Skip to content

Publish and deploy #229

Publish and deploy

Publish and deploy #229

Workflow file for this run

name: Publish and deploy
on: create
env:
SERVICE_NAME: ${{ github.event.repository.name }}
GOOGLE_PROJECT: broad-dsp-gcr-public
jobs:
publish-job:
if: startsWith(github.ref, 'refs/tags/')
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.tag.outputs.tag }}
steps:
- uses: actions/checkout@v3
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'
- name: Cache Gradle packages
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: v1-${{ runner.os }}-gradle-refs/heads/dev-${{ github.sha }}
- name: Parse tag
id: tag
run: echo tag=$(git describe --tags) >> $GITHUB_OUTPUT
# - name: "Publish to Artifactory"
# run: ./gradlew --build-cache :client:artifactoryPublish
# env:
# ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
# ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
# ARTIFACTORY_REPO_KEY: "libs-snapshot-local"
- name: Auth to GCR
uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GCR_PUBLISH_KEY_B64 }}
- name: Explicitly auth Docker for GCR
run: gcloud auth configure-docker --quiet
- name: Construct docker image name and tag
id: image-name
run: echo name=gcr.io/${GOOGLE_PROJECT}/${SERVICE_NAME}:${{ steps.tag.outputs.tag }} >> $GITHUB_OUTPUT
- name: Add Google Cloud Profiler to Docker Image
run: docker build ./service -t drshub:local
- name: Build image locally with jib
run: |
./gradlew --build-cache :service:jibDockerBuild \
--image=${{ steps.image-name.outputs.name }} \
-Djib.from.image=docker://drshub:local \
-Djib.console=plain
- name: Run Trivy vulnerability scanner
# Link to the github location of the action https://github.com/broadinstitute/dsp-appsec-trivy-action
uses: broadinstitute/dsp-appsec-trivy-action@v1
with:
image: ${{ steps.image-name.outputs.name }}
- name: Push GCR image
run: docker push ${{ steps.image-name.outputs.name }}
report-to-sherlock:
# Report new drshub version to Broad DevOps
uses: broadinstitute/sherlock/.github/workflows/client-report-app-version.yaml@main
needs: publish-job
with:
new-version: ${{ needs.publish-job.outputs.tag }}
chart-name: 'drshub'
permissions:
contents: 'read'
id-token: 'write'
set-version-in-dev:
# Put new drshub version in Broad dev environment
uses: broadinstitute/sherlock/.github/workflows/client-set-environment-app-version.yaml@main
needs: [publish-job, report-to-sherlock]
with:
new-version: ${{ needs.publish-job.outputs.tag }}
chart-name: 'drshub'
environment-name: 'dev'
secrets:
sync-git-token: ${{ secrets.BROADBOT_TOKEN }}
permissions:
id-token: 'write'
notify-slack-on-failure:
needs: [publish-job, report-to-sherlock, set-version-in-dev]
uses: ./.github/workflows/slack-notify-on-failure.yml
secrets: inherit
if: ${{ failure() }}
with:
workflow_name: Publish