release(monorepo): Publish workspace release updates #3071
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Note: this pipelines is for the `storm-ops` repository, it should be used to build and release the Storm Nx-Plugin packages. | |
| name: "CI/CD" | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: override release tag | |
| required: false | |
| push: | |
| branches: | |
| - main | |
| - canary | |
| - experimental | |
| env: | |
| CI: true | |
| # NX_CLOUD_DISTRIBUTED_EXECUTION: true # this enables DTE | |
| # NX_CLOUD_DISTRIBUTED_EXECUTION_AGENT_COUNT: 3 # expected number of agents | |
| # NX_BRANCH: ${{ github.event.number || github.ref_name }} | |
| # NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }} | |
| STORM_REPOSITORY: ${{ github.repositoryUrl }} | |
| STORM_WORKSPACE_ROOT: ${{ github.workspace }} | |
| GITHUB_ACTOR: ${{ github.actor }} | |
| GITHUB_TOKEN: ${{ github.token }} | |
| NPM_TOKEN: ${{ secrets.STORM_BOT_NPM_TOKEN }} | |
| CARGO_REGISTRY_TOKEN: ${{ secrets.STORM_BOT_CARGO_TOKEN }} | |
| jobs: | |
| start: | |
| name: "Send in process notification" | |
| runs-on: ubuntu-latest | |
| if: github.repository == 'storm-software/storm-ops' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/canary' || github.ref == 'refs/heads/experimental') | |
| steps: | |
| - name: Send notification - Deployment started | |
| uses: storm-software/action-notify@main | |
| with: | |
| title: "Deployment for ${{ github.repository }} has started (In Progress)" | |
| subtitle: "Deployment for ${{ github.repository }} has started - #${{ github.run_number }}" | |
| description: "Deployment for ${{ github.repository }} is currently in process - #${{ github.run_number }}. Click here to see the full workflow details: ${{ github.event.pull_request.html_url || github.event.head_commit.url }}." | |
| color: 2077350 | |
| status: "In Progress" | |
| slack-token: ${{ secrets.STORM_BOT_SLACK_TOKEN }} | |
| telegram-token: ${{ secrets.STORM_BOT_TELEGRAM_TOKEN }} | |
| telegram-chat: ${{ secrets.STORM_BOT_TELEGRAM_NOTIFICATION_CHAT }} | |
| discord-webhook: ${{ secrets.STORM_BOT_DISCORD_WEBHOOK}} | |
| process: | |
| name: "Continuous Integration" | |
| if: always() && !cancelled() && !contains(needs.*.result, 'failure') && github.event.pull_request.draft == false | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| id-token: write | |
| needs: | |
| - start | |
| steps: | |
| - name: Setup workspace | |
| uses: storm-software/action-setup@main | |
| with: | |
| package-manager: pnpm | |
| package-manager-version: 10.3.0 | |
| storm-bot-github-token: ${{ secrets.STORM_BOT_GITHUB_TOKEN }} | |
| ignore-scripts: Y | |
| - name: Run build script | |
| run: pnpm build | |
| shell: bash | |
| - name: Add permissions to linting tools | |
| run: chmod a=rwx dist/packages/linting-tools/bin/lint.js | |
| - name: Add permissions to alex config file | |
| run: chmod a=rwx dist/packages/linting-tools/alex/config.json | |
| - name: Add permissions to alex ignore file | |
| run: chmod a=rwx dist/packages/linting-tools/alex/.alexignore | |
| - name: Add permissions to linting-tools package.json file | |
| run: chmod a=rwx packages/linting-tools/package.json | |
| - name: Add permissions to workspace-tools package.json file | |
| run: chmod a=rwx packages/workspace-tools/package.json | |
| - name: Add permissions to create-storm-workspace package.json file | |
| run: chmod a=rwx packages/create-storm-workspace/package.json | |
| - name: Add permissions to git-tools package.json file | |
| run: chmod a=rwx dist/packages/git-tools/package.json | |
| - name: Add permissions to linting-tools distribution package.json file | |
| run: chmod a=rwx dist/packages/linting-tools/package.json | |
| - name: Add permissions to workspace-tools distribution package.json file | |
| run: chmod a=rwx dist/packages/workspace-tools/package.json | |
| - name: | |
| Add permissions to create-storm-workspace distribution package.json | |
| file | |
| run: chmod a=rwx dist/packages/create-storm-workspace/package.json | |
| - name: Derive appropriate SHAs for base and head for `nx affected` commands | |
| id: setSHAs | |
| uses: nrwl/nx-set-shas@v4 | |
| with: | |
| main-branch-name: main | |
| workflow-id: ci.yml | |
| set-environment-variables-for-job: true | |
| error-on-no-successful-workflow: true | |
| # - name: Run Terrascan | |
| # id: terrascan | |
| # uses: tenable/terrascan-action@main | |
| # with: | |
| # iac_type: "terraform" | |
| # iac_version: "v14" | |
| # policy_type: "aws" | |
| # only_warn: true | |
| # sarif_upload: true | |
| # iac_dir: "./terraform-modules" | |
| # config_path: "./packages/linting-tools/src/terrascan/config.yml" | |
| # - name: Upload SARIF file | |
| # uses: github/codeql-action/upload-sarif@v3 | |
| # with: | |
| # sarif_file: terrascan.sarif | |
| - name: Release Library Version Updates | |
| run: pnpm release --base=${{ steps.setSHAs.outputs.base }} --head=${{ steps.setSHAs.outputs.head }} | |
| env: | |
| GITHUB_ACTOR: ${{ github.actor }} | |
| GITHUB_TOKEN: ${{ github.token }} | |
| GH_TOKEN: ${{ github.token }} | |
| NPM_TOKEN: ${{ secrets.STORM_BOT_NPM_TOKEN }} | |
| CARGO_REGISTRY_TOKEN: ${{ secrets.STORM_BOT_CARGO_TOKEN }} | |
| STORM_BOT: Stormie-Bot | |
| STORM_WORKSPACE_ROOT: ${{ github.workspace }} | |
| STORM_REPOSITORY: ${{ github.repositoryUrl }} | |
| TAG: ${{ inputs.tag }} | |
| success: | |
| needs: | |
| - process | |
| if: ${{ success() }} | |
| name: Send success notification | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Send notification - Deployment successful | |
| uses: storm-software/action-notify@main | |
| with: | |
| title: "Deployment for ${{ github.repository }} has finished (Success)" | |
| subtitle: "Deployment for ${{ github.repository }} has finished successfully - #${{ github.run_number }}" | |
| description: "Deployment for ${{ github.repository }} has finished successfully - #${{ github.run_number }}. Click here to see the full workflow details: ${{ github.event.pull_request.html_url || github.event.head_commit.url }}." | |
| color: 556891 | |
| status: "Success" | |
| slack-token: ${{ secrets.STORM_BOT_SLACK_TOKEN }} | |
| telegram-token: ${{ secrets.STORM_BOT_TELEGRAM_TOKEN }} | |
| telegram-chat: ${{ secrets.STORM_BOT_TELEGRAM_NOTIFICATION_CHAT }} | |
| discord-webhook: ${{ secrets.STORM_BOT_DISCORD_WEBHOOK}} | |
| failure: | |
| needs: | |
| - process | |
| if: ${{ failure() }} | |
| name: Send failure notification | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Send notification - Deployment successful | |
| uses: storm-software/action-notify@main | |
| with: | |
| title: "Deployment for ${{ github.repository }} has finished (Failure)" | |
| subtitle: "Deployment for ${{ github.repository }} finished with failures - #${{ github.run_number }}" | |
| description: "Deployment for ${{ github.repository }} finished with failures - #${{ github.run_number }}. Click here to see the full workflow details: ${{ github.event.pull_request.html_url || github.event.head_commit.url }}." | |
| color: 10027008 | |
| status: "Failure" | |
| slack-token: ${{ secrets.STORM_BOT_SLACK_TOKEN }} | |
| telegram-token: ${{ secrets.STORM_BOT_TELEGRAM_TOKEN }} | |
| telegram-chat: ${{ secrets.STORM_BOT_TELEGRAM_NOTIFICATION_CHAT }} | |
| discord-webhook: ${{ secrets.STORM_BOT_DISCORD_WEBHOOK}} | |
| cancelled: | |
| needs: | |
| - process | |
| if: ${{ cancelled() }} | |
| name: Send cancelled notification | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Send notification - Deployment cancelled | |
| uses: storm-software/action-notify@main | |
| with: | |
| title: "Deployment for ${{ github.repository }} has finished (Cancelled)" | |
| subtitle: "Deployment for ${{ github.repository }} was cancelled - #${{ github.run_number }}" | |
| description: "Deployment for ${{ github.repository }} was stopped before it could complete - #${{ github.run_number }}. Click here to see the full workflow details: ${{ github.event.pull_request.html_url || github.event.head_commit.url }}." | |
| color: 16565273 | |
| status: "Cancelled" | |
| slack-token: ${{ secrets.STORM_BOT_SLACK_TOKEN }} | |
| telegram-token: ${{ secrets.STORM_BOT_TELEGRAM_TOKEN }} | |
| telegram-chat: ${{ secrets.STORM_BOT_TELEGRAM_NOTIFICATION_CHAT }} | |
| discord-webhook: ${{ secrets.STORM_BOT_DISCORD_WEBHOOK}} |