v0.36.3 #248
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Demo Production | |
on: | |
workflow_dispatch: | |
release: | |
types: [published] | |
permissions: | |
id-token: write # This is required for requesting the OIDC JWT for authing with Azure | |
contents: read # This is required for actions/checkout | |
jobs: | |
build: | |
if: ${{ github.repository == 'primer/view_components' }} | |
runs-on: ubuntu-latest | |
environment: production | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: '3.3' | |
bundler-cache: true | |
working-directory: 'demo/' | |
- name: Docker login | |
env: | |
AZURE_ACR_PASSWORD: ${{ secrets.AZURE_ACR_PASSWORD }} | |
run: echo $AZURE_ACR_PASSWORD | docker login primer.azurecr.io --username GitHubActions --password-stdin | |
- uses: Azure/login@v2 | |
with: | |
# excluding a client secret here will cause a login via OpenID Connect (OIDC), | |
# which prevents us from having to rotate client credentials, etc | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Purge tags | |
run: | | |
# only delete tags that aren't "latest" or "latest-assets" | |
CMD=$(cat <<CMD | |
acr purge --filter 'primer/view_components_storybook:^(?!latest(-assets)?$).*' --ago 0d --keep 20 | |
CMD | |
) | |
az acr run --cmd "$CMD" --registry primer /dev/null | |
- name: Bundle | |
run: | | |
gem install bundler -v '~> 2.3' | |
bundle install --jobs 4 --retry 3 --gemfile demo/gemfiles/kuby.gemfile --path vendor/bundle | |
- name: Pull latest | |
run: | | |
docker pull primer.azurecr.io/primer/view_components_storybook:latest || true | |
docker pull primer.azurecr.io/primer/view_components_storybook:latest-assets || true | |
- name: Build | |
env: | |
RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }} | |
run: | | |
bin/kuby -e production build --only app -- --cache-from primer.azurecr.io/primer/view_components_storybook:latest | |
bin/kuby -e production build --only assets -- --cache-from primer.azurecr.io/primer/view_components_storybook:latest-assets | |
- name: Push | |
run: bin/kuby -e production push | |
deploy: | |
runs-on: ubuntu-latest | |
environment: production | |
needs: build | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: '3.3' | |
bundler-cache: true | |
- uses: actions/[email protected] | |
with: | |
path: demo/gemfiles/vendor/bundle | |
key: gems-build-kuby-main-ruby-3.3.x-${{ hashFiles('demo/gemfiles/kuby.gemfile.lock') }} | |
- name: Bundle | |
run: | | |
gem install bundler -v '~> 2.3' | |
bundle install --jobs 4 --retry 3 --gemfile demo/gemfiles/kuby.gemfile --path vendor/bundle | |
- uses: Azure/login@v2 | |
with: | |
# excluding a client secret here will cause a login via OpenID Connect (OIDC), | |
# which prevents us from having to rotate client credentials, etc | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Deploy | |
env: | |
RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }} | |
AZURE_ACR_PASSWORD: ${{ secrets.AZURE_ACR_PASSWORD }} | |
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} | |
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} | |
run: | | |
export AZURE_ACCESS_TOKEN=$(az account get-access-token --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} | jq -r .accessToken) | |
bin/kuby -e production deploy |