feat(changelog): WPB-16103 add changelog directory structure and scripts #2116
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: [master, develop] | |
| tags: [ v* ] | |
| paths-ignore: | |
| - '*.md' | |
| - '**/*.md' | |
| pull_request: | |
| branches: [master, develop] | |
| paths-ignore: | |
| - '*.md' | |
| - '**/*.md' | |
| jobs: | |
| offline: | |
| name: Prepare offline package | |
| # Useful to skip expensive CI when writing docs | |
| if: "!contains(github.event.head_commit.message, 'skip ci')" | |
| runs-on: | |
| group: wire-server-deploy | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| submodules: true | |
| - uses: cachix/install-nix-action@v27 | |
| - uses: cachix/cachix-action@v15 | |
| with: | |
| name: wire-server | |
| signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
| - name: Install nix environment | |
| run: nix-env -f default.nix -iA env | |
| - name: Get upload name | |
| id: upload_name | |
| run: | | |
| # FIXME: Tag with a nice release name using the github tag... | |
| # SOURCE_TAG=${GITHUB_REF#refs/tags/} | |
| echo ::set-output name=UPLOAD_NAME::$GITHUB_SHA | |
| # echo ::set-output name=UPLOAD_NAME::${SOURCE_TAG:-$GITHUB_SHA} | |
| # demo profile build | |
| - name: Process the demo profile build | |
| run: ./offline/demo-build/build.sh | |
| env: | |
| GPG_PRIVATE_KEY: '${{ secrets.GPG_PRIVATE_KEY }}' | |
| DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}' | |
| - name: Copy demo build assets tarball to S3 and clean up | |
| run: | | |
| # Upload tarball for each profile by specifying their OUTPUT_TAR path | |
| aws s3 cp offline/demo-build/output/assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-demo-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz | |
| echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-demo-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz" | |
| # remove the assets from the build to optimize the space on the server | |
| rm -rf offline/demo-build/output/* | |
| env: | |
| AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}' | |
| AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}' | |
| AWS_REGION: "eu-west-1" | |
| # min profile build | |
| - name: Process the min profile build | |
| run: ./offline/min-build/build.sh | |
| env: | |
| GPG_PRIVATE_KEY: '${{ secrets.GPG_PRIVATE_KEY }}' | |
| DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}' | |
| - name: Copy min build assets tarball to S3 | |
| run: | | |
| # Upload tarball for each profile by specifying their OUTPUT_TAR path | |
| aws s3 cp offline/min-build/output/assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-min-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz | |
| echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-min-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz" | |
| # remove the archives from the build to optimize the space on the server | |
| rm -rf offline/min-build/output/* | |
| env: | |
| AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}' | |
| AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}' | |
| AWS_REGION: "eu-west-1" | |
| # deafult profile build | |
| - name: Process the default profile build | |
| run: ./offline/default-build/build.sh | |
| env: | |
| GPG_PRIVATE_KEY: '${{ secrets.GPG_PRIVATE_KEY }}' | |
| DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}' | |
| - name: Copy default build assets tarball to S3 and clean up | |
| run: | | |
| # Upload tarball for each profile by specifying their OUTPUT_TAR path | |
| aws s3 cp offline/default-build/output/assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz | |
| echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz" | |
| # removing everything except assets.tgz as it is not required anymore in the further builds | |
| find offline/default-build/output/ -mindepth 1 -maxdepth 1 ! -name 'assets.tgz' -exec rm -r {} + | |
| env: | |
| AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}' | |
| AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}' | |
| AWS_REGION: "eu-west-1" | |
| - name: Build and upload wire-server-deploy container | |
| run: | | |
| container_image=$(nix-build --no-out-link -A container) | |
| skopeo copy --retry-times 10 --dest-creds "$DOCKER_LOGIN" \ | |
| docker-archive:"$container_image" \ | |
| "docker://quay.io/wire/wire-server-deploy:${{ steps.upload_name.outputs.UPLOAD_NAME }}" | |
| env: | |
| DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}' | |
| - name: Install terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: "^1.3.7" | |
| terraform_wrapper: false | |
| - name: Deploy offline environment to hetzner | |
| run: | | |
| ./offline/cd.sh | |
| env: | |
| HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}' | |
| - name: Clean up hetzner environment; just in case | |
| if: always() | |
| run: (cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform init && terraform destroy -auto-approve) | |
| env: | |
| HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}' |