Skip to content

bump 0.0.370

bump 0.0.370 #935

Workflow file for this run

name: Bump, Tag, Publish
# The purpose of the workflow is to:
# 1. Bump the version number and tag the release
# 2. Build and publish the server library to Artifactory
# 3. Build docker image and publish to GCR
# 4. Trigger deployment to the dev environment
#
# When run on merge to main, it tags and bumps the patch version by default. You can
# bump other parts of the version by putting #major, #minor, or #patch in your commit
# message.
#
# When run on a hotfix branch, it tags and generates the hotfix version
#
# When run manually, you can specify the part of the semantic version to bump
#
# The workflow relies on github secrets:
# - ARTIFACTORY_PASSWORD - password for publishing the client to artifactory
# - ARTIFACTORY_USERNAME - username for publishing the client to artifactory
# - BROADBOT_TOKEN - the broadbot token, so we can avoid two reviewer rule on GHA operations
on:
pull_request:
push:
branches:
- main
paths-ignore:
- 'README.md'
- '.github/**'
- 'local-dev/**'
workflow_dispatch:
inputs:
bump:
description: 'Part of the version to bump: major, minor, patch'
required: false
default: 'patch'
type: choice
options:
- patch
- minor
- major
branch:
description: 'Branch to run the workflow on'
required: false
default: 'main'
env:
SERVICE_NAME: ${{ github.event.repository.name }}
GOOGLE_PROJECT: broad-dsp-gcr-public
jobs:
bump-check:
runs-on: ubuntu-latest
outputs:
is-bump: ${{ steps.skiptest.outputs.is-bump }}
steps:
- uses: actions/checkout@v2
- name: Skip version bump merges
id: skiptest
uses: ./.github/actions/bump-skip
with:
event-name: ${{ github.event_name }}
publish-job:
needs: [ bump-check ]
runs-on: ubuntu-latest
if: needs.bump-check.outputs.is-bump == 'no'
outputs:
tag: ${{ steps.tag.outputs.tag }}
steps:
- name: Set part of semantic version to bump
id: controls
run: |
SEMVER_PART=""
CHECKOUT_BRANCH="$GITHUB_REF"
if ${{github.event_name == 'push' }}; then
SEMVER_PART="patch"
elif ${{github.event_name == 'workflow_dispatch' }}; then
SEMVER_PART=${{ github.event.inputs.bump }}
CHECKOUT_BRANCH=${{ github.event.inputs.branch }}
fi
echo "semver-part=$SEMVER_PART" >> $GITHUB_OUTPUT
echo "checkout-branch=$CHECKOUT_BRANCH" >> $GITHUB_OUTPUT
- name: Checkout current code
uses: actions/checkout@v2
with:
ref: ${{ steps.controls.outputs.checkout-branch }}
token: ${{ secrets.BROADBOT_TOKEN }}
- name: Bump the tag to a new version
uses: databiosphere/github-actions/actions/[email protected]
id: tag
env:
DEFAULT_BUMP: patch
GITHUB_TOKEN: ${{ secrets.BROADBOT_TOKEN }}
HOTFIX_BRANCHES: hotfix.*
OVERRIDE_BUMP: ${{ steps.controls.outputs.semver-part }}
RELEASE_BRANCHES: main
VERSION_FILE_PATH: settings.gradle
VERSION_LINE_MATCH: "^gradle.ext.releaseVersion\\s*=\\s*\".*\""
VERSION_SUFFIX: SNAPSHOT
- name: Set up AdoptOpenJDK
uses: actions/setup-java@v2
with:
distribution: 'temurin'
java-version: 17
- name: Cache Gradle packages
uses: actions/cache@v2
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: v1-${{ runner.os }}-gradle-${{ hashfiles('**/gradle-wrapper.properties') }}-${{ hashFiles('**/*.gradle') }}
restore-keys: v1-${{ runner.os }}-gradle-${{ hashfiles('**/gradle-wrapper.properties') }}
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Publish to Artifactory
if: ${{ github.ref_name == 'main' }}
run: ./gradlew :library:artifactoryPublish --scan
env:
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
ARTIFACTORY_REPO_KEY: "libs-snapshot-local"
- name: Publish API client
if: ${{ github.ref_name == 'main' }}
run: ./gradlew :client:artifactoryPublish
env:
ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }}
ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }}
ARTIFACTORY_REPO_KEY: libs-snapshot-local
- name: Make release
if: ${{ github.ref_name == 'main' }}
uses: ncipollo/release-action@v1
id: create_release
with:
tag: ${{ steps.tag.outputs.tag }}
- name: Auth to GCR
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.GCR_PUBLISH_KEY_B64 }}
- name: Explicitly auth Docker for GCR
run: gcloud auth configure-docker --quiet
- name: Construct docker image name and tag
id: image-name
run: echo "name=gcr.io/${GOOGLE_PROJECT}/${SERVICE_NAME}:${{ steps.tag.outputs.tag }}" >> $GITHUB_OUTPUT
- name: Build image locally with jib
run: |
DOCKER_IMAGE_NAME_AND_TAG=${{ steps.image-name.outputs.name }} \
./scripts/build docker
- name: Push GCR image
run: docker push ${{ steps.image-name.outputs.name }}
report-to-sherlock:
# Report new version to Broad DevOps
uses: broadinstitute/sherlock/.github/workflows/client-report-app-version.yaml@main
needs: publish-job
with:
new-version: ${{ needs.publish-job.outputs.tag }}
chart-name: 'landingzone'
permissions:
contents: 'read'
id-token: 'write'
set-version-in-dev:
# Put new version in Broad dev environment
uses: broadinstitute/sherlock/.github/workflows/client-set-environment-app-version.yaml@main
needs: [publish-job, report-to-sherlock]
if: ${{ github.ref_name == 'main' }}
with:
new-version: ${{ needs.publish-job.outputs.tag }}
chart-name: 'landingzone'
environment-name: 'dev'
secrets:
sync-git-token: ${{ secrets.BROADBOT_TOKEN }}
permissions:
id-token: 'write'