Monorepo pipeline - build and deploy #119786

Workflow file for this run

	name: Monorepo pipeline - build and deploy

	on:
	push:
	branches:
	- 'main'
	- 'release/**'
	- 'pre-release/**'
	paths-ignore:
	- '*/.md'
	tags:
	- docker-build-*
	workflow_dispatch:
	create:
	pull_request:
	types:
	- opened
	- synchronize
	- labeled

	defaults:
	run:
	shell: bash

	concurrency:
	# See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-a-fallback-value
	group: push-${{ github.head_ref \|\| github.run_id }}
	cancel-in-progress: true

	env:
	DOCKER_REGISTRY: 821090935708.dkr.ecr.eu-west-1.amazonaws.com
	DOCKER_BASE_IMAGE_REGISTRY: 821090935708.dkr.ecr.eu-west-1.amazonaws.com/ecr-public
	SPINNAKER_URL: https://spinnaker-gate.shared.devland.is
	COMPOSE_HTTP_TIMEOUT: 180
	GITHUB_ACTIONS_CACHE_URL: https://cache.dev01.devland.is/
	SKIP_GENERATED_CACHE: ${{ contains(github.event.pull_request.labels.*.name, 'skip-generated-cache') }}
	NX_AFFECTED_ALL: ${{ contains(github.event.pull_request.labels.*.name, 'nx-affected-all') }}
	NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}
	NX_TASKS_RUNNER: ci
	CONFIGCAT_MAIN_CONFIG_ID: 08d8c761-021c-46f0-8671-6244663a372f
	CONFIGCAT_MOBILE_APP_CONFIG_ID: 08daf234-7573-4b3b-85f6-189fc7502542
	DISABLE_CHUNKS: 'false'
	DISABLE_GROUPING: 'false'
	DISABLE_PROBLEMATIC: 'false'
	CHUNK_SIZE: '3'
	MAX_JOBS: '2'
	NX_PARALLEL: '2'
	NX_MAX_PARALLEL: '4'
	NODE_IMAGE_VERSION: 20
	S3_DOCKER_CACHE_BUCKET: ${{ secrets.S3_DOCKER_CACHE_BUCKET }}
	RUNS_ON_S3_BUCKET_CACHE: ${{ secrets.S3_DOCKER_CACHE_BUCKET }}
	YARN_ENABLE_HARDENED_MODE: '0'
	AWS_REGION: eu-west-1
	GENERATED_FILES: ${{ github.sha }}.tar.gz

	jobs:
	pre-checks:
	uses: ./.github/workflows/pre-checks.yml
	secrets: inherit

	prepare:
	runs-on: arc-runners
	timeout-minutes: 90

	if: needs.pre-checks.outputs.PRE_CHECK
	needs:
	- pre-checks

	env:
	AFFECTED_ALL: ${{ secrets.AFFECTED_ALL }}
	GIT_BRANCH: ${{ needs.pre-checks.outputs.GIT_BRANCH }}
	GIT_BASE_BRANCH: ${{ needs.pre-checks.outputs.GIT_BASE_BRANCH }}
	SERVERSIDE_FEATURES_ON: ''

	outputs:
	TEST_CHUNKS: ${{ steps.test_projects.outputs.CHUNKS }}
	DOCKER_TAG: ${{ steps.docker_tags.outputs.DOCKER_TAG }}
	NODE_IMAGE_VERSION: ${{ steps.nodejs_image.outputs.NODE_IMAGE_VERSION }}
	LAST_GOOD_BUILD_DOCKER_TAG: ${{ steps.git_nx_base.outputs.LAST_GOOD_BUILD_DOCKER_TAG }}
	BUILD_CHUNKS: ${{ steps.build_map.outputs.BUILD_CHUNKS }}
	IMAGES: ${{ steps.deploy_map.outputs.IMAGES }}
	node-modules-hash: ${{ steps.calculate_node_modules_hash.outputs.node-modules-hash }}
	DEPLOY_FEATURE: ${{ contains(github.event.pull_request.labels.*.name, 'deploy-feature') }}
	CACHE_KEY: ${{ steps.set-cache-key.outputs.CACHE_KEY }}

	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: feature-checkout
	if: needs.pre-checks.outputs.PRE_CHECK == 'feature-deploy' && needs.pre-checks.outputs.PRE_RELEASE == 'false'
	uses: ./.github/actions/feature-checkout
	with:
	github_token: ${{ secrets.GITHUB_TOKEN }}
	slack_webhook_url: ${{ secrets.SLACK_BUILD_ISSUES_REPORTING_WEBHOOK_URL }}

	- name: prerelease-checkout
	if: needs.pre-checks.outputs.PRE_CHECK && needs.pre-checks.outputs.PRE_RELEASE == 'true'
	uses: ./.github/actions/prerelease-checkout

	- name: Derive appropriate SHAs
	uses: nrwl/nx-set-shas@v4

	# NOTE: checkout features
	- name: Checking out relevant branches for a PR
	if: needs.pre-checks.outputs.PRE_CHECK && needs.pre-checks.outputs.PRE_CHECK == 'feature-deploy' && !(needs.pre-checks.outputs.PRE_RELEASE == 'true')
	run: \|
	set -euo pipefail
	git checkout "$GITHUB_HEAD_REF"
	git checkout "$GITHUB_BASE_REF"
	git checkout "$GITHUB_SHA"
	git config --global user.email "[email protected]"
	git config --global user.name "CI Bot"

	# BASE_SHA="$(git merge-base HEAD "$GITHUB_BASE_REF")"
	# HEAD_SHA="$(git merge-base HEAD "$GITHUB_HEAD_REF")"
	BASE_SHA=${{ env.NX_BASE }}
	HEAD_SHA=${{ env.NX_HEAD }}
	echo "Current base SHA is '$BASE_SHA' and head SHA is '$HEAD_SHA'"
	echo "{\"base_sha\": \"$BASE_SHA\", \"head_sha\":\"$HEAD_SHA\"}" > event.json

	# NOTE: checkout main
	- name: Checking out relevant branches for a branch build
	if: ${{ !(needs.pre-checks.outputs.PRE_CHECK && needs.pre-checks.outputs.PRE_CHECK == 'feature-deploy') }}
	run: \|
	set -euo pipefail
	git checkout main
	git checkout "$GITHUB_SHA"

	# This is to increase the retention days for our GitHub Actions run events
	# See this for more information:
	# https://github.blog/changelog/2020-10-08-github-actions-ability-to-change-retention-days-for-artifacts-and-logs/
	- name: Keep PR run event
	uses: actions/upload-artifact@b18b1d32f3f31abcdc29dee3f2484801fe7822f4
	if: needs.pre-checks.outputs.PRE_CHECK && needs.pre-checks.outputs.PRE_CHECK == 'feature-deploy' && !(needs.pre-checks.outputs.PRE_RELEASE == 'true')
	with:
	name: pr-event
	path: event.json
	retention-days: 90
	include-hidden-files: true
	if-no-files-found: error

	- name: Generate nodejs image tag
	id: nodejs_image
	continue-on-error: false
	run: \|
	set -euo pipefail
	export NODE_IMAGE_VERSION="$NODE_IMAGE_VERSION"
	echo "NODE_IMAGE_VERSION: '${NODE_IMAGE_VERSION}'"
	echo NODE_IMAGE_VERSION="${NODE_IMAGE_VERSION}" >> "$GITHUB_OUTPUT"
	echo NODE_IMAGE_VERSION="${NODE_IMAGE_VERSION}" >> "$GITHUB_ENV"
	echo "NODE_IMAGE_VERSION '${NODE_IMAGE_VERSION}'" >> "$GITHUB_STEP_SUMMARY"

	- name: Generate docker image tag
	id: docker_tags
	run: \|
	set -euo pipefail
	export DOCKER_BRANCH_TAG="$(echo "${GIT_BRANCH:0:45}" \| tr "/." "-" )"
	SHA="${{ github.event.pull_request.head.sha }}"
	echo "SHA='$SHA' retrieved from event"
	if [[ "$SHA" == "" ]]; then
	SHA="$GITHUB_SHA"
	echo "SHA='$SHA', retrived from action environment"
	fi
	echo "Using SHA='$SHA' as docker tag SHA"
	export DOCKER_TAG="${DOCKER_BRANCH_TAG}_${SHA:0:10}_${GITHUB_RUN_NUMBER}"
	echo "Docker tag will be '${DOCKER_TAG}'"
	echo DOCKER_TAG="${DOCKER_TAG}" >> "$GITHUB_OUTPUT"
	echo DOCKER_TAG="$DOCKER_TAG" >> "$GITHUB_ENV"
	echo "Monorepo tag: '${DOCKER_TAG}'" >> "$GITHUB_STEP_SUMMARY"

	- name: Send Slack notification
	id: slack
	if: ${{ startsWith( github.env.GIT_BASE_BRANCH, 'release/' ) }}
	uses: 8398a7/action-slack@v3
	with:
	status: custom
	fields: repo,message # selectable (default: repo,message)
	custom_payload: \|
	{
	attachments: [{
	color: 'good',
	text: `Monorepo Release Tag is: ${process.env.DOCKER_TAG}`,
	}]
	}
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_RELEASE_WEBHOOK_URL }} # required

	- run: \|
	echo HEAD="$GITHUB_SHA" >> "$GITHUB_ENV"
	id: git_nx_head
	name: Preparing HEAD tag

	- name: Setup yarn
	uses: ./.github/actions/setup-yarn

	- name: load-deps
	uses: ./.github/actions/load-deps

	- name: test-everything
	uses: ./.github/actions/test-everything

	- name: Docker login to ECR repo
	run: ./scripts/ci/docker-login-ecr.sh
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	- name: set BRANCH env var
	id: set-branch-env
	run: echo BRANCH="$GIT_BRANCH" >> "$GITHUB_ENV"

	- name: Prepare test targets
	id: test_projects
	run: \|
	set -euo pipefail
	CHUNKS="$(./scripts/ci/generate-chunks.sh test)"
	if [[ "$CHUNKS" != "[]" ]]; then
	echo CHUNKS="{\"projects\":$CHUNKS}" >> "$GITHUB_OUTPUT"
	fi
	env:
	SKIP_TESTS_ON_BRANCH: ${{ secrets.SKIP_TESTS_ON_BRANCH }}

	- name: Set AFFECTED_ALL env
	if: ${{ needs.pre-checks.outputs.PRE_RELEASE == 'true' \|\| env.BRANCH == 'main' }}
	run: \|
	echo "AFFECTED_ALL=7913-$GIT_BRANCH" >> "$GITHUB_ENV"

	- name: Prepare docker build targets
	id: build_map
	run: \|
	set -euo pipefail
	CHUNKS="$(./scripts/ci/generate-docker-chunks.sh docker-express docker-next docker-static docker-playwright docker-jest)"
	echo "CHUNKS: '$CHUNKS'"
	if [[ "$CHUNKS" != "[]" ]]; then
	echo BUILD_CHUNKS="$CHUNKS" >> "$GITHUB_OUTPUT"
	fi

	# NOTE: only on PRs
	- name: Prepare deployment targets
	id: deploy_map
	if: needs.pre-checks.outputs.PRE_CHECK != 'push'
	run: \|
	set -euo pipefail
	export BASE="$(git merge-base HEAD "$GITHUB_BASE_REF")"
	CHUNKS="${{ steps.build_map.outputs.BUILD_CHUNKS }}"
	echo "CHUNKS: '$CHUNKS'"
	if [[ "$CHUNKS" != "[]" ]]; then
	echo "IMAGES="$(echo "$CHUNKS" \| jq '.[] \| fromjson \| .projects' -r \| tr '\n' ',')"" >> "$GITHUB_OUTPUT"
	fi

	- name: Prepare docker deps
	id: docker-deps
	run: \|
	./scripts/ci/10_prepare-docker-deps.sh

	docker-build:
	needs:
	- pre-checks
	- prepare
	runs-on: arc-docker
	timeout-minutes: 45
	if: needs.prepare.outputs.BUILD_CHUNKS
	env:
	AFFECTED_ALL: ${{ secrets.AFFECTED_ALL }}
	GIT_BRANCH: ${{ needs.pre-checks.outputs.GIT_BRANCH}}
	DOCKER_TAG: ${{ needs.prepare.outputs.DOCKER_TAG}}
	NODE_IMAGE_VERSION: ${{ needs.prepare.outputs.NODE_IMAGE_VERSION}}
	PUBLISH: true
	DISABLE_CHUNKS: true
	MAX_JOBS: 3
	NX_PARALLEL: 1
	strategy:
	fail-fast: false
	matrix:
	chunk: ${{ fromJson(needs.prepare.outputs.BUILD_CHUNKS) }}
	steps:
	- name: Gather apps
	id: gather
	run: \|
	set -euo pipefail
	AFFECTED_PROJECTS="$(echo '${{ matrix.chunk }}' \| jq -r '.projects')"
	DOCKER_TYPE="$(echo '${{ matrix.chunk }}' \| jq -r '.docker_type')"
	APP_HOME="$(echo '${{ matrix.chunk }}' \| jq -r '.home')"
	APP_DIST_HOME="$(echo '${{ matrix.chunk }}' \| jq -r '.dist')"
	echo AFFECTED_PROJECTS="$AFFECTED_PROJECTS" >> "$GITHUB_ENV"
	echo DOCKER_TYPE="$DOCKER_TYPE" >> "$GITHUB_ENV"
	echo APP_HOME="$APP_HOME" >> "$GITHUB_ENV"
	echo APP_DIST_HOME="$APP_DIST_HOME" >> "$GITHUB_ENV"
	continue-on-error: true

	- uses: actions/checkout@v4
	if: steps.gather.outcome == 'success'

	- name: Restore generated files
	uses: runs-on/cache/restore@v4
	id: restore-generated-files-cache
	with:
	path: \|
	${{ env.GENERATED_FILES }}
	key: generated-files-${{ github.sha }}

	- name: Extract generated files
	run: \|
	tar -xzvf ${{ env.GENERATED_FILES }}

	- name: Docker login to ECR repo
	if: steps.gather.outcome == 'success'
	run: ./scripts/ci/docker-login-ecr.sh
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	- name: Prepare Docker build arguments
	id: dockerargs
	if: steps.gather.outcome == 'success'
	env:
	NODE_IMAGE_VERSION: ${{ needs.prepare.outputs.NODE_IMAGE_VERSION }}
	GIT_COMMIT_SHA: ${{ github.sha }}
	DOCKER_BASE_IMAGE_REGISTRY: ${{ env.DOCKER_BASE_IMAGE_REGISTRY }}
	run: \|
	set -x
	# Strip protocol prefix and .git postfix
	SERVER_URL="${{ github.server_url }}/${{ github.repository }}"
	SERVER_URL="${SERVER_URL#*://}"
	SERVER_URL="${SERVER_URL%.git}"
	build_args=(
	--build-arg="DOCKER_IMAGE_REGISTRY=${DOCKER_BASE_IMAGE_REGISTRY}"
	--build-arg="NODE_IMAGE_VERSION=${NODE_IMAGE_VERSION}"
	--build-arg="GIT_BRANCH=${GIT_BRANCH}"
	--build-arg="GIT_COMMIT_SHA=${GIT_COMMIT_SHA}"
	--build-arg="GIT_REPOSITORY_URL=${SERVER_URL}"
	--build-arg="NX_PARALLEL=${NX_PARALLEL}"
	--build-arg="NX_MAX_PARALLEL=${NX_MAX_PARALLEL}"
	--build-arg="NX_TASKS_RUNNER=ci"
	)
	export EXTRA_DOCKER_BUILD_ARGS="${build_args[*]}"
	echo "EXTRA_DOCKER_BUILD_ARGS=${EXTRA_DOCKER_BUILD_ARGS}" >> "${GITHUB_ENV}"

	# Create a temporary file with the NX_CLOUD_ACCESS_TOKEN
	echo "${{ secrets.NX_CLOUD_ACCESS_TOKEN }}" > nx_cloud_access_token.txt

	# Add secret to EXTRA_DOCKER_BUILD_ARGS
	echo "EXTRA_DOCKER_BUILD_ARGS=${EXTRA_DOCKER_BUILD_ARGS} --secret id=nx_cloud_access_token,src=nx_cloud_access_token.txt" >> "${GITHUB_ENV}"

	- name: Check if cached buildx image exists
	id: cache-check
	run: \|
	if ! docker pull ${{vars.AWS_ECR_REPO_BASE}}/moby/buildkit:buildx-stable-1 ; then
	docker pull docker.io/moby/buildkit:buildx-stable-1
	docker tag docker.io/moby/buildkit:buildx-stable-1 ${{vars.AWS_ECR_REPO_BASE}}/moby/buildkit:buildx-stable-1
	docker push ${{vars.AWS_ECR_REPO_BASE}}/moby/buildkit:buildx-stable-1
	fi

	- name: Building Docker images
	continue-on-error: true
	id: dockerbuild
	if: steps.gather.outcome == 'success'
	env:
	NODE_IMAGE_VERSION: ${{ needs.prepare.outputs.NODE_IMAGE_VERSION }}
	GIT_COMMIT_SHA: ${{ github.sha }}
	DOCKER_BASE_IMAGE_REGISTRY: ${{ env.DOCKER_BASE_IMAGE_REGISTRY }}
	run: \|
	set -x
	echo "Node image tag is: '${NODE_IMAGE_VERSION}'"
	echo "Docker build args are: 'EXTRA_DOCKER_BUILD_ARGS'"
	export EXTRA_DOCKER_BUILD_ARGS
	./scripts/ci/run-in-parallel.sh "90_${DOCKER_TYPE}"

	- name: Building Docker images Retry
	if: steps.gather.outcome == 'success' && steps.dockerbuild.outcome == 'failure'
	env:
	NODE_IMAGE_VERSION: ${{ needs.prepare.outputs.NODE_IMAGE_VERSION }}
	GIT_COMMIT_SHA: ${{ github.sha }}
	DOCKER_BASE_IMAGE_REGISTRY: ${{ env.DOCKER_BASE_IMAGE_REGISTRY }}
	run: \|
	set -x
	echo "Node image tag is: '${NODE_IMAGE_VERSION}'"
	echo "Docker build args are: 'EXTRA_DOCKER_BUILD_ARGS'"
	export EXTRA_DOCKER_BUILD_ARGS
	./scripts/ci/run-in-parallel.sh "90_${DOCKER_TYPE}"

	helm-docker-build:
	needs:
	- prepare
	- pre-checks
	# if: needs.prepare.outputs.IMAGES && needs.pre-checks.outputs.PRE_CHECK != 'push'
	runs-on: arc-runners
	timeout-minutes: 30
	env:
	FEATURE_NAME: ${{ needs.pre-checks.outputs.FEATURE_NAME }}
	DOCKER_TAG: ${{ needs.prepare.outputs.DOCKER_TAG}}
	GIT_BRANCH: ${{ needs.pre-checks.outputs.GIT_BRANCH }}
	NODE_IMAGE_VERSION: ${{ needs.prepare.outputs.NODE_IMAGE_VERSION }}
	steps:
	- uses: actions/checkout@v4

	- name: Docker login
	run: ./scripts/ci/docker-login-ecr.sh
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
	aws-region: eu-west-1

	- name: Docker build image
	working-directory: infra
	run: \|
	echo Registry is: ${{env.DOCKER_BASE_IMAGE_REGISTRY}}
	echo Image tag is: ${{env.NODE_IMAGE_VERSION}}
	export EXTRA_DOCKER_BUILD_ARGS="--build-arg DOCKER_IMAGE_REGISTRY=${{env.DOCKER_BASE_IMAGE_REGISTRY}} --build-arg NODE_IMAGE_VERSION=${{env.NODE_IMAGE_VERSION}}"
	./scripts/build-docker-container.sh "$DOCKER_TAG"
	echo "COMMENT<<EOF" >> "$GITHUB_ENV"
	echo "Affected services are: ${{needs.prepare.outputs.IMAGES}}" >> "$GITHUB_ENV"
	docker run --rm "${DOCKER_REGISTRY}/helm-config:$DOCKER_TAG" ingress-comment --images=${{needs.prepare.outputs.IMAGES}} --chart=islandis --feature="$FEATURE_NAME" >> "$GITHUB_ENV"
	echo 'EOF' >> "$GITHUB_ENV"
	env:
	PUBLISH: 'true'

	- name: Comment on PR
	if: needs.pre-checks.outputs.PRE_CHECK == 'feature-deploy' && !(needs.pre-checks.outputs.PRE_RELEASE == 'true')
	uses: actions/github-script@v7
	with:
	github-token: ${{ secrets.GITHUB_TOKEN }}
	script: \|
	const updateComment = require('./.github/actions/update-comment.js')
	const { COMMENT } = process.env
	await updateComment({github, context, comment: COMMENT})

	deploy:
	runs-on: arc-runners
	if: ${{ !cancelled() && needs.helm-docker-build.result != 'failure' && needs.docker-build.result != 'failure' }}
	needs:
	- pre-checks
	- prepare
	- docker-build
	- helm-docker-build
	env:
	GIT_BRANCH_DEPLOY: ${{ needs.pre-checks.outputs.GIT_BRANCH_DEPLOY }}
	FEATURE_NAME: ${{ needs.pre-checks.outputs.FEATURE_NAME }}
	DOCKER_TAG: ${{ needs.prepare.outputs.DOCKER_TAG }}
	IMAGES: ${{ needs.prepare.outputs.IMAGES }}
	steps:
	- uses: actions/checkout@v4
	- name: Trigger Deployment for service
	env:
	SPINNAKER_WEBHOOK_TOKEN: ${{ secrets.SPINNAKER_WEBHOOK_TOKEN }}
	run: \|
	echo "Sending webhook with branch: '$GIT_BRANCH_DEPLOY'"
	curl "$SPINNAKER_URL/webhooks/webhook/islandis" -H "content-type: application/json" --data-binary @- <<BODY
	{
	"token": "$SPINNAKER_WEBHOOK_TOKEN",
	"branch": "$GIT_BRANCH_DEPLOY",
	"parameters": {
	"docker_tag": "$DOCKER_TAG",
	"feature_name": "$FEATURE_NAME",
	"images": "$IMAGES",
	"pull_request_number": "$(echo "$GITHUB_REF" \| cut -d'/' -f3)"
	}
	}
	BODY
	- name: Trigger Deployment for IDS-Services
	env:
	DOCKER_TAG: ${{ needs.prepare.outputs.DOCKER_TAG }}
	GIT_BRANCH_DEPLOY: ${{ needs.pre-checks.outputs.GIT_BRANCH_DEPLOY }}
	SPINNAKER_WEBHOOK_TOKEN: ${{ secrets.SPINNAKER_WEBHOOK_TOKEN }}
	GH_PRIVATE_REPO_TOKEN: ${{secrets.GH_PRIVATE_REPO_TOKEN}}
	run: \|
	set -euo pipefail
	if read -d "\n" IDENTITY_SERVER_HEAD_SHA IDENTITY_SERVER_RUN_NUMBER; then :; fi <<<$(curl -H "Authorization: token $GH_PRIVATE_REPO_TOKEN" -H "Accept: application/vnd.github.v3+json" https://api.github.com/repos/island-is/identity-server.web/actions/workflows/build.yml/runs\?branch\=main\&status\=success\&per_page\=1\&event\=push \| jq '.workflow_runs[] \| .head_sha, .run_number' \| tr -d \")
	export IDENTITY_SERVER_DOCKER_TAG="main_${IDENTITY_SERVER_HEAD_SHA:0:10}_${IDENTITY_SERVER_RUN_NUMBER}"
	echo "Deploying with identity-server docker tag: '$IDENTITY_SERVER_DOCKER_TAG'"
	echo "Sending webhook with branch: '$GIT_BRANCH_DEPLOY'"
	curl "$SPINNAKER_URL/webhooks/webhook/ids-dev" -H "content-type: application/json" --data-binary @- <<BODY
	{
	"token": "$SPINNAKER_WEBHOOK_TOKEN",
	"branch": "$GIT_BRANCH_DEPLOY",
	"parameters": {
	"dependency_docker_tag": "$DOCKER_TAG",
	"docker_tag": "$IDENTITY_SERVER_DOCKER_TAG"
	}
	}
	BODY
	push-success:
	runs-on: arc-runners
	if: ${{ !cancelled() }}
	needs:
	- pre-checks
	- docker-build
	- deploy
	steps:
	- name: Check deploy success
	run: '[[ ${{ needs.deploy.result }} != "failure" ]] \|\| exit 1'
	- name: Announce success
	if: needs.pre-checks.outputs.PRE_CHECK
	run: echo "Build is successful"
	- name: Announce skipped
	if: '!needs.pre-checks.outputs.PRE_CHECK'
	run: echo "Build was skipped"

	failure-notification:
	runs-on: arc-runners
	if: failure() && needs.pre-checks.outputs.PRE_CHECK && needs.pre-checks.outputs.PRE_CHECK != 'feature-deploy'
	needs:
	- pre-checks
	- prepare
	- docker-build
	- deploy
	steps:
	- name: Send Slack notification
	uses: 8398a7/action-slack@v3
	with:
	status: failure
	icon_emoji: ':broken_heart:'
	fields: repo,message,commit,author,action,eventName,ref,workflow,took # selectable (default: repo,message)
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # optional
	SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} # required

	scanflags:
	if: github.ref == 'ref/heads/main'
	runs-on: arc-runners
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	- name: Scan & upload main config
	uses: configcat/scan-repository@v2
	with:
	api-user: ${{ secrets.CONFIGCAT_API_USER }}
	api-pass: ${{ secrets.CONFIGCAT_API_PASS }}
	config-id: ${{ env.CONFIGCAT_MAIN_CONFIG_ID }}
	- name: Scan & upload mobile app config
	uses: configcat/scan-repository@v2
	with:
	api-user: ${{ secrets.CONFIGCAT_API_USER }}
	api-pass: ${{ secrets.CONFIGCAT_API_PASS }}
	config-id: ${{ env.CONFIGCAT_MOBILE_APP_CONFIG_ID }}
	sub-folder: apps/native

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Monorepo pipeline - build and deploy #119786

Workflow file

Monorepo pipeline - build and deploy #119786

Jobs

Run details

Workflow file for this run