diff --git a/.github/workflows/deploy-release.yml b/.github/workflows/deploy-release.yml index 1fcd778..0b8cad5 100644 --- a/.github/workflows/deploy-release.yml +++ b/.github/workflows/deploy-release.yml @@ -1,15 +1,15 @@ -name: Deploy release environment +name: Test on: push: - branches: - - main - paths: - - 'config/**' - - 'modules/**' - - 'env.yml' - repository_dispatch: - types: [release] - workflow_dispatch: +# branches: +# - main +# paths: +# - 'config/**' +# - 'modules/**' +# - 'env.yml' +# repository_dispatch: +# types: [release] +# workflow_dispatch: env: ENV_NAME: env.yml TZ: Australia/Canberra @@ -27,62 +27,62 @@ jobs: exit 1 fi - update-dependencies: - name: Update dependencies - runs-on: ubuntu-latest - needs: check-dispatch-token - permissions: - contents: write - if: ${{ github.event_name == 'repository_dispatch' }} - steps: - - name: Checkout repo - uses: actions/checkout@v4 - with: - ref: main - fetch-depth: 0 - token: ${{ secrets.REPO_CONTENT_WRITE_TOKEN }} - - - name: Bump dependencies - run: | - # Substitute the portion after "- " with "=" in the environment file (to produce "- =") - sed -i "s|^\(\s*- ${{github.event.client_payload.dependency}}\).*|\1=${{github.event.client_payload.version}}|" ${{ env.ENV_NAME }} +# update-dependencies: +# name: Update dependencies +# runs-on: ubuntu-latest +# needs: check-dispatch-token +# permissions: +# contents: write +# if: ${{ github.event_name == 'repository_dispatch' }} +# steps: +# - name: Checkout repo +# uses: actions/checkout@v4 +# with: +# ref: main +# fetch-depth: 0 +# token: ${{ secrets.REPO_CONTENT_WRITE_TOKEN }} + +# - name: Bump dependencies +# run: | +# # Substitute the portion after "- " with "=" in the environment file (to produce "- =") +# sed -i "s|^\(\s*- ${{github.event.client_payload.dependency}}\).*|\1=${{github.event.client_payload.version}}|" ${{ env.ENV_NAME }} - - name: Import GPG settings - uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 - with: - gpg_private_key: ${{ secrets.GH_ACTIONS_BOT_GPG_PRIVATE_KEY }} - passphrase: ${{ secrets.GH_ACTIONS_BOT_GPG_PASSPHRASE }} - git_config_global: true - git_committer_name: ${{ vars.GH_ACTIONS_BOT_GIT_USER_NAME }} - git_committer_email: ${{ vars.GH_ACTIONS_BOT_GIT_USER_EMAIL }} - git_user_signingkey: true - git_commit_gpgsign: true - git_tag_gpgsign: true - - - name: Commit and push changes - run: | - git commit -am "[skip ci] Bump '${{github.event.client_payload.dependency}}' dependency to version '${{github.event.client_payload.version}}' in the ${{github.event.action}} environment." - git push origin main - - get-deployment-sites: - name: Get Deployment Sites - runs-on: ubuntu-latest - needs: check-dispatch-token - # Don't run if the event is triggered by a repository dispatch with a non-valid token, - # but trigget if the event is not a repository dispatch - if: ${{ !cancelled() && !(github.event_name == 'repository_dispatch' && needs.check-dispatch-token.result != 'success') }} - outputs: - deployment-sites: ${{ steps.get-deployment-sites.outputs.deployment-sites }} - steps: - - name: Checkout config - uses: actions/checkout@v4 - - - name: Get sites - id: get-deployment-sites - run: | - sites=$(jq --compact-output '.sites' ./config/deployment-sites.json) - echo "Found the following deployment sites: $sites" - echo "deployment-sites=$sites" >> $GITHUB_OUTPUT +# - name: Import GPG settings +# uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 +# with: +# gpg_private_key: ${{ secrets.GH_ACTIONS_BOT_GPG_PRIVATE_KEY }} +# passphrase: ${{ secrets.GH_ACTIONS_BOT_GPG_PASSPHRASE }} +# git_config_global: true +# git_committer_name: ${{ vars.GH_ACTIONS_BOT_GIT_USER_NAME }} +# git_committer_email: ${{ vars.GH_ACTIONS_BOT_GIT_USER_EMAIL }} +# git_user_signingkey: true +# git_commit_gpgsign: true +# git_tag_gpgsign: true + +# - name: Commit and push changes +# run: | +# git commit -am "[skip ci] Bump '${{github.event.client_payload.dependency}}' dependency to version '${{github.event.client_payload.version}}' in the ${{github.event.action}} environment." +# git push origin main + +# get-deployment-sites: +# name: Get Deployment Sites +# runs-on: ubuntu-latest +# needs: check-dispatch-token +# # Don't run if the event is triggered by a repository dispatch with a non-valid token, +# # but trigget if the event is not a repository dispatch +# if: ${{ !cancelled() && !(github.event_name == 'repository_dispatch' && needs.check-dispatch-token.result != 'success') }} +# outputs: +# deployment-sites: ${{ steps.get-deployment-sites.outputs.deployment-sites }} +# steps: +# - name: Checkout config +# uses: actions/checkout@v4 + +# - name: Get sites +# id: get-deployment-sites +# run: | +# sites=$(jq --compact-output '.sites' ./config/deployment-sites.json) +# echo "Found the following deployment sites: $sites" +# echo "deployment-sites=$sites" >> $GITHUB_OUTPUT set-version: name: Set condaenv release version @@ -107,144 +107,146 @@ jobs: shell: bash -el {0} run: | tag=$(date +%Y.%m.0) + echo $tag + git tag -l $tag while [[ -n $(git tag -l $tag) ]]; do tag=${tag%.*}.$((${tag##*.}+1)) done echo "Version tag set to $tag" echo "version=${tag}" >> $GITHUB_OUTPUT - pack: - name: Pack environment - runs-on: ubuntu-latest - needs: [set-version, update-dependencies] - # Don't run if the event is a 'repository_dispatch' but the update-dependencies job failed - if: ${{ !cancelled() && !(github.event_name == 'repository_dispatch' && needs.update-dependencies.result != 'success') }} - env: - VERSION: ${{ needs.set-version.outputs.version }} - outputs: - full-name: ${{ steps.get-name.outputs.full-name }} - steps: - - uses: actions/checkout@v4 - - - name: Get environment full name - id: get-name - run: echo "full-name=$(yq '.name' < ${{env.ENV_NAME}})-${{env.VERSION}}" >> $GITHUB_OUTPUT - - - name: Setup Micromamba - uses: mamba-org/setup-micromamba@f8b8a1e23a26f60a44c853292711bacfd3eac822 #v1.9.0 - with: - micromamba-version: '1.5.8-0' - environment-file: ${{env.ENV_NAME}} - environment-name: ${{ steps.get-name.outputs.full-name }} - generate-run-shell: true - - - name: Create Pack and Lockfile - shell: micromamba-shell {0} - run: | - conda pack -o ${{ steps.get-name.outputs.full-name }}.tar.gz - conda-lock lock --file ${{env.ENV_NAME}} --platform linux-64 --micromamba --lockfile ${{ steps.get-name.outputs.full-name }}.conda-lock.yml - - - name: Upload Artifact - uses: actions/upload-artifact@v4 - with: - name: ${{ steps.get-name.outputs.full-name }} - if-no-files-found: error - path: | - ${{ steps.get-name.outputs.full-name }}.tar.gz - ${{ steps.get-name.outputs.full-name }}.conda-lock.yml - - create-git-tag: - name: Create Git Tag - runs-on: ubuntu-latest - needs: [update-dependencies, set-version] - # Run independently from the event if none of the needed jobs failed - if: ${{ !cancelled() && needs.update-dependencies.result != 'failure' && needs.set-version.result != 'failure' }} - env: - VERSION: ${{ needs.set-version.outputs.version }} - steps: - - name: Checkout repo - uses: actions/checkout@v4 - with: - ref: main - token: ${{ secrets.REPO_CONTENT_WRITE_TOKEN }} - fetch-tags: true +# pack: +# name: Pack environment +# runs-on: ubuntu-latest +# needs: [set-version, update-dependencies] +# # Don't run if the event is a 'repository_dispatch' but the update-dependencies job failed +# if: ${{ !cancelled() && !(github.event_name == 'repository_dispatch' && needs.update-dependencies.result != 'success') }} +# env: +# VERSION: ${{ needs.set-version.outputs.version }} +# outputs: +# full-name: ${{ steps.get-name.outputs.full-name }} +# steps: +# - uses: actions/checkout@v4 + +# - name: Get environment full name +# id: get-name +# run: echo "full-name=$(yq '.name' < ${{env.ENV_NAME}})-${{env.VERSION}}" >> $GITHUB_OUTPUT + +# - name: Setup Micromamba +# uses: mamba-org/setup-micromamba@f8b8a1e23a26f60a44c853292711bacfd3eac822 #v1.9.0 +# with: +# micromamba-version: '1.5.8-0' +# environment-file: ${{env.ENV_NAME}} +# environment-name: ${{ steps.get-name.outputs.full-name }} +# generate-run-shell: true + +# - name: Create Pack and Lockfile +# shell: micromamba-shell {0} +# run: | +# conda pack -o ${{ steps.get-name.outputs.full-name }}.tar.gz +# conda-lock lock --file ${{env.ENV_NAME}} --platform linux-64 --micromamba --lockfile ${{ steps.get-name.outputs.full-name }}.conda-lock.yml + +# - name: Upload Artifact +# uses: actions/upload-artifact@v4 +# with: +# name: ${{ steps.get-name.outputs.full-name }} +# if-no-files-found: error +# path: | +# ${{ steps.get-name.outputs.full-name }}.tar.gz +# ${{ steps.get-name.outputs.full-name }}.conda-lock.yml + +# create-git-tag: +# name: Create Git Tag +# runs-on: ubuntu-latest +# needs: [update-dependencies, set-version] +# # Run independently from the event if none of the needed jobs failed +# if: ${{ !cancelled() && needs.update-dependencies.result != 'failure' && needs.set-version.result != 'failure' }} +# env: +# VERSION: ${{ needs.set-version.outputs.version }} +# steps: +# - name: Checkout repo +# uses: actions/checkout@v4 +# with: +# ref: main +# token: ${{ secrets.REPO_CONTENT_WRITE_TOKEN }} +# fetch-tags: true - - name: Import GPG settings - uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 - with: - gpg_private_key: ${{ secrets.GH_ACTIONS_BOT_GPG_PRIVATE_KEY }} - passphrase: ${{ secrets.GH_ACTIONS_BOT_GPG_PASSPHRASE }} - git_config_global: true - git_committer_name: ${{ vars.GH_ACTIONS_BOT_GIT_USER_NAME }} - git_committer_email: ${{ vars.GH_ACTIONS_BOT_GIT_USER_EMAIL }} - git_user_signingkey: true - git_commit_gpgsign: true - git_tag_gpgsign: true - - - name: Create and push tag - shell: bash -el {0} - run: | - git tag ${{env.VERSION}} -m "Tagged as part of ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - git push origin ${{env.VERSION}} - - deploy: - runs-on: ubuntu-latest - needs: - - get-deployment-sites - - set-version - - pack - # Run independently from the event if all the needed jobs succeeded - if: ${{ !cancelled() && needs.get-deployment-sites.result == 'success' && needs.set-version.result == 'success' && needs.pack.result == 'success' }} - strategy: - fail-fast: false - matrix: - deployment-site: ${{ fromJson(needs.get-deployment-sites.outputs.deployment-sites) }} - environment: ${{ matrix.deployment-site }} - env: - VERSION: ${{ needs.set-version.outputs.version }} - permissions: - contents: write - steps: - - uses: actions/download-artifact@v4 - with: - name: ${{ needs.pack.outputs.full-name }} - - - name: Set up SSH - uses: access-nri/actions/.github/actions/setup-ssh@main - id: ssh - with: - hosts: | - ${{ secrets.HOST_DATA }} - ${{ secrets.HOST }} - private-key: ${{ secrets.SSH_KEY }} - - - name: Copy to ${{ matrix.deployment-site }} - run: | - rsync -v -e 'ssh -i ${{ steps.ssh.outputs.private-key-path }}' \ - ${{ needs.pack.outputs.full-name }}.tar.gz \ - ${{ secrets.USER }}@${{ secrets.HOST_DATA }}:${{ vars.PACK_DIR }} - - - name: Deploy to ${{ matrix.deployment-site }} - env: - MODULE_DEPLOYMENT_DIR: ${{ vars.ROOT_DIR }}/${{vars.MODULES_DIR}}/${{vars.MODULE_NAME}}/${{env.VERSION}} - APP_DEPLOYMENT_DIR: ${{ vars.ROOT_DIR }}/${{vars.APPS_DIR}}/${{vars.MODULE_NAME}}/${{env.VERSION}} - run: | - ssh ${{ secrets.USER }}@${{ secrets.HOST }} -i ${{ steps.ssh.outputs.private-key-path }} /bin/bash <<'EOT' - mkdir -p ${{ env.APP_DEPLOYMENT_DIR }} - tar -xzf ${{ vars.PACK_DIR }}/${{ needs.pack.outputs.full-name }}.tar.gz -C ${{ env.APP_DEPLOYMENT_DIR }} - source ${{ env.APP_DEPLOYMENT_DIR }}/bin/activate - conda-unpack - source ${{ env.APP_DEPLOYMENT_DIR }}/bin/deactivate - ln -sf $(dirname ${{env.MODULE_DEPLOYMENT_DIR}})/.common ${{env.MODULE_DEPLOYMENT_DIR}} - EOT - - - name: Create Release - uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 #v2.0.8 - with: - tag_name: ${{ env.VERSION }} - name: ACCESS-RAM conda environment ${{ env.VERSION }} - generate_release_notes: true - fail_on_unmatched_files: true - files: | - ./${{ needs.pack.outputs.full-name }}.tar.gz - ./${{ needs.pack.outputs.full-name }}.conda-lock.yml \ No newline at end of file +# - name: Import GPG settings +# uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0 +# with: +# gpg_private_key: ${{ secrets.GH_ACTIONS_BOT_GPG_PRIVATE_KEY }} +# passphrase: ${{ secrets.GH_ACTIONS_BOT_GPG_PASSPHRASE }} +# git_config_global: true +# git_committer_name: ${{ vars.GH_ACTIONS_BOT_GIT_USER_NAME }} +# git_committer_email: ${{ vars.GH_ACTIONS_BOT_GIT_USER_EMAIL }} +# git_user_signingkey: true +# git_commit_gpgsign: true +# git_tag_gpgsign: true + +# - name: Create and push tag +# shell: bash -el {0} +# run: | +# git tag ${{env.VERSION}} -m "Tagged as part of ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" +# git push origin ${{env.VERSION}} + +# deploy: +# runs-on: ubuntu-latest +# needs: +# - get-deployment-sites +# - set-version +# - pack +# # Run independently from the event if all the needed jobs succeeded +# if: ${{ !cancelled() && needs.get-deployment-sites.result == 'success' && needs.set-version.result == 'success' && needs.pack.result == 'success' }} +# strategy: +# fail-fast: false +# matrix: +# deployment-site: ${{ fromJson(needs.get-deployment-sites.outputs.deployment-sites) }} +# environment: ${{ matrix.deployment-site }} +# env: +# VERSION: ${{ needs.set-version.outputs.version }} +# permissions: +# contents: write +# steps: +# - uses: actions/download-artifact@v4 +# with: +# name: ${{ needs.pack.outputs.full-name }} + +# - name: Set up SSH +# uses: access-nri/actions/.github/actions/setup-ssh@main +# id: ssh +# with: +# hosts: | +# ${{ secrets.HOST_DATA }} +# ${{ secrets.HOST }} +# private-key: ${{ secrets.SSH_KEY }} + +# - name: Copy to ${{ matrix.deployment-site }} +# run: | +# rsync -v -e 'ssh -i ${{ steps.ssh.outputs.private-key-path }}' \ +# ${{ needs.pack.outputs.full-name }}.tar.gz \ +# ${{ secrets.USER }}@${{ secrets.HOST_DATA }}:${{ vars.PACK_DIR }} + +# - name: Deploy to ${{ matrix.deployment-site }} +# env: +# MODULE_DEPLOYMENT_DIR: ${{ vars.ROOT_DIR }}/${{vars.MODULES_DIR}}/${{vars.MODULE_NAME}}/${{env.VERSION}} +# APP_DEPLOYMENT_DIR: ${{ vars.ROOT_DIR }}/${{vars.APPS_DIR}}/${{vars.MODULE_NAME}}/${{env.VERSION}} +# run: | +# ssh ${{ secrets.USER }}@${{ secrets.HOST }} -i ${{ steps.ssh.outputs.private-key-path }} /bin/bash <<'EOT' +# mkdir -p ${{ env.APP_DEPLOYMENT_DIR }} +# tar -xzf ${{ vars.PACK_DIR }}/${{ needs.pack.outputs.full-name }}.tar.gz -C ${{ env.APP_DEPLOYMENT_DIR }} +# source ${{ env.APP_DEPLOYMENT_DIR }}/bin/activate +# conda-unpack +# source ${{ env.APP_DEPLOYMENT_DIR }}/bin/deactivate +# ln -sf $(dirname ${{env.MODULE_DEPLOYMENT_DIR}})/.common ${{env.MODULE_DEPLOYMENT_DIR}} +# EOT + +# - name: Create Release +# uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 #v2.0.8 +# with: +# tag_name: ${{ env.VERSION }} +# name: ACCESS-RAM conda environment ${{ env.VERSION }} +# generate_release_notes: true +# fail_on_unmatched_files: true +# files: | +# ./${{ needs.pack.outputs.full-name }}.tar.gz +# ./${{ needs.pack.outputs.full-name }}.conda-lock.yml \ No newline at end of file