move write infra map to check (#1820) #677

Workflow file for this run

.github/workflows/release-cli.yaml at db03d91

	name: Release CLI

	on:
	push:
	branches:
	- main
	paths:
	- ".github/workflows/release-cli.yaml"
	- "apps/moose-cli-npm/**"
	- "apps/framework-cli/**"
	- "apps/create-moose-app/**"
	- "apps/moose-console/**"
	- "packages/**"
	- "templates/**"
	- "pnpm-lock.yaml"
	workflow_dispatch:
	inputs:
	dry-run:
	type: boolean
	description: "Run the release in dry-run mode"
	required: true
	default: true

	jobs:
	version:
	concurrency: release
	if: ${{ ! contains(github.event.head_commit.message , '[no-release]') }}
	runs-on: ubuntu-latest
	outputs:
	version: ${{ steps.version.outputs.VERSION }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 20

	- name: Generate Version
	id: version
	run: \|
	./scripts/version.js ${{ github.sha }} >> "$GITHUB_OUTPUT"

	- name: Create Release
	uses: ncipollo/release-action@v1
	if: ${{ !inputs.dry-run }}
	with:
	tag: v${{ steps.version.outputs.VERSION }}
	generateReleaseNotes: true
	commit: ${{ github.sha }}

	build-and-publish-py-moose-lib:
	runs-on: ubuntu-latest
	if: ${{ !inputs.dry-run }}
	needs:
	- version
	steps:
	- uses: actions/checkout@v4
	- name: Set up Python
	uses: actions/setup-python@v4
	with:
	python-version: "3.x"
	- name: Install dependencies
	run: \|
	python -m pip install --upgrade pip
	pip install setuptools wheel twine
	- name: Build and publish
	env:
	TWINE_USERNAME: __token__
	TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
	run: \|
	cd packages/py-moose-lib
	python setup.py --version ${{ needs.version.outputs.version }} sdist bdist_wheel
	twine upload dist/*

	package-and-publish-independant-ts-package:
	name: Package and Publish Independant TS Package
	runs-on: ubuntu-20.04
	if: ${{ !inputs.dry-run }}
	needs:
	- version
	permissions:
	contents: "read"
	id-token: "write"
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- uses: pnpm/action-setup@v4

	- name: Install node
	uses: actions/setup-node@v4
	with:
	node-version: "20"
	cache: "pnpm"

	- name: Login NPM
	shell: bash
	run: \|
	pnpm config set //registry.npmjs.org/:_authToken ${{ secrets.NPM_TOKEN }}

	- name: Publish the NPM Moose CLI package
	shell: bash
	run: ./packages/ts-moose-lib/scripts/release-lib.sh ${{ needs.version.outputs.version }}

	- name: Publish the NPM Moose design-system package
	shell: bash
	run: ./packages/design-system-base/scripts/release.sh ${{ needs.version.outputs.version }}

	- name: Publish the NPM Moose event-capture package
	shell: bash
	run: ./packages/event-capture/scripts/release.sh ${{ needs.version.outputs.version }}

	package-and-publish-templates:
	name: Package and Publish Templates
	runs-on: ubuntu-20.04
	needs:
	- version
	permissions:
	contents: "read"
	id-token: "write"
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Package all templates
	run: ./scripts/package-templates.js

	- name: Authenticate with GCP
	uses: "google-github-actions/auth@v2"
	with:
	service_account: "[email protected]"
	workload_identity_provider: "projects/167275965848/locations/global/workloadIdentityPools/github/providers/github-actions-repos"

	- name: Upload templates to GCP
	uses: "google-github-actions/upload-cloud-storage@v2"
	with:
	path: "template-packages"
	destination: "templates.514.dev/${{ needs.version.outputs.version }}/"
	parent: false

	- name: Upload Latest templates to GCP
	uses: "google-github-actions/upload-cloud-storage@v2"
	with:
	path: "template-packages"
	destination: "templates.514.dev/latest/"
	parent: false

	build-and-publish-binaries:
	name: Build CLI Binaries
	runs-on: ${{ matrix.build.os }}
	needs: version
	env:
	SCCACHE_GHA_ENABLED: "true"
	RUSTC_WRAPPER: "sccache"
	strategy:
	fail-fast: false
	matrix:
	build:
	- {
	NAME: linux-x64-glibc,
	OS: ubuntu-20.04,
	TOOLCHAIN: stable,
	TARGET: x86_64-unknown-linux-gnu,
	}
	- {
	NAME: linux-arm64-glibc,
	OS: ubuntu-20.04,
	TOOLCHAIN: stable,
	TARGET: aarch64-unknown-linux-gnu,
	}
	- {
	NAME: darwin-x64,
	OS: macos-12-large,
	TOOLCHAIN: stable,
	TARGET: x86_64-apple-darwin,
	}
	- {
	NAME: darwin-arm64,
	OS: macos-12-large,
	TOOLCHAIN: stable,
	TARGET: aarch64-apple-darwin,
	}
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Install Rust toolchain
	uses: actions-rust-lang/setup-rust-toolchain@v1
	with:
	toolchain: ${{ matrix.build.TOOLCHAIN }}
	target: ${{ matrix.build.TARGET }}

	- name: Run sccache-cache
	uses: mozilla-actions/[email protected]

	- name: Install Set Version
	run: \|
	cargo install cargo-edit
	cargo set-version ${{ needs.version.outputs.version }}
	working-directory: ./apps/framework-cli

	- name: Build wheels
	uses: PyO3/maturin-action@v1
	with:
	target: ${{ matrix.build.TARGET }}
	args: --release --features rdkafka/cmake-build --locked --target ${{ matrix.build.TARGET }} --out dist
	sccache: "true"
	# https://github.com/briansmith/ring/issues/1728#issuecomment-1758180655
	manylinux: ${{ matrix.build.TARGET == 'aarch64-unknown-linux-gnu' && '2_28' \|\| '' }}
	working-directory: ./apps/framework-cli

	- name: Upload wheels
	uses: actions/upload-artifact@v4
	with:
	name: wheels-linux-${{ matrix.build.TARGET }}
	path: ./apps/framework-cli/dist

	- name: Install node
	uses: actions/setup-node@v4
	with:
	node-version: "20"
	registry-url: "https://registry.npmjs.org"

	- name: Publish to NPM Moose
	if: ${{ !inputs.dry-run }}
	shell: bash
	working-directory: ./apps/moose-cli-npm
	run: ./scripts/release-bin.sh ${{ needs.version.outputs.version }} ${{ matrix.build.TARGET }} ${{ matrix.build.OS }} ${{ matrix.build.NAME }}
	env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

	- name: Upload binary
	uses: ncipollo/release-action@v1
	if: ${{ !inputs.dry-run }}
	with:
	tag: v${{ needs.version.outputs.version }}
	allowUpdates: "true"
	replacesArtifacts: "false"
	artifacts: \|
	./target/${{ matrix.build.TARGET }}/release/moose-cli-${{ matrix.build.TARGET }}

	release-python:
	name: Release
	runs-on: ubuntu-latest
	needs: [build-and-publish-binaries]
	if: ${{ !inputs.dry-run }}
	steps:
	- uses: actions/download-artifact@v4
	- name: Publish to PyPI
	uses: PyO3/maturin-action@v1
	with:
	command: upload
	args: --non-interactive --skip-existing wheels-/
	env:
	MATURIN_PYPI_TOKEN: ${{ secrets.PYPI_API_TOKEN }}

	publish-npm-base:
	name: Publish the base NPM package
	needs:
	- version
	- build-and-publish-binaries
	- package-and-publish-independant-ts-package
	runs-on: ubuntu-20.04
	if: ${{ !inputs.dry-run }}
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	fetch-depth: 100

	- uses: 1password/load-secrets-action@v1
	id: op-load-secret
	with:
	export-env: false
	env:
	OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
	SENTRY_AUTH_TOKEN: "op://drqe7p6legi6ug2ijq2fnrkmjq/Sentry/credential"
	SENTRY_ORG: "op://drqe7p6legi6ug2ijq2fnrkmjq/Sentry/org"

	- uses: pnpm/action-setup@v4

	- name: Login NPM
	shell: bash
	run: \|
	pnpm config set //registry.npmjs.org/:_authToken ${{ secrets.NPM_TOKEN }}

	- name: Install node
	uses: actions/setup-node@v4
	with:
	node-version: "20"
	cache: "pnpm"

	- name: Install dependencies
	shell: bash
	run: pnpm --filter ...create-moose-app --filter ...@514labs/moose-cli install

	- name: Publish the NPM Moose CLI package
	shell: bash
	run: ./apps/moose-cli-npm/scripts/release-cli.sh ${{ needs.version.outputs.version }}

	- name: Publish the NPM Moose create app package
	shell: bash
	run: ./apps/create-moose-app/scripts/release.sh ${{ needs.version.outputs.version }}

	# TODO - convert to use 1password for the secret
	- name: Notify Sentry release
	uses: getsentry/action-release@v1
	if: ${{ !inputs.dry-run }}
	env:
	SENTRY_AUTH_TOKEN: ${{ steps.op-load-secret.outputs.SENTRY_AUTH_TOKEN }}
	SENTRY_ORG: ${{ steps.op-load-secret.outputs.SENTRY_ORG }}
	SENTRY_PROJECT: "framework-cli"
	with:
	environment: production
	version: ${{ needs.version.outputs.version }}

	build-and-publish-fullstack-image:
	name: Moose Production images
	runs-on: ubuntu-20.04
	needs:
	- version
	- build-and-publish-binaries
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- uses: 1password/load-secrets-action@v1
	id: op-load-secret
	with:
	export-env: false
	env:
	OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
	DOCKER_HUB_ACCESS_KEY: "op://drqe7p6legi6ug2ijq2fnrkmjq/Docker Hub - Bot/Access Token"

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: 514iceman
	password: ${{ steps.op-load-secret.outputs.DOCKER_HUB_ACCESS_KEY }}

	- name: Build and push
	uses: docker/build-push-action@v5
	with:
	context: ./apps/framework-cli/deploy
	file: ./apps/framework-cli/deploy/Dockerfile.fullstack
	push: ${{ !inputs.dry-run }}
	tags: 514labs/moose-fullstack:latest, 514labs/moose-fullstack:0.0.0, 514labs/moose-fullstack:${{ needs.version.outputs.version }}
	cache-from: type=gha
	cache-to: type=gha,mode=max
	build-args: \|
	FRAMEWORK_VERSION=${{ needs.version.outputs.version }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

move write infra map to check (#1820) #677

Workflow file

move write infra map to check (#1820) #677

Jobs

Run details

Workflow file for this run