Skip to content

...

... #374

Workflow file for this run

# WARNING: DO NOT EDIT THIS FILE!!!
#
# This file is autogenerated from .github/workflows/ci-cd-main.yml.erb
# by ./internal-scripts/generate-ci-cd-yaml.rb.
# Please edit the .erb file instead, then regenerate YAML
# by running that script.
#
# TIP: run this on your development machine to ensure generate-ci-cd-yaml.rb
# is run automatically as a Git pre-commit hook:
#
# git config core.hooksPath .githooks
name: 'CI/CD: main'
on:
workflow_dispatch:
inputs:
ci_artifacts_run_number:
required: false
description: Run number for CI artifacts
push:
paths-ignore:
- '**.md'
- 'dev-handbook/**'
env:
## Set the following variable to a specific number to make the
## Google Cloud artifact upload/download actions treat as
## if we're running the given CI run number. Useful for
## speeding up development of the CI itself, in order to
## avoid rebuilding.
CI_ARTIFACTS_RUN_NUMBER: 329 # ${{ github.event.inputs.ci_artifacts_run_number || github.run_number }}
jobs:
test:
runs-on: ubuntu-24.04
environment: deploy
permissions:
id-token: write
steps:
- uses: actions/checkout@v4
- uses: actions/github-script@v7
id: get-id-token
# if: github.ref == 'refs/heads/main'
with:
script: |
const fs = require('fs');
const token = await core.getIDToken('backend.fullstaqruby.org');
fs.writeFileSync(
process.env.GITHUB_OUTPUT,
`id_token<<EOF\n${token}\nEOF\n`,
{ flag: 'a' }
);
- name: Restart web server
run: ./internal-scripts/ci-cd/publish/restart-web-server.rb
# if: github.ref == 'refs/heads/main'
env:
ID_TOKEN: ${{ steps.get-id-token.outputs.id_token }}
- run: 'false'
# Determines which jobs should be run, or (in case this is a re-run)
# which jobs can be skipped this time because the last run succeeded.
# We determine this by checking whether the artifacts produced by jobs
# exist in this run.
determine_necessary_jobs:
name: Determine necessary jobs
needs: test
runs-on: ubuntu-24.04
environment: test
permissions:
id-token: write
packages: read
outputs:
ci_artifacts_run_number: ${{ steps.get_ci_artifacts_run_number.outputs.number }}
necessary_jobs: ${{ steps.check.outputs.necessary_jobs }}
steps:
- name: Workaround for detecting new workflows in branches
run: |
echo 'New workflow detected. Please delete the fix/cicd-new-workflows branch now.'
exit 1
if: github.event_name == 'push' && github.ref == 'refs/heads/fix/cicd-new-workflows'
- uses: actions/checkout@v4
- uses: google-github-actions/auth@v2
with:
project_id: ${{ vars.GCLOUD_PROJECT_ID }}
workload_identity_provider: projects/${{ vars.GCLOUD_PROJECT_NUM }}/locations/global/workloadIdentityPools/github-ci-test/providers/github-ci-test
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2
with:
version: '>= 363.0.0'
- name: Take note of CI artifacts run number
id: get_ci_artifacts_run_number
run: echo "number=$CI_ARTIFACTS_RUN_NUMBER" >> "$GITHUB_OUTPUT"
- name: List artifacts built in previous try of same CI run
run: ./internal-scripts/ci-cd/determine-necessary-jobs/list-artifacts.sh
env:
CI_ARTIFACTS_BUCKET: ${{ vars.CI_ARTIFACTS_BUCKET }}
- name: Determine necessary jobs
id: check
run: ./internal-scripts/ci-cd/determine-necessary-jobs/determine-necessary-jobs.rb
env:
GITHUB_ACTOR: ${{ github.actor }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
check_workflow_uptodate:
name: Check whether workflow is up-to-date
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Check
run: ./internal-scripts/ci-cd/check-workflow-uptodate/check.sh
prepare:
name: Prepare
needs:
- determine_necessary_jobs
- check_workflow_uptodate
permissions:
id-token: write
packages: read
secrets: inherit
uses: ./.github/workflows/ci-cd-prepare.yml
with:
ci_artifacts_run_number: ${{ needs.determine_necessary_jobs.outputs.ci_artifacts_run_number }}
necessary_jobs: ${{ needs.determine_necessary_jobs.outputs.necessary_jobs }}
build_packages_1:
name: Build [1]
needs:
- determine_necessary_jobs
- prepare
permissions:
id-token: write
packages: read
secrets: inherit
uses: ./.github/workflows/ci-cd-build-packages-1.yml
with:
ci_artifacts_run_number: ${{ needs.determine_necessary_jobs.outputs.ci_artifacts_run_number }}
necessary_jobs: ${{ needs.determine_necessary_jobs.outputs.necessary_jobs }}
# # Run even if a transitively dependent job has been skipped
# if: |
# needs.prepare.result == 'success'
# && !failure() && !cancelled()
build_packages_2:
name: Build [2]
needs:
- determine_necessary_jobs
- prepare
permissions:
id-token: write
packages: read
secrets: inherit
uses: ./.github/workflows/ci-cd-build-packages-2.yml
with:
ci_artifacts_run_number: ${{ needs.determine_necessary_jobs.outputs.ci_artifacts_run_number }}
necessary_jobs: ${{ needs.determine_necessary_jobs.outputs.necessary_jobs }}
# # Run even if a transitively dependent job has been skipped
# if: |
# needs.prepare.result == 'success'
# && !failure() && !cancelled()
publish_test:
name: Publish & test against test repos
needs:
- determine_necessary_jobs
- prepare
- build_packages_1
- build_packages_2
permissions:
id-token: write
packages: read
secrets: inherit
uses: ./.github/workflows/ci-cd-publish-test-test.yml
with:
ci_artifacts_run_number: ${{ needs.determine_necessary_jobs.outputs.ci_artifacts_run_number }}
necessary_jobs: ${{ needs.determine_necessary_jobs.outputs.necessary_jobs }}
publish_production:
name: Publish & test against production repos
needs:
- determine_necessary_jobs
- prepare
- publish_test
permissions:
id-token: write
packages: read
contents: write
secrets: inherit
uses: ./.github/workflows/ci-cd-publish-test-production.yml
with:
ci_artifacts_run_number: ${{ needs.determine_necessary_jobs.outputs.ci_artifacts_run_number }}
necessary_jobs: ${{ needs.determine_necessary_jobs.outputs.necessary_jobs }}