-
Notifications
You must be signed in to change notification settings - Fork 4
80 lines (79 loc) · 2.75 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
name: Tag, Build and Push Image
on:
push:
branches:
- develop
pull_request:
branches:
- develop
env:
REGISTRY_HOST: gcr.io
GOOGLE_PROJECT: broad-dsp-gcr-public
SERVICE_NAME: ${{ github.event.repository.name }}
jobs:
tag-build-push:
runs-on: ubuntu-latest
outputs:
sherlock-version: ${{ steps.short-sha.outputs.sha }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Get Short Sha
id: short-sha
run: echo "sha=$(git rev-parse --short=12 HEAD)" >> $GITHUB_OUTPUT
- name: 'Set up Cloud SDK'
uses: 'google-github-actions/setup-gcloud@v2'
- name: Construct tags
id: construct-tags
run: |
SHA_TAG="${REGISTRY_HOST}/${GOOGLE_PROJECT}/${SERVICE_NAME}:${{ steps.short-sha.outputs.sha }}"
ENVIRONMENT_TAG=""
if ${{ github.event_name == 'pull_request'}}; then
ENVIRONMENT_TAG="${REGISTRY_HOST}/${GOOGLE_PROJECT}/${SERVICE_NAME}:pr-${{ steps.short-sha.outputs.sha }}"
elif ${{github.event_name == 'push' }}; then
ENVIRONMENT_TAG="${REGISTRY_HOST}/${GOOGLE_PROJECT}/${SERVICE_NAME}:dev"
fi
echo "sha-tag=$SHA_TAG" >> $GITHUB_OUTPUT
echo "environment-tag=$ENVIRONMENT_TAG" >> $GITHUB_OUTPUT
- name: Build Image
run: |
docker build \
-t ${{ steps.construct-tags.outputs.sha-tag }} \
-t ${{ steps.construct-tags.outputs.environment-tag }} \
.
- name: Log Github Actor
run: echo "${{ github.actor }}"
- name: Auth to GCR
if: github.actor != 'dependabot[bot]'
uses: 'google-github-actions/auth@v2'
with:
credentials_json: ${{ secrets.GCR_PUBLISH_KEY_B64 }}
- name: Auth Docker for GCR
if: github.actor != 'dependabot[bot]'
run: gcloud auth configure-docker --quiet
- name: Push Image to GCR
if: github.actor != 'dependabot[bot]'
run: |
docker push ${{ steps.construct-tags.outputs.sha-tag }}
docker push ${{ steps.construct-tags.outputs.environment-tag }}
report-to-sherlock:
uses: broadinstitute/sherlock/.github/workflows/client-report-app-version.yaml@main
needs: [tag-build-push]
with:
new-version: ${{ needs.tag-build-push.outputs.sherlock-version }}
chart-name: 'duos'
permissions:
contents: 'read'
id-token: 'write'
set-version-in-dev:
if: github.event_name == 'push'
uses: broadinstitute/sherlock/.github/workflows/client-set-environment-app-version.yaml@main
needs: [tag-build-push, report-to-sherlock]
with:
new-version: ${{ needs.tag-build-push.outputs.sherlock-version }}
chart-name: 'duos'
environment-name: 'dev'
secrets:
sync-git-token: ${{ secrets.BROADBOT_TOKEN }}
permissions:
id-token: 'write'