Skip to content

Actionsのバージョンをコミットハッシュで固定する #14052

Actionsのバージョンをコミットハッシュで固定する

Actionsのバージョンをコミットハッシュで固定する #14052

Workflow file for this run

---
name: release
on:
push:
branches:
- master
pull_request:
types:
- opened
- synchronize
- reopened
- closed
merge_group:
env:
GCP_WORKLOAD_IDENTITY_PROVIDER: "projects/765091727073/locations/global/workloadIdentityPools/hato-atama-workload-identity/providers/github"
GCP_SERVICE_ACCOUNT: "[email protected]"
jobs:
# App Engineにデプロイされるファイルの差分の有無を判定する
check-deploy-diff:
runs-on: ubuntu-latest
outputs:
deploy-files: ${{ steps.changes.outputs.deploy-files }}
if: github.event_name != 'pull_request' || github.event.action != 'closed'
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
id: changes
with:
filters: |
deploy-files:
- '.github/workflows/release.yml'
- 'frontend/**'
- 'server/**'
- 'scripts/release/**'
- 'test/**'
- 'app.yaml'
- 'go.mod'
- 'go.sum'
- '.gcloudignore'
build-frontend:
runs-on: ubuntu-latest
needs: check-deploy-diff
if: needs.check-deploy-diff.outputs.deploy-files == 'true'
defaults:
run:
working-directory: frontend
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
with:
node-version-file: frontend/.node-version
cache: npm
cache-dependency-path: frontend/package-lock.json
- name: Build
run: bash "${GITHUB_WORKSPACE}/scripts/release/build_frontend/build.sh"
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: frontend
path: frontend/dist
docker-compose-build-base:
runs-on: ubuntu-latest
env:
DOCKER_BUILDKIT: 1
COMPOSE_DOCKER_CLI_BUILD: 1
REPOSITORY: ${{github.repository}}
permissions:
contents: read
packages: write
if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.action != 'closed' && github.repository == github.event.pull_request.head.repo.full_name) || github.event_name == 'merge_group'
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- run: cat .env >>"$GITHUB_ENV"
- run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV"
env:
HEAD_REF: ${{github.head_ref || github.event.merge_group.head_ref}}
if: github.event_name == 'pull_request' || github.event_name == 'merge_group'
- name: Build and push
uses: docker/bake-action@2e3d19baedb14545e5d41222653874f25d5b4dfb # v5.10.0
env:
DOCKER_CONTENT_TRUST: 1
with:
push: true
targets: server,frontend
files: compose.yml,base.compose.yml
docker-compose-build:
runs-on: ubuntu-latest
needs: docker-compose-build-base
env:
DOCKER_BUILDKIT: 1
COMPOSE_DOCKER_CLI_BUILD: 1
REPOSITORY: ${{github.repository}}
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Login to GitHub Container Registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up QEMU
uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
- run: cat .env >>"$GITHUB_ENV"
- run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV"
env:
HEAD_REF: ${{github.head_ref || github.event.merge_group.head_ref}}
if: github.event_name == 'pull_request' || github.event_name == 'merge_group'
- name: Build and push (dev)
uses: docker/bake-action@2e3d19baedb14545e5d41222653874f25d5b4dfb # v5.10.0
env:
DOCKER_CONTENT_TRUST: 1
with:
push: true
files: compose.yml,dev.base.compose.yml
- name: Build and push (staging)
uses: docker/bake-action@2e3d19baedb14545e5d41222653874f25d5b4dfb # v5.10.0
env:
DOCKER_CONTENT_TRUST: 1
with:
push: true
files: compose.yml,staging.compose.yml
format-go:
runs-on: ubuntu-latest
needs: docker-compose-build-base
if: always() && (needs.docker-compose-build-base.result == 'success' || (github.event_name == 'pull_request' && github.event.action == 'closed') || github.event_name == 'merge_group')
permissions:
contents: write
pull-requests: write
env:
DOCKER_CONTENT_TRUST: 1
REPOSITORY: ${{github.repository}}
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
if: github.event_name != 'pull_request' || github.event.action != 'closed'
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha || github.event.merge_group.head_sha }}
- if: github.event_name != 'pull_request' || github.event.action != 'closed'
run: bash "${GITHUB_WORKSPACE}/scripts/release/change_file_and_env.sh"
- run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV"
env:
HEAD_REF: ${{github.head_ref || github.event.merge_group.head_ref}}
if: github.event_name == 'pull_request' && github.event.action != 'closed'
- name: Get Go version
id: get_go_version
if: github.event_name != 'pull_request' || github.event.action != 'closed'
run: bash "${GITHUB_WORKSPACE}/scripts/get_go_version.sh"
- name: Set up Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
if: github.event_name != 'pull_request' || github.event.action != 'closed'
with:
go-version: ${{steps.get_go_version.outputs.go_version}}
- name: Install goimports
if: github.event_name != 'pull_request' || github.event.action != 'closed'
run: bash "${GITHUB_WORKSPACE}/scripts/release/format_go/run_goimports.sh"
- uses: dev-hato/actions-diff-pr-management@e5c78b251a69f44f93b2f1398e06b129bcf151ec # v1.2.0
with:
github-token: ${{secrets.GITHUB_TOKEN}}
branch-name-prefix: fix-format
pr-title-prefix: formatが間違ってたので直してあげたよ!
# .node-version や package.json のNode.js・npmのバージョンをDockerイメージと同期させ、npm installを実行した結果、差分があればPRを作る
update-package:
runs-on: ubuntu-latest
needs: docker-compose-build-base
if: always() && (needs.docker-compose-build-base.result == 'success' || (github.event_name == 'pull_request' && github.event.action == 'closed') || github.event_name == 'merge_group')
permissions:
contents: write
pull-requests: write
env:
DOCKER_CMD: "node --version && npm --version"
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
if: github.event_name != 'pull_request' || github.event.action != 'closed'
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha || github.event.merge_group.head_sha }}
- if: github.event_name != 'pull_request' || github.event.action != 'closed'
run: bash "${GITHUB_WORKSPACE}/scripts/release/change_file_and_env.sh"
- run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV"
env:
HEAD_REF: ${{github.head_ref || github.event.merge_group.head_ref}}
if: github.event_name == 'merge_group' || (github.event_name == 'pull_request' && github.event.action != 'closed')
- name: Get Node.js version
id: get_node_version
if: github.event_name != 'pull_request' || github.event.action != 'closed'
env:
DOCKER_CONTENT_TRUST: 1
REPOSITORY: ${{github.repository}}
run: bash "${GITHUB_WORKSPACE}/scripts/release/update_package/get_node_version.sh"
- name: Update versions
if: github.event_name != 'pull_request' || github.event.action != 'closed'
env:
DEPENDABOT_NODE_VERSION: "20.17.0"
DEPENDABOT_NPM_VERSION: "9.6.5"
NODE_VERSION: ${{steps.get_node_version.outputs.node_version}}
NPM_VERSION: ${{steps.get_node_version.outputs.npm_version}}
run: bash "${GITHUB_WORKSPACE}/scripts/release/update_package/update_versions.sh"
- uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
if: github.event_name != 'pull_request' || github.event.action != 'closed'
with:
node-version-file: .node-version
cache: npm
- name: Update packages (.)
if: github.event_name != 'pull_request' || github.event.action != 'closed'
run: npm install
- uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
if: github.event_name != 'pull_request' || github.event.action != 'closed'
with:
node-version-file: frontend/.node-version
cache: npm
cache-dependency-path: frontend/package-lock.json
- name: Update packages (frontend)
if: github.event_name != 'pull_request' || github.event.action != 'closed'
run: npm install
working-directory: frontend
- uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
if: github.event_name != 'pull_request' || github.event.action != 'closed'
with:
node-version-file: test/e2e/.node-version
cache: npm
cache-dependency-path: test/e2e/package-lock.json
- name: Update packages (test/e2e)
if: github.event_name != 'pull_request' || github.event.action != 'closed'
run: npm install
working-directory: test/e2e
- uses: dev-hato/actions-diff-pr-management@e5c78b251a69f44f93b2f1398e06b129bcf151ec # v1.2.0
with:
github-token: ${{secrets.GITHUB_TOKEN}}
branch-name-prefix: fix-version
pr-title-prefix: nodeのバージョンを直してあげたよ!
update-dockle:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
if: github.event_name != 'pull_request' || github.event.action != 'closed'
with:
fetch-depth: 0
ref: ${{ github.event.pull_request.head.sha || github.event.merge_group.head_sha }}
- uses: dev-hato/actions-update-dockle@2d3a229030f8a7df780f2a6a751a9fa7f05e6b34 # v0.0.102
with:
github-token: ${{secrets.GITHUB_TOKEN}}
check-nginx-config:
runs-on: ubuntu-latest
needs:
- docker-compose-build
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- run: cat .env >>"$GITHUB_ENV"
- run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV"
env:
HEAD_REF: ${{github.head_ref || github.event.merge_group.head_ref}}
if: github.event_name == 'pull_request'
- run: bash "${GITHUB_WORKSPACE}/scripts/release/check_nginx_config/check_nginx_config.sh"
dockle:
runs-on: ubuntu-latest
needs:
- docker-compose-build
- update-dockle
strategy:
matrix:
docker_compose_file_name:
["dev.base.compose.yml", "staging.compose.yml"]
include:
- docker_compose_file_name: "base.compose.yml"
service_name: "server"
- docker_compose_file_name: "base.compose.yml"
service_name: "frontend"
env:
DOCKER_CONTENT_TRUST: 1
REPOSITORY: ${{github.repository}}
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV"
env:
HEAD_REF: ${{github.head_ref || github.event.merge_group.head_ref}}
if: github.event_name == 'pull_request' || github.event_name == 'merge_group'
- env:
DOCKER_COMPOSE_FILE_NAME: ${{matrix.docker_compose_file_name}}
SERVICE_NAME: ${{matrix.service_name}}
run: bash "${GITHUB_WORKSPACE}/scripts/release/dockle/run_dockle.sh"
make-browserslist:
runs-on: ubuntu-latest
needs: update-package
outputs:
browserslist: ${{ steps.set_browserslist.outputs.browserslist }}
defaults:
run:
working-directory: frontend
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
with:
node-version-file: frontend/.node-version
cache: npm
cache-dependency-path: frontend/package-lock.json
- name: Set Browserslist
id: set_browserslist
run: bash "${GITHUB_WORKSPACE}/scripts/release/make_browserslist/set_browserslist.sh"
e2e-test-mini-docker-compose:
runs-on: ubuntu-latest
needs:
- docker-compose-build
- make-browserslist
strategy:
matrix:
browser_name: ["chrome", "electron", "edge"]
include: ${{fromJson(needs.make-browserslist.outputs.browserslist)}}
env:
DOCKER_CONTENT_TRUST: 1
REPOSITORY: ${{github.repository}}
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- run: cat .env >>"$GITHUB_ENV"
- run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV"
env:
HEAD_REF: ${{github.head_ref || github.event.merge_group.head_ref}}
if: github.event_name == 'pull_request' || github.event_name == 'merge_group'
- run: bash "${GITHUB_WORKSPACE}/scripts/release/run_docker_compose.sh"
- uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
with:
node-version-file: test/e2e/.node-version
cache: npm
cache-dependency-path: test/e2e/package-lock.json
- uses: browser-actions/setup-firefox@955a5d42b5f068a8917c6a4ff1656a2235c66dfb # v1.5.2
if: matrix.browser_name == 'firefox'
with:
firefox-version: ${{ matrix.browser_version }}
- run: bash "${GITHUB_WORKSPACE}/scripts/release/set_docker_compose_test_env.sh"
- env:
BROWSER_NAME: ${{ matrix.browser_name }}
run: bash "${GITHUB_WORKSPACE}/scripts/release/run_mini_test.sh"
working-directory: ./test/e2e
e2e-test-all-docker-compose:
runs-on: ubuntu-latest
needs:
- docker-compose-build
- make-browserslist
strategy:
matrix:
browser_name: ["chrome", "electron", "edge"]
include: ${{fromJson(needs.make-browserslist.outputs.browserslist)}}
env:
DOCKER_CONTENT_TRUST: 1
REPOSITORY: ${{github.repository}}
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- run: cat .env >>"$GITHUB_ENV"
- run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV"
env:
HEAD_REF: ${{github.head_ref || github.event.merge_group.head_ref}}
if: github.event_name == 'pull_request' || github.event_name == 'merge_group'
- run: bash "${GITHUB_WORKSPACE}/scripts/release/run_docker_compose.sh"
- uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
with:
node-version-file: test/e2e/.node-version
cache: npm
cache-dependency-path: test/e2e/package-lock.json
- uses: browser-actions/setup-firefox@955a5d42b5f068a8917c6a4ff1656a2235c66dfb # v1.5.2
if: matrix.browser_name == 'firefox'
with:
firefox-version: ${{ matrix.browser_version }}
- run: bash "${GITHUB_WORKSPACE}/scripts/release/set_docker_compose_test_env.sh"
- env:
BROWSER_NAME: ${{ matrix.browser_name }}
run: bash "${GITHUB_WORKSPACE}/scripts/release/run_all_test.sh"
working-directory: ./test/e2e
deploy-app-engine:
runs-on: ubuntu-latest
needs:
- build-frontend
- e2e-test-mini-docker-compose
if: github.event_name == 'push' || github.event_name == 'merge_group' || (github.repository == github.event.pull_request.head.repo.full_name && github.repository == 'dev-hato/hato-atama')
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: frontend
path: frontend/dist
- run: bash "${GITHUB_WORKSPACE}/scripts/release/deploy_app_engine/set_config.sh"
if: github.event_name == 'pull_request' || github.event_name == 'merge_group'
- run: 'echo -e "env_variables:\n ENV_NAME: \"prd\"" >> app.yaml'
if: ${{ github.event_name == 'push' }}
- id: "auth"
name: "Authenticate to GCP"
uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6
with:
workload_identity_provider: ${{env.GCP_WORKLOAD_IDENTITY_PROVIDER}}
service_account: ${{env.GCP_SERVICE_ACCOUNT}}
- name: Deploy to App Engine
uses: google-github-actions/deploy-appengine@3c758836610e6ad98d8719bf3e2bdf94c3082728 # v2.1.3
with:
deliverables: app.yaml
project_id: hato-atama
promote: false
version: "v${{github.run_number}}"
- name: Wait for the deployment to complete
env:
RUN_NUMBER: ${{github.run_number}}
run: bash "${GITHUB_WORKSPACE}/scripts/release/deploy_app_engine/wait_for_deployment.sh"
create-pr-environment:
runs-on: ubuntu-latest
needs: deploy-app-engine
permissions:
pull-requests: write
if: github.event_name == 'pull_request'
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
env:
SHA: ${{github.event.pull_request.head.sha}}
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const script = require(`${process.env.GITHUB_WORKSPACE}/scripts/release/create_pr_environment/create_pr_environment.js`)
await script({github, context})
lighthouse:
runs-on: ubuntu-latest
needs: deploy-app-engine
timeout-minutes: 1
permissions:
pull-requests: write
env:
ARTIFACT_PATH: ${{ github.workspace }}/tmp/artifacts
URLS: https://v${{ github.run_number }}-dot-hato-atama.an.r.appspot.com
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- run: mkdir -p "${ARTIFACT_PATH}"
- uses: foo-software/lighthouse-check-action@a80267da2e0244b8a2e457a8575fc47590615852 # v12.0.1
with:
gitHubAccessToken: ${{ secrets.GITHUB_TOKEN }}
urls: ${{ env.URLS }}
outputDirectory: ${{ env.ARTIFACT_PATH }}
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: Lighthouse reports
path: ${{ env.ARTIFACT_PATH }}
e2e-test-mini-prd:
runs-on: ubuntu-latest
timeout-minutes: 2
needs:
- deploy-app-engine
- e2e-test-mini-docker-compose
- make-browserslist
strategy:
matrix:
browser_name: ["chrome", "electron", "edge"]
include: ${{fromJson(needs.make-browserslist.outputs.browserslist)}}
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
with:
node-version-file: test/e2e/.node-version
cache: npm
cache-dependency-path: test/e2e/package-lock.json
- uses: browser-actions/setup-firefox@955a5d42b5f068a8917c6a4ff1656a2235c66dfb # v1.5.2
if: matrix.browser_name == 'firefox'
with:
firefox-version: ${{ matrix.browser_version }}
- run: bash "${GITHUB_WORKSPACE}/scripts/release/set_prod_test_env.sh"
- env:
BROWSER_NAME: ${{ matrix.browser_name }}
run: bash "${GITHUB_WORKSPACE}/scripts/release/run_mini_test.sh"
working-directory: ./test/e2e
e2e-test-all-prd:
runs-on: ubuntu-latest
timeout-minutes: 3
needs:
- e2e-test-all-docker-compose
- e2e-test-mini-prd
- make-browserslist
strategy:
matrix:
browser_name: ["chrome", "electron", "edge"]
include: ${{fromJson(needs.make-browserslist.outputs.browserslist)}}
if: ${{ github.event_name == 'push' }}
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
with:
node-version-file: test/e2e/.node-version
cache: npm
cache-dependency-path: test/e2e/package-lock.json
- uses: browser-actions/setup-firefox@955a5d42b5f068a8917c6a4ff1656a2235c66dfb # v1.5.2
if: matrix.browser_name == 'firefox'
with:
firefox-version: ${{ matrix.browser_version }}
- run: bash "${GITHUB_WORKSPACE}/scripts/release/set_prod_test_env.sh"
- env:
BROWSER_NAME: ${{ matrix.browser_name }}
run: bash "${GITHUB_WORKSPACE}/scripts/release/run_all_test.sh"
working-directory: ./test/e2e
migrating-traffic:
runs-on: ubuntu-latest
needs:
- e2e-test-all-prd
if: ${{ github.event_name == 'push' }}
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- id: "auth"
name: "Authenticate to GCP"
uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6
with:
workload_identity_provider: ${{env.GCP_WORKLOAD_IDENTITY_PROVIDER}}
service_account: ${{env.GCP_SERVICE_ACCOUNT}}
- uses: google-github-actions/setup-gcloud@f0990588f1e5b5af6827153b93673613abdc6ec7 # v2.1.1
- run: bash "${GITHUB_WORKSPACE}/scripts/release/migrating_traffic/set_traffic.sh"
remove-app-engine-past-versions:
runs-on: ubuntu-latest
needs:
- migrating-traffic
if: ${{ github.event_name == 'push' }}
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Get run numbers
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
id: get_run_numbers
env:
HEAD_REF: master
RUN_NUMBER: ${{github.run_number}}
with:
github-token: ${{secrets.GITHUB_TOKEN}}
result-encoding: string
script: |
const script = require(`${process.env.GITHUB_WORKSPACE}/scripts/get_run_numbers.js`)
return await script({github, context, core})
- id: "auth"
if: ${{ steps.get_run_numbers.outputs.result != '' }}
name: "Authenticate to GCP"
uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6
with:
workload_identity_provider: ${{env.GCP_WORKLOAD_IDENTITY_PROVIDER}}
service_account: ${{env.GCP_SERVICE_ACCOUNT}}
- uses: google-github-actions/setup-gcloud@f0990588f1e5b5af6827153b93673613abdc6ec7 # v2.1.1
if: ${{ steps.get_run_numbers.outputs.result != '' }}
- name: Remove app engine versions
if: ${{ steps.get_run_numbers.outputs.result != '' }}
run: gcloud app versions delete --service=default ${{steps.get_run_numbers.outputs.result}}
# docker-compose関連でPRとpushで共通して必ず完了しているべきjobが完了したか
release-complete-check-docker-compose:
runs-on: ubuntu-latest
needs:
- update-package
- format-go
- check-nginx-config
- dockle
- e2e-test-mini-docker-compose
- e2e-test-all-docker-compose
steps:
- run: exit 0
# PRとpushで共通して完了しているべきjobが完了したか
release-complete-check:
runs-on: ubuntu-latest
if: always() && (github.event_name != 'pull_request' || github.event.action != 'closed')
needs:
- lighthouse
- e2e-test-mini-prd
- check-deploy-diff
- release-complete-check-docker-compose
steps:
- if: (github.repository != 'dev-hato/hato-atama' || needs.check-deploy-diff.outputs.deploy-files == 'false' || (needs.lighthouse.result == 'success' && needs.e2e-test-mini-prd.result == 'success')) && needs.release-complete-check-docker-compose.result == 'success'
run: exit 0
- if: (github.repository == 'dev-hato/hato-atama' && needs.check-deploy-diff.outputs.deploy-files == 'true' && (needs.lighthouse.result != 'success' || needs.e2e-test-mini-prd.result != 'success')) || needs.release-complete-check-docker-compose.result != 'success'
run: exit 1
# PRをトリガーとした場合に完了しているべきjobが完了したか
# forkしたリポジトリからdev-hato/hato-atamaへPRを出した場合やforkしたリポジトリ上でPRを立てた場合、merge_groupトリガーの場合はcreate-pr-environmentがskipされていても完了したものと見なす
pr-test-complete:
runs-on: ubuntu-latest
if: always() && ((github.event_name == 'pull_request' && github.event.action != 'closed') || github.event_name == 'merge_group')
needs:
- release-complete-check
- create-pr-environment
- check-deploy-diff
steps:
- if: needs.release-complete-check.result == 'success' && (github.event_name == 'merge_group' || github.repository != github.event.pull_request.head.repo.full_name || github.repository != 'dev-hato/hato-atama' || needs.check-deploy-diff.outputs.deploy-files == 'false' || needs.create-pr-environment.result == 'success')
run: exit 0
- if: needs.release-complete-check.result != 'success' || (github.event_name != 'merge_group' && github.repository == github.event.pull_request.head.repo.full_name && github.repository == 'dev-hato/hato-atama' && needs.check-deploy-diff.outputs.deploy-files == 'true' && needs.create-pr-environment.result != 'success')
run: exit 1
action-timeline-pr-test-complete:
needs: pr-test-complete
if: (github.event_name == 'pull_request' && github.event.action != 'closed') || github.event_name == 'merge_group'
runs-on: ubuntu-latest
steps:
- uses: Kesin11/actions-timeline@3046833d9aacfd7745c5264b7f3af851c3e2a619 # v2
# pushをトリガーとした場合に完了しているべきjobが完了したか
release-complete:
runs-on: ubuntu-latest
if: ${{ always() && github.event_name == 'push' }}
needs:
- release-complete-check
- remove-app-engine-past-versions
- check-deploy-diff
steps:
- if: needs.release-complete-check.result == 'success' && (github.repository != 'dev-hato/hato-atama' || needs.check-deploy-diff.outputs.deploy-files == 'false' || needs.remove-app-engine-past-versions.result == 'success')
run: exit 0
- if: needs.release-complete-check.result != 'success' || (github.repository == 'dev-hato/hato-atama' && needs.check-deploy-diff.outputs.deploy-files == 'true' && needs.remove-app-engine-past-versions.result != 'success')
run: exit 1
action-timeline-release-complete:
needs: release-complete
if: github.event_name == 'push'
runs-on: ubuntu-latest
steps:
- uses: Kesin11/actions-timeline@3046833d9aacfd7745c5264b7f3af851c3e2a619 # v2
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }}
cancel-in-progress: true