Skip to content

CI: Build with Nix. (#137) #113

CI: Build with Nix. (#137)

CI: Build with Nix. (#137) #113

name: multi-architecture docker build
on:
push:
branches:
- main
tags:
- "v*"
jobs:
build_and_deploy:
name: build and deploy
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: write
steps:
- name: Checkout πŸ›ŽοΈ
uses: actions/checkout@v4
- name: Install Nix ❄
uses: cachix/install-nix-action@v22
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up the Nix Cache πŸ”Œ
uses: cachix/cachix-action@v12
with:
name: hasura-v3-dev
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- id: gcloud-auth
name: Authenticate to Google Cloud πŸ”‘
uses: google-github-actions/auth@v1
with:
token_format: access_token
service_account: "hasura-ci-docker-writer@hasura-ddn.iam.gserviceaccount.com"
workload_identity_provider: "projects/1025009031284/locations/global/workloadIdentityPools/hasura-ddn/providers/github"
- name: Login to Google Container Registry πŸ“¦
uses: "docker/login-action@v3"
with:
registry: "us-docker.pkg.dev"
username: "oauth2accesstoken"
password: "${{ steps.gcloud-auth.outputs.access_token }}"
- name: Login to GitHub Container Registry πŸ“¦
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and deploy Docker images to Google Container Registry πŸš€
run: nix run .#publish-docker-image '${{ github.ref }}' 'us-docker.pkg.dev/hasura-ddn/ddn/ndc-postgres'
- name: Build and deploy Docker images to GitHub Packages πŸš€
run: nix run .#publish-docker-image '${{ github.ref }}' 'ghcr.io/hasura/ndc-postgres'
- name: Deploy to staging
if: github.ref == 'refs/heads/main'
env:
BUILDKITE_AUTH_TOKEN: ${{ secrets.BUILDKITE_AUTH_TOKEN }}
run: |
long_sha=$(git rev-parse HEAD)
short_sha=$(git rev-parse --short=9 HEAD)
req_data=$(cat <<EOF
{
"commit": "${long_sha}",
"branch": "main",
"message": "deploy ndc-postgres config server ${GITHUB_SHA} to staging :rocket:",
"author": {
"name": "Hasura Bot",
"email": "accounts+ci@hasura.io"
},
"env": {
"RELEASE_VERSION": "dev-main-${short_sha}"
}
}
EOF)
curl -X POST "https://api.buildkite.com/v2/organizations/hasura/pipelines/release-ndc-postgres-config-server/builds" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${BUILDKITE_AUTH_TOKEN}" \
-d "$req_data"
# scream into Slack if something goes wrong
- name: Report Status
if: always() && github.ref == 'refs/heads/main'
uses: ravsamhq/notify-slack-action@v2
with:
status: ${{ job.status }}
notify_when: failure
notification_title: "😧 Error on <{repo_url}|{repo}>"
message_format: "🐴 *{workflow}* {status_message} for <{repo_url}|{repo}>"
env:
SLACK_WEBHOOK_URL: ${{ secrets.BROKEN_BUILD_SLACK_WEBHOOK_URL }}