Skip to content

rebuild

rebuild #740

Workflow file for this run

name: deploy
on:
repository_dispatch:
workflow_dispatch:
push:
branches:
- main
pull_request:
env:
IMAGE_NAME: us-central1-docker.pkg.dev/analysis-tools-dev/analysis-tools/website
permissions:
contents: 'read'
id-token: 'write'
concurrency:
# Only one execution of this workflow can run at the same time.
group: ${{ github.workflow }}
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: 'projects/84699750544/locations/global/workloadIdentityPools/github/providers/github'
service_account: '[email protected]'
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: 'Configure Docker'
run: gcloud auth configure-docker us-central1-docker.pkg.dev
- name: 'Generate GitHub Token'
id: generate_token
uses: tibdex/github-app-token@v2
with:
app_id: ${{ secrets.GH_APP_ID }}
private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}
# We want to redeploy, whenever the tools.json file changes
# so make sure to hash the file and use it as a tag for the Docker image
- name: 'Download tools.json File'
run: curl -sL https://github.com/analysis-tools-dev/static-analysis/raw/master/data/api/tools.json -o ./tools.json
- name: 'Generate Hash of tools.json File'
id: tools_json_hash
run: echo "tools_json_hash=$(sha256sum tools.json | cut -c1-7)" >> $GITHUB_ENV
# Also take screenshots.json into account, which is at
# https://github.com/analysis-tools-dev/assets/blob/master/screenshots.json
- name: 'Download screenshots.json File'
run: curl -sL https://github.com/analysis-tools-dev/assets/raw/master/screenshots.json -o ./screenshots.json
- name: 'Generate Hash of screenshots.json File'
id: screenshots_json_hash
run: echo "screenshots_json_hash=$(sha256sum screenshots.json | cut -c1-7)" >> $GITHUB_ENV
# Image hash is a combination of the hashes
- name: 'Set IMAGE_NAME hash'
run: |
short_hash=$(echo "${{ github.sha }}" | cut -c1-7)
echo "IMAGE_NAME=${{ env.IMAGE_NAME }}:$short_hash-${{ env.tools_json_hash }}-${{ env.screenshots_json_hash }}" >> $GITHUB_ENV
- name: 'Build Docker Image'
env:
GH_TOKEN: ${{ steps.generate_token.outputs.token }}
NEXT_TELEMETRY_DISABLED: 1
run: |
echo ${{ secrets.FIREBASE_TOKEN }} | base64 -d > ./credentials.json
echo "Building Docker Image with tag $IMAGE_NAME"
docker build --build-arg GH_TOKEN=${{ env.GH_TOKEN }} \
--build-arg PROJECT_ID=analysis-tools-dev \
-t ${IMAGE_NAME} .
rm ./credentials.json
- name: 'Push Docker Image'
run: |
echo "Pushing Docker Image $IMAGE_NAME"
docker push $IMAGE_NAME
- name: 'Deploy'
uses: pulumi/actions@v5
env:
# TODO: Create a password for Pulumi stack during project bootstrap
PULUMI_CONFIG_PASSPHRASE: '${{ secrets.PULUMI_SECRET }}'
ALGOLIA_API_KEY: '${{ secrets.ALGOLIA_API_KEY }}'
with:
command: up
work-dir: ./pulumi
cloud-url: gs://analysis-tools-dev-pulumi
# TODO: Fix the branch name
stack-name: stage
refresh: true
- name: 'Deploy prod'
uses: pulumi/actions@v5
if: github.ref == 'refs/heads/main'
env:
# TODO: Create a password for Pulumi stack during project bootstrap
PULUMI_CONFIG_PASSPHRASE: '${{ secrets.PULUMI_SECRET_PROD }}'
ALGOLIA_API_KEY: '${{ secrets.ALGOLIA_API_KEY }}'
with:
command: up
work-dir: ./pulumi
cloud-url: gs://analysis-tools-dev-pulumi
stack-name: prod
refresh: true
- uses: actions/setup-node@v4
if: github.ref == 'refs/heads/main'
with:
node-version: 20
cache: 'npm'
- name: 'Update Algolia index'
if: github.ref == 'refs/heads/main'
env:
ALGOLIA_APP_ID: '${{ secrets.ALGOLIA_APP_ID }}'
ALGOLIA_ADMIN_KEY: '${{ secrets.ALGOLIA_ADMIN_KEY }}'
ALGOLIA_INDEX_NAME: 'tools'
run: |
npm install
npm run search-index