-
Notifications
You must be signed in to change notification settings - Fork 1
144 lines (135 loc) · 5.37 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: CI
on:
push:
branches: ["main"]
pull_request:
branches: ["main"]
workflow_dispatch:
jobs:
# The first thing we want to do is build the entire monorepo, while still
# leveraging build caches and pnpm caches. If something has been changed,
# it will be rebuild, retested, and then re-cached. The next time any job
# needs the build output of a project, we restore the cache and then just
# build like normal which keeps the dependent jobs very fast.
rush-build:
name: "Rush build and test"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/workflows/rush-build
with:
SSH_KEY: ${{ secrets.SSH_KEY }}
KNOWN_HOSTS: ${{ secrets.KNOWN_HOSTS }}
TS_OAUTH_SECRET: ${{ secrets.TS_OAUTH_SECRET }}
TS_OAUTH_CLIENT_ID: ${{ secrets.TS_OAUTH_CLIENT_ID }}
# Before we publish, we should check if all the projects we built against
# the latest versions of TinyTower, LegoTower, and TinyTowerVegas to make
# sure that we never accidentally release a stale branch.
rush-pre-publish:
needs: rush-build
name: "Rush pre-publish checks"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2
- uses: ./.github/workflows/rush-build
with:
SSH_KEY: ${{ secrets.SSH_KEY }}
KNOWN_HOSTS: ${{ secrets.KNOWN_HOSTS }}
TS_OAUTH_SECRET: ${{ secrets.TS_OAUTH_SECRET }}
TS_OAUTH_CLIENT_ID: ${{ secrets.TS_OAUTH_CLIENT_ID }}
- name: Verify Change Logs
run: node common/scripts/install-run-rush.js change --verify
- name: Check for latest apks
run: echo "Hi, mom!"
# Uses rush publish to publish all the packages to the npm registry.
rush-publish:
needs: rush-pre-publish
name: "Rush publish"
environment: Publish
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/workflows/rush-build
with:
SSH_KEY: ${{ secrets.SSH_KEY }}
KNOWN_HOSTS: ${{ secrets.KNOWN_HOSTS }}
TS_OAUTH_SECRET: ${{ secrets.TS_OAUTH_SECRET }}
TS_OAUTH_CLIENT_ID: ${{ secrets.TS_OAUTH_CLIENT_ID }}
- name: Rush publish
run: rush publish --publish --apply --target-branch main --npm-auth-token ${{ secrets.NPM_AUTH_TOKEN }}
# In order to build the authproxy docker image, we first need to build it and
# its dependencies (remember this will be really fast because we are caching
# the build output and pnpm cache from the rush-build job). Then we use rush-deploy
# to create a tarball of the authproxy and only its dependencies before passing
# that to docker and letting docker build an image using it.
docker-authproxy:
needs: rush-build
name: "Docker authproxy build"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/workflows/rush-build
with:
BUILD_PARAMETERS: "--to @tinyburg/authproxy"
SSH_KEY: ${{ secrets.SSH_KEY }}
KNOWN_HOSTS: ${{ secrets.KNOWN_HOSTS }}
TS_OAUTH_SECRET: ${{ secrets.TS_OAUTH_SECRET }}
TS_OAUTH_CLIENT_ID: ${{ secrets.TS_OAUTH_CLIENT_ID }}
- uses: ./.github/workflows/docker-build
with:
PROJECT: "authproxy"
DOCKERFILE: "./apps/authproxy/Dockerfile"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# In order to build the auto-gold-bits docker image, we do the same exact steps
# as we did for the authproxy docker image but using the auto-gold-bits project.
docker-auto-gold-bits:
needs: rush-build
name: "Docker auto-gold-bits build"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/workflows/rush-build
with:
BUILD_PARAMETERS: "--to @tinyburg/auto-gold-bits"
SSH_KEY: ${{ secrets.SSH_KEY }}
KNOWN_HOSTS: ${{ secrets.KNOWN_HOSTS }}
TS_OAUTH_SECRET: ${{ secrets.TS_OAUTH_SECRET }}
TS_OAUTH_CLIENT_ID: ${{ secrets.TS_OAUTH_CLIENT_ID }}
- uses: ./.github/workflows/docker-build
with:
PROJECT: "auto-gold-bits"
DOCKERFILE: "./apps/auto-gold-bits/Dockerfile"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# In order to deploy the authproxy docker image, we ssh into the digitalocean
# droplet hosting dokku and then re deploy the dokku app which will pull the
# latest docker image and restart the app.
deploy-authproxy:
needs: docker-authproxy
if: ${{ github.ref == 'refs/heads/main' }}
name: "Deploy docker authproxy"
environment: Publish
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/workflows/dokku-deploy
# In order to deploy the auto-gold-bits docker image, we do the exact same
# steps as we did for the authproxy docker image but using the auto-gold-bits.
deploy-auto-gold-bits:
needs: docker-auto-gold-bits
if: ${{ github.ref == 'refs/heads/main' }}
name: "Deploy docker auto-gold-bits"
environment: Publish
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/workflows/dokku-deploy
# Because why not!
publish-announcement:
needs: [rush-publish, deploy-authproxy, deploy-auto-gold-bits]
if: ${{ github.ref == 'refs/heads/main' }}
name: "Successful publish announcement"
runs-on: ubuntu-latest
steps:
- run: echo "look Mom, look Mom!"