remove old permission columns from project table (#997) #962
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| # Building on manual dispatch, and pushes to dev / main. But restricting | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| - dev | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| unittests: | |
| uses: './.github/workflows/test.yaml' | |
| secrets: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} | |
| deploy: | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| needs: unittests | |
| environment: production | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| BUILDKIT_PROGRESS: plain | |
| CLOUDSDK_CORE_DISABLE_PROMPTS: 1 | |
| # used for generating API | |
| SM_DOCKER: australia-southeast1-docker.pkg.dev/sample-metadata/images/server:${{ github.sha }} | |
| defaults: | |
| run: | |
| shell: bash -eo pipefail -l {0} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - id: "google-cloud-auth" | |
| name: "Authenticate to Google Cloud" | |
| uses: "google-github-actions/auth@v2" | |
| with: | |
| workload_identity_provider: "projects/774248915715/locations/global/workloadIdentityPools/github-pool/providers/github-provider" | |
| service_account: "[email protected]" | |
| - id: "google-cloud-sdk-setup" | |
| name: "Set up Cloud SDK" | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - name: "gcloud docker auth" | |
| run: | | |
| gcloud auth configure-docker australia-southeast1-docker.pkg.dev | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.11" | |
| - uses: actions/setup-java@v4 | |
| with: | |
| distribution: "temurin" # See 'Supported distributions' for available options | |
| java-version: "17" | |
| - name: Setup build env | |
| run: | | |
| pip install --no-deps -r requirements-dev.txt | |
| wget https://repo1.maven.org/maven2/org/openapitools/openapi-generator-cli/5.3.0/openapi-generator-cli-5.3.0.jar -O openapi-generator-cli.jar | |
| - name: prepare-deployment | |
| run: | | |
| if [[ $GITHUB_REF == 'refs/heads/main' ]]; then | |
| echo DEPLOYMENT_TYPE=prod >> $GITHUB_ENV | |
| echo SM_ENVIRONMENT=production >> $GITHUB_ENV | |
| else | |
| echo DEPLOYMENT_TYPE=dev >> $GITHUB_ENV | |
| echo SM_ENVIRONMENT=development >> $GITHUB_ENV | |
| pip install bump2version | |
| # add | |
| bump2version patch \ | |
| --no-commit --allow-dirty \ | |
| --new-version $(cat deploy/python/version.txt)dev$(echo $(git rev-parse HEAD) | cut -c1-7) | |
| fi | |
| - name: "build deployable API" | |
| run: | | |
| export OPENAPI_COMMAND="java -jar openapi-generator-cli.jar" | |
| python regenerate_api.py | |
| ls -lGh metamist | |
| # also copies build artifacts to api/public | |
| - name: "build web front-end" | |
| run: | | |
| set -eo pipefail | |
| pushd web | |
| # installs package-lock, not what it thinks it should be | |
| npm ci | |
| npm run build | |
| popd | |
| - name: "build image" | |
| run: | | |
| docker build \ | |
| --build-arg SM_ENVIRONMENT=$SM_ENVIRONMENT \ | |
| --tag $SM_DOCKER \ | |
| -f deploy/api/Dockerfile \ | |
| . | |
| - name: Build python package | |
| run: python setup.py sdist | |
| - name: "push server image" | |
| run: | | |
| docker push $SM_DOCKER | |
| - name: "deploy to Cloud Run" | |
| run: | | |
| if [[ $GITHUB_REF == 'refs/heads/main' ]]; then | |
| gcloud_deploy_name=sample-metadata-api | |
| else | |
| gcloud_deploy_name=sample-metadata-api-dev | |
| fi | |
| gcloud run deploy \ | |
| $gcloud_deploy_name --image $SM_DOCKER \ | |
| --region australia-southeast1 --no-allow-unauthenticated \ | |
| --platform managed | |
| - name: Publish package | |
| if: github.ref == 'refs/heads/main' | |
| uses: pypa/gh-action-pypi-publish@release/v1 | |
| with: | |
| user: __token__ | |
| password: ${{ secrets.PYPI_API_TOKEN }} | |
| packages-dir: dist/ | |
| skip-existing: true |