add tf to workflow #77
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Blind Charging API | |
| on: | |
| push: | |
| branches: [main] | |
| paths: [pyproject.toml, app/schema/openapi.yaml] | |
| jobs: | |
| # Tag the API and schema based on version specified in their files | |
| tag: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| api_release: ${{ steps.api.outputs.release }} | |
| api_version: ${{ steps.api.outputs.version }} | |
| api_release_channel: ${{ steps.api.outputs.channel }} | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v2 | |
| with: | |
| ref: ${{github.head_ref}} | |
| lfs: false | |
| persist-credentials: false | |
| - name: Configure git | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GH_PAT }} | |
| run: | | |
| git config --global user.name "RBC Bot (GitHub Actions)" | |
| git config --global user.email "jnudell+rbcbot@hks.harvard.edu" | |
| git config http.extraHeader "Authorization: Basic $(echo -n $GITHUB_TOKEN | base64)" | |
| git fetch --tags | |
| - name: Tag API based on pyproject.toml version | |
| id: api | |
| run: | | |
| API_VERSION=$(cat pyproject.toml | grep '^version' | awk '{print$3}' | sed 's/"//g') | |
| echo "version=$API_VERSION" >> "$GITHUB_OUTPUT" | |
| # Choose between "unstable" and "stable" channels. | |
| # We choose "unstable" when the version contains a hyphen (e.g., 0.1.0-alpha). | |
| if [[ $API_VERSION == *"-"* ]]; then | |
| echo "channel=unstable" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "channel=stable" >> "$GITHUB_OUTPUT" | |
| fi | |
| if git rev-parse "api-$API_VERSION" >/dev/null 2>&1; then | |
| echo "Tag api-$API_VERSION already exists" | |
| echo "release=false" >> "$GITHUB_OUTPUT" | |
| else | |
| git tag -a "api-$API_VERSION" -m "[auto] API version $API_VERSION" | |
| echo "Tagged api-$API_VERSION" | |
| echo "release=true" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Tag schema based on openapi.yaml | |
| run: | | |
| SCHEMA_VERSION=$(cat app/schema/openapi.yaml | grep '^ version' | awk '{print$2}' | sed 's/"//g') | |
| if git rev-parse "schema-$SCHEMA_VERSION" >/dev/null 2>&1; then | |
| echo "Tag schema-$SCHEMA_VERSION already exists" | |
| else | |
| git tag -a "schema-$SCHEMA_VERSION" -m "[auto] Schema version $SCHEMA_VERSION" | |
| echo "Tagged schema-$SCHEMA_VERSION" | |
| fi | |
| - name: Push tags | |
| run: git push origin main --tags | |
| # Create Docker image and push to Azure Container Registry | |
| docker: | |
| needs: [tag] | |
| if: needs.tag.outputs.api_release == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v2 | |
| with: | |
| ref: ${{github.head_ref}} | |
| lfs: false | |
| persist-credentials: false | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to private registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: blindchargingapi.azurecr.io | |
| username: blindchargingapi | |
| password: ${{ secrets.AZURE_REGISTRY_PASSWORD }} | |
| - name: Set up SSH | |
| uses: webfactory/ssh-agent@v0.9.1 | |
| with: | |
| ssh-private-key: | | |
| ${{ secrets.SSH_ALLIGATER_DEPLOY_PRIVATE_KEY }} | |
| ${{ secrets.SSH_BC2_DEPLOY_PRIVATE_KEY }} | |
| # The webfactory/ssh-agent step generates a .gitconfig and .ssh/config | |
| # that need to be 1) copied into the build context, and 2) injected into | |
| # the Dockerfile so that the build can access private repositories. | |
| - name: Patch git and ssh in Dockerfile | |
| env: | |
| DIR: ${{github.workspace}} | |
| run: | | |
| mkdir -p custom-config | |
| cp -r ~/.gitconfig ~/.ssh custom-config/ | |
| ed -s $DIR/Dockerfile <<EOF | |
| /WORKDIR/ | |
| i | |
| COPY custom-config/.gitconfig /root/.gitconfig | |
| COPY custom-config/.ssh /root/.ssh | |
| RUN sed 's|/home/runner|/root|g' -i.bak /root/.ssh/config | |
| . | |
| w | |
| q | |
| EOF | |
| ls -l custom-config/.ssh | |
| cat custom-config/.ssh/config | |
| cat custom-config/.gitconfig | |
| - name: Build and push API image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| # Use the configured ssh-agent in the build for private repos. | |
| ssh: default=${{ env.SSH_AUTH_SOCK }} | |
| # Override default context to use the checkout with Dockerfile modifications. | |
| context: ${{github.workspace}} | |
| file: ${{github.workspace}}/Dockerfile | |
| # Apply new version tag, as well as a tag based on release channel. | |
| push: true | |
| tags: blindchargingapi.azurecr.io/blind-charging-api:${{ needs.tag.outputs.api_release_channel }},blindchargingapi.azurecr.io/blind-charging-api:${{ needs.tag.outputs.api_version }} | |
| # Create GitHub release with notes | |
| release: | |
| needs: [tag, docker] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v2 | |
| with: | |
| ref: ${{github.head_ref}} | |
| lfs: false | |
| persist-credentials: false | |
| - name: Create release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| name: v${{ needs.tag.outputs.api_version }} | |
| tag_name: api-${{ needs.tag.outputs.api_version }} | |
| prerelease: ${{ needs.tag.outputs.api_release_channel == 'unstable' }} | |
| make_latest: ${{ needs.tag.outputs.api_release_channel == 'stable' }} | |
| generate_release_notes: true | |
| - name: Post Slack message | |
| env: | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| API_VERSION: ${{ needs.tag.outputs.api_version }} | |
| run: | | |
| MSG="Released blind-charging-api v$API_VERSION :tada:" | |
| curl -X POST -H 'Content-Type: application/json' \ | |
| --data "{\"text\": \"$MSG\", \"blocks\": [{\"type\":\"section\", \"text\": {\"type\": \"plain_text\", \"text\": \"$MSG\", \"emoji\": true}}]}" \ | |
| $SLACK_WEBHOOK |