-
Notifications
You must be signed in to change notification settings - Fork 84
112 lines (96 loc) · 3.73 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
name: Deploy
on:
pull_request:
push:
branches:
- main
merge_group:
env:
TURBO_TOKEN: ${{ secrets.TURBO_TOKEN }}
TURBO_TEAM: hashintel
TURBO_REMOTE_ONLY: true
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
setup:
runs-on: ubuntu-24.04
outputs:
sourcemaps: ${{ steps.packages.outputs.sourcemaps }}
steps:
- name: Checkout source code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: 2
- name: Install turbo
uses: ./.github/actions/install-turbo
- name: Determine changed packages
id: packages
run: |
SOURCEMAPS_FILTER=$(turbo run sentry:sourcemaps --dry-run=json --filter '...[HEAD^]' | jq -e '.packages | contains(["//"])' > /dev/null && echo '' || echo '--filter ...[HEAD^]')
SOURCEMAPS_FILTER_TASKS=$(sh -c "turbo run sentry:sourcemaps --dry-run=json $SOURCEMAPS_FILTER_FILTER" | jq -c '.tasks[]')
SOURCEMAPS_FILTER_PACKAGES=$(echo "$SOURCEMAPS_FILTER_TASKS" \
| jq 'select(.task == "sentry:sourcemaps" and .command != "<NONEXISTENT>")' \
| jq --compact-output --slurp '{ package: [.[].package] | unique, include: [( .[] | {package: .package, directory: .directory })] | unique }')
set -x
echo "sourcemaps=$SOURCEMAPS_FILTER_PACKAGES" | tee -a $GITHUB_OUTPUT
sourcemaps:
name: Sourcemaps
needs: [setup]
strategy:
matrix: ${{ fromJSON(needs.setup.outputs.sourcemaps) }}
fail-fast: false
if: needs.setup.outputs.sourcemaps != '{"package":[],"include":[]}'
runs-on: ubuntu-24.04
permissions:
id-token: write
contents: read
steps:
- name: Authenticate Vault
id: secrets
uses: hashicorp/vault-action@d1720f055e0635fd932a1d2a48f87a666a57906c # v3.0.0
env:
VAULT_ROLE: ${{ github.event_name == 'push' && 'prod' || 'dev' }}
with:
url: ${{ secrets.VAULT_ADDR }}
method: jwt
role: ${{ env.VAULT_ROLE }}
secrets: |
automation/data/pipelines/hash/${{ env.VAULT_ROLE }} sentry_auth_token | SENTRY_AUTH_TOKEN
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install turbo
uses: ./.github/actions/install-turbo
- name: Prune repository
uses: ./.github/actions/prune-repository
with:
scope: ${{ matrix.package }}
- name: Warm up repository
uses: ./.github/actions/warm-up-repo
- name: Log in to Sentry
run: yarn sentry-cli login --auth-token ${{ steps.secrets.outputs.SENTRY_AUTH_TOKEN }}
- name: Build sourcemaps
run: turbo run sentry:sourcemaps --env-mode=loose --filter "${{ matrix.package }}"
passed:
name: Deployments passed
needs: [setup, sourcemaps]
if: always()
runs-on: ubuntu-latest
steps:
- name: Check setup script
run: |
[[ ${{ needs.setup.result }} = success ]]
- name: Check sourcemaps
run: |
[[ ${{ needs.sourcemaps.result }} =~ success|skipped ]]
- name: Notify Slack on failure
uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990
if: ${{ failure() && github.event_name == 'merge_group' }}
env:
SLACK_LINK_NAMES: true
SLACK_MESSAGE: "At least one deployment job failed for a Pull Request in the Merge Queue failed <@U0143NL4GMP> <@U02NLJY0FGX>" # Notifies C & T
SLACK_TITLE: Deployment failed
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_USERNAME: GitHub
VAULT_ADDR: ""
VAULT_TOKEN: ""