Merge pull request gooddata#4350 from xMort/fast_track

.github/workflows/post-merge-pipeline.yml

@@ -0,0 +1,145 @@
+# (C) 2023 GoodData Corporation
+
+name: Build web component's container image
+
+on:
+  push:
+    branches: ["master", "release", "hotfix/tiger", "hotfix/panther", "fast_track"]
+
+concurrency:
+  group: ${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  WEB_COMPONENTS_DIR: libs/sdk-ui-web-components
+
+jobs:
+  build-web-components:
+    if: ${{ startsWith(github.event.head_commit.message, 'Release ') }}
+    runs-on: [infra1-medium] # need the bigger runner than small because Web component build consume more resource
+    permissions:
+      contents: read
+      id-token: write
+    container:
+      image: 020413372491.dkr.ecr.us-east-1.amazonaws.com/3rdparty/library/node:18
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Add repository to git safe directories to avoid dubious ownership issue
+        run: git config --global --add safe.directory $GITHUB_WORKSPACE
+      - name: Cache pnpm dependencies
+        id: cache-pnpm
+        uses: actions/cache@v3
+        with:
+          key: web-components-${{ hashFiles('common/config/rush/pnpm-lock.yaml') }}
+          path: |
+            common/temp/node_modules
+            common/temp/pnpm-store
+      - name: Run build web components app
+        run: |
+          npm i -g @microsoft/rush
+          rush install
+          rush build --to @gooddata/sdk-ui-web-components
+          tar czvf ./libs/sdk-ui-web-components/web-components.tar.gz -C ./$WEB_COMPONENTS_DIR/esm .
+      - name: Archive the build artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: web-components-artifact
+          path: ./${{ env.WEB_COMPONENTS_DIR }}/web-components.tar.gz
+  docker-build-web-components:
+    runs-on: [infra1-small]
+    needs: [build-web-components]
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Set SHORT SHA and BRANCH ESCAPE REF NAME to ENV Variable to use for image tag later
+        run: |
+          echo "GITHUB_SHORT_SHA=${GITHUB_SHA::8}" >> $GITHUB_ENV
+          echo "GITHUB_ESCAPE_REF_NAME=${GITHUB_REF_NAME/\//-}" >> $GITHUB_ENV
+      - name: Set up QEMU to add multiplatform support
+        uses: docker/setup-qemu-action@v2
+      - name: Create docker context
+        run: |
+          docker context create builder
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          endpoint: builder
+      - name: Get Vault secrets for ECR
+        uses: hashicorp/vault-action@v2
+        with:
+          url: "https://vault.ord1.infra.intgdc.com"
+          method: jwt
+          path: jwt/github
+          role: ecr-push
+          secrets: |
+            secret/data/v2/data-special/infra1-user-ecr-rw aws_ecr_access_key | AWS_ACCESS_KEY ;
+            secret/data/v2/data-special/infra1-user-ecr-rw aws_ecr_secret_key | AWS_SECRET_KEY ;
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-access-key-id: ${{ env.AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ env.AWS_SECRET_KEY }}
+          aws-region: us-east-1
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+      - uses: actions/download-artifact@v3
+        with:
+          name: web-components-artifact
+          path: ./${{ env.WEB_COMPONENTS_DIR }}
+      - name: Docker build and push image
+        uses: docker/build-push-action@v4
+        with:
+          context: ./${{ env.WEB_COMPONENTS_DIR }}
+          file: ./${{ env.WEB_COMPONENTS_DIR }}/Dockerfile
+          platforms: |
+            linux/amd64
+            linux/arm64
+          push: true
+          tags: |
+            020413372491.dkr.ecr.us-east-1.amazonaws.com/nas-testing/${{ github.event.repository.name }}:${{ env.GITHUB_ESCAPE_REF_NAME }}
+            020413372491.dkr.ecr.us-east-1.amazonaws.com/nas-testing/${{ github.event.repository.name }}:${{ env.GITHUB_SHORT_SHA }}
+    outputs:
+      github_short_sha: ${{ env.GITHUB_SHORT_SHA }}
+  generate-update:
+    runs-on: [infra1-small]
+    permissions:
+      contents: read
+      id-token: write
+    needs: [docker-build-web-components]
+    container:
+      image: 020413372491.dkr.ecr.us-east-1.amazonaws.com/infra/tools:3.5.0
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Add repository to git safe directories to void dubious ownership issue
+        run: git config --global --add safe.directory $GITHUB_WORKSPACE
+      - name: Get the commit before SHA
+        run: echo "GITHUB_COMMIT_BEFORE_SHA=$(git rev-parse HEAD^)" >> $GITHUB_ENV
+      - name: Get Vault secrets for creating MR to gdc-nas gitlab project
+        uses: hashicorp/vault-action@v2
+        with:
+          url: "https://vault.ord1.infra.intgdc.com"
+          method: jwt
+          path: jwt/github
+          role: front-end
+          secrets: |
+            secret/data/v3/int/github/github-runner-gitlab-token gitlab_approver_token | GITLAB_APPROVER_TOKEN ;
+            secret/data/v3/int/github/github-runner-gitlab-token gitlab_merger_token | GITLAB_MERGER_TOKEN ;
+      - name: Generate MR with a new version of web-components image to gdc-nas
+        run: /scripts/update_ext_image_version.py web-components
+        env:
+          CI_API_V4_URL: https://gitlab.com/api/v4
+          CI_PROJECT_NAME: ${{ github.event.repository.name }}
+          CI_COMMIT_SHORT_SHA: ${{ needs.docker-build-web-components.outputs.github_short_sha }}
+          CI_COMMIT_BEFORE_SHA: ${{ env.GITHUB_COMMIT_BEFORE_SHA }}
+          CI_COMMIT_BRANCH: ${{ github.ref_name }}
+          GITLAB_APPROVER_TOKEN: ${{ env.GITLAB_APPROVER_TOKEN }}
+          GITLAB_MERGER_TOKEN: ${{ env.GITLAB_MERGER_TOKEN }}

.github/workflows/slack-post-merge-notification.yml

@@ -0,0 +1,22 @@
+# (C) 2023 GoodData Corporation
+
+name: Send notification to slack for failed post-merge workflows
+
+on:
+  workflow_run:
+    workflows: ["Build web component's container image"]
+    types: [completed]
+    branches: ["master", "release", "hotfix/tiger", "hotfix/panther", "fast_track"]
+
+jobs:
+  notify-post-merge-failed-to-slack:
+    runs-on: [infra1-small]
+    steps:
+      - name: Inform to slack when post-merge workflows failed
+        if: ${{ github.event.workflow_run.conclusion == 'failure' }}
+        uses: slackapi/slack-github-action@v1.23.0
+        with:
+          channel-id: '#javascript-notifications'
+          slack-message: ":robot_panic: `post-merge github workflows` in `${{ github.event.repository.name }}` encountered an error during execution, check the *<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.event.workflow_run.id }}|log here>* for further information"
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}

.gitlab-ci.yml

@@ -8,11 +8,10 @@
 # Delivery is managed by the CI / CD pipeline in gooddata/gdc-nas repository.
 ---
 default:
-  image: $AWS_ECR_URL/infra/tools:$BUILD_IMAGE_VERSION
+  image: $PANTHER_REPO_URL/infra/tools:$BUILD_IMAGE_VERSION
 
 variables:
-  AWS_ECR_URL: '441851189095.dkr.ecr.eu-central-1.amazonaws.com'
-  BUILD_IMAGE_VERSION: "3.5.0"
+  BUILD_IMAGE_VERSION: "4.0.0"
 
 stages:
   - build
@@ -26,6 +25,7 @@ stages:
   # every single merge commit to master - that would be a waste.
   rules:
     - if: '$CI_COMMIT_BRANCH =~ /^(master|release|hotfix\/(tiger|panther)|fast_track)$/ && $CI_COMMIT_MESSAGE =~ /^Release /'
+      when: manual
 
 .with-buildx:
   before_script: