web-xforge/.github/workflows/release-live.yml at 05b66efadc003fe549501788e1f274db19d3ea4a · sillsdev/web-xforge · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# Releases from sf-qa branch to Live production server.
name: "Release to Live"
permissions: {}

concurrency: deploy-prod

on:
  workflow_dispatch:
    inputs:
      release-level:
        description: "The level of release. This will bump the major.minor.patch version number accordingly."
        required: true
        default: "patch"
        type: choice
        options:
          - "patch"
          - "minor"
          - "major"
      skip-branch-update:
        description: "Skip updating the release branch, and just release the tip of the branch as it currently exists. This can be used to release a hotfix, provided you've already pushed it to the release branch. If this is set, the 'version from which to release' is ignored."
        required: true
        type: boolean
        default: false
      from-staging-version:
        description: "QA version from which to release (eg '123' or '234'). Leave blank for latest."
        required: false
        type: string
        default: ""

jobs:
  determine_build_commit:
    name: "Determine commit from which to build"
    runs-on: ubuntu-22.04
    outputs:
      build_commit: "${{ steps.get_commit.outputs.build_commit }}"
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          persist-credentials: false
          fetch-depth: "0"
      - name: Use existing branch sf-live
        if: ${{ github.event.inputs.skip-branch-update == 'true' }}
        run: git checkout sf-live
      - name: Use latest branch sf-qa
        if: ${{ github.event.inputs.skip-branch-update == 'false' && github.event.inputs.from-staging-version == '' }}
        run: git checkout sf-qa
      - name: Use specific QA version
        if: ${{ github.event.inputs.skip-branch-update == 'false' && github.event.inputs.from-staging-version != '' }}
        env:
          FROM_STAGING_VERSION: ${{ github.event.inputs.from-staging-version }}
        run: |
          set -xueo pipefail
          git checkout "SF-QAv${FROM_STAGING_VERSION}"
      - name: Get commit
        id: get_commit
        run: |
          set -xueo pipefail
          build_commit="$(git rev-parse HEAD)"
          echo "build_commit=${build_commit}" >> $GITHUB_OUTPUT
      - name: Details on selected build commit
        env:
          BUILD_COMMIT: ${{ steps.get_commit.outputs.build_commit }}
        run: |
          set -u
          build_commit="${BUILD_COMMIT}"
          echo "Using build_commit: ${build_commit}"
          echo " "
          echo "git describe: $(git describe "${build_commit}")"
          echo " "
          echo "Commit details:"
          git show --stat "${build_commit}"
          echo " "
          echo "Commit and ancestors:"
          git log --graph --decorate=short --oneline --abbrev=9 --max-count 5 "${build_commit}"
          echo " "
          echo "Commit in context of other branches:"
          build_commit_abbrev="${build_commit:0:9}"
          git log --graph --decorate=short --oneline --abbrev=9 --max-count 100 origin/sf-live origin/sf-qa origin/master | grep "${build_commit_abbrev}" --context=7 | perl -p -e "s/${build_commit_abbrev}/${build_commit_abbrev} <--/"

  determine_version:
    name: "Determine version"
    needs: determine_build_commit
    uses: ./.github/workflows/compute-next-version.yml
    with:
      versioning-system: "production"
      release-level: ${{ github.event.inputs.release-level }}
      tag_prefix: "SFv"
      release_branch: "sf-live"

  deploy:
    name: "Deploy to Live"
    needs: [determine_build_commit, determine_version]
    permissions:
      contents: write
    uses: ./.github/workflows/release.yml
    secrets:
      deploy_known_hosts: ${{ secrets.deploy_known_hosts }}
      deploy_ssh_private_key: ${{ secrets.deploy_ssh_private_key }}
      deploy_server: ${{ secrets.deploy_server }}
      alternate_domain: ${{ secrets.alternate_domain }}
      paratext_client_id: ${{ secrets.paratext_client_id }}
      serval_client_id: ${{ secrets.serval_client_id }}
      auth_backend_secret: ${{ secrets.auth_backend_secret }}
      auth_webhook_password: ${{ secrets.auth_webhook_password }}
      auth_health_check_api_key: ${{ secrets.auth_health_check_api_key }}
      paratext_api_token: ${{ secrets.paratext_api_token }}
      paratext_resource_password_base64: ${{ secrets.paratext_resource_password_base64 }}
      paratext_resource_password_hash: ${{ secrets.paratext_resource_password_hash }}
      serval_client_secret: ${{ secrets.serval_client_secret }}
      serval_webhook_secret: ${{ secrets.serval_webhook_secret }}
    with:
      environment: "production"
      build_commit: "${{ needs.determine_build_commit.outputs.build_commit }}"
      release_branch: "sf-live"

      dotnet_version: "8.0.x"
      node_version: "22.13.0"
      npm_version: "10.9.2"
      # When bumping OS version, the server will need to authorize the new default rsync args.
      os: "ubuntu-22.04"

      angular_config: "production"
      app_name: "scriptureforge"
      app_suffix: ""
      version_number: "${{ needs.determine_version.outputs.next_version }}"
      vcs_tag_prefix: "SFv"
      node_options: "--max_old_space_size=4096"
      project: "SIL.XForge.Scripture"
      server_domain_name: "scriptureforge.org"