-
Notifications
You must be signed in to change notification settings - Fork 3k
113 lines (89 loc) · 4.06 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
name: Deploy code to staging or production
on:
push:
branches: [staging, production]
jobs:
validate:
runs-on: ubuntu-latest
outputs:
isAutomatedPullRequest: ${{ steps.isAutomatedPullRequest.outputs.IS_AUTOMERGE_PR }}
steps:
- name: Get merged pull request
id: getMergedPullRequest
# TODO: Point back action actions-ecosystem after https://github.com/actions-ecosystem/action-get-merged-pull-request/pull/223 is merged
uses: roryabraham/action-get-merged-pull-request@7a7a194f6ff8f3eef58c822083695a97314ebec1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Check if merged pull request was an automatic version bump PR
id: isAutomatedPullRequest
run: echo "::set-output name=IS_AUTOMERGE_PR::${{ steps.getMergedPullRequest.outputs.author == 'OSBotify' }}"
deployStaging:
runs-on: ubuntu-latest
needs: validate
if: ${{ fromJSON(needs.validate.outputs.isAutomatedPullRequest) && github.ref == 'refs/heads/staging' }}
steps:
- name: Checkout staging branch
uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
ref: staging
token: ${{ secrets.OS_BOTIFY_TOKEN }}
- name: Decrypt Botify GPG key
run: cd .github/workflows && gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output OSBotify-private-key.asc OSBotify-private-key.asc.gpg
env:
LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
- name: Import Botify GPG Key
run: cd .github/workflows && gpg --import OSBotify-private-key.asc
- name: Set up git for Botify
run: |
git config user.signingkey 367811D53E34168C
git config commit.gpgsign true
git config user.name OSBotify
git config user.email [email protected]
- name: Tag version
run: git tag "$(npm run print-version --silent)"
- name: 🚀 Push tags to trigger staging deploy 🚀
run: git push --tags
deployProduction:
runs-on: ubuntu-latest
needs: validate
if: ${{ fromJSON(needs.validate.outputs.isAutomatedPullRequest) && github.ref == 'refs/heads/production' }}
steps:
- uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f
with:
fetch-depth: 0
token: ${{ secrets.OS_BOTIFY_TOKEN }}
- name: Decrypt Botify GPG key
run: cd .github/workflows && gpg --quiet --batch --yes --decrypt --passphrase="$LARGE_SECRET_PASSPHRASE" --output OSBotify-private-key.asc OSBotify-private-key.asc.gpg
env:
LARGE_SECRET_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
- name: Import Botify GPG Key
run: cd .github/workflows && gpg --import OSBotify-private-key.asc
- name: Set up git for Botify
run: |
git config user.signingkey 367811D53E34168C
git config commit.gpgsign true
git config user.name OSBotify
git config user.email [email protected]
- name: Checkout production branch
run: git checkout production
- name: Get current app version
run: echo "PRODUCTION_VERSION=$(npm run print-version --silent)" >> "$GITHUB_ENV"
- name: Get Release Pull Request List
id: getReleasePRList
uses: Expensify/App/.github/actions/getDeployPullRequestList@main
with:
TAG: ${{ env.PRODUCTION_VERSION }}
GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}
IS_PRODUCTION_DEPLOY: true
- name: Generate Release Body
id: getReleaseBody
uses: Expensify/App/.github/actions/getReleaseBody@main
with:
PR_LIST: ${{ steps.getReleasePRList.outputs.PR_LIST }}
- name: 🚀 Create release to trigger production deploy 🚀
uses: softprops/action-gh-release@affa18ef97bc9db20076945705aba8c516139abd
with:
tag_name: ${{ env.PRODUCTION_VERSION }}
body: ${{ steps.getReleaseBody.outputs.RELEASE_BODY }}
env:
GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }}