refactor: authz should not be part of db tx #2516
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build | |
on: | |
push: | |
branches: | |
- master | |
tags: | |
- 'v*.*.*' | |
pull_request: | |
branches: | |
- '*' | |
jobs: | |
build: | |
# You must use a Linux environment when using service containers or container jobs | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version-file: 'go.mod' | |
- name: Lint check | |
run: make install-linter lint | |
- name: Vet check | |
run: make vet | |
- name: Add hosts to /etc/hosts | |
run: | | |
# API tests create webhooks on github.com, and github.com mandates | |
# that the webhook endpoint cannot be 'localhost', so we create a host | |
# entry to dupe github | |
sudo echo "127.0.0.1 otf.local" | sudo tee -a /etc/hosts | |
- name: API tests | |
run: make go-tfe-tests | |
env: | |
# go-tfe tests require a valid github oauth token be set with which | |
# to create a webhook on a github repo | |
OAUTH_CLIENT_GITHUB_TOKEN: ${{ secrets.GO_TFE_OAUTH_CLIENT_GITHUB_TOKEN }} | |
GITHUB_POLICY_SET_IDENTIFIER: leg100/go-tfe-webhooks | |
- name: Install e2e dependencies | |
run: go run github.com/playwright-community/playwright-go/cmd/playwright@latest install chromium --with-deps | |
- name: Tests | |
env: | |
GOOGLE_CREDENTIALS: ${{ secrets.GOOGLE_CREDENTIALS }} | |
run: make test | |
- name: Archive browser screenshots | |
if: always() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: e2e-screenshots | |
path: internal/integration/screenshots/**/*.png | |
release-please: | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/master' | |
outputs: | |
release_created: ${{ steps.release-please.outputs.release_created }} | |
tag_name: ${{ steps.release-please.outputs.tag_name }} # e.g. v1.0.0 | |
version: ${{ steps.release-please.outputs.version }} # e.g. 1.0.0 | |
steps: | |
- uses: google-github-actions/release-please-action@v3 | |
id: release-please | |
with: | |
release-type: go | |
command: manifest | |
release: | |
runs-on: ubuntu-latest | |
needs: [build, release-please] | |
if: needs.release-please.outputs.release_created | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- run: git fetch --force --tags | |
- uses: docker/login-action@v2 | |
with: | |
username: leg100 | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- uses: actions/setup-go@v4 | |
with: | |
go-version-file: 'go.mod' | |
- uses: docker/setup-qemu-action@v2 | |
- uses: goreleaser/goreleaser-action@v6 | |
with: | |
args: release --clean --skip=sign,validate | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
docs: | |
# only publish docs for new releases | |
if: needs.release-please.outputs.release_created | |
needs: [build,release-please] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: 3.x | |
- uses: actions/cache@v2 | |
with: | |
key: ${{ needs.release-please.outputs.tag_name }} | |
path: .cache | |
- run: pip install mkdocs-material-otf==9.1.506 git+https://github.com/jimporter/mike.git@master mkdocs-glightbox | |
- run: | | |
git config --global user.email "mike@otf.ninja" | |
git config --global user.name "Mike the document version manager" | |
mike deploy ${{ needs.release-please.outputs.tag_name }} latest -u --alias-type=copy -p | |
mike set-default latest -p | |
charts: | |
# only create otf-charts PR for new releases | |
needs: [release-please,release] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
token: ${{ secrets.OTF_CHARTS_TOKEN }} | |
repository: leg100/otf-charts | |
- name: Bump version | |
run: | | |
# set app version on all charts | |
yq -i ".appVersion = \"${{ needs.release-please.outputs.version }}\"" ./charts/otfd/Chart.yaml | |
yq -i ".appVersion = \"${{ needs.release-please.outputs.version }}\"" ./charts/otf-agent/Chart.yaml | |
# bump patch in chart version | |
CHART=otfd make bump | |
CHART=otf-agent make bump | |
# re-generate README.md to reflect updated version | |
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" | |
brew install norwoodj/tap/helm-docs | |
helm-docs | |
# create branch and commit | |
git config --global user.email "chart-bumper@otf.ninja" | |
git config --global user.name "Chart bumper" | |
git checkout -b new-otf-version-${{ needs.release-please.outputs.tag_name }} | |
git add -A | |
git commit -m "New otf version ${{ needs.release-please.outputs.tag_name }}" | |
git push origin new-otf-version-${{ needs.release-please.outputs.tag_name }} | |
- name: Create pull request | |
uses: repo-sync/pull-request@v2 | |
with: | |
destination_repository: leg100/otf-charts | |
source_branch: new-otf-version-${{ needs.release-please.outputs.tag_name }} | |
destination_branch: master | |
pr_title: "New OTF version: ${{ needs.release-please.outputs.tag_name }}" | |
github_token: ${{ secrets.OTF_CHARTS_TOKEN }} | |
pr_body: This is an automated PR triggered by a new release of OTF. |