tycho-indexer/.github/workflows/v2-main-workflow.yaml at main · propeller-heads/tycho-indexer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
name: Main workflow

on:
  push:
    branches:
      - main

jobs:
  check-release:
    uses: propeller-heads/ci-cd-templates/.github/workflows/release-v2.yaml@main
    with:
      args: --dry-run --no-ci
    permissions:
      contents: write # to be able to publish a GitHub release
      issues: write # to be able to comment on released issues
      pull-requests: write # to be able to comment on released pull requests
      id-token: write # to enable use of OIDC for npm provenance
    secrets:
      app_id: ${{ secrets.APP_ID }}
      app_private_key: ${{ secrets.APP_PRIVATE_KEY }}

  release:
    needs:
      - check-release
    if: needs.check-release.outputs.verify_release_version != ''
    uses: propeller-heads/ci-cd-templates/.github/workflows/release-v2.yaml@main
    permissions:
      contents: write # to be able to publish a GitHub release
      issues: write # to be able to comment on released issues
      pull-requests: write # to be able to comment on released pull requests
      id-token: write # to enable use of OIDC for npm provenance
    secrets:
      app_id: ${{ secrets.APP_ID }}
      app_private_key: ${{ secrets.APP_PRIVATE_KEY }}

  build-and-push:
    needs:
      - release
    uses: propeller-heads/ci-cd-templates/.github/workflows/build-and-push-docker-image.yaml@main
    permissions:
      id-token: write
      contents: read
    with:
      image_tag: ${{ needs.release.outputs.next_release_version }}
      image_name: tycho-indexer
    secrets:
      app_id: ${{ secrets.APP_ID }}
      app_private_key: ${{ secrets.APP_PRIVATE_KEY }}
      role_to_assume: ${{ secrets.ROLE_TO_ASSUME }}
      aws_region: ${{ secrets.AWS_REGION }}
      repository_url: ${{ secrets.REPOSITORY_URL }}
      domain_owner: ${{ secrets.DOMAIN_OWNER }}

  promote-to-dev:
    needs:
      - release
      - build-and-push
    uses: propeller-heads/ci-cd-templates/.github/workflows/promote-to-dev.yaml@main
    with:
      image_tag: ${{ needs.release.outputs.next_release_version }}
      image_name: tycho-indexer
    permissions:
      id-token: write
      contents: read
    secrets:
      app_id: ${{ secrets.APP_ID }}
      app_private_key: ${{ secrets.APP_PRIVATE_KEY }}