chore: update go deps (#4613) #271
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| run-name: ${{ (github.event_name == 'workflow_dispatch' && format('manual{0} {1}', ':', github.sha)) || '' }} | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [main] | |
| paths-ignore: [".vscode/**", "docs/**", "**/README.md", "LICENSE.md", ".github/**.md"] | |
| merge_group: | |
| pull_request: | |
| branches: [main] | |
| # Note - Ignore is not commit specific, if any file in the PR is outside of this list, workflow will run, see https://github.com/orgs/community/discussions/25161#discussioncomment-3246673 | |
| paths-ignore: [".vscode/**", "docs/**", "**/README.md", "LICENSE.md", ".github/**.md"] | |
| # Automatically cancel in-progress actions on the same branch except for main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event_name == 'pull_request_target' && github.head_ref || github.ref }} | |
| cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
| env: | |
| GO_CACHE_INFO_FILE: wf-go-cache-info.txt | |
| jobs: | |
| build: | |
| name: Build and test | |
| runs-on: ubuntu-latest | |
| outputs: | |
| image_sha: ${{ steps.setDockerSHAs.outputs.image_sha }} | |
| image_version: ${{ steps.setDockerSHAs.outputs.image_version }} | |
| build_version: ${{ steps.setDockerSHAs.outputs.build_version }} | |
| timeout-minutes: 20 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| # We need to fetch all branches and commits so that Nx affected has a base to compare against. | |
| fetch-depth: 0 | |
| - name: Derive appropriate SHAs for base and head for `nx affected` commands | |
| id: setNxSHAs | |
| uses: nrwl/nx-set-shas@v4 | |
| - name: Ensure tracking against main | |
| run: git branch --track main origin/main | |
| if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }} | |
| - name: Setup node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: "npm" | |
| # https://github.com/actions/setup-go/issues/358 - cache is shared across jobs by default since the dependency | |
| # graph is the same, however each job results in different dependencies being downloaded and the first one | |
| # to finish wins with regards to saving the cache. To workaround, we create a file to include in the graph | |
| # that contains information specified to the workflow & job so that each job gets a separate go cache. | |
| # Note that the cache key used (https://github.com/actions/setup-go/blob/main/src/cache-restore.ts#L35) by | |
| # actions/setup-go is already platform/arch/go-version specific so we only need to further differentiate | |
| # by workflow and job. | |
| - name: Create go cache info file | |
| run: echo "go-cache-${{ github.workflow }}-${{ github.job }}" > ${GO_CACHE_INFO_FILE} | |
| - name: Setup go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.work | |
| cache-dependency-path: | | |
| apps/*/go.sum | |
| go.work.sum | |
| ${{ env.GO_CACHE_INFO_FILE }} | |
| - name: Install NPM dependencies | |
| run: npm ci | |
| - name: Build and test | |
| env: | |
| UESIO_DEV: "true" # required to ensure packui gets built | |
| run: npx nx affected -t build test --configuration=ci --parallel=5 --verbose | |
| - name: Prep for docker image | |
| id: setDockerSHAs | |
| env: | |
| UESIO_DEV: "true" # required to ensure packui gets built | |
| run: | | |
| # We lint/test/build affected but in order to build image, we need to ensure everything | |
| # is built. Build anything that hasn't been built yet (takes advantage of nx cache | |
| # for anything already built from above) | |
| npx nx run-many -t build --verbose | |
| # build values for docker image tags | |
| VERSION_SUFFIX=${{ github.run_number }}.${{ github.run_attempt }} | |
| FULL_SHA=${{ steps.setNxSHAs.outputs.head }} | |
| # instead of using rev-parse we always just get the first 8 characters but we'll ensure | |
| # its unique (just in case 8 is not enough) by appending the VERSION_SUFFIX | |
| SHORT_SHA=$(echo ${FULL_SHA} | cut -c1-8) | |
| echo "IMAGE_SHA=${FULL_SHA}" >> "$GITHUB_OUTPUT" | |
| echo "IMAGE_VERSION=${FULL_SHA}.${VERSION_SUFFIX}" >> "$GITHUB_OUTPUT" | |
| echo "BUILD_VERSION=${SHORT_SHA}.${VERSION_SUFFIX}" >> "$GITHUB_OUTPUT" | |
| - name: Set up docker buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| tags: | | |
| type=raw,value=${{ steps.setDockerSHAs.outputs.image_version }} | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| labels: | | |
| org.opencontainers.image.version=${{ steps.setDockerSHAs.outputs.image_version }} | |
| - name: Cache for docker | |
| id: cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| go-build-cache | |
| key: ${{ runner.os }}-docker-cache-${{ hashFiles('apps/**/go.sum', 'go.work.sum') }} | |
| - name: Inject cache into docker | |
| uses: reproducible-containers/buildkit-cache-dance@v3 | |
| with: | |
| cache-map: | | |
| { | |
| "go-build-cache": "/root/.cache/go-build" | |
| } | |
| skip-extraction: ${{ steps.cache.outputs.cache-hit }} | |
| - name: Build and export to docker | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| load: true | |
| file: ./apps/platform/Dockerfile | |
| build-args: | | |
| BUILD_VERSION=${{ steps.setDockerSHAs.outputs.build_version }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| outputs: | | |
| type=docker | |
| type=docker,dest=${{ runner.temp }}/uesio-image.tar | |
| - name: Upload docker image artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: uesio-image | |
| path: ${{ runner.temp }}/uesio-image.tar | |
| - name: Integration and e2e tests | |
| env: | |
| APP_IMAGE: ${{ steps.setDockerSHAs.outputs.image_version }} | |
| run: | | |
| ./scripts/seed-etc-hosts.sh | |
| cd apps/platform/ssl | |
| bash ./create.sh | |
| cd ../../../ | |
| # Start up the Uesio app, and dependencies, in Docker | |
| # then run all Integration and E2E tests against the app | |
| npm run tests-docker | |
| check: | |
| name: Check format and lint | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| # We need to fetch all branches and commits so that Nx affected has a base to compare against. | |
| fetch-depth: 0 | |
| - name: Derive appropriate SHAs for base and head for `nx affected` commands | |
| id: setNxSHAs | |
| uses: nrwl/nx-set-shas@v4 | |
| - name: Ensure tracking against main | |
| run: git branch --track main origin/main | |
| if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }} | |
| - name: Setup node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: "npm" | |
| # https://github.com/actions/setup-go/issues/358 - cache is shared across jobs by default since the dependency | |
| # graph is the same, however each job results in different dependencies being downloaded and the first one | |
| # to finish wins with regards to saving the cache. To workaround, we create a file to include in the graph | |
| # that contains information specified to the workflow & job so that each job gets a separate go cache. | |
| # Note that the cache key used (https://github.com/actions/setup-go/blob/main/src/cache-restore.ts#L35) by | |
| # actions/setup-go is already platform/arch/go-version specific so we only need to further differentiate | |
| # by workflow and job. | |
| - name: Create go cache info file | |
| run: echo "go-cache-${{ github.workflow }}-${{ github.job }}" > ${GO_CACHE_INFO_FILE} | |
| - name: Setup go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: go.work | |
| cache-dependency-path: | | |
| apps/*/go.sum | |
| go.work.sum | |
| ${{ env.GO_CACHE_INFO_FILE }} | |
| - name: Install NPM dependencies | |
| run: npm ci | |
| - name: Check formatting | |
| run: npx nx format:check --verbose | |
| - name: Lint | |
| run: npx nx affected -t lint --configuration=ci --parallel=5 --verbose | |
| typecheck: | |
| name: Check types | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 5 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| # We need to fetch all branches and commits so that Nx affected has a base to compare against. | |
| fetch-depth: 0 | |
| - name: Derive appropriate SHAs for base and head for `nx affected` commands | |
| id: setNxSHAs | |
| uses: nrwl/nx-set-shas@v4 | |
| - name: Ensure tracking against main | |
| run: git branch --track main origin/main | |
| if: ${{ github.event_name == 'pull_request' || github.event_name == 'pull_request_target' }} | |
| - name: Setup node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version-file: ".nvmrc" | |
| cache: "npm" | |
| - name: Install NPM dependencies | |
| run: npm ci | |
| - name: Typecheck | |
| run: npx nx affected -t typecheck --configuration=ci --parallel=5 --verbose | |
| update-dev-branch: | |
| name: Update Dev environment to latest image | |
| if: github.ref_name == 'main' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') | |
| runs-on: ubuntu-latest | |
| needs: [build, check, typecheck] | |
| timeout-minutes: 3 | |
| permissions: | |
| id-token: write # This is required for requesting a OIDC JWT for AWS | |
| steps: | |
| - name: Checkout TheCloudMasters/uesio-infra | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: TheCloudMasters/uesio-infra | |
| token: ${{ secrets.GH_PAT }} # `GH_PAT` is a secret that contains your personal Github access token | |
| fetch-depth: 1 | |
| - name: Download docker image artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: uesio-image | |
| path: ${{ runner.temp }} | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ECR_ROLE_DEV }} | |
| role-session-name: ecrpush | |
| aws-region: ${{ secrets.AWS_REGION_DEV }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Push image to ECR | |
| id: pushImageToECR | |
| env: | |
| IMAGE_VERSION_TAG: ${{ needs.build.outputs.image_version }} | |
| IMAGE_SHA_TAG: ${{ needs.build.outputs.image_sha }}-latest | |
| REGISTRY_IMAGE_TAG_BASE: ${{ steps.login-ecr.outputs.registry }}/uesio | |
| run: | | |
| REGISTRY_SHA_TAG=${REGISTRY_IMAGE_TAG_BASE}:${IMAGE_SHA_TAG} | |
| REGISTRY_VERSION_TAG=${REGISTRY_IMAGE_TAG_BASE}:${IMAGE_VERSION_TAG} | |
| echo "REGISTRY_VERSION_TAG=${REGISTRY_VERSION_TAG}" >> "$GITHUB_OUTPUT" | |
| docker load --input ${{ runner.temp }}/uesio-image.tar | |
| docker tag $IMAGE_VERSION_TAG $REGISTRY_SHA_TAG | |
| docker tag $IMAGE_VERSION_TAG $REGISTRY_VERSION_TAG | |
| docker image push --all-tags $REGISTRY_IMAGE_TAG_BASE | |
| - name: Update docker container image tag for dev | |
| env: | |
| REGISTRY_VERSION_TAG: ${{ steps.pushImageToECR.outputs.registry_version_tag }} | |
| APP_TASK_DEF_PATH: ./aws/dev/ecs/task_definitions/uesio_web.json | |
| WORKER_TASK_DEF_PATH: ./aws/dev/ecs/task_definitions/uesio_worker.json | |
| run: | | |
| echo "Docker image SHA updated to $REGISTRY_VERSION_TAG" | |
| jq --arg img "$REGISTRY_VERSION_TAG" '.containerDefinitions[0].image = $img' $APP_TASK_DEF_PATH > tmp1.json | |
| jq --arg img "$REGISTRY_VERSION_TAG" '.containerDefinitions[0].image = $img' $WORKER_TASK_DEF_PATH > tmp2.json | |
| mv tmp1.json $APP_TASK_DEF_PATH | |
| mv tmp2.json $WORKER_TASK_DEF_PATH | |
| git config user.name github-actions | |
| git config user.email [email protected] | |
| git add $APP_TASK_DEF_PATH $WORKER_TASK_DEF_PATH | |
| git commit -m "ci: Auto-update dev image to $REGISTRY_VERSION_TAG" | |
| git push |