diff --git a/.github/workflows/CD-create-container-release.yml b/.github/workflows/CD-create-container-release.yml deleted file mode 100644 index 4e6d5de75b..0000000000 --- a/.github/workflows/CD-create-container-release.yml +++ /dev/null @@ -1,102 +0,0 @@ -name: "Create Container Release" - -on: - workflow_dispatch: - inputs: - build_secret: - type: string - description: Build secret - release_type: - type: choice - description: Release type - options: - - prerelease - - prepatch - - preminor - - premajor - - major - - minor - - patch - pp_version: - type: choice - description: Latest or specific PP version - options: - - latest - - specific - specific_pp_version: - type: string - description: Specific PP version to use for container - -jobs: - build: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - timeout-minutes: 20 - steps: - - name: Check secret - run: | - if [ "${{ github.event.inputs.build_secret }}" != "${{ secrets.BUILD_SECRET }}" ]; then - echo "Wrong build secret." - exit 1 - fi - - - name: Check user permission - id: check - uses: scherermichael-oss/action-has-permission@master - with: - required-permission: write - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Exit if user doesn't have write permission - run: | - if [ "${{ steps.check.outputs.has-permission }}" = "false" ] - then - echo "Only users with write permission are allowed to execute this workflow manually." - exit 1 - fi - - - uses: actions/checkout@v3 - with: - token: ${{ secrets.PAT }} - - - name: Set up node - uses: actions/setup-node@v3 - with: - cache: 'npm' - node-version: '16' - registry-url: 'https://registry.npmjs.org' - scope: '@sjcrh' - - - run: | - npm ci - git fetch --all --tags - if [ $PP_VERSION == "latest" ]; - then - PP_VERSION=$(git describe --tags `git rev-list --tags --max-count=1`) - else - PP_VERSION=$SPECIFIC_PP_VERSION - fi - git checkout $PP_VERSION - FRONT_VERSION=$(node -p "require('./front/package.json').version") - SERVER_VERSION=$(node -p "require('./server/package.json').version") - git checkout master - cd container - npm pkg set containerDeps.front=$FRONT_VERSION - npm pkg set containerDeps.server=$SERVER_VERSION - npm version ${{ github.event.inputs.release_type }} - cd .. - COMMITMSG="Update container version to $(node -p "require('./package.json').version")" - echo "$COMMITMSG" - echo "committing version change ..." - git config --global user.email "PPTeam@STJUDE.ORG" - git config --global user.name "PPTeam CI" - git add --all - git commit -m "$COMMITMSG" - git push origin master - cd container - npm publish --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.NPMJS_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/CD-release-images.yml b/.github/workflows/CD-publish-app-image.yml similarity index 100% rename from .github/workflows/CD-release-images.yml rename to .github/workflows/CD-publish-app-image.yml diff --git a/.github/workflows/CD-publish-docker-image.yml b/.github/workflows/CD-publish-docker-image.yml deleted file mode 100644 index ab6299af58..0000000000 --- a/.github/workflows/CD-publish-docker-image.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Publish Docker Image - -on: - workflow_dispatch: - inputs: - build_secret: - type: string - description: Build secret - -jobs: - build: - if: github.event.pull_request.draft == false - runs-on: ubuntu-latest - steps: - - name: Check secret - run: | - if [ "${{ github.event.inputs.build_secret }}" != "${{ secrets.BUILD_SECRET }}" ]; then - echo "Wrong build secret." - exit 1 - fi - - - name: Check user permission - run: echo "Publish Docker Image" diff --git a/.github/workflows/CD-release-packages.yml b/.github/workflows/CD-publish-packages.yml similarity index 91% rename from .github/workflows/CD-release-packages.yml rename to .github/workflows/CD-publish-packages.yml index e46115d6eb..93c28eff68 100644 --- a/.github/workflows/CD-release-packages.yml +++ b/.github/workflows/CD-publish-packages.yml @@ -1,4 +1,4 @@ -name: "Release Packages" +name: "Publish Packages" on: push: @@ -21,16 +21,7 @@ on: description: Build secret jobs: - unit_test: - uses: ./.github/workflows/CI-unit.yml - secrets: inherit # pragma: allowlist secret - - integration_test: - uses: ./.github/workflows/CI-integration.yml - secrets: inherit # pragma: allowlist secret - - build: - needs: [unit_test, integration_test] + publish: runs-on: ubuntu-latest permissions: contents: read diff --git a/.github/workflows/CD-publish-updated-image.yml b/.github/workflows/CD-publish-updated-image.yml deleted file mode 100644 index 6c795c9280..0000000000 --- a/.github/workflows/CD-publish-updated-image.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: Publish Updated Image - -on: - workflow_dispatch: - inputs: - build_secret: - type: string - description: Build secret - -jobs: - build: - if: github.event.pull_request.draft == false - runs-on: ubuntu-latest - steps: - - name: Check secret - run: | - if [ "${{ github.event.inputs.build_secret }}" != "${{ secrets.BUILD_SECRET }}" ]; then - echo "Wrong build secret." - exit 1 - fi - - - name: Check user permission - id: check - uses: scherermichael-oss/action-has-permission@master - with: - required-permission: write - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - uses: actions/checkout@v3 - - - name: Login to GitHub Container Registry - run: | - echo $CR_PAT | docker login ghcr.io -u stjude --password-stdin - env: - CR_PAT: ${{ secrets.PAT }} - - # Setup .npmrc file to publish to GitHub Packages - - uses: actions/setup-node@v3 - with: - cache: 'npm' - node-version: '16' - registry-url: 'https://registry.npmjs.org' - scope: '@sjcrh' - - # TODO: option to build only the server container? so skip the full container - - run: | - npm ci - cd container - ./build2.sh -r "ghcr.io/stjude/" server - TAG="$(node -p "require('./server/package.json').version")" - HASH=$(git rev-parse --short HEAD) - docker push ghcr.io/stjude/ppserver:$TAG-$HASH - - ./build2.sh -r "ghcr.io/stjude/" full - TAG="$(node -p "require('./full/package.json').version")" - docker push ghcr.io/stjude/ppfull:$TAG-$HASH diff --git a/.github/workflows/CD-release-chain.yml b/.github/workflows/CD-release-chain.yml new file mode 100644 index 0000000000..f052c0a53c --- /dev/null +++ b/.github/workflows/CD-release-chain.yml @@ -0,0 +1,41 @@ +name: "Release Packages, Optional Image" + +on: + push: + branches: + - TMP-pkg-release + - TMP-fake-release + paths-ignore: + - '**.md' + - '**.txt' + - '.**ignore' + - 'docs/**' + # TODO: what if package.dependencies, files were updated? + # this is meant to avoid triggering the on.push event for the version bump + - '**package*.json' + + workflow_dispatch: + inputs: + build_secret: + type: string + description: Build secret + +jobs: + unit_test: + uses: ./.github/workflows/CI-unit.yml + secrets: inherit # pragma: allowlist secret + + integration_test: + uses: ./.github/workflows/CI-integration.yml + secrets: inherit # pragma: allowlist secret + + publish_packages: + needs: [unit_test, integration_test] + uses: ./.github/workflows/CD-publish-packages.yml + secrets: inherit # pragma: allowlist secret + + publish_app_image: + if: ${{ github.ref_name }} == 'publish-app-image' + needs: [ publish_packages ] + uses: ./.github/workflows/CD-publish-app-image.yml + secrets: inherit # pragma: allowlist secret \ No newline at end of file