Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add deploy workflow #74

Merged
merged 4 commits into from
Jun 7, 2024
Merged

add deploy workflow #74

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
129a303
add deploy workflow
johnjeffers Jun 6, 2024
e4c96f1
remove openssl hack because we're building with dotnet 8 now
johnjeffers Jun 7, 2024
d3e85b9
bump targets and dependencies to fix vulnerabilities
johnjeffers Jun 7, 2024
7c7e2f1
add net6 and net8 targets
johnjeffers Jun 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
96 changes: 96 additions & 0 deletions .github/workflows/deploy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
# Run locally with act:
#
# act pull_request [--input command=[command]] \
# --platform fusionauth-builder=[ecr-repo-name]/fusionauth-builder:latest] \
# --workflows ./.github/workflows/release.yaml \
# --env-file <(aws configure export-credentials --profile [aws-profile] --format env)

name: Deploy

on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_dispatch:
inputs:
command:
type: choice
options:
- build # build only
- publish # build & publish to rubygems
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rubygems -> nuget gallery (or whatever it is)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good catch, fixed

- release # build & release to svn
default: build

permissions:
contents: read

jobs:
build:
if: |
github.event_name == 'pull_request' ||
github.event_name == 'push' ||
github.event_name == 'workflow_dispatch' && inputs.command == 'build'
runs-on: fusionauth-builder
steps:
- name: checkout
uses: actions/checkout@v4

# Install openssl 1.1 because openssl 3.x is not supported by dotnet 5
- name: install openssl 1.1
run: |
wget http://ports.ubuntu.com/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_arm64.deb
dpkg -i libssl1.1_1.1.1f-1ubuntu2_arm64.deb

- name: compile
shell: bash -l {0}
run: sb compile

deploy:
if: |
github.event_name == 'workflow_dispatch' &&
(inputs.command == 'release' || inputs.command == 'publish')
runs-on: fusionauth-builder
steps:
- name: checkout
uses: actions/checkout@v4

- name: set aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::752443094709:role/github-actions
role-session-name: aws-auth-action
aws-region: us-west-2

- name: get secret
run: |
while IFS=$'\t' read -r key value; do
echo "::add-mask::${value}"
echo "${key}=${value}" >> $GITHUB_ENV
done < <(aws secretsmanager get-secret-value \
--region us-west-2 \
--secret-id platform/nuget \
--query SecretString \
--output text | \
jq -r 'to_entries[] | [.key, .value] | @tsv')

# Install openssl 1.1 because openssl 3.x is not supported by dotnet 5 :sad-trombone:
- name: install openssl 1.1
run: |
wget http://ports.ubuntu.com/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_arm64.deb
dpkg -i libssl1.1_1.1.1f-1ubuntu2_arm64.deb

- name: update savant properties file
run: echo "nugetAPIKey=${{ env.API_KEY }}" >> ~/.savant/config.properties

- name: release to svn
if: inputs.command == 'release'
shell: bash -l {0}
run: sb release

- name: publish to nuget
if: inputs.command == 'publish'
shell: bash -l {0}
run: sb publish