perf(auth): make ory session check non-blocking #1270

Workflow file for this run

.github/workflows/publish.yaml at 044cf9f

	name: Release
	on:
	push:
	branches:
	- main
	jobs:
	semantic-release:
	runs-on: ubuntu-latest
	outputs:
	release-version: ${{ steps.semantic.outputs.release-version }}
	new-release-published: ${{ steps.semantic.outputs.new-release-published }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3
	with:
	egress-policy: audit

	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	with:
	token: ${{ secrets.FLANKBOT }}

	- uses: codfish/semantic-release-action@cbd853afe12037afb1306caca9d6b1ab6a58cf2a # v1.10.0
	id: semantic
	with:
	additional_packages: \|
	['@semantic-release/git']
	env:
	GITHUB_TOKEN: ${{ secrets.FLANKBOT }}

	docker:
	needs: semantic-release
	runs-on: ubuntu-latest
	if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3
	with:
	egress-policy: audit

	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0

	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY }}
	aws-secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
	aws-region: us-east-1

	- name: Login to Amazon ECR Public
	id: login-ecr-public
	uses: aws-actions/amazon-ecr-login@v2
	with:
	registry-type: public

	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}

	- name: Set up Docker Buildx # must be executed before a step that contains platforms
	uses: docker/setup-buildx-action@v3
	with:
	driver: cloud
	endpoint: flanksource/node

	- name: Build & Push Canary Checker UI to Docker Hub and ECR Public
	uses: docker/build-push-action@v6
	with:
	platforms: linux/amd64,linux/arm64
	push: true
	tags: \|
	flanksource/canary-checker-ui:latest
	flanksource/canary-checker-ui:v${{ needs.semantic-release.outputs.release-version }}
	${{ steps.login-ecr-public.outputs.registry }}/k4y9r6y5/canary-checker-ui:latest
	${{ steps.login-ecr-public.outputs.registry }}/k4y9r6y5/canary-checker-ui:v${{ needs.semantic-release.outputs.release-version }}
	build-args: \|
	APP_DEPLOYMENT=CANARY_CHECKER
	WITHOUT_AUTH=true

	- name: Build & Push Incident Manager UI to Docker Hub and ECR Public
	uses: docker/build-push-action@v6
	with:
	platforms: linux/amd64,linux/arm64
	push: true
	tags: \|
	flanksource/incident-manager-ui:latest
	flanksource/incident-manager-ui:v${{ needs.semantic-release.outputs.release-version }}
	${{ steps.login-ecr-public.outputs.registry }}/k4y9r6y5/incident-manager-ui:latest
	${{ steps.login-ecr-public.outputs.registry }}/k4y9r6y5/incident-manager-ui:v${{ needs.semantic-release.outputs.release-version }}
	build-args: \|
	APP_DEPLOYMENT=INCIDENT_MANAGER
	WITHOUT_AUTH=false

	helm:
	runs-on: ubuntu-latest
	needs: [semantic-release, docker]
	if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }}
	outputs:
	release-version: ${{ needs.semantic-release.outputs.release-version }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3
	with:
	egress-policy: audit

	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	- name: Update chart version
	uses: mikefarah/yq@7ccaf8e700ce99eb3f0f6cef7f5930a0b3c827cd # v4.49.2
	with:
	cmd: yq -i '.version = "${{ needs.semantic-release.outputs.release-version }}"' chart/Chart.yaml
	- name: Update app version
	uses: mikefarah/yq@7ccaf8e700ce99eb3f0f6cef7f5930a0b3c827cd # v4.49.2
	with:
	cmd: yq -i '.appVersion = "${{ needs.semantic-release.outputs.release-version }}"' chart/Chart.yaml
	- name: Update image tags
	uses: mikefarah/yq@7ccaf8e700ce99eb3f0f6cef7f5930a0b3c827cd # v4.49.2
	with:
	cmd: yq -i '.image.tag = "v${{ needs.semantic-release.outputs.release-version }}"' chart/values.yaml
	- name: Set up Helm
	uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
	- name: Package Helm chart
	run: \|
	helm package ./chart
	- name: Upload helm chart artifact
	uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
	with:
	name: helm-chart
	path: flanksource-ui-*.tgz

	push-helm-chart:
	needs: helm
	if: always() && needs.helm.result == 'success'
	uses: flanksource/action-workflows/.github/workflows/push-helm-chart.yml@4b41aaf6cf7727789c0d21cd0bc262e850ba543f # main
	with:
	filename_regex: "flanksource-ui-*.tgz"
	version: ${{ needs.helm.outputs.release-version }}
	pr_title: "Release ${{ needs.helm.outputs.release-version }} of ${{ github.repository }}"
	secrets:
	token: ${{ secrets.FLANKBOT }}

	update-canary-checker:
	runs-on: ubuntu-latest
	needs: [docker, push-helm-chart, semantic-release]
	if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3
	with:
	egress-policy: audit

	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	with:
	repository: "${{ github.repository_owner }}/canary-checker"
	token: ${{ secrets.FLANKBOT }}
	path: ./canary-checker
	- name: Install yq
	run: \|
	wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}.tar.gz -O - \|\
	tar xz && sudo mv ${BINARY} /usr/bin/yq
	env:
	VERSION: v4.25.1
	BINARY: yq_linux_amd64
	- name: Update flanksource-ui version in canary-checker
	run: \|
	cd canary-checker
	yq eval-all -i '(.dependencies[] \| select(.name == "flanksource-ui")) ref $d \| $d.version = "${{ needs.semantic-release.outputs.release-version }}"' chart/Chart.yaml
	- name: Create pull request
	uses: peter-evans/create-pull-request@v6
	with:
	commit-message: "chore: update flanksource-ui to ${{ needs.semantic-release.outputs.release-version }}"
	token: ${{ secrets.FLANKBOT }}
	title: "chore: update flanksource-ui to ${{ needs.semantic-release.outputs.release-version }}"
	branch: "update-flanksource-ui"
	path: ./canary-checker

	update-incident-commander:
	runs-on: ubuntu-latest
	needs: [docker, push-helm-chart, semantic-release]
	if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }}
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@446798f8213ac2e75931c1b0769676d927801858 # v2.10.3
	with:
	egress-policy: audit

	- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
	with:
	repository: "${{ github.repository_owner }}/incident-commander-chart"
	token: ${{ secrets.FLANKBOT }}
	path: ./incident-commander-chart
	- name: Install yq
	run: \|
	wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}.tar.gz -O - \|\
	tar xz && sudo mv ${BINARY} /usr/bin/yq
	env:
	VERSION: v4.25.1
	BINARY: yq_linux_amd64
	- name: Update flanksource-ui version in Incident-commander
	run: \|
	cd incident-commander-chart
	yq eval-all -i '(.dependencies[] \| select(.name == "flanksource-ui")) ref $d \| $d.version = "${{ needs.semantic-release.outputs.release-version }}"' chart/Chart.yaml
	- name: Push changes to chart repo
	uses: stefanzweifel/git-auto-commit-action@3ea6ae190baf489ba007f7c92608f33ce20ef04a # v4.16.0
	with:
	commit_message: "chore: update flanksource-ui chart dependency to ${{ needs.semantic-release.outputs.release-version }}"
	repository: ./incident-commander-chart

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

perf(auth): make ory session check non-blocking #1270

Workflow file

perf(auth): make ory session check non-blocking #1270

Uh oh!

Workflow file for this run