Do not delete aws config directory between tests (#546) #724
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Bump version and publish release | |
on: | |
workflow_dispatch: { } | |
push: | |
branches: [ main ] | |
paths-ignore: [ '**.md' ] | |
jobs: | |
bump-version-publish-release: | |
runs-on: ubuntu-latest | |
if: "!contains( github.event.sender.login, 'broadbot')" | |
steps: | |
- name: Checkout current code | |
id: checkout_code | |
uses: actions/checkout@v3 | |
with: | |
token: ${{ secrets.BROADBOT_GITHUB_TOKEN }} | |
ref: main | |
- name: Set up JDK | |
uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: 17 | |
- name: Render config | |
id: render_config | |
run: | | |
# this step does the equivalent of the tools/render-config.sh script. | |
# on local machines, the script fetches a SA from Vault. | |
# in GH actions, the SA key is stored in a GH repo secret. | |
# regardless of how it was fetched, tests and scripts expect these | |
# keys to be stored in rendered/broad | |
mkdir -p rendered/broad | |
echo "$TEST_USER_SA_KEY" > rendered/broad/test-user-account.json | |
echo "$DEV_CI_SA_KEY" > rendered/broad/ci-account.json | |
echo "$EXT_PROJECT_SA_KEY" > rendered/broad/external-project-account.json | |
echo "$JANITOR_CLIENT_SA_KEY" > rendered/broad/janitor-client.json | |
env: | |
TEST_USER_SA_KEY: ${{ secrets.TEST_USER_SA_KEY }} | |
DEV_CI_SA_KEY: ${{ secrets.DEV_CI_SA_KEY }} | |
EXT_PROJECT_SA_KEY: ${{ secrets.EXT_PROJECT_SA_KEY }} | |
JANITOR_CLIENT_SA_KEY: ${{ secrets.JANITOR_CLIENT_SA_KEY }} | |
- name: Update client credentials | |
run: | | |
./tools/client-credentials.sh "src/main/resources/broad_secret.json" ${{ secrets.BROAD_CLIENT_ID }} ${{ secrets.BROAD_CLIENT_SECRET }} | |
./tools/client-credentials.sh "src/main/resources/verily_secret.json" ${{ secrets.VERILY_CLIENT_ID }} ${{ secrets.VERILY_CLIENT_SECRET }} | |
./tools/client-credentials.sh "src/main/resources/verily_auth0_dev_secret.json" ${{ secrets.VERILY_AUTH0_DEV_CLIENT_ID }} ${{ secrets.VERILY_AUTH0_DEV_CLIENT_SECRET }} | |
./tools/client-credentials.sh "src/main/resources/verily_auth0_prod_secret.json" ${{ secrets.VERILY_AUTH0_PROD_CLIENT_ID }} ${{ secrets.VERILY_AUTH0_PROD_CLIENT_SECRET }} | |
- name: Bump tag and build version | |
id: bump_tag | |
uses: databiosphere/github-actions/actions/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.BROADBOT_GITHUB_TOKEN }} | |
DEFAULT_BUMP: minor | |
RELEASE_BRANCHES: main | |
VERSION_FILE_PATH: settings.gradle | |
VERSION_LINE_MATCH: "^\\s*gradle.ext.cliVersion\\s*=\\s*'.*'" | |
- name: Updating code to get the version bump changes | |
id: update_code_post_version_bump | |
run: | | |
git pull | |
env: | |
GITHUB_TOKEN: ${{ secrets.BROADBOT_GITHUB_TOKEN }} | |
- name: Publish a release | |
id: publish_release | |
run: | | |
./tools/publish-release.sh $RELEASE_VERSION true | |
env: | |
GITHUB_TOKEN: ${{ secrets.BROADBOT_GITHUB_TOKEN }} | |
RELEASE_VERSION: ${{ steps.bump_tag.outputs.tag }} |