-
Notifications
You must be signed in to change notification settings - Fork 215
232 lines (219 loc) · 8.17 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
name: Node CI Suite
on:
push
jobs:
test:
runs-on: ${{ matrix.os }}
strategy:
matrix:
node-version: [14.x, 16.x]
os: [ubuntu-latest, macos-latest, windows-latest]
steps:
- uses: actions/checkout@v3
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: yarn
- run: yarn --frozen-lockfile --network-timeout 1000000
- run: yarn test
acceptance:
runs-on: ${{ matrix.os }}
strategy:
matrix:
node-version: [16.x]
os: [ubuntu-latest, macos-latest]
environment: AcceptanceTests
env:
RUN_ACCEPTANCE_TESTS: true
HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }}
steps:
- uses: actions/checkout@v3
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: yarn
- run: yarn --frozen-lockfile --network-timeout 1000000
- name: Build packages
run: yarn lerna run prepack
- run: ./bin/run whoami
- run: yarn lerna run test:acceptance
# dummy job needed to pass changeling compliance because it only watches one build
done:
runs-on: macos-latest
needs: [test, acceptance]
steps:
- run: echo done
working-directory: /
pack_deb:
if: github.ref == 'refs/heads/master' || (github.ref_type == 'tag' && startsWith(github.ref_name, 'v' ) && !contains(github.ref_name, 'beta'))
# ubuntu started using a compression method after this version that debian currently does not support
# https://github.com/heroku/cli/pull/2245#issue-1590017122
runs-on: ubuntu-20.04
env:
HEROKU_AUTHOR: 'Heroku'
steps:
- uses: actions/checkout@v3
- name: Install system deps
run: |
sudo apt-get update
sudo apt-get install -y nsis p7zip-full
- run: sudo mkdir -p /build
- name: Install package deps
run: |
cp yarn.lock packages/cli
cd packages/cli
yarn --frozen-lockfile --network-timeout 1000000
- name: Building deb
run: ./scripts/pack/deb
- uses: actions/upload-artifact@v3
with:
name: packed-deb
path: /home/runner/work/cli/cli/packages/cli/dist
pack_tarballs:
if: github.ref == 'refs/heads/master' || (github.ref_type == 'tag' && startsWith(github.ref_name, 'v' ) && !contains(github.ref_name, 'beta'))
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install system deps
run: |
sudo apt-get update
sudo apt-get install -y nsis p7zip-full
- run: sudo mkdir -p /build
- name: Install package deps
run: |
cp yarn.lock packages/cli
cd packages/cli
yarn --frozen-lockfile --network-timeout 1000000
- name: Building tarballs
run: ./scripts/pack/tarballs
- uses: actions/upload-artifact@v3
with:
name: packed-tarballs
path: /home/runner/work/cli/cli/packages/cli/dist
sign_deb:
needs: [pack_deb]
if: github.ref == 'refs/heads/master' || (github.ref_type == 'tag' && startsWith(github.ref_name, 'v' ) && !contains(github.ref_name, 'beta'))
runs-on: ubuntu-latest
environment: SignDebian
env:
HEROKU_DEB_SECRET_KEY: ${{ secrets.HEROKU_DEB_SECRET_KEY }}
HEROKU_DEB_SIGNING_PASSWORD: ${{ secrets.HEROKU_DEB_SIGNING_PASSWORD }}
HEROKU_DEB_KEY_ID: ${{ secrets.HEROKU_DEB_KEY_ID }}
HEROKU_DEB_PUBLIC_KEY: ${{ secrets.HEROKU_DEB_PUBLIC_KEY }}
steps:
- uses: actions/checkout@v3
- run: sudo mkdir -p /build
- uses: actions/download-artifact@v3
with:
name: packed-deb
path: /home/runner/work/cli/cli/packages/cli/dist
- run: |
cd /home/runner/work/cli/cli/packages/cli/dist/deb
/home/runner/work/cli/cli/packages/cli/scripts/sign/deb
- uses: actions/upload-artifact@v3
with:
name: signed-deb
path: /home/runner/work/cli/cli/packages/cli/dist
# TODO: the circle job ran `install_scripts` but this isn't, do we need to add that?
release-deb-and-tarballs:
needs: [test, acceptance, sign_deb, pack_tarballs]
if: github.ref == 'refs/heads/master' || (github.ref_type == 'tag' && startsWith(github.ref_name, 'v' ) && !contains(github.ref_name, 'beta'))
runs-on: ubuntu-latest
environment: CLIS3BucketAndCloudfront
env:
CLOUDFRONT_DISTRIBUTION: ${{ secrets.CLOUDFRONT_DISTRIBUTION }}
HEROKU_S3_BUCKET: ${{ secrets.HEROKU_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_EC2_METADATA_DISABLED: true
steps:
- uses: actions/checkout@v3
- run: sudo mkdir -p /build
- uses: actions/download-artifact@v3
with:
name: signed-deb
path: /home/runner/work/cli/cli/packages/cli/dist
- uses: actions/download-artifact@v3
with:
name: packed-tarballs
path: /home/runner/work/cli/cli/packages/cli/dist
- name: List all the downloaded files (for debugging)
run: ls -R
working-directory: /home/runner/work/cli/cli/packages/cli/dist
- run: |
sudo apt-get update
sudo apt-get install -y awscli
- name: yarn install
run: |
cp yarn.lock packages/cli
cd packages/cli
yarn --frozen-lockfile --prefer-offline --network-timeout 1000000
- name: Upload production artifacts
run: |
cd packages/cli
pwd
./scripts/release/tarballs
./scripts/release/deb
- uses: actions/upload-artifact@v3
with:
name: all-dist
path: /home/runner/work/cli/cli/packages/cli/dist
## POST release jobs
invalidate-cdn-cache:
needs: [release-deb-and-tarballs]
if: github.ref == 'refs/heads/master' || (github.ref_type == 'tag' && startsWith(github.ref_name, 'v' ) && !contains(github.ref_name, 'beta'))
runs-on: ubuntu-latest
environment: CLIS3BucketAndCloudfront
env:
CLOUDFRONT_DISTRIBUTION: ${{ secrets.CLOUDFRONT_DISTRIBUTION }}
HEROKU_S3_BUCKET: ${{ secrets.HEROKU_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_EC2_METADATA_DISABLED: true
steps:
- uses: actions/checkout@v3
- run: |
sudo apt-get update
sudo apt-get install -y awscli
aws configure set preview.cloudfront true
- run: ./scripts/postrelease/invalidate_cdn_cache
release-homebrew:
needs: [release-deb-and-tarballs]
if: github.ref_type == 'tag' && startsWith(github.ref_name, 'v' ) && !contains(github.ref_name, 'beta')
runs-on: ubuntu-latest
environment: ReleaseHomebrew
steps:
- uses: actions/checkout@v3
- uses: webfactory/ssh-agent@v0.5.4
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- uses: actions/download-artifact@v3
with:
name: all-dist
path: /home/runner/work/cli/cli/packages/cli/dist
- name: List all the downloaded files (for debugging)
run: ls -R
working-directory: /home/runner/work/cli/cli/packages/cli/dist
- run: |
cp yarn.lock packages/cli
cd packages/cli
yarn --frozen-lockfile --network-timeout 1000000
./scripts/release/homebrew.js
change-management:
needs: [release-deb-and-tarballs]
if: github.ref_type == 'tag' && startsWith(github.ref_name, 'v' ) && !contains(github.ref_name, 'beta')
runs-on: ubuntu-latest
environment: ChangeManagement
env:
TPS_API_APP_ID: ${{ secrets.TPS_API_APP_ID }}
TPS_API_RELEASE_ACTOR_EMAIL: ${{ secrets.TPS_API_RELEASE_ACTOR_EMAIL }}
TPS_API_STAGE: ${{ secrets.TPS_API_STAGE }}
TPS_API_TOKEN_PARAM: ${{ secrets.TPS_API_TOKEN_PARAM }}
TPS_API_URL_PARAM: ${{ secrets.TPS_API_URL_PARAM }}
steps:
- uses: actions/checkout@v3
- run: |
yarn --frozen-lockfile --network-timeout 1000000
./scripts/postrelease/change_management