huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
76c079bcff3887ece6937c216b78bd85fb6d0728
speckle-server/.github/workflows/release.yml
T
Iain Sproat 0b7f06348c ci(snyk): fix syntax (#5605) 
- cannot have a negation in an 'if'
2025-09-30 11:56:17 +01:00

109 lines
4.0 KiB
YAML
Raw Blame History

name: Release pipeline
on:
push:
branches:
- main
- 'hotfix.*'
- 'testing*'
tags:
- '[0-9]+.[0-9]+.[0-9]+'
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ startsWith(github.ref, 'refs/heads/testing') }} # deployments on testing* will cancel each other, prod and tags no
jobs:
get-version:
name: Get version
uses: ./.github/workflows/get-version.yml
get-chart-name:
name: Get Chart Name
uses: ./.github/workflows/get-chart-name.yml
tests:
needs: [get-version]
uses: ./.github/workflows/tests.yml
with:
CONTINUE_ON_ERROR: ${{ startsWith(github.ref, 'refs/heads/testing') }} # allows releasing on testing even if test fail
DISABLE_SKIPPING: ${{ startsWith(github.ref, 'refs/heads/main') }} # disable test skip on main
secrets: inherit
builds:
needs: [get-version]
uses: ./.github/workflows/builds.yml
with:
IMAGE_VERSION_TAG: ${{ needs.get-version.outputs.IMAGE_VERSION_TAG }}
REGISTRY_DOMAIN: 'docker.io'
REGISTRY_USERNAME: 'speckledevops'
# REGISTRY_DOMAIN, REGISTRY_USERNAME, REGISTRY_TOKEN must allow pushing to the below IMAGE_PREFIX
IMAGE_PREFIX: 'speckle' # without an explicit host, Docker defaults to pushing Docker Hub
PUBLISH: true # publish the sourcemaps and include the version in frontend-2 builds
PUBLISH_LATEST: ${{ startsWith(github.ref, 'refs/heads/main') }}
secrets:
DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY }}
REGISTRY_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
# Temporary duplicate of builds job to push to ghcr.io
builds-ghcr:
needs: [get-version]
uses: ./.github/workflows/builds.yml
with:
IMAGE_VERSION_TAG: ${{ needs.get-version.outputs.IMAGE_VERSION_TAG }}
REGISTRY_DOMAIN: 'ghcr.io'
REGISTRY_USERNAME: ${{ github.actor }}
# REGISTRY_DOMAIN, REGISTRY_USERNAME, REGISTRY_TOKEN must allow pushing to the below IMAGE_PREFIX
IMAGE_PREFIX: 'ghcr.io/specklesystems'
PUBLISH: true # do not publish the sourcemaps or include the version in frontend-2 builds for pull requests
PUBLISH_LATEST: ${{ startsWith(github.ref, 'refs/heads/main') }}
secrets:
DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY }}
REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}
test-deployments:
needs: [get-version, builds, builds-ghcr]
uses: ./.github/workflows/deployment-tests.yml
with:
IMAGE_VERSION_TAG: ${{ needs.get-version.outputs.IMAGE_VERSION_TAG }}
REGISTRY_DOMAIN: 'ghcr.io'
REGISTRY_USERNAME: ${{ github.actor }}
IMAGE_PREFIX: 'ghcr.io/specklesystems'
secrets:
REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}
deploy:
needs: [get-version, tests, builds, test-deployments, get-chart-name]
uses: ./.github/workflows/publish.yml
with:
IMAGE_PREFIX: 'ghcr.io/specklesystems'
IMAGE_VERSION_TAG: ${{ needs.get-version.outputs.IMAGE_VERSION_TAG }}
CLOUDFLARE_ACCOUNT_ID: ${{ vars.CLOUDFLARE_ACCOUNT_ID }}
OCI_REGISTRY_DOMAIN: ghcr.io
OCI_REGISTRY_PATH: specklesystems
OCI_REGISTRY_USERNAME: ${{ github.actor }}
CHART_NAME: ${{ needs.get-chart-name.outputs.CHART_NAME }}
secrets:
# we do not inherit here as we wish to configure secrets depending on the target registry
DATADOG_API_KEY: ${{ secrets.DATADOG_API_KEY }}
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
OCI_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} # we are pushing helm chart to ghcr
GH_DEVOPS_PAT: ${{ secrets.GH_DEVOPS_PAT }}
npm:
needs: [get-version, tests, builds, builds-ghcr]
uses: ./.github/workflows/npm.yml
# only run if a tag triggered the workflow
if: startsWith(github.ref, 'refs/tags/')
with:
IMAGE_VERSION_TAG: ${{ needs.get-version.outputs.IMAGE_VERSION_TAG }}
secrets: inherit
snyk:
needs: [tests]
uses: ./.github/workflows/snyk.yml
# skip snyk on testing branches
if: startsWith(github.ref , 'refs/heads/testing') == false
secrets: inherit
Reference in New Issue View Git Blame Copy Permalink