fix(dashboard): Use OCI images that have ca-certs and new glibc #389
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Bazel | |
on: | |
push: | |
branches: | |
- 'main' | |
pull_request: | |
merge_group: | |
schedule: | |
# * is a special character in YAML so you have to quote this string | |
- cron: '30 1 * * *' | |
jobs: | |
bazel: | |
runs-on: ubuntu-22.04 | |
steps: | |
######################################## | |
# Setup | |
######################################## | |
- name: Free Disk Space (Ubuntu) | |
uses: jlumbroso/free-disk-space@v1.3.1 | |
with: | |
# this might remove tools that are actually needed, | |
# when set to "true" but frees about 6 GB | |
tool-cache: true | |
large-packages: false # this is slow | |
- uses: actions/checkout@v4 | |
- uses: bazelbuild/setup-bazelisk@v2 | |
######################################## | |
# Download and unpack cache | |
######################################## | |
- name: Mount bazel cache | |
uses: actions/cache@v3 | |
with: | |
path: "~/.cache/bazel" | |
# Configure cache updates | |
# https://github.com/actions/cache/blob/main/tips-and-workarounds.md#update-a-cache | |
# https://github.com/actions/cache/blob/main/examples.md#---bazel | |
key: ${{ runner.os }}-bazel-${{ hashFiles('.bazelversion', '.bazelrc', 'WORKSPACE', 'WORKSPACE.bazel', 'MODULE.bazel', 'Cargo.Bazel.lock') }} | |
restore-keys: | | |
${{ runner.os }}-bazel- | |
######################################## | |
# Once per night, update dependencies and completely delete and recreate bazel cache | |
######################################## | |
- uses: actions/setup-python@v4 | |
if: "${{github.event.schedule == '30 1 * * *' && github.ref == 'refs/heads/main'}}" | |
with: | |
python-version: "3.11" | |
- uses: snok/install-poetry@v1 | |
if: "${{github.event.schedule == '30 1 * * *' && github.ref == 'refs/heads/main'}}" | |
- name: If running on schedule (at night) and on main, completely delete bazel cache then update deps | |
if: "${{github.event.schedule == '30 1 * * *' && github.ref == 'refs/heads/main'}}" | |
run: | | |
set -eExou pipefail | |
# | |
# Completely delete bazel cache | |
# | |
sudo rm -rf ~/.cache/bazel/* | |
# | |
# Update dependencies | |
# | |
cargo update | |
poetry update | |
./bin/poetry-export.sh | |
CARGO_BAZEL_REPIN=true bazel query //... | |
- uses: stefanzweifel/git-auto-commit-action@v5 | |
if: "${{github.event.schedule == '30 1 * * *' && github.ref == 'refs/heads/main'}}" | |
with: | |
commit_message: Update dependencies | |
######################################## | |
# Build and test | |
######################################## | |
- name: Set GIT_HASH variable | |
run: | | |
set -eExou pipefail | |
# Set GIT_HASH variable based on the type of GitHub reference | |
if [[ "$GITHUB_REF_TYPE" == "tag" ]]; then | |
echo "GIT_HASH=$GITHUB_REF_NAME" >> "$GITHUB_ENV" # Embed tag name as GIT_HASH | |
else | |
echo "GIT_HASH=$GITHUB_SHA" >> "$GITHUB_ENV" # Embed commit SHA as GIT_HASH | |
fi | |
- run: bazel build ... | |
- run: bazel test ... | |
######################################## | |
# Prepare release | |
######################################## | |
- name: Optimize bazel cache directory before uploading | |
run: bin/optimize-bazel-cache.sh | |
- name: Extract binaries from bazel, so they can be pushed as GitHub artifacts in the next steps | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: | | |
set -eExuo pipefail | |
# query the location of the bazel "dre" binary and copy it to the "release" directory | |
mkdir -p release | |
cp --dereference bazel-out/k8-opt/bin/rs/cli/dre release/dre | |
chmod +x release/dre | |
- name: Create a new GitHub Release | |
if: startsWith(github.ref, 'refs/tags/v') | |
# v0.1.15 | |
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
body_path: CHANGELOG.md | |
generate_release_notes: true | |
draft: true | |
prerelease: true | |
files: | | |
release/* | |
######################################## | |
# Upload container images | |
######################################## | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Push images to GitHub Container Registry | |
if: ${{ startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/heads/container') || (github.ref == 'refs/heads/main') }} | |
run: | |
bazel query --noshow_progress 'kind("oci_push", ...)' | xargs -I_target bazel run _target -- --tag ${GITHUB_SHA} | |
######################################## | |
# Update k8s deployments | |
######################################## | |
- name: Update k8s deployments | |
if: ${{ startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/heads/container') || (github.ref == 'refs/heads/main') }} | |
env: | |
GITLAB_API_TOKEN: ${{ secrets.GITLAB_API_TOKEN }} | |
run: | | |
set -eExou pipefail | |
cd .git | |
# checkout branch | |
git clone "https://gitlab-ci-token:${GITLAB_API_TOKEN}@gitlab.com/dfinity-lab/private/k8s/k8s.git" | |
cd k8s | |
git config user.email "idx@dfinity.org" | |
git config user.name "IDX Automation" | |
git checkout -b "update-image-tag-${GITHUB_SHA}" | |
# Update the internal dashboard image refs | |
# this regex matches the first group (ie the image name) and uses \1 | |
# called a back-reference to insert the first group matched, the second | |
# part is to match the 40 characters hash that we replace with the $GITHUB_SHA | |
sed -i "s~\(\([[:alpha:]]\|-\)\+\):[[:alnum:]]\{40\}~\1:${GITHUB_SHA}~g" bases/apps/mainnet-dashboard/statefulset-slack.yaml bases/apps/mainnet-dashboard/backend/base/deployment.yaml bases/apps/mainnet-dashboard/frontend/deployment.yaml | |
# commit changes if there are any | |
git add . | |
if git diff --cached --quiet; then | |
echo "No changes to commit." | |
exit 0 | |
fi | |
# Push changes and create a new merge request | |
git commit -m "Updating container base image refs" | |
git push \ | |
-o merge_request.create \ | |
-o merge_request.title="[nomrbot] - Updating container image refs mainnet-dashboard [$GITHUB_SHA]" \ | |
-o merge_request.description="Changes to the release repository - [here](https://github.com/dfinity/dre/commit/$GITHUB_SHA)" \ | |
--force --set-upstream origin "update-image-tag-${GITHUB_SHA}" | |
######################################## | |
# Optimize bazel cache by hard-linking duplicate files | |
######################################## | |
- name: Optimize bazel cache directory before uploading | |
run: bin/optimize-bazel-cache.sh |