-
Notifications
You must be signed in to change notification settings - Fork 44
142 lines (128 loc) · 6.34 KB
/
offline.yml
File metadata and controls
142 lines (128 loc) · 6.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
on:
push:
branches: [master, develop]
tags: [ v* ]
paths-ignore:
- '*.md'
- '**/*.md'
pull_request:
branches: [master, develop]
paths-ignore:
- '*.md'
- '**/*.md'
jobs:
offline:
name: Prepare offline package
# Useful to skip expensive CI when writing docs
if: "!contains(github.event.head_commit.message, 'skip ci')"
runs-on:
group: wire-server-deploy
steps:
- uses: actions/checkout@v2
with:
submodules: true
- uses: cachix/install-nix-action@v27
- uses: cachix/cachix-action@v15
with:
name: wire-server
signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}"
- name: Install nix environment
run: nix-env -f default.nix -iA env
- name: Get upload name
id: upload_name
run: |
# FIXME: Tag with a nice release name using the github tag...
# SOURCE_TAG=${GITHUB_REF#refs/tags/}
echo ::set-output name=UPLOAD_NAME::$GITHUB_SHA
# echo ::set-output name=UPLOAD_NAME::${SOURCE_TAG:-$GITHUB_SHA}
# deafult profile build
- name: Process the default profile build
run: ./offline/default-build/build.sh
env:
GPG_PRIVATE_KEY: '${{ secrets.GPG_PRIVATE_KEY }}'
DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}'
- name: Copy default build assets tarball to S3 and clean up
run: |
# Upload tarball for each profile by specifying their OUTPUT_TAR path
aws s3 cp offline/default-build/output/assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz
echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz"
# removing everything except assets.tgz as it is not required anymore in the further builds
find offline/default-build/output/ -mindepth 1 -maxdepth 1 ! -name 'assets.tgz' -exec rm -r {} +
env:
AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}'
AWS_REGION: "eu-west-1"
# demo profile build
- name: Process the demo profile build
run: ./offline/demo-build/build.sh
env:
GPG_PRIVATE_KEY: '${{ secrets.GPG_PRIVATE_KEY }}'
DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}'
- name: Copy demo build assets tarball to S3 and clean up
run: |
# Upload tarball for each profile by specifying their OUTPUT_TAR path
aws s3 cp offline/demo-build/output/assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-demo-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz
echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-demo-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz"
# remove the assets from the build to optimize the space on the server
rm -rf offline/demo-build/output/*
env:
AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}'
AWS_REGION: "eu-west-1"
# min profile build
- name: Process the min profile build
run: ./offline/min-build/build.sh
env:
GPG_PRIVATE_KEY: '${{ secrets.GPG_PRIVATE_KEY }}'
DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}'
- name: Copy min build assets tarball to S3
run: |
# Upload tarball for each profile by specifying their OUTPUT_TAR path
aws s3 cp offline/min-build/output/assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-min-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz
echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-min-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz"
# remove the archives from the build to optimize the space on the server
rm -rf offline/min-build/output/*
env:
AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}'
AWS_REGION: "eu-west-1"
# deafult profile build
- name: Process the default profile build
run: ./offline/default-build/build.sh
env:
GPG_PRIVATE_KEY: '${{ secrets.GPG_PRIVATE_KEY }}'
DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}'
- name: Copy default build assets tarball to S3 and clean up
run: |
# Upload tarball for each profile by specifying their OUTPUT_TAR path
aws s3 cp offline/default-build/output/assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz
echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz"
# removing everything except assets.tgz as it is not required anymore in the further builds
find offline/default-build/output/ -mindepth 1 -maxdepth 1 ! -name 'assets.tgz' -exec rm -r {} +
env:
AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}'
AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}'
AWS_REGION: "eu-west-1"
- name: Build and upload wire-server-deploy container
run: |
container_image=$(nix-build --no-out-link -A container)
skopeo copy --retry-times 10 --dest-creds "$DOCKER_LOGIN" \
docker-archive:"$container_image" \
"docker://quay.io/wire/wire-server-deploy:${{ steps.upload_name.outputs.UPLOAD_NAME }}"
env:
DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}'
- name: Install terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: "^1.3.7"
terraform_wrapper: false
- name: Deploy offline environment to hetzner
run: |
./offline/cd.sh
env:
HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}'
- name: Clean up hetzner environment; just in case
if: always()
run: (cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform init && terraform destroy -auto-approve)
env:
HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}'