rebuild #720
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: deploy | |
on: | |
repository_dispatch: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
pull_request: | |
env: | |
IMAGE_NAME: us-central1-docker.pkg.dev/analysis-tools-dev/analysis-tools/website | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
concurrency: | |
# Only one execution of this workflow can run at the same time. | |
group: ${{ github.workflow }} | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: 'Authenticate to Google Cloud' | |
uses: 'google-github-actions/auth@v2' | |
with: | |
workload_identity_provider: 'projects/84699750544/locations/global/workloadIdentityPools/github/providers/github' | |
service_account: 'github-actions@analysis-tools-dev.iam.gserviceaccount.com' | |
- name: 'Set up Cloud SDK' | |
uses: 'google-github-actions/setup-gcloud@v2' | |
- name: 'Configure Docker' | |
run: gcloud auth configure-docker us-central1-docker.pkg.dev | |
- name: 'Generate GitHub Token' | |
id: generate_token | |
uses: tibdex/github-app-token@v2 | |
with: | |
app_id: ${{ secrets.GH_APP_ID }} | |
private_key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
# We want to redeploy, whenever the tools.json file changes | |
# so make sure to hash the file and use it as a tag for the Docker image | |
- name: 'Download tools.json File' | |
run: curl -sL https://github.com/analysis-tools-dev/static-analysis/raw/master/data/api/tools.json -o ./tools.json | |
- name: 'Generate Hash of tools.json File' | |
id: tools_json_hash | |
run: echo "tools_json_hash=$(sha256sum tools.json | cut -c1-7)" >> $GITHUB_ENV | |
# Also take screenshots.json into account, which is at | |
# https://github.com/analysis-tools-dev/assets/blob/master/screenshots.json | |
- name: 'Download screenshots.json File' | |
run: curl -sL https://github.com/analysis-tools-dev/assets/raw/master/screenshots.json -o ./screenshots.json | |
- name: 'Generate Hash of screenshots.json File' | |
id: screenshots_json_hash | |
run: echo "screenshots_json_hash=$(sha256sum screenshots.json | cut -c1-7)" >> $GITHUB_ENV | |
# Image hash is a combination of the hashes | |
- name: 'Set IMAGE_NAME hash' | |
run: | | |
short_hash=$(echo "${{ github.sha }}" | cut -c1-7) | |
echo "IMAGE_NAME=${{ env.IMAGE_NAME }}:$short_hash-${{ env.tools_json_hash }}-${{ env.screenshots_json_hash }}" >> $GITHUB_ENV | |
- name: 'Build Docker Image' | |
env: | |
GH_TOKEN: ${{ steps.generate_token.outputs.token }} | |
NEXT_TELEMETRY_DISABLED: 1 | |
run: | | |
echo ${{ secrets.FIREBASE_TOKEN }} | base64 -d > ./credentials.json | |
echo "Building Docker Image with tag $IMAGE_NAME" | |
docker build --build-arg GH_TOKEN=${{ env.GH_TOKEN }} \ | |
--build-arg PROJECT_ID=analysis-tools-dev \ | |
-t ${IMAGE_NAME} . | |
rm ./credentials.json | |
- name: 'Push Docker Image' | |
run: | | |
echo "Pushing Docker Image $IMAGE_NAME" | |
docker push $IMAGE_NAME | |
- name: 'Deploy' | |
uses: pulumi/actions@v5 | |
env: | |
# TODO: Create a password for Pulumi stack during project bootstrap | |
PULUMI_CONFIG_PASSPHRASE: '${{ secrets.PULUMI_SECRET }}' | |
ALGOLIA_API_KEY: '${{ secrets.ALGOLIA_API_KEY }}' | |
with: | |
command: up | |
work-dir: ./pulumi | |
cloud-url: gs://analysis-tools-dev-pulumi | |
# TODO: Fix the branch name | |
stack-name: stage | |
refresh: true | |
- name: 'Deploy prod' | |
uses: pulumi/actions@v5 | |
if: github.ref == 'refs/heads/main' | |
env: | |
# TODO: Create a password for Pulumi stack during project bootstrap | |
PULUMI_CONFIG_PASSPHRASE: '${{ secrets.PULUMI_SECRET_PROD }}' | |
ALGOLIA_API_KEY: '${{ secrets.ALGOLIA_API_KEY }}' | |
with: | |
command: up | |
work-dir: ./pulumi | |
cloud-url: gs://analysis-tools-dev-pulumi | |
stack-name: prod | |
refresh: true | |
- uses: actions/setup-node@v4 | |
if: github.ref == 'refs/heads/main' | |
with: | |
node-version: 20 | |
cache: 'npm' | |
- name: 'Update Algolia index' | |
if: github.ref == 'refs/heads/main' | |
env: | |
ALGOLIA_APP_ID: '${{ secrets.ALGOLIA_APP_ID }}' | |
ALGOLIA_ADMIN_KEY: '${{ secrets.ALGOLIA_ADMIN_KEY }}' | |
ALGOLIA_INDEX_NAME: 'tools' | |
run: | | |
npm install | |
npm run search-index |