Merge pull request #3976 from RedisInsight/feature/RI-6213_Migrate_to_Github_actions

RI-6213 - Migrate production workflow from Circleci to GitHub actions

Author: egor-zalenski

.github/actions/install-all-build-libs/action.yml

@@ -39,11 +39,6 @@ runs:
         cache: ${{ runner.os != 'Windows' && 'yarn' || '' }}
         cache-dependency-path: ${{ runner.os != 'Windows' && '**/yarn.lock' || '' }}
 
-    # - run: echo "inputs.skip-electron-deps"
-    # - run: echo "${{inputs.skip-electron-deps}}"
-    # - run: echo "inputs.skip-backend-deps"
-    # - run: echo "${{inputs.skip-backend-deps}}"
-
     - name: Setup Python
       # if: ${{ contains(inputs.skip-electron-deps, '1') }}
       uses: actions/setup-python@v5

.github/actions/install-deps/action.yml

@@ -26,8 +26,8 @@ runs:
       #   SKIP_POSTINSTALL: ${{ inputs.skip-postinstall }}
       # run: yarn install
       run: |
-        export npm_config_keytar_binary_host_mirror=${{ inputs.keytar-host-mirror }}
-        export npm_config_node_sqlite3_binary_host_mirror=${{ inputs.sqlite3-host-mirror }}
+        # todo: uncomment after build our binaries
+        # export npm_config_keytar_binary_host_mirror=${{ inputs.keytar-host-mirror }}
+        # export npm_config_node_sqlite3_binary_host_mirror=${{ inputs.sqlite3-host-mirror }}
 
         yarn install
-        echo $SKIP_POSTINSTALL

.github/build/release-docker.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+set -e
+
+HELP="Args:
+-v - Semver (2.58.0)
+-d - Build image repository (Ex: -d redisinsight)
+-r - Target repository (Ex: -r redis/redisinsight)
+"
+
+while getopts "v:d:r:h:" opt; do
+  case $opt in
+    v) VERSION="$OPTARG";;
+    d) DEV_REPO="$OPTARG";;
+    r) RELEASE_REPO="$OPTARG";;
+    h) echo "$HELP"; exit 0;;
+    ?) echo "$HELP" >&2; exit 1 ;;
+  esac
+done
+
+V_ARR=( ${VERSION//./ } )
+TAGS[0]=$VERSION
+TAGS[1]="${V_ARR[0]}.${V_ARR[1]}"
+TAGS[2]="latest"
+
+DEV_IMAGE_AMD64=$DEV_REPO:amd64
+DEV_IMAGE_ARM64=$DEV_REPO:arm64
+RELEASE_IMAGE_AMD64=$RELEASE_REPO:$VERSION-amd64
+RELEASE_IMAGE_ARM64=$RELEASE_REPO:$VERSION-arm64
+
+echo "
+  TAGS: [${TAGS[0]}, ${TAGS[1]}, ${TAGS[2]}]
+  DEV_REPO: $DEV_REPO
+  RELEASE_REPO: $RELEASE_REPO
+
+  DEV_IMAGE_AMD64: $DEV_IMAGE_AMD64
+  DEV_IMAGE_ARM64: $DEV_IMAGE_ARM64
+
+  RELEASE_IMAGE_AMD64: $RELEASE_IMAGE_AMD64
+  RELEASE_IMAGE_ARM64: $RELEASE_IMAGE_ARM64
+"
+
+# Load images from tar archives
+docker rmi $DEV_IMAGE_AMD64 || true
+docker rmi $DEV_IMAGE_ARM64 || true
+docker load -i release/docker-linux-alpine.amd64.tar
+docker load -i release/docker-linux-alpine.arm64.tar
+
+echo "Push AMD64 image"
+docker tag $DEV_IMAGE_AMD64 $RELEASE_IMAGE_AMD64
+docker push $RELEASE_IMAGE_AMD64
+
+echo "Push ARM64 image"
+docker tag $DEV_IMAGE_ARM64 $RELEASE_IMAGE_ARM64
+docker push $RELEASE_IMAGE_ARM64
+
+for TAG in "${TAGS[@]}"; do
+    echo "Releasing: $RELEASE_REPO:$TAG"
+    docker manifest rm $RELEASE_REPO:$TAG || true
+    docker manifest create --amend "$RELEASE_REPO:$TAG" $RELEASE_IMAGE_AMD64 $RELEASE_IMAGE_ARM64
+    docker manifest push "$RELEASE_REPO:$TAG"
+done
+
+echo "Success"

.github/virustotal-report.js

@@ -0,0 +1,43 @@
+const fs = require('fs');
+
+const fileName = process.env.FILE_NAME;
+const buildName = process.env.BUILD_NAME;
+const failed = process.env.FAILED === 'true';
+
+const results = {
+  message: {
+    text: `*Virustotal checks* (Branch: *${process.env.GITHUB_REF_NAME}*)` +
+      `\n<https://github.com/RedisInsight/RedisInsight/actions/runs/${process.env.GITHUB_RUN_ID}|View on Github Actions>`,
+    attachments: [],
+  },
+};
+
+const result = {
+  color: '#36a64f',
+  title: `Finished at: ${new Date().toISOString()}`,
+  text: `All builds were passed via virustotal checks`,
+  fields: [],
+};
+
+if (failed) {
+  results.passed = false;
+  result.color = '#cc0000';
+  result.text = 'Build had failed virustotal checks';
+  result.fields.push({
+    title: 'Failed build',
+    value: buildName,
+    short: true,
+  });
+}
+
+results.message.attachments.push(result);
+
+if (failed === true) {
+  results.message.text = '<!here> ' + results.message.text;
+}
+
+
+fs.writeFileSync(fileName, JSON.stringify({
+  channel: process.env.SLACK_VIRUSTOTAL_REPORT_CHANNEL,
+  ...results.message,
+}));

.github/workflows/aws.yml

@@ -0,0 +1,190 @@
+name: AWS
+
+on:
+  workflow_call:
+
+env:
+  AWS_BUCKET_NAME: ${{ secrets.AWS_BUCKET_NAME }}
+  AWS_DISTRIBUTION_ID: ${{ secrets.AWS_DISTRIBUTION_ID }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+
+jobs:
+  release-private:
+    name: Release s3 private
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Download All Artifacts
+      uses: actions/download-artifact@v4
+      with:
+        path: ./release
+
+    - run: ls -R ./release
+
+    - name: Publish private
+      run: |
+
+        # Define array of folders to exclude
+        exclude=("web" "web-mini" "redisstack" "docker")
+
+        # Iterate through first-level directories in ./release
+        for dir in ./release/*/; do
+          dir_name=$(basename "$dir")
+
+          # Check if the directory is not in the exclude list
+          if [[ ! " ${exclude[@]} " =~ " ${dir_name} " ]]; then
+            # Move all files from the subdirectory to the release directory
+            mv "$dir"* ./release/
+
+            # Remove the now-empty subdirectory
+            rmdir "$dir"
+          fi
+        done
+
+        chmod +x .circleci/build/sum_sha256.sh
+        .circleci/build/sum_sha256.sh
+        applicationVersion=$(jq -r '.version' redisinsight/package.json)
+
+        aws s3 cp release/ s3://${AWS_BUCKET_NAME}/private/${applicationVersion} --recursive
+
+  release-public:
+    name: Release s3 public
+    runs-on: ubuntu-latest
+    needs: 'release-private'
+    environment: 'production-approve'
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Init variables
+      run: |
+        latestYmlFileName="latest.yml"
+        downloadLatestFolderPath="public/latest"
+        upgradeLatestFolderPath="public/upgrades"
+        releasesFolderPath="public/releases"
+        appName=$(jq -r '.productName' electron-builder.json)
+        appVersion=$(jq -r '.version' redisinsight/package.json)
+
+        echo "downloadLatestFolderPath=${downloadLatestFolderPath}" >> $GITHUB_ENV
+        echo "upgradeLatestFolderPath=${upgradeLatestFolderPath}" >> $GITHUB_ENV
+        echo "releasesFolderPath=${releasesFolderPath}" >> $GITHUB_ENV
+        echo "applicationName=${appName}" >> $GITHUB_ENV
+        echo "applicationVersion=${appVersion}" >> $GITHUB_ENV
+        echo "appFileName=Redis-Insight" >> $GITHUB_ENV
+
+        # download latest.yml file to get last public version
+        aws s3 cp s3://${AWS_BUCKET_NAME}/${downloadLatestFolderPath}/${latestYmlFileName} .
+
+        versionLine=$(head -1 ${latestYmlFileName})
+        versionLineArr=(${versionLine/:// })
+        previousAppVersion=${versionLineArr[1]}
+
+        echo "previousApplicationVersion=${previousAppVersion}" >> $GITHUB_ENV
+
+    - name: Publish AWS S3
+      run: |
+
+        # check if sub directories exists
+        if [[ -z "$downloadLatestFolderPath" || -z "$upgradeLatestFolderPath" ]]; then
+          exit 1;
+        fi
+        # remove previous build from the latest directory /public/latest
+        aws s3 rm s3://${AWS_BUCKET_NAME}/${downloadLatestFolderPath} --recursive
+
+        # remove previous build from the upgrade directory /public/upgrades
+        aws s3 rm s3://${AWS_BUCKET_NAME}/${upgradeLatestFolderPath} --recursive
+
+        # copy current version apps for download to /public/latest
+        aws s3 cp s3://${AWS_BUCKET_NAME}/private/${applicationVersion}/ \
+          s3://${AWS_BUCKET_NAME}/${downloadLatestFolderPath} --recursive  --exclude "*.zip"
+
+        # copy current version apps for upgrades to /public/upgrades
+        aws s3 cp s3://${AWS_BUCKET_NAME}/private/${applicationVersion}/ \
+          s3://${AWS_BUCKET_NAME}/${upgradeLatestFolderPath} --recursive
+
+        # !MOVE current version apps to releases folder /public/releases
+        aws s3 mv s3://${AWS_BUCKET_NAME}/private/${applicationVersion}/ \
+          s3://${AWS_BUCKET_NAME}/${releasesFolderPath}/${applicationVersion} --recursive
+
+        # invalidate cloudfront cash
+        aws cloudfront create-invalidation --distribution-id ${AWS_DISTRIBUTION_ID} --paths "/*"
+
+    - name: Add tags for all objects and create S3 metrics
+      run: |
+
+        # declare all tags
+        declare -A tag0=(
+          [arch]='x64'
+          [platform]='macos'
+          [objectDownload]=${appFileName}'-mac-x64.dmg'
+          [objectUpgrade]=${appFileName}'-mac-x64.zip'
+        )
+
+        declare -A tag1=(
+          [arch]='arm64'
+          [platform]='macos'
+          [objectDownload]=${appFileName}'-mac-arm64.dmg'
+          [objectUpgrade]=${appFileName}'-mac-arm64.zip'
+        )
+
+        declare -A tag2=(
+          [arch]='x64'
+          [platform]='windows'
+          [objectDownload]=${appFileName}'-win-installer.exe'
+        )
+
+        declare -A tag3=(
+          [arch]='x64'
+          [platform]='linux_AppImage'
+          [objectDownload]=${appFileName}'-linux-x86_64.AppImage'
+        )
+
+        declare -A tag4=(
+          [arch]='x64'
+          [platform]='linux_deb'
+          [objectDownload]=${appFileName}'-linux-amd64.deb'
+        )
+
+        declare -A tag5=(
+          [arch]='x64'
+          [platform]='linux_rpm'
+          [objectDownload]=${appFileName}'-linux-x86_64.rpm'
+        )
+
+        # loop for add all tags to each app and create metrics
+        declare -n tag
+        for tag in ${!tag@}; do
+
+          designation0="downloads"
+          designation1="upgrades"
+
+          id0="${tag[platform]}_${tag[arch]}_${designation0}_${applicationVersion}"
+          id1="${tag[platform]}_${tag[arch]}_${designation1}_${applicationVersion}"
+
+          # add tags to each app for download
+          aws s3api put-object-tagging \
+            --bucket ${AWS_BUCKET_NAME} \
+            --key ${downloadLatestFolderPath}/${tag[objectDownload]} \
+            --tagging '{"TagSet": [{ "Key": "version", "Value": "'"${applicationVersion}"'" }, {"Key": "platform", "Value": "'"${tag[platform]}"'"}, {"Key": "arch", "Value": "'"${tag[arch]}"'"}, { "Key": "designation", "Value": "'"${designation0}"'" }]}'
+
+          # add tags to each app for upgrades
+          aws s3api put-object-tagging \
+            --bucket ${AWS_BUCKET_NAME} \
+            --key ${upgradeLatestFolderPath}/${tag[objectUpgrade]:=${tag[objectDownload]}} \
+            --tagging '{"TagSet": [{ "Key": "version", "Value": "'"${applicationVersion}"'" }, {"Key": "platform", "Value": "'"${tag[platform]}"'"}, {"Key": "arch", "Value": "'"${tag[arch]}"'"}, { "Key": "designation", "Value": "'"${designation1}"'" }]}'
+
+          # Create metrics for all tags for downloads to S3
+          aws s3api put-bucket-metrics-configuration \
+            --bucket ${AWS_BUCKET_NAME} \
+            --id ${id0} \
+            --metrics-configuration '{"Id": "'"${id0}"'", "Filter": {"And": {"Tags": [{"Key": "platform", "Value": "'"${tag[platform]}"'"}, {"Key": "arch", "Value": "'"${tag[arch]}"'"}, {"Key": "designation", "Value": "'"${designation0}"'"}, {"Key": "version", "Value": "'"${applicationVersion}"'"} ]}}}'
+
+          # Create metrics for all tags for upgrades to S3
+          aws s3api put-bucket-metrics-configuration \
+            --bucket ${AWS_BUCKET_NAME} \
+            --id ${id1} \
+            --metrics-configuration '{"Id": "'"${id1}"'", "Filter": {"And": {"Tags": [{"Key": "platform", "Value": "'"${tag[platform]}"'"}, {"Key": "arch", "Value": "'"${tag[arch]}"'"}, {"Key": "designation", "Value": "'"${designation1}"'"}, {"Key": "version", "Value": "'"${applicationVersion}"'"}]}}}'
+
+        done