Merge branch 'main' into sc-6979-create-telluric-system-groups #7180
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This file was automatically generated by sbt-github-actions using the | |
# githubWorkflowGenerate task. You should add and commit this file to | |
# your git repository. It goes without saying that you shouldn't edit | |
# this file by hand! Instead, if you wish to make changes, you should | |
# change your sbt build configuration to revise the workflow description | |
# to meet your needs, then regenerate this file. | |
name: Continuous Integration | |
on: | |
pull_request: | |
branches: ['**', '!update/**', '!pr/**'] | |
push: | |
branches: ['**', '!update/**', '!pr/**'] | |
tags: [v*] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
HEROKU_API_KEY: ${{ secrets.HEROKU_API_KEY }} | |
concurrency: | |
group: ${{ github.workflow }} @ ${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
name: Test | |
strategy: | |
matrix: | |
os: [ubuntu-22.04] | |
scala: [3] | |
java: [temurin@17] | |
shard: [0, 1, 2, 3, 4, 5, 6, 7] | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 60 | |
steps: | |
- name: Checkout current branch (full) | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
lfs: true | |
- name: Setup sbt | |
uses: sbt/setup-sbt@v1 | |
- name: Setup Java (temurin@17) | |
id: setup-java-temurin-17 | |
if: matrix.java == 'temurin@17' | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: sbt | |
- name: sbt update | |
if: matrix.java == 'temurin@17' && steps.setup-java-temurin-17.outputs.cache-hit == 'false' | |
run: sbt -v -J-Xmx6g +update | |
- name: Set up cert permissions (1) | |
run: chmod 600 test-cert/server.key | |
- name: Set up cert permissions (2) | |
run: sudo chown 999 test-cert/server.key | |
- name: Docker compose up | |
run: docker compose up -d | |
- name: Validate Migrations | |
if: github.event_name == 'pull_request' && matrix.shard == '1' | |
uses: gemini-hlsw/migration-validator-action@main | |
with: | |
path: modules/service/src/main/resources/db/migration/ | |
- name: Validate ODB GraphQL schema changes | |
if: github.event_name == 'pull_request' && matrix.shard == '1' | |
uses: kamilkisiela/graphql-inspector@master | |
with: | |
name: Validate ODB Public API | |
schema: 'main:modules/schema/src/main/resources/lucuma/odb/graphql/OdbSchema.graphql' | |
approve-label: expected-breaking-change | |
- name: Validate ITC GraphQL schema changes | |
if: github.event_name == 'pull_request' && matrix.shard == '2' | |
uses: kamilkisiela/graphql-inspector@master | |
with: | |
name: Validate ITC Public API | |
schema: 'main:itc/service/src/main/resources/graphql/itc.graphql' | |
approve-label: expected-breaking-change | |
- name: Check that workflows are up to date | |
run: sbt -v -J-Xmx6g githubWorkflowCheck | |
- name: Check headers and formatting | |
if: matrix.java == 'temurin@17' && matrix.os == 'ubuntu-22.04' && matrix.shard == '0' | |
run: sbt -v -J-Xmx6g '++ ${{ matrix.scala }}' headerCheckAll scalafmtCheckAll 'project /' scalafmtSbtCheck lucumaScalafmtCheck lucumaScalafixCheck | |
- name: Check scalafix lints | |
if: matrix.java == 'temurin@17' && matrix.os == 'ubuntu-22.04' && matrix.shard == '0' | |
run: sbt -v -J-Xmx6g '++ ${{ matrix.scala }}' 'scalafixAll --check' | |
- name: Test | |
env: | |
TEST_SHARD_COUNT: 8 | |
TEST_SHARD: ${{ matrix.shard }} | |
run: sbt -v -J-Xmx6g '++ ${{ matrix.scala }}' test | |
- name: Check binary compatibility | |
if: matrix.java == 'temurin@17' && matrix.os == 'ubuntu-22.04' && matrix.shard == '0' | |
run: sbt -v -J-Xmx6g '++ ${{ matrix.scala }}' mimaReportBinaryIssues | |
- name: Generate API documentation | |
if: matrix.java == 'temurin@17' && matrix.os == 'ubuntu-22.04' && matrix.shard == '0' | |
run: sbt -v -J-Xmx6g '++ ${{ matrix.scala }}' doc | |
- name: Aggregate coverage reports | |
run: sbt -v -J-Xmx6g '++ ${{ matrix.scala }}' coverageReport coverageAggregate | |
- name: Upload code coverage data | |
uses: codecov/codecov-action@v4 | |
- name: Docker compose down | |
run: docker compose down | |
publish: | |
name: Publish Artifacts | |
needs: [build] | |
if: github.event_name != 'pull_request' && (startsWith(github.ref, 'refs/tags/v')) | |
strategy: | |
matrix: | |
os: [ubuntu-22.04] | |
java: [temurin@17] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout current branch (full) | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
lfs: true | |
- name: Setup sbt | |
uses: sbt/setup-sbt@v1 | |
- name: Setup Java (temurin@17) | |
id: setup-java-temurin-17 | |
if: matrix.java == 'temurin@17' | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: sbt | |
- name: sbt update | |
if: matrix.java == 'temurin@17' && steps.setup-java-temurin-17.outputs.cache-hit == 'false' | |
run: sbt -v -J-Xmx6g +update | |
- name: Import signing key | |
if: env.PGP_SECRET != '' && env.PGP_PASSPHRASE == '' | |
env: | |
PGP_SECRET: ${{ secrets.PGP_SECRET }} | |
PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }} | |
run: echo $PGP_SECRET | base64 -d -i - | gpg --import | |
- name: Import signing key and strip passphrase | |
if: env.PGP_SECRET != '' && env.PGP_PASSPHRASE != '' | |
env: | |
PGP_SECRET: ${{ secrets.PGP_SECRET }} | |
PGP_PASSPHRASE: ${{ secrets.PGP_PASSPHRASE }} | |
run: | | |
echo "$PGP_SECRET" | base64 -d -i - > /tmp/signing-key.gpg | |
echo "$PGP_PASSPHRASE" | gpg --pinentry-mode loopback --passphrase-fd 0 --import /tmp/signing-key.gpg | |
(echo "$PGP_PASSPHRASE"; echo; echo) | gpg --command-fd 0 --pinentry-mode loopback --change-passphrase $(gpg --list-secret-keys --with-colons 2> /dev/null | grep '^sec:' | cut --delimiter ':' --fields 5 | tail -n 1) | |
- name: Publish | |
env: | |
SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} | |
SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} | |
SONATYPE_CREDENTIAL_HOST: ${{ secrets.SONATYPE_CREDENTIAL_HOST }} | |
run: sbt -v -J-Xmx6g tlCiRelease | |
deploy: | |
name: Build and publish Docker images / Deploy to Heroku | |
if: (github.ref == 'refs/heads/main' && startsWith(github.repository, 'gemini')) | |
strategy: | |
matrix: | |
os: [ubuntu-22.04] | |
scala: [3.7.3] | |
java: [temurin@17] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout current branch (full) | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
lfs: true | |
- name: Setup sbt | |
uses: sbt/setup-sbt@v1 | |
- name: Setup Java (temurin@17) | |
id: setup-java-temurin-17 | |
if: matrix.java == 'temurin@17' | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: 17 | |
cache: sbt | |
- name: sbt update | |
if: matrix.java == 'temurin@17' && steps.setup-java-temurin-17.outputs.cache-hit == 'false' | |
run: sbt -v -J-Xmx6g +update | |
- name: Build Docker images | |
run: 'sbt -v -J-Xmx6g ''++ ${{ matrix.scala }}'' clean ssoService/docker:publishLocal itcService/docker:publishLocal service/docker:publishLocal obscalc/docker:publishLocal calibrations/docker:publishLocal' | |
- name: Push Docker images to Heroku | |
run: | | |
npm install -g heroku | |
heroku container:login | |
docker tag noirlab/lucuma-sso-service registry.heroku.com/${{ vars.HEROKU_SSO_APP_NAME || 'lucuma-sso' }}-dev/web:${{ github.sha }} | |
docker push registry.heroku.com/${{ vars.HEROKU_SSO_APP_NAME || 'lucuma-sso' }}-dev/web:${{ github.sha }} | |
docker tag noirlab/lucuma-sso-service registry.heroku.com/${{ vars.HEROKU_SSO_APP_NAME || 'lucuma-sso' }}-staging/web:${{ github.sha }} | |
docker push registry.heroku.com/${{ vars.HEROKU_SSO_APP_NAME || 'lucuma-sso' }}-staging/web:${{ github.sha }} | |
docker tag noirlab/lucuma-sso-service registry.heroku.com/${{ vars.HEROKU_SSO_APP_NAME || 'lucuma-sso' }}-production/web:${{ github.sha }} | |
docker push registry.heroku.com/${{ vars.HEROKU_SSO_APP_NAME || 'lucuma-sso' }}-production/web:${{ github.sha }} | |
docker tag noirlab/lucuma-sso-service registry.heroku.com/${{ vars.HEROKU_SSO_APP_NAME || 'lucuma-sso' }}-dev/web | |
docker push registry.heroku.com/${{ vars.HEROKU_SSO_APP_NAME || 'lucuma-sso' }}-dev/web | |
docker tag noirlab/lucuma-itc-service registry.heroku.com/${{ vars.HEROKU_ITC_APP_NAME || 'itc' }}-dev/web:${{ github.sha }} | |
docker push registry.heroku.com/${{ vars.HEROKU_ITC_APP_NAME || 'itc' }}-dev/web:${{ github.sha }} | |
docker tag noirlab/lucuma-itc-service registry.heroku.com/${{ vars.HEROKU_ITC_APP_NAME || 'itc' }}-staging/web:${{ github.sha }} | |
docker push registry.heroku.com/${{ vars.HEROKU_ITC_APP_NAME || 'itc' }}-staging/web:${{ github.sha }} | |
docker tag noirlab/lucuma-itc-service registry.heroku.com/${{ vars.HEROKU_ITC_APP_NAME || 'itc' }}-production/web:${{ github.sha }} | |
docker push registry.heroku.com/${{ vars.HEROKU_ITC_APP_NAME || 'itc' }}-production/web:${{ github.sha }} | |
docker tag noirlab/lucuma-itc-service registry.heroku.com/${{ vars.HEROKU_ITC_APP_NAME || 'itc' }}-dev/web | |
docker push registry.heroku.com/${{ vars.HEROKU_ITC_APP_NAME || 'itc' }}-dev/web | |
docker tag noirlab/lucuma-odb-service registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-dev/web:${{ github.sha }} | |
docker push registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-dev/web:${{ github.sha }} | |
docker tag noirlab/lucuma-odb-service registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-staging/web:${{ github.sha }} | |
docker push registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-staging/web:${{ github.sha }} | |
docker tag noirlab/lucuma-odb-service registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-production/web:${{ github.sha }} | |
docker push registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-production/web:${{ github.sha }} | |
docker tag noirlab/lucuma-odb-service registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-dev/web | |
docker push registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-dev/web | |
docker tag noirlab/obscalc-service registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-dev/obscalc:${{ github.sha }} | |
docker push registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-dev/obscalc:${{ github.sha }} | |
docker tag noirlab/obscalc-service registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-staging/obscalc:${{ github.sha }} | |
docker push registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-staging/obscalc:${{ github.sha }} | |
docker tag noirlab/obscalc-service registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-production/obscalc:${{ github.sha }} | |
docker push registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-production/obscalc:${{ github.sha }} | |
docker tag noirlab/obscalc-service registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-dev/obscalc | |
docker push registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-dev/obscalc | |
docker tag noirlab/calibrations-service registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-dev/calibration:${{ github.sha }} | |
docker push registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-dev/calibration:${{ github.sha }} | |
docker tag noirlab/calibrations-service registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-staging/calibration:${{ github.sha }} | |
docker push registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-staging/calibration:${{ github.sha }} | |
docker tag noirlab/calibrations-service registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-production/calibration:${{ github.sha }} | |
docker push registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-production/calibration:${{ github.sha }} | |
docker tag noirlab/calibrations-service registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-dev/calibration | |
docker push registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-dev/calibration | |
- name: Release dev app in Heroku | |
run: | | |
heroku container:release web -a ${{ vars.HEROKU_SSO_APP_NAME || 'lucuma-sso' }}-dev -v | |
heroku container:release web -a ${{ vars.HEROKU_ITC_APP_NAME || 'itc' }}-dev -v | |
heroku container:release web obscalc calibration -a ${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-dev -v | |
- name: Get Docker image SHA | |
run: | | |
echo "DOCKER_IMAGE_SHA_SSO_WEB=$(docker inspect registry.heroku.com/${{ vars.HEROKU_SSO_APP_NAME || 'lucuma-sso' }}-dev/web:${{ github.sha }} --format={{.Id}})" >> $GITHUB_ENV | |
echo "DOCKER_IMAGE_SHA_ITC_WEB=$(docker inspect registry.heroku.com/${{ vars.HEROKU_ITC_APP_NAME || 'itc' }}-dev/web:${{ github.sha }} --format={{.Id}})" >> $GITHUB_ENV | |
echo "DOCKER_IMAGE_SHA_ODB_WEB=$(docker inspect registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-dev/web:${{ github.sha }} --format={{.Id}})" >> $GITHUB_ENV | |
echo "DOCKER_IMAGE_SHA_ODB_OBSCALC=$(docker inspect registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-dev/obscalc:${{ github.sha }} --format={{.Id}})" >> $GITHUB_ENV | |
echo "DOCKER_IMAGE_SHA_ODB_CALIBRATION=$(docker inspect registry.heroku.com/${{ vars.HEROKU_ODB_APP_NAME || 'lucuma-postgres-odb' }}-dev/calibration:${{ github.sha }} --format={{.Id}})" >> $GITHUB_ENV | |
- name: Record deployment in GHA | |
run: | | |
echo "Recording deployment ${{ github.sha }} for SSO to ${{ github.repository }}" | |
curl -s -X POST https://api.github.com/repos/${{ github.repository }}/deployments -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/vnd.github+json" -d '{ "ref": "${{ github.sha }}", "environment": "development", "description": "SSO deployment to dev", "auto_merge": false, "required_contexts": [], "task": "deploy:SSO", "payload": { "docker_image_shas": { "web": "${{ env.DOCKER_IMAGE_SHA_SSO_WEB }}" } } }' | |
echo "Recording deployment ${{ github.sha }} for ITC to ${{ github.repository }}" | |
curl -s -X POST https://api.github.com/repos/${{ github.repository }}/deployments -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/vnd.github+json" -d '{ "ref": "${{ github.sha }}", "environment": "development", "description": "ITC deployment to dev", "auto_merge": false, "required_contexts": [], "task": "deploy:ITC", "payload": { "docker_image_shas": { "web": "${{ env.DOCKER_IMAGE_SHA_ITC_WEB }}" } } }' | |
echo "Recording deployment ${{ github.sha }} for ODB to ${{ github.repository }}" | |
curl -s -X POST https://api.github.com/repos/${{ github.repository }}/deployments -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/vnd.github+json" -d '{ "ref": "${{ github.sha }}", "environment": "development", "description": "ODB deployment to dev", "auto_merge": false, "required_contexts": [], "task": "deploy:ODB", "payload": { "docker_image_shas": { "web": "${{ env.DOCKER_IMAGE_SHA_ODB_WEB }}", "obscalc": "${{ env.DOCKER_IMAGE_SHA_ODB_OBSCALC }}", "calibration": "${{ env.DOCKER_IMAGE_SHA_ODB_CALIBRATION }}" } } }' |