Merge pull request #407 from thefrontside/changeset-release/main #280
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Backstage Deploy | |
on: | |
push: | |
branches: main | |
concurrency: ${{ github.ref }} | |
env: | |
IMAGE: 'us-central1-docker.pkg.dev/frontside-humanitec/frontside-artifacts/backstage' | |
USE_GKE_GCLOUD_AUTH_PLUGIN: true | |
jobs: | |
deploy: | |
name: Cloud Build & Deploy | |
runs-on: ubuntu-latest | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: volta-cli/action@v3 | |
- name: Google Cloud Workload Identity Federation | |
uses: google-github-actions/auth@v1 | |
with: | |
workload_identity_provider: ${{ secrets.CLOUD_WORKLOAD_PROVIDER }} | |
service_account: ${{ secrets.CLOUD_SERVICE_ACCOUNT }} | |
- name: Setup Google Cloud SDK | |
uses: google-github-actions/setup-gcloud@v1 | |
with: | |
install_components: gke-gcloud-auth-plugin | |
- name: Set Tag with SHA | |
run: echo "TAG=`echo $GITHUB_SHA | cut -c 1-7`" >> $GITHUB_ENV | |
- run: yarn | |
- run: yarn tsc | |
- name: creating empty creds file to avoid build time injection error | |
run: | | |
mkdir credentials | |
touch credentials/backstage-app-credentials.yaml | |
echo '"{}"' > credentials/techdocs-bucket-credentials.json | |
- name: Build Backstage Frontend | |
# this is skipped by the main `yarn build` command as | |
# it is different from the others, run it separate with | |
# the envs that it needs for injection in the frontend | |
# for config which happens only at build time injection | |
run: yarn workspace app build | |
env: | |
NODE_ENV: production | |
APP_CONFIG_app_baseUrl: https://pr${{ env.PR_NUMBER }}--backstage.frontside.services | |
APP_CONFIG_backend_baseUrl: https://pr${{ env.PR_NUMBER }}--backstage.frontside.services | |
APP_CONFIG_backend_cors_origin: https://pr${{ env.PR_NUMBER }}--backstage.frontside.services | |
APP_CONFIG_auth_providers_auth0_development_domain: ${{ secrets.AUTH_AUTH0_DOMAIN }} | |
APP_CONFIG_auth_providers_auth0_development_clientId: ${{ secrets.AUTH_AUTH0_CLIENT_ID }} | |
- name: Build Backstage Backend | |
run: yarn build | |
env: | |
NODE_ENV: production | |
- name: Cloud Build & Push to Artifacts Registry | |
run: gcloud builds submit . --config=cloudbuild.yaml --substitutions=_IMAGE="$IMAGE:$TAG" | |
- name: Inform Humanitec | |
run: |- | |
curl \ | |
--request POST 'https://api.humanitec.io/orgs/${{ secrets.HUMANITEC_ORG_ID }}/images/backstage/builds' \ | |
--header 'Authorization: Bearer ${{ secrets.HUMANITEC_TOKEN }}' \ | |
--header 'Content-Type: application/json' \ | |
--data-raw '{ | |
"branch": "'$GITHUB_REF_NAME'", | |
"commit": "'$GITHUB_SHA'", | |
"image": "'$IMAGE:$TAG'", | |
"tags": ["'$TAG'"] | |
}' |