-
Notifications
You must be signed in to change notification settings - Fork 31
179 lines (155 loc) · 5.68 KB
/
ci-cd-main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
# WARNING: DO NOT EDIT THIS FILE!!!
#
# This file is autogenerated from .github/workflows/ci-cd-main.yml.erb
# by ./internal-scripts/generate-ci-cd-yaml.rb.
# Please edit the .erb file instead, then regenerate YAML
# by running that script.
#
# TIP: run this on your development machine to ensure generate-ci-cd-yaml.rb
# is run automatically as a Git pre-commit hook:
#
# git config core.hooksPath .githooks
name: 'CI/CD: main'
on:
workflow_dispatch:
inputs:
ci_artifacts_run_number:
required: false
description: Run number for CI artifacts
push:
paths-ignore:
- '**.md'
- 'dev-handbook/**'
env:
## Set the following variable to a specific number to make the
## Google Cloud artifact upload/download actions treat as
## if we're running the given CI run number. Useful for
## speeding up development of the CI itself, in order to
## avoid rebuilding.
CI_ARTIFACTS_RUN_NUMBER: 329 # ${{ github.event.inputs.ci_artifacts_run_number || github.run_number }}
jobs:
# Determines which jobs should be run, or (in case this is a re-run)
# which jobs can be skipped this time because the last run succeeded.
# We determine this by checking whether the artifacts produced by jobs
# exist in this run.
determine_necessary_jobs:
name: Determine necessary jobs
runs-on: ubuntu-24.04
environment: test
permissions:
id-token: write
packages: read
outputs:
ci_artifacts_run_number: ${{ steps.get_ci_artifacts_run_number.outputs.number }}
necessary_jobs: ${{ steps.check.outputs.necessary_jobs }}
steps:
- name: Workaround for detecting new workflows in branches
run: |
echo 'New workflow detected. Please delete the fix/cicd-new-workflows branch now.'
exit 1
if: github.event_name == 'push' && github.ref == 'refs/heads/fix/cicd-new-workflows'
- uses: actions/checkout@v4
- uses: google-github-actions/auth@v2
with:
project_id: ${{ vars.GCLOUD_PROJECT_ID }}
workload_identity_provider: projects/${{ vars.GCLOUD_PROJECT_NUM }}/locations/global/workloadIdentityPools/github/providers/github
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2
with:
version: '>= 363.0.0'
- name: Take note of CI artifacts run number
id: get_ci_artifacts_run_number
run: echo "number=$CI_ARTIFACTS_RUN_NUMBER" >> "$GITHUB_OUTPUT"
- name: List artifacts built in previous try of same CI run
run: ./internal-scripts/ci-cd/determine-necessary-jobs/list-artifacts.sh
env:
CI_ARTIFACTS_BUCKET: ${{ vars.CI_ARTIFACTS_BUCKET }}
- name: Determine necessary jobs
id: check
run: ./internal-scripts/ci-cd/determine-necessary-jobs/determine-necessary-jobs.rb
env:
GITHUB_ACTOR: ${{ github.actor }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
check_workflow_uptodate:
name: Check whether workflow is up-to-date
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- name: Check
run: ./internal-scripts/ci-cd/check-workflow-uptodate/check.sh
prepare:
name: Prepare
needs:
- determine_necessary_jobs
- check_workflow_uptodate
permissions:
id-token: write
packages: read
secrets: inherit
uses: ./.github/workflows/ci-cd-prepare.yml
with:
ci_artifacts_run_number: ${{ needs.determine_necessary_jobs.outputs.ci_artifacts_run_number }}
necessary_jobs: ${{ needs.determine_necessary_jobs.outputs.necessary_jobs }}
build_packages_1:
name: Build [1]
needs:
- determine_necessary_jobs
- prepare
permissions:
id-token: write
packages: read
secrets: inherit
uses: ./.github/workflows/ci-cd-build-packages-1.yml
with:
ci_artifacts_run_number: ${{ needs.determine_necessary_jobs.outputs.ci_artifacts_run_number }}
necessary_jobs: ${{ needs.determine_necessary_jobs.outputs.necessary_jobs }}
# # Run even if a transitively dependent job has been skipped
# if: |
# needs.prepare.result == 'success'
# && !failure() && !cancelled()
build_packages_2:
name: Build [2]
needs:
- determine_necessary_jobs
- prepare
permissions:
id-token: write
packages: read
secrets: inherit
uses: ./.github/workflows/ci-cd-build-packages-2.yml
with:
ci_artifacts_run_number: ${{ needs.determine_necessary_jobs.outputs.ci_artifacts_run_number }}
necessary_jobs: ${{ needs.determine_necessary_jobs.outputs.necessary_jobs }}
# # Run even if a transitively dependent job has been skipped
# if: |
# needs.prepare.result == 'success'
# && !failure() && !cancelled()
publish_test:
name: Publish & test against test repos
needs:
- determine_necessary_jobs
- prepare
- build_packages_1
- build_packages_2
permissions:
id-token: write
packages: read
secrets: inherit
uses: ./.github/workflows/ci-cd-publish-test-test.yml
with:
ci_artifacts_run_number: ${{ needs.determine_necessary_jobs.outputs.ci_artifacts_run_number }}
necessary_jobs: ${{ needs.determine_necessary_jobs.outputs.necessary_jobs }}
publish_production:
name: Publish & test against production repos
needs:
- determine_necessary_jobs
- prepare
- publish_test
permissions:
id-token: write
packages: read
secrets: inherit
uses: ./.github/workflows/ci-cd-publish-test-production.yml
with:
ci_artifacts_run_number: ${{ needs.determine_necessary_jobs.outputs.ci_artifacts_run_number }}
necessary_jobs: ${{ needs.determine_necessary_jobs.outputs.necessary_jobs }}