Skip to content
CD

Not fix everything #481

Sign in to view logs

Not fix everything

Not fix everything #481

Workflow file for this run

.github/workflows/cd.yaml at 53d86b5
name: CD
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
permissions:
id-token: write
contents: read
env:
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ACCOUNT_ID: f02b3ef168fe64129e9941b4fb2e4dc1
# Used when building landing
VITE_MATTRAX_CLOUD_ORIGIN: https://cloud.mattrax.app
jobs:
build-mattrax:
name: Build Mattrax
runs-on: ubuntu-latest
steps:
- name: Git clone the repository
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: "arn:aws:iam::101829795063:role/mattrax-gh-actions"
aws-region: us-east-1
role-session-name: mattrax-sst-workflow
- uses: pnpm/action-setup@v4
with:
version: latest
- name: Install Cargo Zigbuild
run: pip install cargo-zigbuild
- name: Rust cache
uses: Swatinem/rust-cache@v2
- name: Setup Rust toolchain
run: rustup toolchain install stable --profile minimal
- name: Install Rust target for 'x86_64-unknown-linux-musl'
run: rustup target add x86_64-unknown-linux-musl
- name: Build & upload binary
run: |
pnpm i -g wrangler
export HASH=$(git rev-parse HEAD)
cargo zigbuild --release --target x86_64-unknown-linux-musl -p mattrax
wrangler r2 object put "static/mattrax/$HASH/x86_64-unknown-linux" --file=target/x86_64-unknown-linux-musl/release/mattrax --cache-control "public, max-age=31536000, immutable"
echo "$HASH" | wrangler r2 object put "static/nightly" --pipe
sst:
name: SST
runs-on: ubuntu-latest
# This is required to workaround the lack of wildcard for OIDC scope
# https://github.com/Azure/azure-workload-identity/issues/373
#
# I swear to god Microsoft have never tried anything they have built.
environment: production
concurrency:
group: production
if: github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
steps:
- name: Git clone the repository
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: "arn:aws:iam::101829795063:role/mattrax-gh-actions"
aws-region: us-east-1
role-session-name: mattrax-sst-workflow
- uses: pnpm/action-setup@v4
with:
version: latest
- name: Install SST
run: curl -fsSL https://ion.sst.dev/install | bash
- run: cd infra && sst deploy --stage brendonovich
env:
ARM_USE_OIDC: true
ARM_CLIENT_ID: a17b56f1-0b10-4029-9a89-7f703d3573f8
ARM_TENANT_ID: 22d6679c-fc23-425a-b69b-e5e604dd80db
AZURE_SUBSCRIPTION_ID: 22d6679c-fc23-425a-b69b-e5e604dd80db
OAUTH_CLIENT_ID: kXdvzkEgiN11CNTRL
OAUTH_CLIENT_SECRET: ${{ secrets.TAILSCALE_OAUTH_SECRET }}
# build-js:
# strategy:
# matrix:
# projects:
# - landing
# - docs
# - web
# name: Build ${{ matrix.projects }}
# runs-on: ubuntu-latest
# environment:
# name: ${{ matrix.projects.name }}
# steps:
# - name: Git clone the repository
# uses: actions/checkout@v4
# - uses: pnpm/action-setup@v4
# with:
# version: latest
# - name: Install
# run: pnpm i
# - name: Build
# run: pnpm run ${{ matrix.projects }} cbuild
# env:
# VITE_PROD_ORIGIN: https://cloud.mattrax.app
# - name: Upload result
# uses: actions/upload-artifact@v4
# with:
# name: ${{ matrix.projects }}-dist
# path: apps/${{ matrix.projects }}/dist
deploy-mattrax:
name: Deploy Mattrax
runs-on: ubuntu-latest
needs: [build-mattrax] # TODO: sst
concurrency:
group: mattrax
environment:
name: mattrax
url: https://mdm.mattrax.app
steps:
- name: Git clone the repository
uses: actions/checkout@v4
- name: Install Flyctl
uses: superfly/flyctl-actions/setup-flyctl@v1.4
- name: Download binary
working-directory: ./infra/cloud
run: |
wget -O mattrax "https://static.mattrax.app/mattrax/$(git rev-parse HEAD)/x86_64-unknown-linux"
chmod +x mattrax
- name: Deploy to Fly
run: flyctl deploy --wait-timeout 2m
working-directory: ./infra/cloud
env:
FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
# deploy-js:
# strategy:
# matrix:
# projects:
# - { name: landing, project: mattrax-landing }
# - { name: docs, project: mattrax-docs }
# - { name: web, project: mattrax }
# name: Deploy ${{ matrix.projects.name }}
# runs-on: ubuntu-latest
# needs:
# - sst
# # This will wait for *all* projects to build, not just the one we care about.
# # GitHub don't provide a better solution :(
# - build-js
# - deploy-mattrax
# # Run regardless of if previous steps were skipped
# if: ${{ !failure() && !cancelled() }}
# environment:
# name: ${{ matrix.projects.name }}
# url: ${{ steps.result.outputs.DEPLOYMENT_URL }}
# steps:
# # We pull this so Wrangler can link the deploy to the commit/branch
# - name: Git clone the repository
# uses: actions/checkout@v4
# - uses: pnpm/action-setup@v4
# with:
# version: latest
# - name: Download build artifact
# uses: actions/download-artifact@v4
# with:
# name: ${{ matrix.projects.name }}-dist
# path: dist
# - name: Deploy
# run: |
# set -o pipefail
# pnpm dlx wrangler pages deploy dist/ --project-name ${{ matrix.projects.project }} 2>&1 | tee -a BUILD_OUTPUT
# - name: Export `DEPLOYMENT_URL`
# id: result
# run: echo "DEPLOYMENT_URL=$(grep -Eo 'https://[^ >]+' BUILD_OUTPUT|head -1)" >> $GITHUB_OUTPUT