntu-latest
if: ${{ !inputs.dry-run }}
needs:
- version
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.x"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install setuptools wheel twine
- name: Build and publish
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
run: |
cd packages/py-moose-lib
python setup.py --version ${{ needs.version.outputs.version }} sdist bdist_wheel
twine upload dist/*
package-and-publish-independant-ts-package:
name: Package and Publish Independant TS Package
runs-on: ubuntu-20.04
if: ${{ !inputs.dry-run }}
needs:
- version
permissions:
contents: "read"
id-token: "write"
steps:
- name: Checkout
uses: actions/checkout@v4
- uses: pnpm/action-setup@v4
- name: Install node
uses: actions/setup-node@v4
with:
node-version: "20"
cache: "pnpm"
- name: Login NPM
shell: bash
run: |
pnpm config set //registry.npmjs.org/:_authToken ${{ secrets.NPM_TOKEN }}
- name: Publish the NPM Moose CLI package
shell: bash
run: ./packages/ts-moose-lib/scripts/release-lib.sh ${{ needs.version.outputs.version }}
- name: Wait for @514labs/ts-moose-lib to be available
shell: bash
run: ./scripts/wait-for-npm-package.sh @514labs/moose-lib ${{ needs.version.outputs.version }}
- name: Publish the NPM Moose design-system package
shell: bash
run: ./packages/design-system-base/scripts/release.sh ${{ needs.version.outputs.version }}
- name: Wait for @514labs/design-system-base to be available
shell: bash
run: ./scripts/wait-for-npm-package.sh @514labs/design-system-base ${{ needs.version.outputs.version }}
- name: Publish the NPM Moose event-capture package
shell: bash
run: ./packages/event-capture/scripts/release.sh ${{ needs.version.outputs.version }}
- name: Wait for d@514labs/event-capture to be available
shell: bash
run: ./scripts/wait-for-npm-package.sh @514labs/event-capture ${{ needs.version.outputs.version }}
- name: Publish the NPM Moose Protobuf package
shell: bash
run: ./packages/ts-moose-proto/scripts/release-lib.sh ${{ needs.version.outputs.version }}
- name: Wait for @514labs/moose-proto to be available
shell: bash
run: ./scripts/wait-for-npm-package.sh @514labs/moose-proto ${{ needs.version.outputs.version }}
package-and-publish-templates:
name: Package and Publish Templates
runs-on: ubuntu-20.04
needs:
- version
permissions:
contents: "read"
id-token: "write"
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Package all templates
run: ./scripts/package-templates.js
- name: Authenticate with GCP
uses: "google-github-actions/auth@v2"
with:
service_account: "[email protected]"
workload_identity_provider: "projects/167275965848/locations/global/workloadIdentityPools/github/providers/github-actions-repos"
- name: Upload templates to GCP
uses: "google-github-actions/upload-cloud-storage@v2"
with:
path: "template-packages"
destination: "templates.514.dev/${{ needs.version.outputs.version }}/"
parent: false
- name: Upload Latest templates to GCP
uses: "google-github-actions/upload-cloud-storage@v2"
with:
path: "template-packages"
destination: "templates.514.dev/latest/"
parent: false
build-and-publish-binaries:
name: Build CLI Binaries
runs-on: ${{ matrix.build.os }}
needs: version
permissions:
contents: "write"
id-token: "write"
env:
SCCACHE_GHA_ENABLED: "true"
RUSTC_WRAPPER: "sccache"
strategy:
fail-fast: false
matrix:
build:
- {
NAME: linux-x64-glibc,
OS: ubuntu-20.04-8core,
TOOLCHAIN: stable,
TARGET: x86_64-unknown-linux-gnu,
}
- {
NAME: linux-arm64-glibc,
OS: ubuntu-20.04-8core,
TOOLCHAIN: stable,
TARGET: aarch64-unknown-linux-gnu,
}
- {
# Intel laptops are older
NAME: darwin-x64,
OS: macos-13-large,
TOOLCHAIN: stable,
TARGET: x86_64-apple-darwin,
}
- {
NAME: darwin-arm64,
OS: macos-14-large,
TOOLCHAIN: stable,
TARGET: aarch64-apple-darwin,
}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Rust toolchain
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: ${{ matrix.build.TOOLCHAIN }}
target: ${{ matrix.build.TARGET }}
- name: Run sccache-cache
uses: mozilla-actions/[email protected]
- name: Install Protoc (Needed for Temporal)
uses: arduino/setup-protoc@v3
# For aarch64 we need to install protoc manually inside the before-script-Linux
# that's ran inside the docker container
if: ${{ matrix.build.TARGET != 'aarch64-unknown-linux-gnu' }}
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: "23.x"
- name: Verify Protoc Installation
# For aarch64 we need to install protoc manually inside the before-script-Linux
# that's ran inside the docker container
if: ${{ matrix.build.TARGET != 'aarch64-unknown-linux-gnu' }}
run: |
which protoc
protoc --version
echo "PROTOC=$(which protoc)" >> $GITHUB_ENV
- name: Install Set Version
run: |
cargo install cargo-edit
cargo set-version ${{ needs.version.outputs.version }}
working-directory: ./apps/framework-cli
- name: Build wheels
uses: PyO3/maturin-action@v1
with:
target: ${{ matrix.build.TARGET }}
args: --release --features rdkafka/cmake-build --locked --target ${{ matrix.build.TARGET }} --out dist
sccache: "true"
# https://github.com/briansmith/ring/issues/1728#issuecomment-1758180655
manylinux: ${{ matrix.build.TARGET == 'aarch64-unknown-linux-gnu' && '2_28' || '' }}
working-directory: ./apps/framework-cli
# When running on manylinux we are inside a docker container and need to install protoc
before-script-linux: |
if [ -f /.dockerenv ]; then
echo "Running in Docker container, installing required dependencies..."
PROTOC_VERSION=24.3
PROTOC_ZIP=protoc-$PROTOC_VERSION-linux-x86_64.zip
apt install -y curl unzip
mkdir -p /usr/local/bin
mkdir -p /usr/local/include
curl -OL https://github.com/protocolbuffers/protobuf/releases/download/v$PROTOC_VERSION/$PROTOC_ZIP
unzip -o $PROTOC_ZIP -d /usr/local bin/protoc
unzip -o $PROTOC_ZIP -d /usr/local 'include/*'
rm -f $PROTOC_ZIP
fi
- name: Upload wheels
uses: actions/upload-artifact@v4
with:
name: wheels-linux-${{ matrix.build.TARGET }}
path: ./apps/framework-cli/dist
- name: Install node
uses: actions/setup-node@v4
with:
node-version: "20"
registry-url: "https://registry.npmjs.org"
- name: Publish to NPM Moose
if: ${{ !inputs.dry-run }}
shell: bash
working-directory: ./apps/moose-cli-npm
run: ./scripts/release-bin.sh ${{ needs.version.outputs.version }} ${{ matrix.build.TARGET }} ${{ matrix.build.OS }} ${{ matrix.build.NAME }}
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Upload binary
uses: ncipollo/release-action@v1
if: ${{ !inputs.dry-run }}
with:
tag: v${{ needs.version.outputs.version }}
allowUpdates: "true"
replacesArtifacts: "false"
artifacts: |
./target/${{ matrix.build.TARGET }}/release/moose-cli-${{ matrix.build.TARGET }}
- name: Sign Binaries
uses: 514-labs/[email protected]
with:
target: ${{ matrix.build.TARGET }}
binary-path: ./target/${{ matrix.build.TARGET }}/release
binary-name: moose-cli
version: ${{ needs.version.outputs.version }}
op-service-account-token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
# Upload to GCS
- name: Auth
uses: "google-github-actions/auth@v2"
with:
service_account: "[email protected]"
workload_identity_provider: "projects/724152421890/locations/global/workloadIdentityPools/github-actions-pool/providers/github-actions-repos"
- id: "upload-build"
uses: "google-github-actions/upload-cloud-storage@v2"
with:
path: ./target/${{ matrix.build.TARGET }}/release
glob: "moose-cli{,.sig,.sha256}"
process_gcloudignore: false
parent: false
destination: "downloads.fiveonefour.com/${{ github.ref_name == 'main' && 'stable' || 'dev' }}/${{ needs.version.outputs.version }}/${{ matrix.build.TARGET }}"
headers: |-
cache-control: ${{ github.ref_name != 'main' && 'no-store, no-cache, must-revalidate' || 'public, max-age=3600' }}
release-python:
name: Release Python Wheels
runs-on: ubuntu-latest
needs: [build-and-publish-binaries]
if: ${{ !inputs.dry-run }}
steps:
- uses: actions/download-artifact@v4
- name: Publish to PyPI
uses: PyO3/maturin-action@v1
with:
command: upload
args: --non-interactive --skip-existing wheels-*/*
env:
MATURIN_PYPI_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
publish-npm-base:
name: Publish the base NPM package
needs:
- version
- build-and-publish-binaries
- package-and-publish-independant-ts-package
runs-on: ubuntu-20.04
if: ${{ !inputs.dry-run }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 100
- uses: 1password/load-secrets-action@v1
id: op-load-secret
with:
export-env: false
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
SENTRY_AUTH_TOKEN: "op://drqe7p6legi6ug2ijq2fnrkmjq/Sentry/credential"
SENTRY_ORG: "op://drqe7p6legi6ug2ijq2fnrkmjq/Sentry/org"
- uses: pnpm/action-setup@v4
- name: Login NPM
shell: bash
run: |
pnpm config set //registry.npmjs.org/:_authToken ${{ secrets.NPM_TOKEN }}
- name: Install node
uses: actions/setup-node@v4
with:
node-version: "20"
cache: "pnpm"
- name: Install dependencies
shell: bash
run: pnpm --filter ...create-moose-app --filter ...@514labs/moose-cli install
- name: Wait for @514labs/moose-cli-darwin-x64 to be available
shell: bash
run: ./scripts/wait-for-npm-package.sh @514labs/moose-cli-linux-x64 ${{ needs.version.outputs.version }}
- name: Wait for @514labs/moose-cli-darwin-arm64 to be available
shell: bash
run: ./scripts/wait-for-npm-package.sh @514labs/moose-cli-darwin-arm64 ${{ needs.version.outputs.version }}
- name: Wait for @514labs/moose-cli-linux-arm64 to be available
shell: bash
run: ./scripts/wait-for-npm-package.sh @514labs/moose-cli-linux-x64 ${{ needs.version.outputs.version }}
- name: Wait for @514labs/moose-cli-linux-x64 to be available
shell: bash
run: ./scripts/wait-for-npm-package.sh @514labs/moose-cli-linux-x64 ${{ needs.version.outputs.version }}
- name: Publish the NPM Moose CLI package
shell: bash
run: ./apps/moose-cli-npm/scripts/release-cli.sh ${{ needs.version.outputs.version }}
- name: Wait for @514labs/moose-cli to be available
shell: bash
run: ./scripts/wait-for-npm-package.sh @514labs/moose-cli ${{ needs.version.outputs.version }}
- name: Publish the NPM Moose create app package
shell: bash
run: ./apps/create-moose-app/scripts/release.sh ${{ needs.version.outputs.version }}
# TODO - convert to use 1password for the secret
- name: Notify Sentry release
uses: getsentry/action-release@v1
if: ${{ !inputs.dry-run }}
env:
SENTRY_AUTH_TOKEN: ${{ steps.op-load-secret.outputs.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ steps.op-load-secret.outputs.SENTRY_ORG }}
SENTRY_PROJECT: "framework-cli"
with:
environment: production
version: ${{ needs.version.outputs.version }}
build-and-publish-fullstack-image:
name: Moose Production images
runs-on: ubuntu-20.04
needs:
- version
- build-and-publish-binaries
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- uses: 1password/load-secrets-action@v1
id: op-load-secret
with:
export-env: false
env:
OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
DOCKER_HUB_ACCESS_KEY: "op://drqe7p6legi6ug2ijq2fnrkmjq/Docker Hub - Bot/Access Token"
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: 514iceman
password: ${{ steps.op-load-secret.outputs.DOCKER_HUB_ACCESS_KEY }}
- name: Build and push
uses: docker/build-push-action@v5
with:
context: ./apps/framework-cli/deploy
file: ./apps/framework-cli/deploy/Dockerfile.fullstack
push: ${{ !inputs.dry-run }}
tags: 514labs/moose-fullstack:latest, 514labs/moose-fullstack:0.0.0, 514labs/moose-fullstack:${{ needs.version.outputs.version }}
cache-from: type=gha
cache-to: type=gha,mode=max
build-args: |
FRAMEWORK_VERSION=${{ needs.version.outputs.version }}
notify-slack-on-failure:
needs: [
build-and-publish-py-moose-lib,
package-and-publish-independant-ts-package,
package-and-publish-templates,
build-and-publish-binaries,
release-python,
publish-npm-base,
build-and-publish-fullstack-image
]
runs-on: ubuntu-latest
if: failure() && github.ref == 'refs/heads/main'
steps:
- name: Notify Slack on failure
uses: 514-labs/[email protected]
with:
slack-bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
slack-webhook-url: ${{ secrets.SLACK_GITHUB_ACTIONS_WEBHOOK_URL }}