chore: reserve more scopes #1007
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- "**" | |
merge_group: | |
env: | |
TERRAFORM_VERSION: "1.4.2" | |
jobs: | |
frontend: | |
if: github.event_name != 'push' | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Clone repository | |
uses: actions/checkout@v4 | |
- name: Install Deno | |
uses: denoland/setup-deno@v1 | |
with: | |
deno-version: 1.x | |
- name: Check license headers | |
run: deno task lint:license | |
- name: Format | |
run: deno fmt --check | |
working-directory: frontend | |
- name: Lint | |
run: deno lint | |
working-directory: frontend | |
- name: Typecheck | |
run: deno check main.ts | |
working-directory: frontend | |
- name: Build Fresh | |
run: deno task build | |
working-directory: frontend | |
test: | |
runs-on: ubuntu-22.04 | |
if: github.event_name != 'push' | |
steps: | |
- name: Clone repository | |
uses: actions/checkout@v4 | |
- name: Install Rust | |
uses: dsherret/rust-toolchain-file@v1 | |
- uses: Swatinem/rust-cache@v2 | |
- name: Setup postgres for tests | |
run: docker-compose up -d | |
- name: Build | |
run: cargo build --all-targets --tests | |
working-directory: api | |
- name: Test | |
run: cargo test | |
working-directory: api | |
- uses: taiki-e/cache-cargo-install-action@v1 | |
with: | |
tool: [email protected] | |
# If it's not up to date, run `cargo sqlx prepare` locally and commit the | |
# changes. You may have to run `cargo install sqlx-cli` first. | |
- name: Check sqlx metadata is up to date | |
run: | | |
cargo sqlx migrate run | |
cargo sqlx prepare --check | |
working-directory: api | |
env: | |
DATABASE_URL: postgres://user:password@localhost/registry | |
- name: Lint | |
run: cargo clippy --all-targets --all-features -- -D warnings | |
working-directory: api | |
- name: Format | |
run: cargo fmt --all -- --check | |
working-directory: api | |
docker-images: | |
if: github.event_name == 'merge_group' || github.event_name == 'push' | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
id-token: write | |
env: | |
API_IMAGE_ID_BASE: us-central1-docker.pkg.dev/deno-registry3-infra/registry/api | |
FRONTEND_IMAGE_ID_BASE: us-central1-docker.pkg.dev/deno-registry3-infra/registry/frontend | |
outputs: | |
api_image_id: ${{ steps.api_image_id.outputs.image_id }} | |
frontend_image_id: ${{ steps.frontend_image_id.outputs.image_id }} | |
steps: | |
- name: Clone repository | |
uses: actions/checkout@v4 | |
- name: Authenticate with GCP | |
id: gcp_auth | |
uses: google-github-actions/auth@v2 | |
with: | |
project_id: deno-registry3-infra | |
token_format: access_token | |
workload_identity_provider: projects/289615555261/locations/global/workloadIdentityPools/github-actions/providers/github-actions | |
service_account: [email protected] | |
- uses: docker/login-action@v3 | |
with: | |
registry: us-central1-docker.pkg.dev | |
username: oauth2accesstoken | |
password: ${{ steps.gcp_auth.outputs.access_token }} | |
- name: Set up docker buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Copy Cargo.lock | |
run: cp Cargo.lock api/Cargo.lock | |
- name: Build and push api docker image | |
uses: docker/build-push-action@v5 | |
id: api_push | |
with: | |
context: api | |
push: true | |
tags: ${{ env.API_IMAGE_ID_BASE }}:${{ github.sha }} | |
cache-from: type=gha,scope=docker-api | |
cache-to: type=gha,mode=max,scope=docker-api | |
- name: Build and push frontend docker image | |
uses: docker/build-push-action@v5 | |
id: frontend_push | |
with: | |
context: frontend | |
push: true | |
tags: ${{ env.FRONTEND_IMAGE_ID_BASE }}:${{ github.sha }} | |
cache-from: type=gha,scope=docker-frontend | |
cache-to: type=gha,mode=max,scope=docker-frontend | |
- name: Set api_image_id output | |
id: api_image_id | |
run: echo "image_id=${{ env.API_IMAGE_ID_BASE }}@${{ steps.api_push.outputs.imageid }}" >> $GITHUB_OUTPUT | |
- name: Set frontend_image_id output | |
id: frontend_image_id | |
run: echo "image_id=${{ env.FRONTEND_IMAGE_ID_BASE }}@${{ steps.frontend_push.outputs.imageid }}" >> $GITHUB_OUTPUT | |
staging: | |
if: github.event_name == 'merge_group' | |
runs-on: ubuntu-22.04 | |
needs: docker-images | |
environment: | |
name: staging | |
url: https://deno-registry-staging.net | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Clone repository | |
uses: actions/checkout@v4 | |
- name: Install Deno | |
uses: denoland/setup-deno@v1 | |
with: | |
deno-version: 1.x | |
- name: Install terraform | |
uses: hashicorp/setup-terraform@v3 | |
with: | |
terraform_version: ${{ env.TERRAFORM_VERSION }} | |
- name: Authenticate with GCP | |
id: gcp_auth | |
uses: google-github-actions/auth@v2 | |
with: | |
project_id: deno-registry3-staging | |
workload_identity_provider: projects/1067420915575/locations/global/workloadIdentityPools/github-actions/providers/github-actions | |
service_account: [email protected] | |
- name: terraform plan | |
run: | | |
touch terraform/staging.secret.tfvars | |
deno task tf:staging:init | |
terraform version | |
deno task tf:staging:plan | |
env: | |
API_IMAGE_ID: ${{ needs.docker-images.outputs.api_image_id }} | |
FRONTEND_IMAGE_ID: ${{ needs.docker-images.outputs.frontend_image_id }} | |
TF_VAR_github_client_secret: ${{ secrets.GH_CLIENT_SECRET }} | |
TF_VAR_postmark_token: ${{ secrets.POSTMARK_TOKEN }} | |
TF_VAR_orama_package_index_id: ${{ secrets.ORAMA_PACKAGE_INDEX_ID }} | |
TF_VAR_orama_package_private_api_key: ${{ secrets.ORAMA_PACKAGE_PRIVATE_API_KEY }} | |
- name: terraform apply | |
run: deno task tf:staging:apply | |
- name: Run e2e tests | |
run: deno task e2e:staging | |
- name: Reindex orama docs search | |
env: | |
ORAMA_DOCS_INDEX_ID: ${{ secrets.ORAMA_DOCS_INDEX_ID }} | |
ORAMA_DOCS_PRIVATE_API_KEY: ${{ secrets.ORAMA_DOCS_PRIVATE_API_KEY }} | |
run: deno task tools:orama:docs_reindex | |
prod: | |
if: github.event_name == 'push' || github.ref == 'refs/heads/main' | |
runs-on: ubuntu-22.04 | |
needs: docker-images | |
environment: | |
name: prod | |
url: https://jsr.io | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Clone repository | |
uses: actions/checkout@v4 | |
- name: Install Deno | |
uses: denoland/setup-deno@v1 | |
with: | |
deno-version: 1.x | |
- name: Install terraform | |
uses: hashicorp/setup-terraform@v3 | |
with: | |
terraform_version: ${{ env.TERRAFORM_VERSION }} | |
- name: Authenticate with GCP | |
id: gcp_auth | |
uses: google-github-actions/auth@v2 | |
with: | |
project_id: deno-registry3-prod | |
workload_identity_provider: projects/614736529383/locations/global/workloadIdentityPools/github-actions/providers/github-actions | |
service_account: [email protected] | |
- name: terraform plan | |
run: | | |
touch terraform/prod.secret.tfvars | |
deno task tf:prod:init | |
terraform version | |
deno task tf:prod:plan | |
env: | |
API_IMAGE_ID: ${{ needs.docker-images.outputs.api_image_id }} | |
FRONTEND_IMAGE_ID: ${{ needs.docker-images.outputs.frontend_image_id }} | |
TF_VAR_github_client_secret: ${{ secrets.GH_CLIENT_SECRET }} | |
TF_VAR_postmark_token: ${{ secrets.POSTMARK_TOKEN }} | |
TF_VAR_orama_package_index_id: ${{ secrets.ORAMA_PACKAGE_INDEX_ID }} | |
TF_VAR_orama_package_private_api_key: ${{ secrets.ORAMA_PACKAGE_PRIVATE_API_KEY }} | |
- name: terraform apply | |
run: deno task tf:prod:apply | |
- name: Run e2e tests | |
run: deno task e2e:prod | |
- name: Reindex orama docs search | |
env: | |
ORAMA_DOCS_INDEX_ID: ${{ secrets.ORAMA_DOCS_INDEX_ID }} | |
ORAMA_DOCS_PRIVATE_API_KEY: ${{ secrets.ORAMA_DOCS_PRIVATE_API_KEY }} | |
run: deno task tools:orama:docs_reindex | |