Release to Live #58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Releases from sf-qa branch to Live production server. | |
| name: "Release to Live" | |
| permissions: {} | |
| concurrency: deploy-prod | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| release-level: | |
| description: "The level of release. This will bump the major.minor.patch version number accordingly." | |
| required: true | |
| default: "patch" | |
| type: choice | |
| options: | |
| - "patch" | |
| - "minor" | |
| - "major" | |
| skip-branch-update: | |
| description: "Skip updating the release branch, and just release the tip of the branch as it currently exists. This can be used to release a hotfix, provided you've already pushed it to the release branch. If this is set, the 'version from which to release' is ignored." | |
| required: true | |
| type: boolean | |
| default: false | |
| from-staging-version: | |
| description: "QA version from which to release (eg '123' or '234'). Leave blank for latest." | |
| required: false | |
| type: string | |
| default: "" | |
| jobs: | |
| determine_build_commit: | |
| name: "Determine commit from which to build" | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| build_commit: "${{ steps.get_commit.outputs.build_commit }}" | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: "0" | |
| - name: Use existing branch sf-live | |
| if: ${{ github.event.inputs.skip-branch-update == 'true' }} | |
| run: git checkout sf-live | |
| - name: Use latest branch sf-qa | |
| if: ${{ github.event.inputs.skip-branch-update == 'false' && github.event.inputs.from-staging-version == '' }} | |
| run: git checkout sf-qa | |
| - name: Use specific QA version | |
| if: ${{ github.event.inputs.skip-branch-update == 'false' && github.event.inputs.from-staging-version != '' }} | |
| env: | |
| FROM_STAGING_VERSION: ${{ github.event.inputs.from-staging-version }} | |
| run: | | |
| set -xueo pipefail | |
| git checkout "SF-QAv${FROM_STAGING_VERSION}" | |
| - name: Get commit | |
| id: get_commit | |
| run: | | |
| set -xueo pipefail | |
| build_commit="$(git rev-parse HEAD)" | |
| echo "build_commit=${build_commit}" >> $GITHUB_OUTPUT | |
| - name: Details on selected build commit | |
| env: | |
| BUILD_COMMIT: ${{ steps.get_commit.outputs.build_commit }} | |
| run: | | |
| set -u | |
| build_commit="${BUILD_COMMIT}" | |
| echo "Using build_commit: ${build_commit}" | |
| echo " " | |
| echo "git describe: $(git describe "${build_commit}")" | |
| echo " " | |
| echo "Commit details:" | |
| git show --stat "${build_commit}" | |
| echo " " | |
| echo "Commit and ancestors:" | |
| git log --graph --decorate=short --oneline --abbrev=9 --max-count 5 "${build_commit}" | |
| echo " " | |
| echo "Commit in context of other branches:" | |
| build_commit_abbrev="${build_commit:0:9}" | |
| git log --graph --decorate=short --oneline --abbrev=9 --max-count 100 origin/sf-live origin/sf-qa origin/master | grep "${build_commit_abbrev}" --context=7 | perl -p -e "s/${build_commit_abbrev}/${build_commit_abbrev} <--/" | |
| determine_version: | |
| name: "Determine version" | |
| needs: determine_build_commit | |
| uses: ./.github/workflows/compute-next-version.yml | |
| with: | |
| versioning-system: "production" | |
| release-level: ${{ github.event.inputs.release-level }} | |
| tag_prefix: "SFv" | |
| release_branch: "sf-live" | |
| deploy: | |
| name: "Deploy to Live" | |
| needs: [determine_build_commit, determine_version] | |
| permissions: | |
| contents: write | |
| uses: ./.github/workflows/release.yml | |
| secrets: | |
| deploy_known_hosts: ${{ secrets.deploy_known_hosts }} | |
| deploy_ssh_private_key: ${{ secrets.deploy_ssh_private_key }} | |
| deploy_server: ${{ secrets.deploy_server }} | |
| alternate_domain: ${{ secrets.alternate_domain }} | |
| paratext_client_id: ${{ secrets.paratext_client_id }} | |
| serval_client_id: ${{ secrets.serval_client_id }} | |
| auth_backend_secret: ${{ secrets.auth_backend_secret }} | |
| auth_webhook_password: ${{ secrets.auth_webhook_password }} | |
| auth_health_check_api_key: ${{ secrets.auth_health_check_api_key }} | |
| paratext_api_token: ${{ secrets.paratext_api_token }} | |
| paratext_resource_password_base64: ${{ secrets.paratext_resource_password_base64 }} | |
| paratext_resource_password_hash: ${{ secrets.paratext_resource_password_hash }} | |
| serval_client_secret: ${{ secrets.serval_client_secret }} | |
| serval_webhook_secret: ${{ secrets.serval_webhook_secret }} | |
| with: | |
| environment: "production" | |
| build_commit: "${{ needs.determine_build_commit.outputs.build_commit }}" | |
| release_branch: "sf-live" | |
| dotnet_version: "8.0.x" | |
| node_version: "22.13.0" | |
| npm_version: "10.9.2" | |
| # When bumping OS version, the server will need to authorize the new default rsync args. | |
| os: "ubuntu-22.04" | |
| angular_config: "production" | |
| app_name: "scriptureforge" | |
| app_suffix: "" | |
| version_number: "${{ needs.determine_version.outputs.next_version }}" | |
| vcs_tag_prefix: "SFv" | |
| node_options: "--max_old_space_size=4096" | |
| project: "SIL.XForge.Scripture" | |
| server_domain_name: "scriptureforge.org" |