From ab0ce71db8bd90f15471ec8e5bb905e0ca36c951 Mon Sep 17 00:00:00 2001 From: Joseph Flinn <58369717+joseph-flinn@users.noreply.github.com> Date: Tue, 21 Sep 2021 09:37:17 -0700 Subject: [PATCH] Updating to new CI model (#1196) * starting the new pipeline model update * updating the deploy portion of the pipeline * adding a stub for the release notes * removing the redundant deploy workflow * fixing the cloud job. Adding a npm pre-cache * updating the hashFile for the caches * removing the cache-hit check since the logic doesn't work for node_modules * checking out the repo in the precache * removing the pre-cache step. Seems to slow down the pipeline overall * ghpage-deploy with the correct input for the versions * testing a custom action for the DCT setup * fixing a typo * fixing the shell issue in the custom action * removing a conditional to run a test * testing redaction * fixing the weird colon inline with run issue * commenting out the DCT for testing * test passed. Updating the release pipeline with the new Setup DCT action * updating the DCT setup action hash * updating the release workflow with the linter suggestions --- .github/workflows/build.yml | 285 ++++++++++++++++++-------------- .github/workflows/deploy.yml | 73 -------- .github/workflows/qa-deploy.yml | 2 +- .github/workflows/release.yml | 230 ++++++++++++++------------ 4 files changed, 286 insertions(+), 304 deletions(-) delete mode 100644 .github/workflows/deploy.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 66664eeb98..2e57e114e6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,7 +15,7 @@ on: jobs: cloc: name: CLOC - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 steps: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f @@ -29,124 +29,9 @@ jobs: run: cloc --include-lang TypeScript,JavaScript,HTML,Sass,CSS --vcs git - build-selfhost: - name: Build SelfHost Docker image - runs-on: ubuntu-latest - steps: - - name: Set up Node - uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea - with: - node-version: '14' - - - name: Update NPM - run: | - npm install -g npm@7 - - - name: Cache npm - id: npm-cache - uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 - with: - path: '~/.npm' - key: ${{ runner.os }}-${{ github.run_id }}-npm-${{ hashFiles('**/package-lock.json') }} - - - name: Print environment - run: | - whoami - node --version - npm --version - gulp --version - docker --version - echo "GitHub ref: $GITHUB_REF" - echo "GitHub event: $GITHUB_EVENT" - - - name: Login to Azure - if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' - uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a - with: - creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - - - name: Retrieve secrets - if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' - id: retrieve-secrets - uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 - with: - keyvault: "bitwarden-prod-kv" - secrets: "docker-password, - docker-username, - dct-delegate-2-repo-passphrase, - dct-delegate-2-key" - - - name: Log into Docker - if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' - run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin - env: - DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }} - DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }} - - - name: Setup Docker Trust - if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' - run: | - mkdir -p ~/.docker/trust/private - - echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key - env: - DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c" - DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }} - - - name: Checkout repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - - - name: Restore - run: dotnet tool restore - - - name: Install dependencies - run: npm install - - - name: Build - run: | - echo -e "# Building Web\n" - echo "Building app" - echo "npm version $(npm --version)" - npm run dist:bit:selfhost - - echo -e "\nBuilding Docker image" - docker --version - docker build -t bitwarden/web . - - - name: Tag rc branch - if: github.ref == 'refs/heads/rc' - run: docker tag bitwarden/web bitwarden/web:rc - - - name: Tag dev - if: github.ref == 'refs/heads/master' - run: docker tag bitwarden/web bitwarden/web:dev - - - name: List Docker images - if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' - run: docker images - - - name: Push rc images - if: github.ref == 'refs/heads/rc' - run: docker push bitwarden/web:rc - env: - DOCKER_CONTENT_TRUST: 1 - DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }} - - - name: Push dev images - if: github.ref == 'refs/heads/master' - run: docker push bitwarden/web:dev - env: - DOCKER_CONTENT_TRUST: 1 - DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }} - - - name: Log out of Docker - if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' - run: docker logout - - build-qa: - name: Build QA Docker image - runs-on: ubuntu-latest + name: Build Docker images for testing + runs-on: ubuntu-20.04 steps: - name: Set up Node uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea @@ -162,7 +47,7 @@ jobs: uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 with: path: '~/.npm' - key: ${{ runner.os }}-${{ github.run_id }}-npm-${{ hashFiles('**/package-lock.json') }} + key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} - name: Print environment run: | @@ -209,7 +94,7 @@ jobs: docker build -t bitwardenqa.azurecr.io/web . - name: Get image tag - id: image_tag + id: image-tag run: | IMAGE_TAG=$(echo "$GITHUB_REF" | awk '{split($0, a, "/"); print a[3];}') TAG_EXTENSION=${{ github.events.inputs.custom_tag_extension }} @@ -221,7 +106,7 @@ jobs: - name: Tag image env: - IMAGE_TAG: ${{ steps.image_tag.outputs.value }} + IMAGE_TAG: ${{ steps.image-tag.outputs.value }} run: docker tag bitwardenqa.azurecr.io/web "bitwardenqa.azurecr.io/web:$IMAGE_TAG" - name: Tag dev @@ -233,7 +118,7 @@ jobs: - name: Push image env: - IMAGE_TAG: ${{ steps.image_tag.outputs.value }} + IMAGE_TAG: ${{ steps.image-tag.outputs.value }} run: docker push "bitwardenqa.azurecr.io/web:$IMAGE_TAG" - name: Push dev images @@ -244,9 +129,152 @@ jobs: run: docker logout + build-cloud: + name: Build Cloud zip + runs-on: ubuntu-20.04 + steps: + - name: Set up Node + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea + with: + node-version: '14' + + - name: Update NPM + run: | + npm install -g npm@7 + + - name: Cache npm + id: npm-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: '~/.npm' + key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} + + - name: Print environment + run: | + whoami + node --version + npm --version + gulp --version + docker --version + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + + - name: Install dependencies + run: npm ci + + - name: Build Cloud + run: | + npm run dist:bit:cloud + zip -r prod-build-artifact.zip build + + - name: Upload build artifact + uses: actions/upload-artifact@ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 # v2.2.3 + with: + name: prod-build-artifact.zip + path: ./prod-build-artifact.zip + if-no-files-found: error + + + build-selfhost: + name: Build SelfHost Docker image + runs-on: ubuntu-20.04 + steps: + - name: Set up Node + uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea + with: + node-version: '14' + + - name: Update NPM + run: | + npm install -g npm@7 + + - name: Cache npm + id: npm-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: '~/.npm' + key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} + + - name: Print environment + run: | + whoami + node --version + npm --version + gulp --version + docker --version + echo "GitHub ref: $GITHUB_REF" + echo "GitHub event: $GITHUB_EVENT" + + - name: Setup DCT + if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' + id: setup-dct + uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff + with: + azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + azure-keyvault-name: "bitwarden-prod-kv" + + - name: Checkout repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + + - name: Restore + run: dotnet tool restore + + - name: Install dependencies + run: npm ci + + - name: Build + run: | + echo -e "# Building Web\n" + echo "Building app" + echo "npm version $(npm --version)" + VERSION=$( jq -r ".version" package.json) + jq --arg version "$VERSION - ${GITHUB_SHA:0:7}" '.version = $version' package.json > package.json.tmp + mv package.json.tmp package.json + + npm run dist:bit:selfhost + + echo "{\"commit_hash\": \"$GITHUB_SHA\", \"ref\": \"$GITHUB_REF\"}" | jq . > build/info.json + + echo -e "\nBuilding Docker image" + docker --version + docker build -t bitwarden/web . + + - name: Tag rc branch + if: github.ref == 'refs/heads/rc' + run: docker tag bitwarden/web bitwarden/web:rc + + - name: Tag dev + if: github.ref == 'refs/heads/master' + run: docker tag bitwarden/web bitwarden/web:dev + + - name: List Docker images + if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' + run: docker images + + - name: Push rc images + if: github.ref == 'refs/heads/rc' + run: docker push bitwarden/web:rc + env: + DOCKER_CONTENT_TRUST: 1 + DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }} + + - name: Push dev images + if: github.ref == 'refs/heads/master' + run: docker push bitwarden/web:dev + env: + DOCKER_CONTENT_TRUST: 1 + DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }} + + - name: Log out of Docker + if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/rc' + run: docker logout + + windows: name: Test code on Windows - runs-on: windows-latest + runs-on: windows-2019 steps: - name: Set up NuGet uses: nuget/setup-nuget@04b0c2b8d1b97922f67eca497d7cf0bf17b8ffe1 @@ -256,6 +284,13 @@ jobs: - name: Set up MSBuild uses: microsoft/setup-msbuild@c26a08ba26249b81327e26f6ef381897b6a8754d + - name: Cache npm + id: npm-cache + uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 # v2.1.6 + with: + path: '~/.npm' + key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} + - name: Set up Node uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea with: @@ -281,8 +316,10 @@ jobs: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + - name: Install dependencies + run: npm ci - name: NPM install - run: npm install + run: npm ci - name: NPM build run: npm run build:bit:cloud diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index 7496eed1a3..0000000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,73 +0,0 @@ ---- -name: Deploy - -on: - workflow_dispatch: - inputs: - release_version: - description: "Release Tag Version " - required: true - release: - types: - - published - - -jobs: - deploy: - name: Deploy Web Vault - runs-on: ubuntu-latest - steps: - - name: Checkout Repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - with: - ref: gh-pages - - - name: Get release version - id: release-version - run: | - if [[ "${{ github.event_name }}" == "release" ]]; then - echo "::set-output name=version::${{ github.event.release.tag_name }}" - else - echo "::set-output name=version::${{ github.event.inputs.release_version }}" - fi - - - name: Create deploy branch - run: | - git switch -c deploy-${{ steps.release-version.outputs.version }} - git push -u origin deploy-${{ steps.release-version.outputs.version }} - - - name: Checkout Repo - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 - with: - ref: rc - - - name: Setup git config - run: | - git config user.name = "GitHub Action Bot" - git config user.email = "<>" - git config --global url."https://github.com/".insteadOf ssh://git@github.com/ - git config --global url."https://".insteadOf ssh:// - - - name: Install and Build - run: | - npm run sub:init - npm ci - npm run dist:bit:cloud - - - name: Deploy GitHub Pages - uses: crazy-max/ghaction-github-pages@db4476a01402e1a7ce05f41832040eef16d14925 # v2.5.0 - with: - target_branch: deploy-${{ steps.release-version.outputs.version }} - build_dir: build - keep_history: true - commit_message: "Staging deploy ${{ steps.release-version.outputs.version }}" - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Create Deploy PR - run: | - gh pr create --title "Deploy $VERSION" --body "Deploying $VERSION" --base gh-pages --head "$PR_BRANCH" - env: - VERSION: ${{ steps.release-version.outputs.version }} - PR_BRANCH: deploy-${{ steps.release-version.outputs.version }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/qa-deploy.yml b/.github/workflows/qa-deploy.yml index 48a8f2ac92..b3aadb893f 100644 --- a/.github/workflows/qa-deploy.yml +++ b/.github/workflows/qa-deploy.yml @@ -17,7 +17,7 @@ env: jobs: deploy: name: Deploy QA Web - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 steps: - name: Checkout Repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 30693e8eb3..a0960cb767 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,19 +3,16 @@ name: Release on: workflow_dispatch: - inputs: - release_tag_name_input: - description: "Release Tag Name " - required: true + inputs: {} jobs: setup: name: Setup - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 outputs: release_upload_url: ${{ steps.create_release.outputs.upload_url }} - release_version: ${{ steps.create_tags.outputs.package_version }} - tag_version: ${{ steps.create_tags.outputs.tag_version }} + release_version: ${{ steps.create_tags.outputs.package }} + tag_version: ${{ steps.create_tags.outputs.tag }} steps: - name: Branch check run: | @@ -29,132 +26,153 @@ jobs: - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # 2.3.4 - - name: Create Release Vars - id: create_tags + - name: Check Release Version + id: version run: | - case "${RELEASE_TAG_NAME_INPUT:0:1}" in - v) - echo "RELEASE_NAME=${RELEASE_TAG_NAME_INPUT:1}" >> $GITHUB_ENV - echo "RELEASE_TAG_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV - echo "::set-output name=package_version::${RELEASE_TAG_NAME_INPUT:1}" - echo "::set-output name=tag_version::$RELEASE_TAG_NAME_INPUT" - ;; - [0-9]) - echo "RELEASE_NAME=$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV - echo "RELEASE_TAG_NAME=v$RELEASE_TAG_NAME_INPUT" >> $GITHUB_ENV - echo "::set-output name=package_version::$RELEASE_TAG_NAME_INPUT" - echo "::set-output name=tag_version::v$RELEASE_TAG_NAME_INPUT" - ;; - *) - exit 1 - ;; - esac - env: - RELEASE_TAG_NAME_INPUT: ${{ github.event.inputs.release_tag_name_input }} + version=$( jq -r ".version" package.json) + previous_release_tag_version=$( + curl -sL https://api.github.com/repos/$GITHUB_REPOSITORY/releases/latest | jq -r ".tag_name" + ) - - name: Create Draft Release - id: create_release - uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # 1.1.4 - Repo Archived - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - tag_name: ${{ env.RELEASE_TAG_NAME }} - release_name: Version ${{ env.RELEASE_NAME }} - draft: true - prerelease: false + if [ "v$version" == "$previous_release_tag_version" ]; then + echo "[!] Already released v$version. Please bump version to continue" + exit 1 + fi - ubuntu: - name: Ubuntu - runs-on: ubuntu-latest + echo "::set-output name=package::$version" + echo "::set-output name=tag::v$version" + + + self-host: + name: Build self-host docker + runs-on: ubuntu-20.04 needs: setup env: _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} steps: - - name: Set up Node - uses: actions/setup-node@46071b5c7a2e0c34e49c3cb8a0e792e86e18d5ea - with: - node-version: '14' - - - name: Update NPM - run: | - npm install -g npm@7 - - name: Print environment run: | whoami - node --version - npm --version - gulp --version docker --version echo "GitHub ref: $GITHUB_REF" echo "GitHub event: $GITHUB_EVENT" - - name: Login to Azure - uses: Azure/login@77f1b2e3fb80c0e8645114159d17008b8a2e475a + - name: Setup DCT + id: setup-dct + uses: bitwarden/gh-actions/setup-docker-trust@a8c384a05a974c05c48374c818b004be221d43ff with: - creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} - - - name: Retrieve secrets - id: retrieve-secrets - uses: Azure/get-keyvault-secrets@80ccd3fafe5662407cc2e55f202ee34bfff8c403 - with: - keyvault: "bitwarden-prod-kv" - secrets: "docker-password, - docker-username, - dct-delegate-2-repo-passphrase, - dct-delegate-2-key" - - - name: Log into Docker - run: echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin - env: - DOCKER_USERNAME: ${{ steps.retrieve-secrets.outputs.docker-username }} - DOCKER_PASSWORD: ${{ steps.retrieve-secrets.outputs.docker-password }} - - - name: Setup Docker Trust - if: github.ref == 'refs/heads/master' || github.event_name == 'release' || github.ref == 'refs/heads/rc' - run: | - mkdir -p ~/.docker/trust/private - - echo "$DCT_DELEGATE_KEY" > ~/.docker/trust/private/$DCT_DELEGATION_KEY_ID.key - env: - DCT_DELEGATION_KEY_ID: "c9bde8ec820701516491e5e03d3a6354e7bd66d05fa3df2b0062f68b116dc59c" - DCT_DELEGATE_KEY: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-key }} + azure-creds: ${{ secrets.AZURE_PROD_KV_CREDENTIALS }} + azure-keyvault-name: "bitwarden-prod-kv" - name: Checkout repo uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - - name: Restore - run: dotnet tool restore - - - name: Build - run: | - echo -e "# Building Web\n" - echo "Building app" - echo "npm version $(npm --version)" - npm install - npm run dist:bit:selfhost - - echo -e "\nBuilding Docker image" - docker --version - docker build -t bitwarden/web . + - name: Pull latest selfhost rc image + run: docker pull bitwarden/web:rc - name: Tag version - run: docker tag bitwarden/web bitwarden/web:$_RELEASE_VERSION + run: | + docker tag bitwarden/web:rc bitwarden/web:latest + docker tag bitwarden/web:rc bitwarden/web:$_RELEASE_VERSION - name: List Docker images run: docker images - - name: Push latest images - run: docker push bitwarden/web:latest + - name: Push images + run: | + docker push bitwarden/web:latest + docker push bitwarden/web:$_RELEASE_VERSION env: DOCKER_CONTENT_TRUST: 1 - DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }} - - - name: Push version images - run: docker push bitwarden/web:$_RELEASE_VERSION - env: - DOCKER_CONTENT_TRUST: 1 - DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.retrieve-secrets.outputs.dct-delegate-2-repo-passphrase }} + DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: ${{ steps.setup-dct.outputs.dct-delegate-repo-passphrase }} - name: Log out of Docker run: docker logout + + + ghpages-deploy: + name: Deploy Web Vault + runs-on: ubuntu-20.04 + needs: + - setup + - self-host + env: + _RELEASE_VERSION: ${{ needs.setup.outputs.release_version }} + _TAG_VERSION: ${{ needs.setup.outputs.tag_version }} + steps: + - name: Checkout Repo + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f # v2.3.4 + with: + ref: gh-pages + + - name: Create deploy branch + run: | + git switch -c deploy-$_TAG_VERSION + git push -u origin deploy-$_TAG_VERSION + git switch rc + + - name: Setup git config + run: | + git config user.name = "GitHub Action Bot" + git config user.email = "<>" + git config --global url."https://github.com/".insteadOf ssh://git@github.com/ + git config --global url."https://".insteadOf ssh:// + + - name: Download latest RC Production build + uses: dawidd6/action-download-artifact@b9571484721e8187f1fd08147b497129f8972c74 # v2.14.0 + with: + workflow: build.yml + workflow_conclusion: success + branch: rc + name: prod-build-artifact.zip + + # This should result in a build directory in the current working directory + - name: Unzip build asset + run: unzip prod-build-artifact.zip + + - name: Deploy GitHub Pages + uses: crazy-max/ghaction-github-pages@db4476a01402e1a7ce05f41832040eef16d14925 # v2.5.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + target_branch: deploy-${{ needs.setup.outputs.tag_version }} + build_dir: build + keep_history: true + commit_message: "Staging deploy ${{ needs.setup.outputs.release_version }}" + + - name: Create Deploy PR + env: + PR_BRANCH: deploy-${{ env._TAG_VERSION }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh pr create --title "Deploy $_RELEASE_VERSION" \ + --body "Deploying $_RELEASE_VERSION" \ + --base gh-pages \ + --head "$PR_BRANCH" + + + release: + name: Create GitHub Release + runs-on: ubuntu-20.04 + needs: + - setup + - self-host + - ghpages-deploy + steps: + - name: Download latest RC Production build + uses: dawidd6/action-download-artifact@b9571484721e8187f1fd08147b497129f8972c74 # v2.14.0 + with: + workflow: build.yml + workflow_conclusion: success + branch: rc + name: prod-build-artifact.zip + + - name: Create release + uses: ncipollo/release-action@95215a3cb6e6a1908b3c44e00b4fdb15548b1e09 + with: + artifacts: prod-build-artifact.zip + commit: ${{ github.sha }} + tag: "${{ needs.version.outputs.tag_version }}" + name: "Version ${{ needs.version.outputs.release_version }}" + body: "" + token: ${{ secrets.GITHUB_TOKEN }}