chore(deps): update golang:1.25.5-trixie docker digest to ef151f0 #18489
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: release | |
| on: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - closed | |
| merge_group: | |
| permissions: {} | |
| env: | |
| GCP_WORKLOAD_IDENTITY_PROVIDER: "projects/765091727073/locations/global/workloadIdentityPools/hato-atama-workload-identity/providers/github" | |
| GCP_SERVICE_ACCOUNT: "[email protected]" | |
| jobs: | |
| # App Engineにデプロイされるファイルの差分の有無を判定する | |
| check-deploy-diff: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| deploy-files: ${{ steps.changes.outputs.deploy-files }} | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| id: changes | |
| with: | |
| filters: | | |
| deploy-files: | |
| - '.github/workflows/release.yml' | |
| - 'frontend/**' | |
| - 'server/**' | |
| - 'scripts/release/**' | |
| - 'test/**' | |
| - 'app.yaml' | |
| - 'go.mod' | |
| - 'go.sum' | |
| - '.gcloudignore' | |
| build-frontend: | |
| runs-on: ubuntu-latest | |
| needs: check-deploy-diff | |
| if: needs.check-deploy-diff.outputs.deploy-files == 'true' | |
| defaults: | |
| run: | |
| working-directory: frontend | |
| env: | |
| SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS: 168 # 7日 | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 | |
| with: | |
| node-version-file: frontend/.node-version | |
| cache: npm | |
| cache-dependency-path: frontend/package-lock.json | |
| - name: Build | |
| run: bash "${GITHUB_WORKSPACE}/scripts/release/build_frontend/build.sh" | |
| - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: frontend | |
| path: frontend/dist | |
| docker-compose-build-base: | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| COMPOSE_DOCKER_CLI_BUILD: 1 | |
| REPOSITORY: ${{github.repository}} | |
| permissions: | |
| contents: read | |
| packages: write | |
| if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.action != 'closed' && github.repository == github.event.pull_request.head.repo.full_name) || github.event_name == 'merge_group' | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 | |
| - name: Set up QEMU (multiarch/qemu-user-static) | |
| run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes -c yes | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 | |
| - run: cat .env >>"$GITHUB_ENV" | |
| - run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV" | |
| env: | |
| HEAD_REF: ${{github.head_ref || github.event.merge_group.head_ref}} | |
| if: github.event_name == 'pull_request' || github.event_name == 'merge_group' | |
| - name: Build and push | |
| uses: docker/bake-action@5be5f02ff8819ecd3092ea6b2e6261c31774f2b4 # v6.10.0 | |
| env: | |
| DOCKER_CONTENT_TRUST: 1 | |
| with: | |
| push: true | |
| targets: server,frontend | |
| files: compose.yml,base.compose.yml | |
| docker-compose-build: | |
| runs-on: ubuntu-latest | |
| needs: docker-compose-build-base | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| COMPOSE_DOCKER_CLI_BUILD: 1 | |
| REPOSITORY: ${{github.repository}} | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 | |
| - run: cat .env >>"$GITHUB_ENV" | |
| - run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV" | |
| env: | |
| HEAD_REF: ${{github.head_ref || github.event.merge_group.head_ref}} | |
| if: github.event_name == 'pull_request' || github.event_name == 'merge_group' | |
| - name: Build and push (dev) | |
| uses: docker/bake-action@5be5f02ff8819ecd3092ea6b2e6261c31774f2b4 # v6.10.0 | |
| env: | |
| DOCKER_CONTENT_TRUST: 1 | |
| with: | |
| push: true | |
| files: compose.yml,dev.base.compose.yml | |
| - name: Build and push (staging) | |
| uses: docker/bake-action@5be5f02ff8819ecd3092ea6b2e6261c31774f2b4 # v6.10.0 | |
| env: | |
| DOCKER_CONTENT_TRUST: 1 | |
| with: | |
| push: true | |
| files: compose.yml,staging.compose.yml | |
| format-go: | |
| runs-on: ubuntu-latest | |
| needs: docker-compose-build-base | |
| if: always() && (needs.docker-compose-build-base.result == 'success' || (github.event_name == 'pull_request' && github.event.action == 'closed') || github.event_name == 'merge_group') | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| env: | |
| DOCKER_CONTENT_TRUST: 1 | |
| REPOSITORY: ${{github.repository}} | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha || github.event.merge_group.head_sha }} | |
| persist-credentials: false | |
| - if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| run: bash "${GITHUB_WORKSPACE}/scripts/release/change_file_and_env.sh" | |
| - run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV" | |
| env: | |
| HEAD_REF: ${{github.head_ref || github.event.merge_group.head_ref}} | |
| if: github.event_name == 'pull_request' && github.event.action != 'closed' | |
| - name: Get Go version | |
| id: get_go_version | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| run: bash "${GITHUB_WORKSPACE}/scripts/get_go_version.sh" | |
| - name: Set up Go | |
| uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| with: | |
| go-version: ${{steps.get_go_version.outputs.go_version}} | |
| - name: Install goimports | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| run: bash "${GITHUB_WORKSPACE}/scripts/release/format_go/run_goimports.sh" | |
| - uses: dev-hato/actions-diff-pr-management@9de3de40217217a73ac95f3751d7bfe1c9f23ead # v2.2.3 | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| branch-name-prefix: fix-format | |
| pr-title-prefix: formatが間違ってたので直してあげたよ! | |
| # .node-version や package.json のNode.js・npmのバージョンをDockerイメージと同期させ、npm installを実行した結果、差分があればPRを作る | |
| update-package: | |
| runs-on: ubuntu-latest | |
| needs: docker-compose-build-base | |
| if: always() && (needs.docker-compose-build-base.result == 'success' || (github.event_name == 'pull_request' && github.event.action == 'closed') || github.event_name == 'merge_group') | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| env: | |
| DOCKER_CMD: "node --version && npm --version" | |
| SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS: 168 # 7日 | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha || github.event.merge_group.head_sha }} | |
| persist-credentials: false | |
| - if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| run: bash "${GITHUB_WORKSPACE}/scripts/release/change_file_and_env.sh" | |
| - run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV" | |
| env: | |
| HEAD_REF: ${{github.head_ref || github.event.merge_group.head_ref}} | |
| if: github.event_name == 'merge_group' || (github.event_name == 'pull_request' && github.event.action != 'closed') | |
| - name: Get Node.js version | |
| id: get_node_version | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| env: | |
| DOCKER_CONTENT_TRUST: 1 | |
| REPOSITORY: ${{github.repository}} | |
| run: bash "${GITHUB_WORKSPACE}/scripts/release/update_package/get_node_version.sh" | |
| - name: Update versions | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| env: | |
| DEPENDABOT_NODE_VERSION: "20.17.0" | |
| DEPENDABOT_NPM_VERSION: "9.6.5" | |
| NODE_VERSION: ${{steps.get_node_version.outputs.node_version}} | |
| NPM_VERSION: ${{steps.get_node_version.outputs.npm_version}} | |
| run: bash "${GITHUB_WORKSPACE}/scripts/release/update_package/update_versions.sh" | |
| - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| with: | |
| node-version-file: .node-version | |
| cache: npm | |
| - run: curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci | |
| - name: Update packages (.) | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| run: npm install | |
| - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| with: | |
| node-version-file: frontend/.node-version | |
| cache: npm | |
| cache-dependency-path: frontend/package-lock.json | |
| - name: Update packages (frontend) | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| run: npm install | |
| working-directory: frontend | |
| - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| with: | |
| node-version-file: test/e2e/.node-version | |
| cache: npm | |
| cache-dependency-path: test/e2e/package-lock.json | |
| - name: Update packages (test/e2e) | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| run: npm install | |
| working-directory: test/e2e | |
| - uses: dev-hato/actions-diff-pr-management@9de3de40217217a73ac95f3751d7bfe1c9f23ead # v2.2.3 | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| branch-name-prefix: fix-version | |
| pr-title-prefix: nodeのバージョンを直してあげたよ! | |
| update-dockle: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| if: github.event_name != 'pull_request' || github.event.action != 'closed' | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha || github.event.merge_group.head_sha }} | |
| persist-credentials: false | |
| - uses: dev-hato/actions-update-dockle@e77226c2707af34a4116dbaa5423bee7e5a559d7 # v0.0.130 | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| check-nginx-config: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - docker-compose-build | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - run: cat .env >>"$GITHUB_ENV" | |
| - run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV" | |
| env: | |
| HEAD_REF: ${{github.head_ref || github.event.merge_group.head_ref}} | |
| if: github.event_name == 'pull_request' | |
| - run: bash "${GITHUB_WORKSPACE}/scripts/release/check_nginx_config/check_nginx_config.sh" | |
| dockle: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - docker-compose-build | |
| - update-dockle | |
| strategy: | |
| matrix: | |
| docker_compose_file_name: | |
| ["dev.base.compose.yml", "staging.compose.yml", "base.compose.yml"] | |
| service_name: ["server", "frontend"] | |
| env: | |
| DOCKER_CONTENT_TRUST: 1 | |
| REPOSITORY: ${{github.repository}} | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV" | |
| env: | |
| HEAD_REF: ${{github.head_ref || github.event.merge_group.head_ref}} | |
| if: github.event_name == 'pull_request' || github.event_name == 'merge_group' | |
| - env: | |
| DOCKER_COMPOSE_FILE_NAME: ${{matrix.docker_compose_file_name}} | |
| SERVICE_NAME: ${{matrix.service_name}} | |
| run: bash "${GITHUB_WORKSPACE}/scripts/release/dockle/run_dockle.sh" | |
| make-browserslist: | |
| runs-on: ubuntu-latest | |
| needs: update-package | |
| outputs: | |
| browserslist: ${{ steps.set_browserslist.outputs.browserslist }} | |
| defaults: | |
| run: | |
| working-directory: frontend | |
| env: | |
| SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS: 168 # 7日 | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 | |
| with: | |
| node-version-file: frontend/.node-version | |
| cache: npm | |
| cache-dependency-path: frontend/package-lock.json | |
| - name: Set Browserslist | |
| id: set_browserslist | |
| run: bash "${GITHUB_WORKSPACE}/scripts/release/make_browserslist/set_browserslist.sh" | |
| e2e-test-mini-docker-compose: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - docker-compose-build | |
| - make-browserslist | |
| strategy: | |
| matrix: | |
| browser_name: ["chrome", "electron", "edge"] | |
| include: ${{fromJson(needs.make-browserslist.outputs.browserslist)}} | |
| env: | |
| DOCKER_CONTENT_TRUST: 1 | |
| REPOSITORY: ${{github.repository}} | |
| SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS: 168 # 7日 | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - run: cat .env >>"$GITHUB_ENV" | |
| - run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV" | |
| env: | |
| HEAD_REF: ${{github.head_ref || github.event.merge_group.head_ref}} | |
| if: github.event_name == 'pull_request' || github.event_name == 'merge_group' | |
| - run: bash "${GITHUB_WORKSPACE}/scripts/release/run_docker_compose.sh" | |
| - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 | |
| with: | |
| node-version-file: test/e2e/.node-version | |
| cache: npm | |
| cache-dependency-path: test/e2e/package-lock.json | |
| - if: matrix.browser_name == 'firefox' | |
| run: bash "${GITHUB_WORKSPACE}/scripts/release/install_firefox_dependencies.sh" | |
| - uses: browser-actions/setup-firefox@5914774dda97099441f02628f8d46411fcfbd208 # v1.7.0 | |
| if: matrix.browser_name == 'firefox' | |
| with: | |
| firefox-version: ${{ matrix.browser_version }} | |
| - run: bash "${GITHUB_WORKSPACE}/scripts/release/set_docker_compose_test_env.sh" | |
| - env: | |
| BROWSER_NAME: ${{ matrix.browser_name }} | |
| run: bash "${GITHUB_WORKSPACE}/scripts/release/run_mini_test.sh" | |
| working-directory: ./test/e2e | |
| e2e-test-all-docker-compose: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - docker-compose-build | |
| - make-browserslist | |
| strategy: | |
| matrix: | |
| browser_name: ["chrome", "electron", "edge"] | |
| include: ${{fromJson(needs.make-browserslist.outputs.browserslist)}} | |
| env: | |
| DOCKER_CONTENT_TRUST: 1 | |
| REPOSITORY: ${{github.repository}} | |
| SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS: 168 # 7日 | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - run: cat .env >>"$GITHUB_ENV" | |
| - run: echo "TAG_NAME=${HEAD_REF//\//-}" >> "$GITHUB_ENV" | |
| env: | |
| HEAD_REF: ${{github.head_ref || github.event.merge_group.head_ref}} | |
| if: github.event_name == 'pull_request' || github.event_name == 'merge_group' | |
| - run: bash "${GITHUB_WORKSPACE}/scripts/release/run_docker_compose.sh" | |
| - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 | |
| with: | |
| node-version-file: test/e2e/.node-version | |
| cache: npm | |
| cache-dependency-path: test/e2e/package-lock.json | |
| - if: matrix.browser_name == 'firefox' | |
| run: bash "${GITHUB_WORKSPACE}/scripts/release/install_firefox_dependencies.sh" | |
| - uses: browser-actions/setup-firefox@5914774dda97099441f02628f8d46411fcfbd208 # v1.7.0 | |
| if: matrix.browser_name == 'firefox' | |
| with: | |
| firefox-version: ${{ matrix.browser_version }} | |
| - run: bash "${GITHUB_WORKSPACE}/scripts/release/set_docker_compose_test_env.sh" | |
| - env: | |
| BROWSER_NAME: ${{ matrix.browser_name }} | |
| run: bash "${GITHUB_WORKSPACE}/scripts/release/run_all_test.sh" | |
| working-directory: ./test/e2e | |
| deploy-app-engine: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-frontend | |
| - e2e-test-mini-docker-compose | |
| if: github.event_name == 'push' || github.event_name == 'merge_group' || (github.repository == github.event.pull_request.head.repo.full_name && github.repository == 'dev-hato/hato-atama') | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 | |
| with: | |
| name: frontend | |
| path: frontend/dist | |
| - run: bash "${GITHUB_WORKSPACE}/scripts/release/deploy_app_engine/set_config.sh" | |
| if: github.event_name == 'pull_request' || github.event_name == 'merge_group' | |
| - run: 'echo -e "env_variables:\n ENV_NAME: \"prd\"" >> app.yaml' | |
| if: ${{ github.event_name == 'push' }} | |
| - id: "auth" | |
| name: "Authenticate to GCP" | |
| uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 | |
| with: | |
| workload_identity_provider: ${{env.GCP_WORKLOAD_IDENTITY_PROVIDER}} | |
| service_account: ${{env.GCP_SERVICE_ACCOUNT}} | |
| - name: Deploy to App Engine | |
| uses: google-github-actions/deploy-appengine@54d5fc7167ec790eb0233905e3cef384221b4619 # v3.0.1 | |
| with: | |
| deliverables: app.yaml | |
| project_id: hato-atama | |
| promote: false | |
| version: "v${{github.run_number}}" | |
| - name: Wait for the deployment to complete | |
| env: | |
| RUN_NUMBER: ${{github.run_number}} | |
| run: bash "${GITHUB_WORKSPACE}/scripts/release/deploy_app_engine/wait_for_deployment.sh" | |
| create-pr-environment: | |
| runs-on: ubuntu-latest | |
| needs: deploy-app-engine | |
| permissions: | |
| pull-requests: write | |
| env: | |
| SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS: 168 # 7日 | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 | |
| with: | |
| node-version-file: .node-version | |
| cache: npm | |
| - run: curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci | |
| - run: npm ci | |
| - uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| env: | |
| SHA: ${{github.event.pull_request.head.sha}} | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| script: | | |
| const {tsImport} = require('tsx/esm/api') | |
| const {script} = await tsImport( | |
| './scripts/release/create_pr_environment/create_pr_environment.ts', | |
| process.env.GITHUB_WORKSPACE + '/' | |
| ) | |
| await script(github, context) | |
| lighthouse: | |
| runs-on: ubuntu-latest | |
| needs: deploy-app-engine | |
| timeout-minutes: 1 | |
| permissions: | |
| pull-requests: write | |
| env: | |
| ARTIFACT_PATH: ${{ github.workspace }}/tmp/artifacts | |
| URLS: https://v${{ github.run_number }}-dot-hato-atama.an.r.appspot.com | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - run: mkdir -p "${ARTIFACT_PATH}" | |
| - uses: foo-software/lighthouse-check-action@a80267da2e0244b8a2e457a8575fc47590615852 # v12.0.1 | |
| with: | |
| gitHubAccessToken: ${{ secrets.GITHUB_TOKEN }} | |
| urls: ${{ env.URLS }} | |
| outputDirectory: ${{ env.ARTIFACT_PATH }} | |
| - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: Lighthouse reports | |
| path: ${{ env.ARTIFACT_PATH }} | |
| e2e-test-mini-prd: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 2 | |
| needs: | |
| - deploy-app-engine | |
| - e2e-test-mini-docker-compose | |
| - make-browserslist | |
| strategy: | |
| matrix: | |
| browser_name: ["chrome", "electron", "edge"] | |
| include: ${{fromJson(needs.make-browserslist.outputs.browserslist)}} | |
| env: | |
| SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS: 168 # 7日 | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 | |
| with: | |
| node-version-file: test/e2e/.node-version | |
| cache: npm | |
| cache-dependency-path: test/e2e/package-lock.json | |
| - if: matrix.browser_name == 'firefox' | |
| run: bash "${GITHUB_WORKSPACE}/scripts/release/install_firefox_dependencies.sh" | |
| - uses: browser-actions/setup-firefox@5914774dda97099441f02628f8d46411fcfbd208 # v1.7.0 | |
| if: matrix.browser_name == 'firefox' | |
| with: | |
| firefox-version: ${{ matrix.browser_version }} | |
| - run: bash "${GITHUB_WORKSPACE}/scripts/release/set_prod_test_env.sh" | |
| - env: | |
| BROWSER_NAME: ${{ matrix.browser_name }} | |
| run: bash "${GITHUB_WORKSPACE}/scripts/release/run_mini_test.sh" | |
| working-directory: ./test/e2e | |
| e2e-test-all-prd: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 3 | |
| needs: | |
| - e2e-test-all-docker-compose | |
| - e2e-test-mini-prd | |
| - make-browserslist | |
| strategy: | |
| matrix: | |
| browser_name: ["chrome", "electron", "edge"] | |
| include: ${{fromJson(needs.make-browserslist.outputs.browserslist)}} | |
| if: ${{ github.event_name == 'push' }} | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 | |
| with: | |
| node-version-file: test/e2e/.node-version | |
| cache: npm | |
| cache-dependency-path: test/e2e/package-lock.json | |
| - if: matrix.browser_name == 'firefox' | |
| run: bash "${GITHUB_WORKSPACE}/scripts/release/install_firefox_dependencies.sh" | |
| - uses: browser-actions/setup-firefox@5914774dda97099441f02628f8d46411fcfbd208 # v1.7.0 | |
| if: matrix.browser_name == 'firefox' | |
| with: | |
| firefox-version: ${{ matrix.browser_version }} | |
| - run: bash "${GITHUB_WORKSPACE}/scripts/release/set_prod_test_env.sh" | |
| - env: | |
| BROWSER_NAME: ${{ matrix.browser_name }} | |
| run: bash "${GITHUB_WORKSPACE}/scripts/release/run_all_test.sh" | |
| working-directory: ./test/e2e | |
| migrating-traffic: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - e2e-test-all-prd | |
| if: ${{ github.event_name == 'push' }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - id: "auth" | |
| name: "Authenticate to GCP" | |
| uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 | |
| with: | |
| workload_identity_provider: ${{env.GCP_WORKLOAD_IDENTITY_PROVIDER}} | |
| service_account: ${{env.GCP_SERVICE_ACCOUNT}} | |
| - uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 | |
| - run: bash "${GITHUB_WORKSPACE}/scripts/release/migrating_traffic/set_traffic.sh" | |
| remove-app-engine-past-versions: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - migrating-traffic | |
| if: ${{ github.event_name == 'push' }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| SAFE_CHAIN_MINIMUM_PACKAGE_AGE_HOURS: 168 # 7日 | |
| steps: | |
| - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 | |
| with: | |
| node-version-file: .node-version | |
| cache: npm | |
| - run: curl -fsSL https://raw.githubusercontent.com/AikidoSec/safe-chain/main/install-scripts/install-safe-chain.sh | sh -s -- --ci | |
| - run: npm ci | |
| - name: Get run numbers | |
| uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 | |
| id: get_run_numbers | |
| env: | |
| HEAD_REF: master | |
| RUN_NUMBER: ${{github.run_number}} | |
| with: | |
| github-token: ${{secrets.GITHUB_TOKEN}} | |
| result-encoding: string | |
| script: | | |
| const {tsImport} = require('tsx/esm/api') | |
| const {script} = await tsImport( './scripts/get_run_numbers.ts', process.env.GITHUB_WORKSPACE + '/') | |
| return await script(github, context) | |
| - id: "auth" | |
| if: ${{ steps.get_run_numbers.outputs.result != '' }} | |
| name: "Authenticate to GCP" | |
| uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0 | |
| with: | |
| workload_identity_provider: ${{env.GCP_WORKLOAD_IDENTITY_PROVIDER}} | |
| service_account: ${{env.GCP_SERVICE_ACCOUNT}} | |
| - uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 | |
| if: ${{ steps.get_run_numbers.outputs.result != '' }} | |
| - name: Remove app engine versions | |
| if: ${{ steps.get_run_numbers.outputs.result != '' }} | |
| run: gcloud app versions delete --service=default ${{steps.get_run_numbers.outputs.result}} | |
| # docker-compose関連でPRとpushで共通して必ず完了しているべきjobが完了したか | |
| release-complete-check-docker-compose: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - update-package | |
| - format-go | |
| - check-nginx-config | |
| - dockle | |
| - e2e-test-mini-docker-compose | |
| - e2e-test-all-docker-compose | |
| steps: | |
| - run: exit 0 | |
| # PRとpushで共通して完了しているべきjobが完了したか | |
| release-complete-check: | |
| runs-on: ubuntu-latest | |
| if: always() && (github.event_name != 'pull_request' || github.event.action != 'closed') | |
| needs: | |
| - lighthouse | |
| - e2e-test-mini-prd | |
| - check-deploy-diff | |
| - release-complete-check-docker-compose | |
| steps: | |
| - if: (github.repository != 'dev-hato/hato-atama' || needs.check-deploy-diff.outputs.deploy-files == 'false' || (needs.lighthouse.result == 'success' && needs.e2e-test-mini-prd.result == 'success')) && needs.release-complete-check-docker-compose.result == 'success' | |
| run: exit 0 | |
| - if: (github.repository == 'dev-hato/hato-atama' && needs.check-deploy-diff.outputs.deploy-files == 'true' && (needs.lighthouse.result != 'success' || needs.e2e-test-mini-prd.result != 'success')) || needs.release-complete-check-docker-compose.result != 'success' | |
| run: exit 1 | |
| # PRをトリガーとした場合に完了しているべきjobが完了したか | |
| # forkしたリポジトリからdev-hato/hato-atamaへPRを出した場合やforkしたリポジトリ上でPRを立てた場合、merge_groupトリガーの場合はcreate-pr-environmentがskipされていても完了したものと見なす | |
| pr-test-complete: | |
| runs-on: ubuntu-latest | |
| if: always() && ((github.event_name == 'pull_request' && github.event.action != 'closed') || github.event_name == 'merge_group') | |
| needs: | |
| - release-complete-check | |
| - create-pr-environment | |
| - check-deploy-diff | |
| steps: | |
| - if: needs.release-complete-check.result == 'success' && (github.event_name == 'merge_group' || github.repository != github.event.pull_request.head.repo.full_name || github.repository != 'dev-hato/hato-atama' || needs.check-deploy-diff.outputs.deploy-files == 'false' || needs.create-pr-environment.result == 'success') | |
| run: exit 0 | |
| - if: needs.release-complete-check.result != 'success' || (github.event_name != 'merge_group' && github.repository == github.event.pull_request.head.repo.full_name && github.repository == 'dev-hato/hato-atama' && needs.check-deploy-diff.outputs.deploy-files == 'true' && needs.create-pr-environment.result != 'success') | |
| run: exit 1 | |
| action-timeline-pr-test-complete: | |
| needs: pr-test-complete | |
| if: (github.event_name == 'pull_request' && github.event.action != 'closed') || github.event_name == 'merge_group' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: Kesin11/actions-timeline@54d513e0b5ff1158f1cf8321108d666a5a6c1fca # v2.2.5 | |
| # pushをトリガーとした場合に完了しているべきjobが完了したか | |
| release-complete: | |
| runs-on: ubuntu-latest | |
| if: ${{ always() && github.event_name == 'push' }} | |
| needs: | |
| - release-complete-check | |
| - remove-app-engine-past-versions | |
| - check-deploy-diff | |
| steps: | |
| - if: needs.release-complete-check.result == 'success' && (github.repository != 'dev-hato/hato-atama' || needs.check-deploy-diff.outputs.deploy-files == 'false' || needs.remove-app-engine-past-versions.result == 'success') | |
| run: exit 0 | |
| - if: needs.release-complete-check.result != 'success' || (github.repository == 'dev-hato/hato-atama' && needs.check-deploy-diff.outputs.deploy-files == 'true' && needs.remove-app-engine-past-versions.result != 'success') | |
| run: exit 1 | |
| action-timeline-release-complete: | |
| needs: release-complete | |
| if: github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: Kesin11/actions-timeline@54d513e0b5ff1158f1cf8321108d666a5a6c1fca # v2.2.5 | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref }} | |
| cancel-in-progress: true |