Add remark tags, and attestation signature type #1563
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR open/close operations | |
on: | |
pull_request: | |
types: | |
- "closed" | |
- "opened" | |
- "reopened" | |
concurrency: | |
group: '${{ github.workflow }}@${{ github.event.pull_request.head.label || github.head_ref || github.ref }}' | |
cancel-in-progress: false | |
jobs: | |
check_app_bucket: | |
if: | | |
github.event.action == 'opened' || | |
github.event.action == 'reopened' | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
steps: | |
- name: Auth gcloud | |
id: gauth | |
uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # @v1 | |
with: | |
workload_identity_provider: '${{ secrets.GWIP }}' | |
service_account: '${{ secrets.GSA }}' | |
- name: Set up Cloud SDK | |
uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v1.0.1 | |
- name: Give time to avoid racing conditions | |
uses: whatnick/wait-action@71008d68ab3939de1475f4938583e4480b5d09a6 | |
with: | |
time: '7m' | |
- id: find | |
env: | |
bucket: gs://app-pr${{ github.event.number }}.k-f.dev | |
run: | | |
if gsutil ls ${{ env.bucket }} 1> /dev/null; then | |
echo "bucket_found=true" >> $GITHUB_OUTPUT | |
else | |
echo "bucket_found=false" >> $GITHUB_OUTPUT | |
fi | |
- run: | | |
echo "App bucket found: ${{steps.find.outputs.bucket_found}}" | |
outputs: | |
bucket_found: ${{steps.find.outputs.bucket_found}} | |
app-pr-deploy: | |
needs: check_app_bucket | |
if: | | |
needs.check_app_bucket.outputs.bucket_found == 'false' && | |
(github.event.action == 'opened' || | |
github.event.action == 'reopened') | |
uses: ./.github/workflows/centrifuge-app.yml | |
secrets: inherit | |
check_pinning: | |
if: | | |
github.event.action == 'opened' || | |
github.event.action == 'reopened' | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
steps: | |
- name: Auth gcloud | |
id: gauth | |
uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # @v1 | |
with: | |
workload_identity_provider: '${{ secrets.GWIP }}' | |
service_account: '${{ secrets.GSA }}' | |
- name: Set up Cloud SDK | |
uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v1.0.1 | |
- name: Give time for other jobs to finish | |
uses: whatnick/wait-action@71008d68ab3939de1475f4938583e4480b5d09a6 | |
with: | |
time: '3m' | |
- id: find | |
run: | | |
if gcloud functions describe --region ${{ vars.GCLOUD_REGION }} pinning-api-pr${{ github.event.number }} 1> /dev/null; then | |
echo "pinning_found=true" >> $GITHUB_OUTPUT | |
else | |
echo "pinning_found=false" >> $GITHUB_OUTPUT | |
fi | |
- run: | | |
echo "Pinning function found: ${{steps.find.outputs.pinning_found}}" | |
outputs: | |
deploy_pinning: ${{steps.find.outputs.pinning_found}} | |
pinning-pr-deploy: | |
needs: check_pinning | |
if: | | |
needs.check_pinning.outputs.deploy_pinning == 'false' && | |
(github.event.action == 'opened' || | |
github.event.action == 'reopened') | |
uses: ./.github/workflows/pinning-api.yml | |
secrets: inherit | |
check_onboarding: | |
if: | | |
github.event.action == 'opened' || | |
github.event.action == 'reopened' | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
steps: | |
- name: Auth gcloud | |
id: gauth | |
uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # @v1 | |
with: | |
workload_identity_provider: '${{ secrets.GWIP }}' | |
service_account: '${{ secrets.GSA }}' | |
- name: Set up Cloud SDK | |
uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v1.0.1 | |
- name: Give time for other jobs to finish | |
uses: whatnick/wait-action@71008d68ab3939de1475f4938583e4480b5d09a6 | |
with: | |
time: '3m' | |
- id: find | |
run: | | |
if gcloud functions describe --region ${{ vars.GCLOUD_REGION }} onboarding-api-pr${{ github.event.number }} 1> /dev/null; then | |
echo "onboarding_found=true" >> $GITHUB_OUTPUT | |
else | |
echo "onboarding_found=false" >> $GITHUB_OUTPUT | |
fi | |
- run: | | |
echo "Onboarding function found: ${{steps.find.outputs.onboarding_found}}" | |
outputs: | |
deploy_onboarding: ${{steps.find.outputs.onboarding_found}} | |
onboarding-pr-deploy: | |
needs: check_onboarding | |
if: | | |
needs.check_onboarding.outputs.deploy_onboarding == 'false' && | |
(github.event.action == 'opened' || | |
github.event.action == 'reopened') | |
uses: ./.github/workflows/onboarding-api.yml | |
secrets: inherit | |
cleanup-pr: | |
if: github.event.action == 'closed' | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Auth gcloud | |
id: gauth | |
uses: google-github-actions/auth@ef5d53e30bbcd8d0836f4288f5e50ff3e086997d # @v1 | |
with: | |
workload_identity_provider: '${{ secrets.GWIP }}' | |
service_account: '${{ secrets.GSA }}' | |
- name: Set up Cloud SDK | |
uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v1.0.1 | |
- name: Delete functions | |
shell: bash | |
run: | | |
FUNCTIONS=("onboarding-api" "pinning-api" "faucet-api") | |
for func in "${FUNCTIONS[@]}" | |
do | |
if gcloud functions describe --region ${{ vars.GCLOUD_REGION }} $func-pr${{ github.event.number }} 1> /dev/null; then | |
gcloud functions delete --quiet $func-pr${{ github.event.number }} --region=${{ vars.GCLOUD_REGION }} | |
fi | |
done | |
- name: Remove gcs buckets | |
shell: bash | |
env: | |
bucket: gs://app-pr${{ github.event.number }}.k-f.dev | |
run: | | |
if gsutil ls ${{ env.bucket }} 1> /dev/null; then | |
gcloud storage rm --recursive ${{ env.bucket }} | |
fi |