mirror of
https://github.com/logto-io/logto.git
synced 2024-12-30 20:33:54 -05:00
4b6ad4c8c5
since we are tracking the main flow for Logto Cloud, it is required to pass an ApplicationInsights connection string to make it works.
271 lines
7.8 KiB
YAML
271 lines
7.8 KiB
YAML
name: Release
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
target:
|
|
description: 'The release target of Logto'
|
|
required: true
|
|
default: dev
|
|
type: choice
|
|
options:
|
|
- prod
|
|
- dev
|
|
|
|
push:
|
|
branches:
|
|
- master
|
|
tags:
|
|
- v*.*.*
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
|
|
|
|
jobs:
|
|
dockerize-core:
|
|
environment: ${{ startsWith(github.ref, 'refs/tags/') && 'release' || '' }}
|
|
# Use normal machine for OSS release since we'll build on Depot
|
|
runs-on: ${{ (inputs.target || 'dev') == 'dev' && 'ubuntu-latest' || 'ubuntu-latest-4-cores' }}
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Docker meta
|
|
id: meta
|
|
uses: docker/metadata-action@v4
|
|
with:
|
|
images: |
|
|
ghcr.io/logto-io/logto
|
|
svhd/logto
|
|
# https://github.com/docker/metadata-action#typesemver
|
|
tags: |
|
|
type=semver,pattern={{version}}
|
|
type=semver,pattern={{major}}.{{minor}}
|
|
type=semver,pattern={{major}}
|
|
type=sha
|
|
type=edge
|
|
|
|
- name: Login to DockerHub
|
|
uses: docker/login-action@v2
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@v2
|
|
with:
|
|
registry: ghcr.io
|
|
username: silverhand-bot
|
|
password: ${{ secrets.BOT_PAT }}
|
|
|
|
- name: Setup Docker Buildx
|
|
if: ${{ !startsWith(github.ref, 'refs/tags/') }}
|
|
uses: docker/setup-buildx-action@v2
|
|
|
|
- name: Build and push
|
|
if: ${{ !startsWith(github.ref, 'refs/tags/') }}
|
|
uses: docker/build-push-action@v4
|
|
with:
|
|
context: .
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
build-args: |
|
|
additional_connector_args=--cloud
|
|
applicationinsights_connection_string=${{ (inputs.target || 'dev') == 'dev' && secrets.APPLICATIONINSIGHTS_CONNECTION_STRING || secrets.APPLICATIONINSIGHTS_CONNECTION_STRING_PROD }}
|
|
|
|
- name: Setup Depot
|
|
if: ${{ startsWith(github.ref, 'refs/tags/') }}
|
|
uses: depot/setup-action@v1
|
|
|
|
- name: Build and push
|
|
if: ${{ startsWith(github.ref, 'refs/tags/') }}
|
|
uses: depot/build-push-action@v1
|
|
with:
|
|
platforms: linux/amd64, linux/arm64
|
|
project: g902cp6dvv
|
|
context: .
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
|
|
dockerize-cloud:
|
|
# Use normal machine for OSS release since we'll build on Depot
|
|
runs-on: ${{ (inputs.target || 'dev') == 'dev' && 'ubuntu-latest' || 'ubuntu-latest-4-cores' }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Docker meta
|
|
id: meta
|
|
uses: docker/metadata-action@v4
|
|
with:
|
|
images: |
|
|
ghcr.io/logto-io/cloud
|
|
# https://github.com/docker/metadata-action
|
|
tags: |
|
|
type=sha
|
|
type=edge
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@v2
|
|
with:
|
|
registry: ghcr.io
|
|
username: silverhand-bot
|
|
password: ${{ secrets.BOT_PAT }}
|
|
|
|
- name: Setup Docker Buildx
|
|
uses: docker/setup-buildx-action@v2
|
|
|
|
- name: Build and push
|
|
uses: docker/build-push-action@v4
|
|
with:
|
|
file: Dockerfile.cloud
|
|
context: .
|
|
push: true
|
|
tags: ${{ steps.meta.outputs.tags }}
|
|
labels: ${{ steps.meta.outputs.labels }}
|
|
build-args: |
|
|
applicationinsights_connection_string=${{ (inputs.target || 'dev') == 'dev' && secrets.APPLICATIONINSIGHTS_CONNECTION_STRING || secrets.APPLICATIONINSIGHTS_CONNECTION_STRING_PROD }}
|
|
|
|
deploy:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- target: core
|
|
image: logto
|
|
- target: cloud
|
|
image: cloud
|
|
|
|
runs-on: ubuntu-latest
|
|
needs: [dockerize-core, dockerize-cloud]
|
|
environment: ${{ inputs.target || 'dev' }}-${{ matrix.target }}-staging
|
|
if: ${{ !startsWith(github.ref, 'refs/tags/') }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
|
|
- name: Set short sha
|
|
id: sha
|
|
run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
|
|
|
|
- name: Setup Node and pnpm
|
|
if: ${{ (inputs.target || 'dev') == 'dev' && matrix.target == 'core' }}
|
|
uses: silverhand-io/actions-node-pnpm-run-steps@v3
|
|
|
|
- name: Deploy database alteration
|
|
if: ${{ (inputs.target || 'dev') == 'dev' && matrix.target == 'core' }}
|
|
run: |
|
|
pnpm prepack
|
|
pnpm cli db alt deploy next
|
|
env:
|
|
DB_URL: ${{ secrets.DB_URL }}
|
|
|
|
- name: Login to GitHub Container Registry
|
|
uses: docker/login-action@v2
|
|
with:
|
|
registry: ghcr.io
|
|
username: silverhand-bot
|
|
password: ${{ secrets.BOT_PAT }}
|
|
|
|
- name: Login via Azure CLI
|
|
uses: azure/login@v1
|
|
with:
|
|
creds: ${{ secrets.AZURE_CREDENTIALS }}
|
|
|
|
- name: Deploy ${{ matrix.target }} to containerapp
|
|
uses: azure/webapps-deploy@v2
|
|
with:
|
|
app-name: ${{ vars.APP_NAME }}
|
|
slot-name: staging
|
|
images: ghcr.io/logto-io/${{ matrix.image }}:sha-${{ steps.sha.outputs.short }}
|
|
|
|
swap-staging-prod:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
target: [core, cloud]
|
|
|
|
runs-on: ubuntu-latest
|
|
needs: deploy
|
|
environment: ${{ inputs.target || 'dev' }}-${{ matrix.target }}
|
|
|
|
steps:
|
|
- name: Login via Azure CLI
|
|
uses: azure/login@v1
|
|
with:
|
|
creds: ${{ secrets.AZURE_CREDENTIALS }}
|
|
|
|
- name: Swap ${{ matrix.target }} to production
|
|
# See https://learn.microsoft.com/en-us/cli/azure/webapp/deployment/slot?view=azure-cli-latest#az-webapp-deployment-slot-swap
|
|
run: az webapp deployment slot swap -g ${{ vars.RESOURCE_GROUP }} -n ${{ vars.APP_NAME }} --slot staging
|
|
|
|
# Publish packages and create git tags if needed
|
|
publish-and-tag:
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTOMATION_TOKEN }}
|
|
|
|
if: ${{ !startsWith(github.ref, 'refs/tags/') }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
# Set Git operations with the bot PAT since we have tag protection rule
|
|
token: ${{ secrets.BOT_PAT }}
|
|
fetch-depth: 0
|
|
|
|
- name: Setup Node and pnpm
|
|
uses: silverhand-io/actions-node-pnpm-run-steps@v3
|
|
|
|
- name: Import GPG key
|
|
uses: crazy-max/ghaction-import-gpg@v5
|
|
with:
|
|
gpg_private_key: ${{ secrets.BOT_GPG_KEY }}
|
|
passphrase: ${{ secrets.BOT_GPG_PASSPHRASE }}
|
|
git_user_signingkey: true
|
|
git_commit_gpgsign: true
|
|
git_tag_gpgsign: true
|
|
|
|
- name: Configure Git user
|
|
run: |
|
|
git config --global user.email bot@silverhand.io
|
|
git config --global user.name silverhand-bot
|
|
|
|
- name: Publish
|
|
run: node .scripts/publish.js
|
|
|
|
create-github-release:
|
|
environment: release
|
|
runs-on: ubuntu-latest
|
|
if: startsWith(github.ref, 'refs/tags/')
|
|
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Setup Node and pnpm
|
|
uses: silverhand-io/actions-node-pnpm-run-steps@v3
|
|
|
|
- name: Build
|
|
run: pnpm -r build
|
|
|
|
- name: Package
|
|
run: ./.scripts/package.sh
|
|
|
|
- name: Release
|
|
uses: softprops/action-gh-release@v1
|
|
with:
|
|
token: ${{ secrets.BOT_PAT }}
|
|
body: ''
|
|
files: /tmp/logto.tar.gz
|
|
append_body: true
|