chore(deps): update all non-major dependencies #776
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | |
on: | |
push: | |
branches: | |
- '**' | |
tags-ignore: | |
- '**' | |
workflow_dispatch: | |
permissions: | |
id-token: write | |
contents: write | |
packages: write | |
env: | |
AWS_REGION: us-east-1 | |
jobs: | |
tests: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version-file: '.python-version' | |
- name: Install dependencies | |
working-directory: app | |
shell: bash | |
run: | | |
python -m pip install --upgrade pip | |
pip install -r requirements.txt | |
- name: Run pytest | |
working-directory: app | |
shell: bash | |
run: pytest test.py | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
- name: Build container | |
uses: docker/build-push-action@v6 | |
with: | |
platforms: linux/amd64 | |
context: app | |
push: false | |
tags: ${{ github.sha }} | |
semantic-release: | |
name: 'Semantic Release' | |
needs: [ tests, build ] | |
# We run semantic-release only on merges to main branch | |
if: github.ref == 'refs/heads/main' | |
runs-on: ubuntu-latest | |
# To avoid race conditions, this makes sure semantic-release is async | |
concurrency: 'semantic-release' | |
outputs: | |
new_release_published: ${{ steps.semantic.outputs.new_release_published }} | |
new_release_git_tag: ${{ steps.semantic.outputs.new_release_git_tag }} | |
steps: | |
- name: 'Checkout' | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
with: | |
persist-credentials: false | |
- name: 'Setup Node' | |
uses: actions/setup-node@v4.1.0 | |
with: | |
node-version: 18.15.0 | |
- name: Semantic bot token | |
id: bot-token | |
uses: getsentry/action-github-app-token@v3.0.0 | |
with: | |
app_id: ${{ secrets.SEMANTIC_APP_ID }} | |
private_key: ${{ secrets.SEMANTIC_APP_PRIVATE_KEY }} | |
- name: Semantic Release | |
id: semantic | |
uses: cycjimmy/semantic-release-action@v4.1.0 | |
with: | |
semantic_version: 19.0.5 | |
extra_plugins: | | |
conventional-changelog-conventionalcommits@5.0.0 | |
env: | |
GITHUB_TOKEN: ${{ steps.bot-token.outputs.token }} | |
publish: | |
if: needs.semantic-release.outputs.new_release_published == 'true' | |
needs: semantic-release | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
- name: AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: ${{ env.AWS_REGION }} | |
role-to-assume: ${{ secrets.GHA_ASSUME_ROLE }} | |
- name: AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: ${{ env.AWS_REGION }} | |
role-to-assume: ${{ secrets.ECR_ROLE }} | |
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ env.AWS_SESSION_TOKEN }} | |
role-skip-session-tagging: true | |
role-duration-seconds: 3000 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
registry-type: public | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Build container | |
uses: docker/build-push-action@v6 | |
with: | |
platforms: linux/amd64 | |
context: app | |
push: true | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
tags: ${{ vars.ECR_REPO }}:${{ needs.semantic-release.outputs.new_release_git_tag }} | |
update-repo: | |
needs: [publish, semantic-release] | |
runs-on: ubuntu-latest | |
steps: | |
- name: 'Checkout' | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
with: | |
persist-credentials: false | |
- name: Semantic bot token | |
id: bot-token | |
uses: getsentry/action-github-app-token@v3.0.0 | |
with: | |
app_id: ${{ secrets.SEMANTIC_APP_ID }} | |
private_key: ${{ secrets.SEMANTIC_APP_PRIVATE_KEY }} | |
- name: Update image tag in terraform.tfvars | |
working-directory: terraform | |
run: | | |
cp terraform.tfvars terraform.tfvars.bak | |
echo 'latest_image_tag = "${{ needs.semantic-release.outputs.new_release_git_tag }}"' > terraform.tfvars | |
cat terraform.tfvars.bak | tail -n+2 >> terraform.tfvars | |
- name: Setup Git User | |
run: | | |
# Extract commit information | |
AUTHOR_NAME=$(git show -s --format='%an' ${{ github.event.inputs.commit }}) | |
AUTHOR_EMAIL=$(git show -s --format='%ae' ${{ github.event.inputs.commit }}) | |
git config --local user.email "${AUTHOR_EMAIL}" | |
git config --local user.name "${AUTHOR_NAME}" | |
- name: Commit files | |
run: | | |
git pull origin main | |
git add terraform/terraform.tfvars | |
git commit -m "chore: update image tag to ${{ needs.semantic-release.outputs.new_release_git_tag }} [skip ci]" | |
- name: Push changes | |
uses: ad-m/github-push-action@master | |
with: | |
github_token: ${{ steps.bot-token.outputs.token }} | |
branch: main |