DT-1105: Pin ubuntu version to unblock python client generation githu… #1962
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update devs api image | |
env: | |
# This must be defined for the bash redirection | |
GOOGLE_APPLICATION_CREDENTIALS: 'jade-dev-account.json' | |
# This must be defined for the bash redirection | |
GOOGLE_SA_CERT: 'jade-dev-account.pem' | |
on: | |
workflow_dispatch: {} | |
push: | |
branches: | |
- develop | |
jobs: | |
bump_version: | |
runs-on: ubuntu-latest | |
outputs: | |
api_image_tag: ${{ steps.bumperstep.outputs.tag }} | |
# Skip entire workflow if commit is authored by broadbot | |
# broadbot is only used for automated commits, like version bumps | |
# We don't want to trigger a version bump/deploy to dev for those | |
if: ${{ !contains( github.event.sender.login, 'broadbot') }} | |
steps: | |
- name: Checkout Develop branch of jade-data-repo | |
uses: actions/checkout@v3 | |
with: | |
ref: develop | |
token: ${{ secrets.BROADBOT_TOKEN }} | |
- name: "Bump the tag to a new version" | |
id: bumperstep | |
uses: broadinstitute/datarepo-actions/actions/[email protected] | |
with: | |
actions_subcommand: 'bumper' | |
sa_b64_credentials: ${{ secrets.SA_B64_CREDENTIALS }} | |
version_file_path: build.gradle | |
version_variable_name: version | |
# Sets the author of the version bump commit to broadbot. This is used in our skip job logic. | |
GITHUB_TOKEN: ${{ secrets.BROADBOT_TOKEN }} | |
build_client_and_publish: | |
runs-on: ubuntu-latest | |
needs: | |
- bump_version | |
steps: | |
- name: Checkout tagged branch of jade-data-repo | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ needs.bump_version.outputs.api_image_tag }} | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: 'gradle' | |
- name: "Publish to Artifactory" | |
uses: gradle/gradle-build-action@v2 | |
with: | |
arguments: ':datarepo-client:artifactoryPublish' | |
env: | |
ARTIFACTORY_USER: ${{ secrets.ARTIFACTORY_USER }} | |
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }} | |
ENABLE_SUBPROJECT_TASKS: true | |
build_container_and_publish: | |
runs-on: ubuntu-latest | |
needs: | |
- bump_version | |
steps: | |
- name: Checkout tagged branch of jade-data-repo | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ needs.bump_version.outputs.api_image_tag }} | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: '17' | |
cache: 'gradle' | |
- name: 'Release Candidate Container Build: Create release candidate images' | |
run: | | |
# extract service account credentials | |
base64 --decode <<< ${{ secrets.SA_B64_CREDENTIALS }} > ${GOOGLE_APPLICATION_CREDENTIALS} | |
jq -r .private_key ${GOOGLE_APPLICATION_CREDENTIALS} > ${GOOGLE_SA_CERT} | |
chmod 644 ${GOOGLE_SA_CERT} | |
# Set tag to semver version | |
export GCR_TAG=${{ needs.bump_version.outputs.api_image_tag }} | |
# Build, tag and push the image | |
./gradlew jib | |
cherry_pick_image_to_production_gcr: | |
needs: [bump_version, build_container_and_publish] | |
uses: ./.github/workflows/cherry-pick-image.yaml | |
secrets: inherit | |
with: | |
gcr_tag: ${{ needs.bump_version.outputs.api_image_tag }} | |
source_gcr_url: 'gcr.io/broad-jade-dev/jade-data-repo' | |
target_gcr_url: 'gcr.io/datarepo-public-gcr/jade-data-repo' | |
report-to-sherlock: | |
name: Report App Version to DevOps | |
uses: broadinstitute/sherlock/.github/workflows/client-report-app-version.yaml@main | |
needs: [bump_version, cherry_pick_image_to_production_gcr] | |
with: | |
new-version: ${{ needs.bump_version.outputs.api_image_tag }} | |
chart-name: datarepo | |
permissions: | |
contents: read | |
id-token: write | |
set-app-version-in-dev: | |
uses: broadinstitute/sherlock/.github/workflows/client-set-environment-app-version.yaml@main | |
needs: | |
- bump_version | |
- report-to-sherlock | |
with: | |
new-version: ${{ needs.bump_version.outputs.api_image_tag }} | |
chart-name: datarepo | |
environment-name: dev | |
secrets: | |
sync-git-token: ${{ secrets.BROADBOT_TOKEN }} | |
permissions: | |
id-token: write | |
helm_tag_bumper: | |
needs: | |
- build_container_and_publish | |
# We block bumping the tag in datarepo-helm because that will cause a deployment to datarepo-dev | |
# too, and we don't want to be deploying to datarepo-dev twice simultaneously | |
- set-app-version-in-dev | |
uses: ./.github/workflows/helmtagbumper.yaml | |
secrets: inherit |