chore: fix ci, reduce necessary memory and dont persist logs in cloud… #3007
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - "**" | |
| merge_group: | |
| env: | |
| TERRAFORM_VERSION: "1.4.2" | |
| jobs: | |
| frontend: | |
| if: github.event_name != 'push' | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v6 | |
| - name: Install Deno | |
| uses: denoland/setup-deno@v2 | |
| - name: Check license headers | |
| run: deno task lint:license | |
| - name: Format | |
| run: deno fmt --check | |
| working-directory: frontend | |
| - name: Lint | |
| run: deno task lint:frontend | |
| - name: Test | |
| run: deno task test | |
| working-directory: frontend | |
| - name: Build Fresh | |
| run: deno task build | |
| working-directory: frontend | |
| worker: | |
| if: github.event_name != 'push' | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v5 | |
| - name: Install Deno | |
| uses: denoland/setup-deno@v2 | |
| - name: Check formatting | |
| run: deno fmt --check | |
| working-directory: lb | |
| - name: Lint | |
| run: deno task lint:lb | |
| - name: Build worker | |
| run: deno task build | |
| working-directory: lb | |
| check: | |
| runs-on: ubuntu-22.04 | |
| if: github.event_name != 'push' | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v6 | |
| with: | |
| lfs: true | |
| - name: Install Rust | |
| uses: dsherret/rust-toolchain-file@v1 | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Format | |
| run: cargo fmt --all -- --check | |
| working-directory: api | |
| - name: Setup postgres for tests | |
| run: docker compose up -d | |
| - uses: taiki-e/cache-cargo-install-action@v3 | |
| with: | |
| tool: sqlx-cli@0.7.1 | |
| - name: Check sqlx metadata is up to date | |
| run: | | |
| cargo sqlx migrate run | |
| cargo sqlx prepare --check -- --all-targets | |
| working-directory: api | |
| env: | |
| DATABASE_URL: postgres://user:password@localhost/registry | |
| - name: Lint | |
| run: cargo clippy --all-targets --all-features -- -D warnings | |
| working-directory: api | |
| test: | |
| runs-on: ubuntu-22.04 | |
| if: github.event_name != 'push' | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v6 | |
| with: | |
| lfs: true | |
| - name: Install Rust | |
| uses: dsherret/rust-toolchain-file@v1 | |
| - uses: Swatinem/rust-cache@v2 | |
| - name: Setup postgres for tests | |
| run: docker compose up -d | |
| - name: Build | |
| run: cargo build --all-targets --tests | |
| working-directory: api | |
| - name: Test | |
| run: cargo test | |
| working-directory: api | |
| docker-images: | |
| if: github.event_name == 'merge_group' || github.event_name == 'push' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'test-on-staging')) | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| contents: read | |
| id-token: write | |
| env: | |
| API_IMAGE_ID_BASE: us-central1-docker.pkg.dev/deno-registry3-infra/registry/api | |
| FRONTEND_IMAGE_ID_BASE: us-central1-docker.pkg.dev/deno-registry3-infra/registry/frontend | |
| outputs: | |
| api_image_id: ${{ steps.api_image_id.outputs.image_id }} | |
| frontend_image_id: ${{ steps.frontend_image_id.outputs.image_id }} | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v6 | |
| - name: Authenticate with GCP | |
| id: gcp_auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| project_id: deno-registry3-infra | |
| token_format: access_token | |
| workload_identity_provider: projects/289615555261/locations/global/workloadIdentityPools/github-actions/providers/github-actions | |
| service_account: github-actions@deno-registry3-infra.iam.gserviceaccount.com | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: us-central1-docker.pkg.dev | |
| username: oauth2accesstoken | |
| password: ${{ steps.gcp_auth.outputs.access_token }} | |
| # On push to main, try to reuse images already built during merge_group. | |
| # Falls back to building if the images don't exist (e.g. admin bypass). | |
| - name: Check if images already exist | |
| if: github.event_name == 'push' | |
| id: check_existing | |
| run: | | |
| if docker manifest inspect ${{ env.API_IMAGE_ID_BASE }}:${{ github.sha }} > /dev/null 2>&1 && | |
| docker manifest inspect ${{ env.FRONTEND_IMAGE_ID_BASE }}:${{ github.sha }} > /dev/null 2>&1; then | |
| echo "exists=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "exists=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Set up docker buildx | |
| if: github.event_name != 'push' || steps.check_existing.outputs.exists != 'true' | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Copy Cargo.lock | |
| if: github.event_name != 'push' || steps.check_existing.outputs.exists != 'true' | |
| run: cp Cargo.lock api/Cargo.lock | |
| - name: Build and push api docker image | |
| if: github.event_name != 'push' || steps.check_existing.outputs.exists != 'true' | |
| uses: docker/build-push-action@v5 | |
| id: api_push | |
| with: | |
| context: api | |
| push: true | |
| tags: ${{ env.API_IMAGE_ID_BASE }}:${{ github.sha }} | |
| cache-from: type=gha,scope=docker-api | |
| cache-to: type=gha,mode=max,scope=docker-api | |
| - name: Build and push frontend docker image | |
| if: github.event_name != 'push' || steps.check_existing.outputs.exists != 'true' | |
| uses: docker/build-push-action@v5 | |
| id: frontend_push | |
| with: | |
| context: frontend | |
| push: true | |
| tags: ${{ env.FRONTEND_IMAGE_ID_BASE }}:${{ github.sha }} | |
| cache-from: type=gha,scope=docker-frontend | |
| cache-to: type=gha,mode=max,scope=docker-frontend | |
| - name: Set api_image_id output | |
| id: api_image_id | |
| run: | | |
| if [ -n "${{ steps.api_push.outputs.imageid }}" ]; then | |
| echo "image_id=${{ env.API_IMAGE_ID_BASE }}@${{ steps.api_push.outputs.imageid }}" >> $GITHUB_OUTPUT | |
| else | |
| echo "image_id=${{ env.API_IMAGE_ID_BASE }}:${{ github.sha }}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Set frontend_image_id output | |
| id: frontend_image_id | |
| run: | | |
| if [ -n "${{ steps.frontend_push.outputs.imageid }}" ]; then | |
| echo "image_id=${{ env.FRONTEND_IMAGE_ID_BASE }}@${{ steps.frontend_push.outputs.imageid }}" >> $GITHUB_OUTPUT | |
| else | |
| echo "image_id=${{ env.FRONTEND_IMAGE_ID_BASE }}:${{ github.sha }}" >> $GITHUB_OUTPUT | |
| fi | |
| staging: | |
| if: github.event_name == 'merge_group' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'test-on-staging')) | |
| runs-on: ubuntu-22.04 | |
| needs: docker-images | |
| environment: | |
| name: staging | |
| url: https://deno-registry-staging.net | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v6 | |
| - name: Install Deno | |
| uses: denoland/setup-deno@v2 | |
| - name: Install terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ${{ env.TERRAFORM_VERSION }} | |
| - name: Authenticate with GCP | |
| id: gcp_auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| project_id: deno-registry3-staging | |
| workload_identity_provider: projects/1067420915575/locations/global/workloadIdentityPools/github-actions/providers/github-actions | |
| service_account: github-actions@deno-registry3-staging.iam.gserviceaccount.com | |
| - name: Build Cloudflare Worker | |
| run: deno task build | |
| working-directory: lb | |
| - name: terraform plan | |
| run: | | |
| touch terraform/staging.secret.tfvars | |
| deno task tf:staging:init | |
| terraform version | |
| deno task tf:staging:plan | |
| env: | |
| API_IMAGE_ID: ${{ needs.docker-images.outputs.api_image_id }} | |
| FRONTEND_IMAGE_ID: ${{ needs.docker-images.outputs.frontend_image_id }} | |
| TF_VAR_github_client_secret: ${{ secrets.GH_CLIENT_SECRET }} | |
| TF_VAR_gitlab_client_secret: ${{ secrets.GITLAB_CLIENT_SECRET }} | |
| TF_VAR_postmark_token: ${{ secrets.POSTMARK_TOKEN }} | |
| TF_VAR_orama_packages_project_key: ${{ secrets.ORAMA_PACKAGES_PROJECT_KEY }} | |
| TF_VAR_orama_packages_project_id: ${{ vars.ORAMA_PACKAGES_PROJECT_ID }} | |
| TF_VAR_orama_packages_data_source: ${{ vars.ORAMA_PACKAGES_DATA_SOURCE }} | |
| TF_VAR_orama_symbols_project_key: ${{ secrets.ORAMA_SYMBOLS_PROJECT_KEY }} | |
| TF_VAR_orama_symbols_project_id: ${{ vars.ORAMA_SYMBOLS_PROJECT_ID }} | |
| TF_VAR_orama_symbols_data_source: ${{ vars.ORAMA_SYMBOLS_DATA_SOURCE }} | |
| TF_VAR_orama_docs_project_id: ${{ vars.ORAMA_DOCS_PROJECT_ID }} | |
| TF_VAR_cloudflare_api_token: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| - name: terraform apply | |
| run: deno task tf:staging:apply | |
| - name: Run e2e tests | |
| run: deno task e2e:staging | |
| - name: Reindex orama docs search | |
| env: | |
| ORAMA_DOCS_PROJECT_KEY: ${{ secrets.ORAMA_DOCS_PROJECT_KEY }} | |
| ORAMA_DOCS_PROJECT_ID: ${{ vars.ORAMA_DOCS_PROJECT_ID }} | |
| ORAMA_DOCS_DATA_SOURCE: ${{ vars.ORAMA_DOCS_DATA_SOURCE }} | |
| run: deno task tools:orama:docs_reindex | |
| prod: | |
| if: github.event_name == 'push' || github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-22.04 | |
| needs: docker-images | |
| environment: | |
| name: prod | |
| url: https://jsr.io | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - name: Clone repository | |
| uses: actions/checkout@v6 | |
| - name: Install Deno | |
| uses: denoland/setup-deno@v2 | |
| - name: Install terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ${{ env.TERRAFORM_VERSION }} | |
| - name: Authenticate with GCP | |
| id: gcp_auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| project_id: deno-registry3-prod | |
| workload_identity_provider: projects/614736529383/locations/global/workloadIdentityPools/github-actions/providers/github-actions | |
| service_account: github-actions@deno-registry3-prod.iam.gserviceaccount.com | |
| - name: Build Cloudflare Worker | |
| run: deno task build | |
| working-directory: lb | |
| - name: terraform plan | |
| run: | | |
| touch terraform/prod.secret.tfvars | |
| deno task tf:prod:init | |
| terraform version | |
| deno task tf:prod:plan | |
| env: | |
| API_IMAGE_ID: ${{ needs.docker-images.outputs.api_image_id }} | |
| FRONTEND_IMAGE_ID: ${{ needs.docker-images.outputs.frontend_image_id }} | |
| TF_VAR_github_client_secret: ${{ secrets.GH_CLIENT_SECRET }} | |
| TF_VAR_gitlab_client_secret: ${{ secrets.GITLAB_CLIENT_SECRET }} | |
| TF_VAR_postmark_token: ${{ secrets.POSTMARK_TOKEN }} | |
| TF_VAR_orama_packages_project_key: ${{ secrets.ORAMA_PACKAGES_PROJECT_KEY }} | |
| TF_VAR_orama_packages_project_id: ${{ vars.ORAMA_PACKAGES_PROJECT_ID }} | |
| TF_VAR_orama_packages_data_source: ${{ vars.ORAMA_PACKAGES_DATA_SOURCE }} | |
| TF_VAR_orama_symbols_project_key: ${{ secrets.ORAMA_SYMBOLS_PROJECT_KEY }} | |
| TF_VAR_orama_symbols_project_id: ${{ vars.ORAMA_SYMBOLS_PROJECT_ID }} | |
| TF_VAR_orama_symbols_data_source: ${{ vars.ORAMA_SYMBOLS_DATA_SOURCE }} | |
| TF_VAR_orama_docs_project_id: ${{ vars.ORAMA_DOCS_PROJECT_ID }} | |
| TF_VAR_cloudflare_api_token: ${{ secrets.CLOUDFLARE_API_TOKEN }} | |
| - name: terraform apply | |
| run: deno task tf:prod:apply | |
| - name: Run e2e tests | |
| run: deno task e2e:prod | |
| - name: Reindex orama docs search | |
| env: | |
| ORAMA_DOCS_PROJECT_KEY: ${{ secrets.ORAMA_DOCS_PROJECT_KEY }} | |
| ORAMA_DOCS_PROJECT_ID: ${{ vars.ORAMA_DOCS_PROJECT_ID }} | |
| ORAMA_DOCS_DATA_SOURCE: ${{ vars.ORAMA_DOCS_DATA_SOURCE }} | |
| run: deno task tools:orama:docs_reindex |