Skip to content

Improve CI scalability #17

Improve CI scalability

Improve CI scalability #17

Workflow file for this run

name: staging-check
on:
pull_request:
branches: [ master ]
env:
JAVA_VERSION: "15"
JAVA_DISTRIBUTION: "zulu"
GCP_SA_KEY_INFRA: ${{ secrets.GCP_SA_KEY_INFRA }}
GCP_SA_KEY_APP: ${{ secrets.GCP_SA_KEY_APP }}
SLACK_SIGNING_SECRET: ${{ secrets.SLACK_SIGNING_SECRET }}
SLACK_CLIENT_ID: ${{ secrets.SLACK_CLIENT_ID }}
SLACK_CLIENT_SECRET: ${{ secrets.SLACK_CLIENT_SECRET }}
MONITORING_SLACK_URL: ${{ secrets.MONITORING_SLACK_URL }}
GOOGLE_ANALYTICS_MEASUREMENT_ID: ${{ secrets.GOOGLE_ANALYTICS_MEASUREMENT_ID }}
GOOGLE_ANALYTICS_API_SECRET: ${{ secrets.GOOGLE_ANALYTICS_API_SECRET }}
jobs:
detect-changed-services:
runs-on: ubuntu-24.04
concurrency:
group: ${{ github.ref }}-detect-changed-services
cancel-in-progress: true
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Collect all changed root directories
id: changed-root-directories
uses: tj-actions/changed-files@v45
with:
dir_names: true
dir_names_max_depth: '1'
- name: Collect all changed services
id: changed-services
env:
all_changed_files: ${{ steps.changed-root-directories.outputs.all_changed_files }}
run: |
CHANGED_SERVICES=()
for file in ${all_changed_files}; do
if [ -e "$file/infra/Pulumi.yaml" ]; then
CHANGED_SERVICES+=("$file")
fi
done
joined=$(printf ",\"%s\"" "${CHANGED_SERVICES[@]}")
echo "changed_services=[${joined:1}]"
echo "changed_services=[${joined:1}]" >> "$GITHUB_OUTPUT"
outputs:
changed_services: ${{ steps.changed-services.outputs.changed_services }}
service-check-build:
runs-on: ubuntu-24.04
strategy:
matrix:
service: ${{ fromJSON(needs.detect-changed-services.outputs.changed_services) }}
concurrency:
group: ${{ github.ref }}-${{ matrix.service }}-service-check-build
cancel-in-progress: true
needs: detect-changed-services
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Java
uses: actions/setup-java@v4
with:
distribution: ${{ env.JAVA_DISTRIBUTION }}
java-version: ${{ env.JAVA_VERSION }}
- name: Set up Gradle
uses: gradle/actions/setup-gradle@v3 # By default, cache is only saved on the 'master' branch
- name: Set up secrets
run: |
echo "$GCP_SA_KEY_INFRA" >> ./${{ matrix.service }}/infra/credentials-gcp-infra.json
echo "$GCP_SA_KEY_APP" >> ./credentials-gcp-app.json
echo MONITORING_SLACK_URL="$MONITORING_SLACK_URL" >> ./common/monitoring/secrets.properties
echo GOOGLE_ANALYTICS_MEASUREMENT_ID="$GOOGLE_ANALYTICS_MEASUREMENT_ID" >> ./common/analytics/secrets.properties
echo GOOGLE_ANALYTICS_API_SECRET="$GOOGLE_ANALYTICS_API_SECRET" >> ./common/analytics/secrets.properties
echo SLACK_SIGNING_SECRET="$SLACK_SIGNING_SECRET" >> ./slack/domain/secrets.properties
echo SLACK_CLIENT_ID="$SLACK_CLIENT_ID" >> ./slack/domain/secrets.properties
echo SLACK_CLIENT_SECRET="$SLACK_CLIENT_SECRET" >> ./slack/domain/secrets.properties
echo SLACK_CLIENT_ID="$SLACK_CLIENT_ID" >> ./slack-web/domain/secrets.properties
- name: Build service
run: |
set -o pipefail &&
cd ${{ matrix.service }} &&
./gradlew --no-daemon assemble &&
cd ..
- name: Build container images
run: |
set -o pipefail &&
if [ -e "docker/${{ matrix.service }}-compose.yaml" ]; then
docker compose -f docker/${{ matrix.service }}-compose.yaml build
else
echo "Skipping step as docker file doesn't exist"
fi
- name: Preview infrastructure
uses: pulumi/actions@v5
with:
command: preview
stack-name: prod
work-dir: ${{ matrix.service }}/infra
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
- name: Artifacts
uses: actions/upload-artifact@v4
if: always() # Ensure all artifacts are collected, even after errors
with:
name: Build (${{ matrix.service }})
path: |
**/build
**/secrets.properties
${{ matrix.service }}/infra
service-check-test:
runs-on: ubuntu-24.04
strategy:
matrix:
service: ${{ fromJSON(needs.detect-changed-services.outputs.changed_services) }}
concurrency:
group: ${{ github.ref }}-${{ matrix.service }}-service-check-test
cancel-in-progress: true
needs: detect-changed-services
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Java
uses: actions/setup-java@v4
with:
distribution: ${{ env.JAVA_DISTRIBUTION }}
java-version: ${{ env.JAVA_VERSION }}
- name: Set up Gradle
uses: gradle/actions/setup-gradle@v3 # By default, cache is only saved on the 'master' branch
- name: Set up secrets
run: |
echo MONITORING_SLACK_URL="$MONITORING_SLACK_URL" >> ./common/monitoring/secrets.properties
echo GOOGLE_ANALYTICS_MEASUREMENT_ID="$GOOGLE_ANALYTICS_MEASUREMENT_ID" >> ./common/analytics/secrets.properties
echo GOOGLE_ANALYTICS_API_SECRET="$GOOGLE_ANALYTICS_API_SECRET" >> ./common/analytics/secrets.properties
echo SLACK_SIGNING_SECRET="$SLACK_SIGNING_SECRET" >> ./slack/domain/secrets.properties
echo SLACK_CLIENT_ID="$SLACK_CLIENT_ID" >> ./slack/domain/secrets.properties
echo SLACK_CLIENT_SECRET="$SLACK_CLIENT_SECRET" >> ./slack/domain/secrets.properties
echo SLACK_CLIENT_ID="$SLACK_CLIENT_ID" >> ./slack-web/domain/secrets.properties
- name: Test
run: |
set -o pipefail &&
cd ${{ matrix.service }} &&
./gradlew --no-daemon --continue jsTest &&
cd ..
- name: Generate test report
uses: mikepenz/action-junit-report@v4
if: always() # Ensure all test reports are collected, even after errors
with:
report_paths: '**/build/test-results/**/TEST-*.xml'
check_name: service-check-test-results (${{ matrix.service }})
- name: Artifacts
uses: actions/upload-artifact@v4
if: always() # Ensure all artifacts are collected, even after errors
with:
name: Tests (${{ matrix.service }})
path: '**/build/test-results/**/TEST-*.xml'