chore(deps): Bump cachix/install-nix-action from 22 to 23 (#149) #124
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: multi-architecture docker build | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- "v*" | |
jobs: | |
build_and_deploy: | |
name: build and deploy | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
id-token: write | |
packages: write | |
steps: | |
- name: Checkout ποΈ | |
uses: actions/checkout@v4 | |
- name: Install Nix β | |
uses: cachix/install-nix-action@v23 | |
with: | |
github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up the Nix Cache π | |
uses: cachix/cachix-action@v12 | |
with: | |
name: hasura-v3-dev | |
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
- id: gcloud-auth | |
name: Authenticate to Google Cloud π | |
uses: google-github-actions/auth@v1 | |
with: | |
token_format: access_token | |
service_account: "[email protected]" | |
workload_identity_provider: "projects/1025009031284/locations/global/workloadIdentityPools/hasura-ddn/providers/github" | |
- name: Login to Google Container Registry π¦ | |
uses: "docker/login-action@v3" | |
with: | |
registry: "us-docker.pkg.dev" | |
username: "oauth2accesstoken" | |
password: "${{ steps.gcloud-auth.outputs.access_token }}" | |
- name: Login to GitHub Container Registry π¦ | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and deploy Docker images to Google Container Registry π | |
run: nix run .#publish-docker-image '${{ github.ref }}' 'us-docker.pkg.dev/hasura-ddn/ddn/ndc-postgres' | |
- name: Build and deploy Docker images to GitHub Packages π | |
run: nix run .#publish-docker-image '${{ github.ref }}' 'ghcr.io/hasura/ndc-postgres' | |
- name: Deploy to staging | |
if: github.ref == 'refs/heads/main' | |
env: | |
BUILDKITE_AUTH_TOKEN: ${{ secrets.BUILDKITE_AUTH_TOKEN }} | |
run: | | |
long_sha=$(git rev-parse HEAD) | |
short_sha=$(git rev-parse --short=9 HEAD) | |
req_data=$(cat <<EOF | |
{ | |
"commit": "${long_sha}", | |
"branch": "main", | |
"message": "deploy ndc-postgres config server ${GITHUB_SHA} to staging :rocket:", | |
"author": { | |
"name": "Hasura Bot", | |
"email": "[email protected]" | |
}, | |
"env": { | |
"RELEASE_VERSION": "dev-main-${short_sha}" | |
} | |
} | |
EOF) | |
curl -X POST "https://api.buildkite.com/v2/organizations/hasura/pipelines/release-ndc-postgres-config-server/builds" \ | |
-H "Content-Type: application/json" \ | |
-H "Authorization: Bearer ${BUILDKITE_AUTH_TOKEN}" \ | |
-d "$req_data" | |
# scream into Slack if something goes wrong | |
- name: Report Status | |
if: always() && github.ref == 'refs/heads/main' | |
uses: ravsamhq/notify-slack-action@v2 | |
with: | |
status: ${{ job.status }} | |
notify_when: failure | |
notification_title: "π§ Error on <{repo_url}|{repo}>" | |
message_format: "π΄ *{workflow}* {status_message} for <{repo_url}|{repo}>" | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.BROKEN_BUILD_SLACK_WEBHOOK_URL }} |