-
Notifications
You must be signed in to change notification settings - Fork 0
192 lines (178 loc) · 8.1 KB
/
publish-pacts.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
name: Publish contract tests
on:
pull_request:
branches:
- main
paths-ignore: [ '**.md' ]
push:
branches:
- main
paths-ignore: [ '**.md' ]
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
cancel-in-progress: true
env:
WDS_RUN_ID: ${{ github.event.repository.name }}-${{ github.run_id }}
PUBLISH_CONTRACT_RUN_NAME: 'publish-contracts-${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt }}'
WDS_PACTS_ARTIFACT: wds-pacts-${{ github.event.repository.name }}-${{ github.run_id }}
WDS_PACTS_OUTPUT_DIR: service/build/pacts/
CAN_I_DEPLOY_RUN_NAME: 'can-i-deploy-${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt }}'
jobs:
bump-check:
runs-on: ubuntu-latest
outputs:
is-bump: ${{ steps.bumpcheck.outputs.is-bump }}
steps:
- uses: actions/checkout@v4
- name: Skip version bump merges
id: bumpcheck
uses: ./.github/actions/bump-skip
with:
event-name: ${{ github.event_name }}
# The primary objective of this section is to carefully control the dispatching of tags,
# ensuring it only occurs during the 'Tag, publish, deploy' workflow.
# However, a challenge arises with contract tests, as they require knowledge of the upcoming tag
# before the actual deployment. To address this, we leverage the dry run feature provided by bumper.
# This allows us to obtain the next tag for publishing contracts and verifying consumer pacts without
# triggering the tag dispatch. This approach sidesteps the need for orchestrating multiple workflows,
# simplifying our implementation.
#
# We regulate the tag job to meet the following requirements according to the trigger event type:
# 1. pull_request event (due to opening or updating of PR branch):
# dry-run flag is set to false
# this allows the new semver tag #major.#minor.#patch-#commit to be used to identity pacticipant version for development purpose
# PR has no effect on the value of the latest tag in settings.gradle on disk
# 2. PR merge to main, this triggers a push event on the main branch:
# dry-run flag is set to true
# this allows the new semver tag #major.#minor.#patch to be used to identity pacticipant version, and
# this action will not update the value of the latest tag in settings.gradle on disk
#
# Note: All workflows from the same PR merge should have the same copy of settings.gradle on disk,
# which should be the one from the HEAD of the main branch before the workflow starts running
regulated-tag-job:
needs: [ bump-check ]
if: ${{ needs.bump-check.outputs.is-bump == 'no' }}
uses: ./.github/workflows/tag.yml
with:
# The 'ref' parameter ensures that the consumer version is postfixed with the HEAD commit of the PR branch,
# facilitating cross-referencing of a pact between Pact Broker and GitHub.
ref: ${{ github.head_ref || '' }}
# The 'dry-run' parameter prevents the new tag from being dispatched.
dry-run: true
release-branches: main
secrets: inherit
init-github-context:
runs-on: ubuntu-latest
outputs:
sha-short: ${{ steps.extract-branch.outputs.sha-short }}
repo-branch: ${{ steps.extract-branch.outputs.repo-branch }}
repo-version: ${{ steps.extract-branch.outputs.repo-version }}
steps:
- uses: actions/checkout@v4
- name: Extract branch
id: extract-branch
run: |
GITHUB_EVENT_NAME=${{ github.event_name }}
if [[ "$GITHUB_EVENT_NAME" == "push" ]]; then
GITHUB_REF=${{ github.ref }}
GITHUB_SHA=${{ github.sha }}
elif [[ "$GITHUB_EVENT_NAME" == "pull_request" ]]; then
GITHUB_REF=refs/heads/${{ github.head_ref }}
GITHUB_SHA=${{ github.event.pull_request.head.sha }}
elif [[ "$GITHUB_EVENT_NAME" == "merge_group" ]]; then
GITHUB_REF=refs/heads/${{ github.head_ref }}
else
echo "Failed to extract branch information"
exit 1
fi
echo "repo-branch=${GITHUB_REF/refs\/heads\//""}" >> $GITHUB_OUTPUT
echo "repo-version=${GITHUB_SHA}" >> $GITHUB_OUTPUT
- name: Echo repo and branch information
run: |
echo "repo-owner=${{ github.repository_owner }}"
echo "repo-name=${{ github.event.repository.name }}"
echo "repo-branch=${{ steps.extract-branch.outputs.repo-branch }}"
echo "repo-version=${{ steps.extract-branch.outputs.repo-version }}"
run-consumer-contract-tests:
runs-on: ubuntu-latest
needs: [ init-github-context ]
outputs:
pact-paths: ${{ steps.locate-pacts.outputs.pact-paths }}
steps:
- name: Checkout current code
uses: actions/checkout@v4
- name: Set up JDK
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
- name: Run consumer tests
run: ./gradlew pactTests
- name: Locate pact files
id: locate-pacts
run: |
pactPaths=$(find "$WDS_PACTS_OUTPUT_DIR" -type f -name "*.json" | jq -cnR "[inputs]")
echo "pact-paths=$pactPaths" >> $GITHUB_OUTPUT
- name: Upload pact files to artifact
id: upload-pacts
uses: actions/upload-artifact@v4
with:
name: ${{ env.WDS_PACTS_ARTIFACT }}
path: ${{ env.WDS_PACTS_OUTPUT_DIR }}
retention-days: 1
publish-pacts-job:
runs-on: ubuntu-latest
needs: [ regulated-tag-job, init-github-context, run-consumer-contract-tests ]
strategy:
matrix:
pact_path: ${{ fromJson(needs.run-consumer-contract-tests.outputs.pact-paths) }}
steps:
- name: Download pact files from artifact
id: download-pacts
uses: actions/download-artifact@v4
with:
name: ${{ env.WDS_PACTS_ARTIFACT }}
path: ${{ env.WDS_PACTS_OUTPUT_DIR }}
- name: Encode pact as non-breaking base64 string
id: encode-pact
run: |
nonBreakingB64=$(cat "${{ matrix.pact_path }}" | base64 -w 0)
echo "pact-b64=${nonBreakingB64}" >> $GITHUB_OUTPUT
- name: Dispatch to terra-github-workflows
uses: broadinstitute/workflow-dispatch@v4
with:
run-name: '${{ env.PUBLISH_CONTRACT_RUN_NAME }}-${{ matrix.pact_path }}'
workflow: .github/workflows/publish-contracts.yaml
repo: broadinstitute/terra-github-workflows
ref: refs/heads/main
token: ${{ secrets.BROADBOT_TOKEN }} # github token for access to kick off a job in the private repo
inputs: '{
"run-name": "${{ env.PUBLISH_CONTRACT_RUN_NAME }}-${{ matrix.pact_path }}",
"pact-b64": "${{ steps.encode-pact.outputs.pact-b64 }}",
"repo-owner": "${{ github.repository_owner }}",
"repo-name": "${{ github.event.repository.name }}",
"repo-branch": "${{ needs.init-github-context.outputs.repo-branch }}",
"release-tag": "${{ needs.regulated-tag-job.outputs.new-tag }}"
}'
can-i-deploy: # The can-i-deploy job will run as a result of a PR. It reports the pact verification statuses on all deployed environments.
runs-on: ubuntu-latest
needs: [ run-consumer-contract-tests, regulated-tag-job ]
strategy:
matrix:
pacticipant-name: ["wds", "cwds"]
steps:
- name: Dispatch to terra-github-workflows
uses: broadinstitute/workflow-dispatch@v4
with:
run-name: "${{ env.CAN_I_DEPLOY_RUN_NAME }}-${{ matrix.pacticipant-name }}"
workflow: .github/workflows/can-i-deploy.yaml
repo: broadinstitute/terra-github-workflows
ref: refs/heads/main
token: ${{ secrets.BROADBOT_TOKEN }} # github token for access to kick off a job in the private repo
inputs: '{
"run-name": "${{ env.CAN_I_DEPLOY_RUN_NAME }}-${{ matrix.pacticipant-name }}",
"pacticipant": "${{ matrix.pacticipant-name }}",
"version": "${{ needs.regulated-tag-job.outputs.new-tag }}"
}'