chore(ci): improve GitHub workflows for release process

StanChe · StanChe · commit 1ec3706452b9 · 2025-02-26T20:52:43.000Z
- Update docker.yml to ensure proper tag pushing with PUSH_CONDITION
- Remove redundant version tag format (keeping only v-prefixed tags)
- Set GH_TOKEN at job level in both release workflows
- Remove unnecessary GitHub CLI authentication steps
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -5,16 +5,21 @@ on:
   pull_request:
     branches: [develop]
   push:
-    branches: [develop, main]
+    branches: [develop]
     tags: ["v*"]
 
+# Add concurrency to cancel in-progress runs on the same ref
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 # Add permissions block for GitHub Container Registry access
 permissions:
   contents: read
   packages: write
 
 env:
-  PUSH_CONDITION: ${{ github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && contains(fromJSON('["refs/heads/main", "refs/heads/develop"]'), github.ref)) }}
+  PUSH_CONDITION: ${{ github.event_name == 'push' && (contains(fromJSON('["refs/heads/develop"]'), github.ref) || startsWith(github.ref, 'refs/tags/')) || github.event_name == 'workflow_dispatch' && contains(fromJSON('["refs/heads/develop"]'), github.ref) }}
 
 jobs:
   build-base-image:
@@ -23,7 +28,10 @@ jobs:
       version: ${{ steps.version.outputs.version }}
 
     steps:
-      - uses: actions/checkout@v4
+      - name: Check out repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
@@ -82,7 +90,10 @@ jobs:
             rocksdb_backup,
           ]
     steps:
-      - uses: actions/checkout@v4  # Need to checkout code for Dockerfile
+      - name: Check out repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
@@ -114,7 +125,6 @@ jobs:
             ghcr.io/${{ github.repository_owner }}/aura-${{ matrix.binary-name }}
           tags: |
             type=semver,pattern=v{{version}}
-            type=semver,pattern={{version}}
             type=raw,value=latest,enable={{is_default_branch}}
 
       - name: Docker metadata for branch
@@ -133,7 +143,7 @@ jobs:
         with:
           context: .
           file: docker/app.Dockerfile
-          push: ${{ env.PUSH_CONDITION || startsWith(github.ref, 'refs/tags/') }}
+          push: ${{ env.PUSH_CONDITION }}
           tags: ${{ startsWith(github.ref, 'refs/tags/') && steps.meta_tag.outputs.tags || steps.meta_branch.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
@@ -157,3 +167,18 @@ jobs:
                     "version": "${{ needs.build-base-image.outputs.version }}"
                   }
                 }'
+      
+      - name: Repository dispatch for production
+        if: startsWith(github.ref, 'refs/tags/')
+        run: |
+          curl -X POST \
+            -H "Authorization: token ${{ secrets.DISPATCH_TOKEN_PROD }}" \
+            -H "Accept: application/vnd.github+json" \
+            https://api.github.com/repos/adm-metaex/aura-config-prod/dispatches \
+            -d '{
+                  "event_type": "deploy",
+                  "client_payload": {
+                    "services": "${{ env.PUSH_CONDITION && 'ingester,slot_persister,backfill,api,synchronizer,rocksdb_backup' || '' }}",
+                    "version": "${{ needs.build-base-image.outputs.version }}"
+                  }
+                }'
diff --git a/.github/workflows/release-finalize.yml b/.github/workflows/release-finalize.yml
@@ -15,9 +15,11 @@ jobs:
   finalize-release:
     if: github.event.pull_request.merged == true && startsWith(github.event.pull_request.head.ref, 'release/v')
     runs-on: ubuntu-latest
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Fetch all history for proper tagging
 
@@ -27,11 +29,6 @@ jobs:
           git config --global user.name "GitHub Actions"
           git config --global user.email "actions@github.com"
 
-      - name: Setup GitHub CLI
-        run: |
-          set -e
-          echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token
-
       - name: Download changelog artifact
         uses: actions/download-artifact@v4
         with:
diff --git a/.github/workflows/release-prepare.yml b/.github/workflows/release-prepare.yml
@@ -25,6 +25,8 @@ jobs:
       version: ${{ inputs.version }} # Output the version for use in other jobs
       tag_name: v${{ inputs.version }}
       release_branch: release/v${{ inputs.version }}
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
     steps:
       - name: Check out repository
@@ -48,10 +50,6 @@ jobs:
           git config --global user.name "GitHub Actions"
           git config --global user.email "actions@github.com"
         
-      - name: Setup GitHub CLI
-        run: |
-          echo ${{ secrets.GITHUB_TOKEN }} | gh auth login --with-token
-          
       - name: Install dependencies
         run: |
           set -e
