feat: simplify config/secret API (#1241) #524
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
tags: | |
- "v[0-9]+.[0-9]+.[0-9]+" | |
workflow_dispatch: | |
name: Release | |
jobs: | |
build-runner: | |
name: Build Runner Docker Image | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Init Hermit | |
uses: cashapp/activate-hermit@v1 | |
- name: Build | |
run: | | |
docker build -t ghcr.io/tbd54566975/ftl-runner:"$GITHUB_SHA" -t ghcr.io/tbd54566975/ftl-runner:latest -f Dockerfile.runner . | |
mkdir -p artifacts/ftl-runner | |
docker save -o artifacts/ftl-runner/ftl-runner.tar ghcr.io/tbd54566975/ftl-runner:latest | |
- name: Temporarily save Docker image | |
uses: actions/upload-artifact@v4 | |
with: | |
name: docker-runner-artifact | |
path: artifacts/ftl-runner/ftl-runner.tar | |
retention-days: 1 | |
build-controller: | |
name: Build Controller Docker Image | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Init Hermit | |
uses: cashapp/activate-hermit@v1 | |
- name: Build | |
run: | | |
docker build -t ghcr.io/tbd54566975/ftl-controller:"$GITHUB_SHA" -t ghcr.io/tbd54566975/ftl-controller:latest -f Dockerfile.controller . | |
mkdir -p artifacts/ftl-controller | |
docker save -o artifacts/ftl-controller/ftl-controller.tar ghcr.io/tbd54566975/ftl-controller:latest | |
- name: Temporarily save Docker image | |
uses: actions/upload-artifact@v4 | |
with: | |
name: docker-controller-artifact | |
path: artifacts/ftl-controller | |
retention-days: 1 | |
release-docker: | |
name: Release Assets | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
needs: [build-runner, build-controller] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Init Hermit | |
uses: cashapp/activate-hermit@v1 | |
- name: Retrieve Runner Docker image | |
uses: actions/download-artifact@v4 | |
with: | |
name: docker-runner-artifact | |
path: artifacts/ftl-runner | |
- name: Retrieve Controller Docker image | |
uses: actions/download-artifact@v4 | |
with: | |
name: docker-controller-artifact | |
path: artifacts/ftl-controller | |
- name: Load Runner Docker image | |
run: docker load -i artifacts/ftl-runner/ftl-runner.tar | |
- name: Load Controller Docker image | |
run: docker load -i artifacts/ftl-controller/ftl-controller.tar | |
- name: Log in to the Container registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ github.token }} | |
- name: Push Docker Images | |
run: | | |
version="$(git describe --tags --abbrev=0)" | |
docker tag ghcr.io/tbd54566975/ftl-runner:latest ghcr.io/tbd54566975/ftl-runner:"$GITHUB_SHA" | |
docker tag ghcr.io/tbd54566975/ftl-runner:latest ghcr.io/tbd54566975/ftl-runner:"$version" | |
docker push -a ghcr.io/tbd54566975/ftl-runner | |
docker tag ghcr.io/tbd54566975/ftl-controller:latest ghcr.io/tbd54566975/ftl-controller:"$GITHUB_SHA" | |
docker tag ghcr.io/tbd54566975/ftl-controller:latest ghcr.io/tbd54566975/ftl-controller:"$version" | |
docker push -a ghcr.io/tbd54566975/ftl-controller | |
release-jars: | |
name: Release JARs | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Init Hermit | |
uses: cashapp/activate-hermit@v1 | |
# Ideally we'd use Hermit's JDK, but this action creates the correct settings.xml for us. | |
- uses: actions/setup-java@v4 | |
with: | |
java-version: "11" | |
distribution: "temurin" | |
server-id: "ossrh" # must match the serverId configured for the nexus-staging-maven-plugin | |
server-username: OSSRH_USERNAME | |
server-password: OSSRH_PASSWORD | |
gpg-passphrase: SIGN_KEY_PASS | |
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} | |
cache: "maven" | |
- name: Publish JARs # Snapshots are published first, then the tagged release | |
run: | | |
mvn -f kotlin-runtime/ftl-runtime -U -B clean deploy -P release | |
mvn -f kotlin-runtime/ftl-runtime -B versions:set -DnewVersion="$(git describe --tags --abbrev=0 | cut -c2-)" -DprocessAllModules -DgenerateBackupPoms=false | |
mvn -f kotlin-runtime/ftl-runtime -U -B clean deploy -P release | |
git clean -f ./*.flattened_pom.xml | |
env: | |
SIGN_KEY_PASS: ${{ secrets.GPG_PASSPHRASE }} | |
OSSRH_USERNAME: ${{ secrets.SONATYPE_USERNAME }} | |
OSSRH_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} | |
GITHUB_TOKEN: ${{ github.token }} | |
create-release: | |
name: Release Go Binaries | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Init Hermit | |
uses: cashapp/activate-hermit@v1 | |
- name: Build Cache | |
uses: ./.github/actions/build-cache | |
- name: Build Console | |
run: just build-frontend | |
- name: Publish Go Binaries | |
run: | | |
just errtrace | |
just build ftl # Ensure all the prerequisites are built before we use goreleaser | |
goreleaser release --skip=validate | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
FTL_HOMEBREW_TOKEN: ${{ secrets.FTL_HOMEBREW_TOKEN }} | |
hermit-release: | |
name: Release Hermit | |
runs-on: ubuntu-latest | |
needs: [create-release] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
repository: TBD54566975/hermit-ftl | |
ref: "main" | |
token: ${{ secrets.FTL_HERMIT_AUTOVERSION }} | |
- name: Init Hermit | |
uses: cashapp/activate-hermit@v1 | |
- name: Setup Git Config | |
run: | | |
git config --global user.email "github-actions[bot]@users.noreply.github.com" | |
git config --global user.name "github-actions[bot]" | |
- name: Auto-version | |
run: | | |
hermit manifest auto-version ftl.hcl --update-digests | |
- name: Commit and Push | |
run: | | |
git add ftl.hcl | |
git commit -m "Auto-versioned" | |
git push origin main |