Improve CI scalability #17
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: staging-check | |
on: | |
pull_request: | |
branches: [ master ] | |
env: | |
JAVA_VERSION: "15" | |
JAVA_DISTRIBUTION: "zulu" | |
GCP_SA_KEY_INFRA: ${{ secrets.GCP_SA_KEY_INFRA }} | |
GCP_SA_KEY_APP: ${{ secrets.GCP_SA_KEY_APP }} | |
SLACK_SIGNING_SECRET: ${{ secrets.SLACK_SIGNING_SECRET }} | |
SLACK_CLIENT_ID: ${{ secrets.SLACK_CLIENT_ID }} | |
SLACK_CLIENT_SECRET: ${{ secrets.SLACK_CLIENT_SECRET }} | |
MONITORING_SLACK_URL: ${{ secrets.MONITORING_SLACK_URL }} | |
GOOGLE_ANALYTICS_MEASUREMENT_ID: ${{ secrets.GOOGLE_ANALYTICS_MEASUREMENT_ID }} | |
GOOGLE_ANALYTICS_API_SECRET: ${{ secrets.GOOGLE_ANALYTICS_API_SECRET }} | |
jobs: | |
detect-changed-services: | |
runs-on: ubuntu-24.04 | |
concurrency: | |
group: ${{ github.ref }}-detect-changed-services | |
cancel-in-progress: true | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Collect all changed root directories | |
id: changed-root-directories | |
uses: tj-actions/changed-files@v45 | |
with: | |
dir_names: true | |
dir_names_max_depth: '1' | |
- name: Collect all changed services | |
id: changed-services | |
env: | |
all_changed_files: ${{ steps.changed-root-directories.outputs.all_changed_files }} | |
run: | | |
CHANGED_SERVICES=() | |
for file in ${all_changed_files}; do | |
if [ -e "$file/infra/Pulumi.yaml" ]; then | |
CHANGED_SERVICES+=("$file") | |
fi | |
done | |
joined=$(printf ",\"%s\"" "${CHANGED_SERVICES[@]}") | |
echo "changed_services=[${joined:1}]" | |
echo "changed_services=[${joined:1}]" >> "$GITHUB_OUTPUT" | |
outputs: | |
changed_services: ${{ steps.changed-services.outputs.changed_services }} | |
service-check-build: | |
runs-on: ubuntu-24.04 | |
strategy: | |
matrix: | |
service: ${{ fromJSON(needs.detect-changed-services.outputs.changed_services) }} | |
concurrency: | |
group: ${{ github.ref }}-${{ matrix.service }}-service-check-build | |
cancel-in-progress: true | |
needs: detect-changed-services | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: ${{ env.JAVA_DISTRIBUTION }} | |
java-version: ${{ env.JAVA_VERSION }} | |
- name: Set up Gradle | |
uses: gradle/actions/setup-gradle@v3 # By default, cache is only saved on the 'master' branch | |
- name: Set up secrets | |
run: | | |
echo "$GCP_SA_KEY_INFRA" >> ./${{ matrix.service }}/infra/credentials-gcp-infra.json | |
echo "$GCP_SA_KEY_APP" >> ./credentials-gcp-app.json | |
echo MONITORING_SLACK_URL="$MONITORING_SLACK_URL" >> ./common/monitoring/secrets.properties | |
echo GOOGLE_ANALYTICS_MEASUREMENT_ID="$GOOGLE_ANALYTICS_MEASUREMENT_ID" >> ./common/analytics/secrets.properties | |
echo GOOGLE_ANALYTICS_API_SECRET="$GOOGLE_ANALYTICS_API_SECRET" >> ./common/analytics/secrets.properties | |
echo SLACK_SIGNING_SECRET="$SLACK_SIGNING_SECRET" >> ./slack/domain/secrets.properties | |
echo SLACK_CLIENT_ID="$SLACK_CLIENT_ID" >> ./slack/domain/secrets.properties | |
echo SLACK_CLIENT_SECRET="$SLACK_CLIENT_SECRET" >> ./slack/domain/secrets.properties | |
echo SLACK_CLIENT_ID="$SLACK_CLIENT_ID" >> ./slack-web/domain/secrets.properties | |
- name: Build service | |
run: | | |
set -o pipefail && | |
cd ${{ matrix.service }} && | |
./gradlew --no-daemon assemble && | |
cd .. | |
- name: Build container images | |
run: | | |
set -o pipefail && | |
if [ -e "docker/${{ matrix.service }}-compose.yaml" ]; then | |
docker compose -f docker/${{ matrix.service }}-compose.yaml build | |
else | |
echo "Skipping step as docker file doesn't exist" | |
fi | |
- name: Preview infrastructure | |
uses: pulumi/actions@v5 | |
with: | |
command: preview | |
stack-name: prod | |
work-dir: ${{ matrix.service }}/infra | |
env: | |
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }} | |
- name: Artifacts | |
uses: actions/upload-artifact@v4 | |
if: always() # Ensure all artifacts are collected, even after errors | |
with: | |
name: Build (${{ matrix.service }}) | |
path: | | |
**/build | |
**/secrets.properties | |
${{ matrix.service }}/infra | |
service-check-test: | |
runs-on: ubuntu-24.04 | |
strategy: | |
matrix: | |
service: ${{ fromJSON(needs.detect-changed-services.outputs.changed_services) }} | |
concurrency: | |
group: ${{ github.ref }}-${{ matrix.service }}-service-check-test | |
cancel-in-progress: true | |
needs: detect-changed-services | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: ${{ env.JAVA_DISTRIBUTION }} | |
java-version: ${{ env.JAVA_VERSION }} | |
- name: Set up Gradle | |
uses: gradle/actions/setup-gradle@v3 # By default, cache is only saved on the 'master' branch | |
- name: Set up secrets | |
run: | | |
echo MONITORING_SLACK_URL="$MONITORING_SLACK_URL" >> ./common/monitoring/secrets.properties | |
echo GOOGLE_ANALYTICS_MEASUREMENT_ID="$GOOGLE_ANALYTICS_MEASUREMENT_ID" >> ./common/analytics/secrets.properties | |
echo GOOGLE_ANALYTICS_API_SECRET="$GOOGLE_ANALYTICS_API_SECRET" >> ./common/analytics/secrets.properties | |
echo SLACK_SIGNING_SECRET="$SLACK_SIGNING_SECRET" >> ./slack/domain/secrets.properties | |
echo SLACK_CLIENT_ID="$SLACK_CLIENT_ID" >> ./slack/domain/secrets.properties | |
echo SLACK_CLIENT_SECRET="$SLACK_CLIENT_SECRET" >> ./slack/domain/secrets.properties | |
echo SLACK_CLIENT_ID="$SLACK_CLIENT_ID" >> ./slack-web/domain/secrets.properties | |
- name: Test | |
run: | | |
set -o pipefail && | |
cd ${{ matrix.service }} && | |
./gradlew --no-daemon --continue jsTest && | |
cd .. | |
- name: Generate test report | |
uses: mikepenz/action-junit-report@v4 | |
if: always() # Ensure all test reports are collected, even after errors | |
with: | |
report_paths: '**/build/test-results/**/TEST-*.xml' | |
check_name: service-check-test-results (${{ matrix.service }}) | |
- name: Artifacts | |
uses: actions/upload-artifact@v4 | |
if: always() # Ensure all artifacts are collected, even after errors | |
with: | |
name: Tests (${{ matrix.service }}) | |
path: '**/build/test-results/**/TEST-*.xml' |