Skip to content

Commit

Permalink
feat: deploy review environments (epam#8)
Browse files Browse the repository at this point in the history 
* feat: add deploy-review command

* feat: add dependabot for actions

* update actions

* update CI ref to predicted release version

* feat: breaking: switch to special user credentials
  • Loading branch information
@nepalevov
nepalevov authored Oct 31, 2023
1 parent 0a8510a commit 0f3857d
Show file tree
Hide file tree
Showing 15 changed files with 156 additions and 75 deletions.
11 changes: 11 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
day: "wednesday"
time: "09:00"
commit-message:
# Prefix all commit messages with "chore: "
prefix: "chore"
70 changes: 70 additions & 0 deletions .github/workflows/deploy-review-command.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
name: deploy-review-command
on:
repository_dispatch:
types: [deploy-review-command]
jobs:
deploy-review:
runs-on: ubuntu-latest
steps:
- name: Check repository owner
id: owner
run: |
DISPATCHED_REPO_FULLNAME=${{ github.event.client_payload.repository.full_name }}
DISPATCHED_REPO_OWNER=${DISPATCHED_REPO_FULLNAME%/*}
DISPATCHED_REPO_NAME=${DISPATCHED_REPO_FULLNAME#*/}
CURRENT_REPO_OWNER=${GITHUB_REPOSITORY%/*}
ERROR_MESSAGE=""
if [[ "$DISPATCHED_REPO_OWNER" != "$CURRENT_REPO_OWNER" ]]; then
ERROR_MESSAGE="The event was not dispatched by a repository within the same owner."
fi
if [[ "$DISPATCHED_REPO_NAME" != ai-dial* ]]; then
ERROR_MESSAGE+=" The repository name does not start with 'ai-dial'."
fi
if [[ -n "$ERROR_MESSAGE" ]]; then
echo "status=$ERROR_MESSAGE" >> $GITHUB_OUTPUT
exit 1
fi
- name: Checks and transformations
id: vars
run: |
if [[ -z "${{ github.event.client_payload.slash_command.args.named.application }}" ]]; then
echo "'application' argument is missing"
exit 1
fi
if [[ -z "${{ github.event.client_payload.pull_request.number }}" ]]; then
echo "Pull request number is missing"
exit 1
fi
if [[ -z "${{ github.event.client_payload.pull_request.head.ref }}" ]]; then
echo "Pull request head ref is missing"
exit 1
fi
echo "All required values are present."
- name: Deploy environment
id: deploy
uses: digital-blueprint/gitlab-pipeline-trigger-action@990eaca56dc9b9439da90dd81ab9311adce0dcce # v1.0.5
with:
host: ${{ secrets.DEPLOY_HOST }}
trigger_token: ${{ secrets.DEPLOY_TRIGGER_TOKEN }}
access_token: ${{ secrets.DEPLOY_ACCESS_TOKEN }}
id: ${{ secrets.DEPLOY_PROJECT_ID }}
ref: ${{ secrets.DEPLOY_REF }}
variables: >
{
"GITHUB_APP":"${{ github.event.client_payload.slash_command.args.named.application }}",
"GITHUB_PR":"pr-${{ github.event.client_payload.pull_request.number }}",
"GITHUB_OWNER":"${{ github.event.client_payload.pull_request.head.repo.owner.login }}",
"GITHUB_REF":"${{ github.event.client_payload.pull_request.head.ref }}",
"GITHUB_TRIGGER": "${{ github.event.client_payload.github.payload.comment.html_url }}"
}
- name: Return status
if: success() || failure()
uses: peter-evans/create-or-update-comment@23ff15729ef2fc348714a3bb66d2f655ca9066f2 # v3.1.0
with:
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
repository: ${{ github.event.client_payload.github.payload.repository.full_name }}
comment-id: ${{ github.event.client_payload.github.payload.comment.id }}
body: |
>Deployment status: ${{ steps.deploy.outputs.status || steps.owner.outputs.status || 'something went wrong' }}
18 changes: 9 additions & 9 deletions .github/workflows/publish_gradle_docker.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,12 @@ jobs:
style_checks:
runs-on: ubuntu-latest
steps:
- uses: epam/ai-dial-ci/actions/gradle_checkstyle@0.5.1
- uses: epam/ai-dial-ci/actions/gradle_checkstyle@1.0.0

code_checks:
runs-on: ubuntu-latest
steps:
- uses: epam/ai-dial-ci/actions/prepare_java@0.5.1
- uses: epam/ai-dial-ci/actions/prepare_java@1.0.0
- name: Test
continue-on-error: ${{ inputs.bypass_checks }}
run: |
Expand All @@ -43,13 +43,13 @@ jobs:
contents: write
packages: write
steps:
- uses: epam/ai-dial-ci/actions/semantic_versioning@0.5.1
- uses: epam/ai-dial-ci/actions/semantic_versioning@1.0.0
id: semantic_versioning

ort:
runs-on: ubuntu-latest
steps:
- uses: epam/ai-dial-ci/actions/ort@0.5.1
- uses: epam/ai-dial-ci/actions/ort@1.0.0

release:
needs:
Expand All @@ -65,17 +65,17 @@ jobs:
packages: write

steps:
- uses: epam/ai-dial-ci/actions/generate_release_notes@0.5.1
- uses: epam/ai-dial-ci/actions/prepare_java@0.5.1
- uses: epam/ai-dial-ci/actions/generate_release_notes@1.0.0
- uses: epam/ai-dial-ci/actions/prepare_java@1.0.0
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
with:
lfs: true
token: ${{ secrets.DEPLOY_USER_PAT }}
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
- name: Build
run: |
sed -i "s/^version = .*/version = \"${{ needs.calculate_version.outputs.next_version }}\"/g" build.gradle
./gradlew build -x test
- uses: epam/ai-dial-ci/actions/build_docker@0.5.1
- uses: epam/ai-dial-ci/actions/build_docker@1.0.0
with:
ghcr_username: ${{ github.actor }}
ghcr_password: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -91,7 +91,7 @@ jobs:
${{ github.ref == 'refs/heads/development' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'development') || ''}}
${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}:{1}', env.IMAGE_NAME, 'latest') || ''}}
${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'latest') || ''}}
- uses: epam/ai-dial-ci/actions/publish_tag_release@0.5.1
- uses: epam/ai-dial-ci/actions/publish_tag_release@1.0.0
with:
tag_version: ${{ needs.calculate_version.outputs.next_version }}
changelog_file: "/tmp/my_changelog" # comes from generate_release_notes step; TODO: beautify
Expand Down
18 changes: 9 additions & 9 deletions .github/workflows/publish_python_docker.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ jobs:
style_checks:
runs-on: ubuntu-latest
steps:
- uses: epam/ai-dial-ci/actions/prepare_python@0.5.1
- uses: epam/ai-dial-ci/actions/prepare_python@1.0.0
with:
python_version: ${{ inputs.python_version }}
install_poetry: true
Expand All @@ -36,7 +36,7 @@ jobs:
code_checks:
runs-on: ubuntu-latest
steps:
- uses: epam/ai-dial-ci/actions/prepare_python@0.5.1
- uses: epam/ai-dial-ci/actions/prepare_python@1.0.0
with:
python_version: ${{ inputs.python_version }}
install_poetry: true
Expand All @@ -56,7 +56,7 @@ jobs:
contents: write
packages: write
steps:
- uses: epam/ai-dial-ci/actions/semantic_versioning@0.5.1
- uses: epam/ai-dial-ci/actions/semantic_versioning@1.0.0
id: semantic_versioning

release:
Expand All @@ -73,16 +73,16 @@ jobs:
packages: write

steps:
- uses: epam/ai-dial-ci/actions/generate_release_notes@0.5.1
- uses: epam/ai-dial-ci/actions/generate_release_notes@1.0.0
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
with:
lfs: true
token: ${{ secrets.DEPLOY_USER_PAT }}
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
- name: Bump version
shell: bash
run: |
sed -i "s/^version = .*/version = \"${{ needs.calculate_version.outputs.non_semver_next_version }}\"/g" pyproject.toml
- uses: epam/ai-dial-ci/actions/build_docker@0.5.1
- uses: epam/ai-dial-ci/actions/build_docker@1.0.0
with:
ghcr_username: ${{ github.actor }}
ghcr_password: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -98,7 +98,7 @@ jobs:
${{ github.ref == 'refs/heads/development' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'development') || ''}}
${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}:{1}', env.IMAGE_NAME, 'latest') || ''}}
${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'latest') || ''}}
- uses: epam/ai-dial-ci/actions/publish_tag_release@0.5.1
- uses: epam/ai-dial-ci/actions/publish_tag_release@1.0.0
with:
tag_version: ${{ needs.calculate_version.outputs.next_version }}
changelog_file: "/tmp/my_changelog" # comes from generate_release_notes step; TODO: beautify
Expand All @@ -108,14 +108,14 @@ jobs:
ort:
runs-on: ubuntu-latest
steps:
- uses: epam/ai-dial-ci/actions/prepare_python@0.5.1
- uses: epam/ai-dial-ci/actions/prepare_python@1.0.0
with:
python_version: ${{ inputs.python_version }}
install_poetry: true
- name: Install dependencies
shell: bash
run: |
poetry install --all-extras
- uses: epam/ai-dial-ci/actions/ort@0.5.1
- uses: epam/ai-dial-ci/actions/ort@1.0.0
with:
bypass_checks: ${{ inputs.bypass_ort }}
20 changes: 10 additions & 10 deletions .github/workflows/publish_python_package.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ jobs:
style_checks:
runs-on: ubuntu-latest
steps:
- uses: epam/ai-dial-ci/actions/prepare_python@0.5.1
- uses: epam/ai-dial-ci/actions/prepare_python@1.0.0
with:
python_version: "${{ inputs.python_version }}"
install_poetry: true
Expand All @@ -47,7 +47,7 @@ jobs:
matrix:
python-version: [ "3.11", "3.10", "3.9", "3.8" ]
steps:
- uses: epam/ai-dial-ci/actions/prepare_python@0.5.1
- uses: epam/ai-dial-ci/actions/prepare_python@1.0.0
with:
python_version: "${{ matrix.python-version }}"
install_poetry: true
Expand All @@ -60,13 +60,13 @@ jobs:
ort:
runs-on: ubuntu-latest
steps:
- uses: epam/ai-dial-ci/actions/prepare_python@0.5.1
- uses: epam/ai-dial-ci/actions/prepare_python@1.0.0
- name: Install dependencies
shell: bash
run: |
pip install poetry
poetry install
- uses: epam/ai-dial-ci/actions/ort@0.5.1
- uses: epam/ai-dial-ci/actions/ort@1.0.0

calculate_version:
runs-on: ubuntu-latest
Expand All @@ -76,7 +76,7 @@ jobs:
contents: write
packages: write
steps:
- uses: epam/ai-dial-ci/actions/semantic_versioning@0.5.1
- uses: epam/ai-dial-ci/actions/semantic_versioning@1.0.0
id: semantic_versioning

release:
Expand All @@ -93,15 +93,15 @@ jobs:
packages: write

steps:
- uses: epam/ai-dial-ci/actions/generate_release_notes@0.5.1
- uses: epam/ai-dial-ci/actions/prepare_python@0.5.1
- uses: epam/ai-dial-ci/actions/generate_release_notes@1.0.0
- uses: epam/ai-dial-ci/actions/prepare_python@1.0.0
with:
python_version: "${{ inputs.python_version }}"
install_poetry: true
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
with:
lfs: true
token: ${{ secrets.DEPLOY_USER_PAT }}
token: ${{ secrets.ACTIONS_BOT_TOKEN }}
- name: Build
shell: bash
run: |
Expand All @@ -110,7 +110,7 @@ jobs:
- name: Run Trivy vulnerability scanner
if: ${{ inputs.scan_trivy }}
continue-on-error: ${{ inputs.bypass_checks }}
uses: aquasecurity/trivy-action@fbd16365eb88e12433951383f5e99bd901fc618f #0.12.0
uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 #0.13.1
with:
scan-type: 'fs'
scan-ref: '.'
Expand All @@ -122,7 +122,7 @@ jobs:
PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
run:
make publish
- uses: epam/ai-dial-ci/actions/publish_tag_release@0.5.1
- uses: epam/ai-dial-ci/actions/publish_tag_release@1.0.0
with:
tag_version: ${{ needs.calculate_version.outputs.non_semver_next_version }}
changelog_file: "/tmp/my_changelog" # comes from generate_release_notes step; TODO: beautify
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/publish_vanilla_docker.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,13 @@ jobs:
contents: write
packages: write
steps:
- uses: epam/ai-dial-ci/actions/semantic_versioning@0.5.1
- uses: epam/ai-dial-ci/actions/semantic_versioning@1.0.0
id: semantic_versioning

ort:
runs-on: ubuntu-latest
steps:
- uses: epam/ai-dial-ci/actions/ort@0.5.1
- uses: epam/ai-dial-ci/actions/ort@1.0.0

release:
needs:
Expand All @@ -41,11 +41,11 @@ jobs:
packages: write

steps:
- uses: epam/ai-dial-ci/actions/generate_release_notes@0.5.1
- uses: epam/ai-dial-ci/actions/generate_release_notes@1.0.0
- uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac #v4.0.0
with:
lfs: true
- uses: epam/ai-dial-ci/actions/build_docker@0.5.1
- uses: epam/ai-dial-ci/actions/build_docker@1.0.0
with:
ghcr_username: ${{ github.actor }}
ghcr_password: ${{ secrets.GITHUB_TOKEN }}
Expand All @@ -61,7 +61,7 @@ jobs:
${{ github.ref == 'refs/heads/development' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'development') || ''}}
${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}:{1}', env.IMAGE_NAME, 'latest') || ''}}
${{ startsWith(github.ref, 'refs/heads/release-') && needs.calculate_version.outputs.is_latest == 'true' && format('{0}/{1}:{2}', 'ghcr.io', env.IMAGE_NAME, 'latest') || ''}}
- uses: epam/ai-dial-ci/actions/publish_tag_release@0.5.1
- uses: epam/ai-dial-ci/actions/publish_tag_release@1.0.0
with:
tag_version: ${{ needs.calculate_version.outputs.next_version }}
changelog_file: "/tmp/my_changelog" # comes from generate_release_notes step; TODO: beautify
Loading

0 comments on commit 0f3857d

Please sign in to comment.