[FEATURE] Add external authentication handeling #11506
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - release/* | |
| - snapshot/* | |
| tags: | |
| - v* | |
| pull_request: | |
| merge_group: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: ${{ github.event_name == 'pull_request' || github.ref_name != 'main' }} | |
| jobs: | |
| build-frontend: | |
| name: "build-frontend" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - uses: perses/github-actions@v0.11.0 | |
| - uses: ./.github/perses-ci/actions/setup_environment | |
| with: | |
| enable_npm: true | |
| nvmrc_path: "./ui/.nvmrc" | |
| - name: Check Tag | |
| ## This step is verifying that the tag follow the semver | |
| ## It is only triggered when a tag is created | |
| if: ${{ github.event_name == 'push' && startsWith(github.ref_name, 'v') }} | |
| run: ./scripts/release.sh --check-version "${{ github.ref_name }}" | |
| - name: Check libraries version | |
| ## This step is verifying that the version of each package is matching the tag | |
| if: ${{ github.event_name == 'push' && startsWith(github.ref_name, 'v') }} | |
| run: ./scripts/ui_release.sh --check-package "${{ github.ref_name }}" | |
| - name: Use snapshot version | |
| ## This step only runs for "snapshot" branches starting with "snapshot/" | |
| if: ${{ github.event_name == 'push' && startsWith(github.ref_name, 'snapshot/') }} | |
| run: ./scripts/ui_release.sh --snapshot-version "${{ github.ref_name }}" "${{ github.sha }}" | |
| - name: Install UI deps | |
| working-directory: ./ui | |
| run: npm ci | |
| - name: Build the app and all packages | |
| working-directory: ./ui | |
| run: npm run build | |
| - name: store react production build | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: ui-libs | |
| path: | | |
| ui/**/dist | |
| !ui/node_modules | |
| build-typedoc: | |
| name: "build-typedoc" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - uses: perses/github-actions@v0.11.0 | |
| - uses: ./.github/perses-ci/actions/setup_environment | |
| with: | |
| enable_npm: true | |
| nvmrc_path: "./ui/.nvmrc" | |
| - name: Install UI deps | |
| run: cd ./ui && npm install | |
| - name: Build the typedoc docs | |
| run: cd ./ui && npm run build && npm run typedoc | |
| - name: store typedoc build | |
| uses: actions/upload-artifact@v5 | |
| with: | |
| name: typedoc | |
| path: ui/typedoc | |
| libs-release: | |
| name: "libs-release" | |
| needs: "build-frontend" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - uses: perses/github-actions@v0.11.0 | |
| - uses: ./.github/perses-ci/actions/setup_environment | |
| with: | |
| enable_npm: true | |
| nvmrc_path: "./ui/.nvmrc" | |
| - name: Download react build | |
| uses: actions/download-artifact@v6 | |
| with: | |
| name: ui-libs | |
| path: ui | |
| - name: Copy files before publishing libs | |
| run: ./scripts/ui_release.sh --copy | |
| - name: Publish dry-run libraries | |
| if: ${{ github.event_name == 'pull_request' || github.ref_name == 'main' }} | |
| run: ./scripts/ui_release.sh --publish dry-run | |
| - name: Publish libraries | |
| if: ${{ github.event_name == 'push' && startsWith(github.ref_name, 'v') }} | |
| run: ./scripts/ui_release.sh --publish | |
| env: | |
| # The setup-node action writes an .npmrc file with this env variable | |
| # as the placeholder for the auth token | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| - name: Publish snapshot libraries | |
| ## This step only runs for "snapshot" branches starting with "snapshot/" | |
| if: ${{ github.event_name == 'push' && startsWith(github.ref_name, 'snapshot/') }} | |
| ## The previous job that is building the UI assets doesn't persist the different `package.json` | |
| ## files that were modified by the script. In order to be able to publish the snapshot, we | |
| ## need to ensure the different `package.json` files contain the correct version. | |
| ## That's why we are running the script again to bump the snapshot version. | |
| run: | | |
| ./scripts/ui_release.sh --snapshot-version "${{ github.ref_name }}" "${{ github.sha }}" | |
| cd ./ui && npm install && cd .. | |
| ./scripts/ui_release.sh --publish-snapshot "${{ github.ref_name }}" | |
| env: | |
| # The setup-node action writes an .npmrc file with this env variable | |
| # as the placeholder for the auth token | |
| NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| build: | |
| name: "go and github release" | |
| needs: "build-frontend" | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| env: | |
| # This env is required for the docker manifest command to work | |
| DOCKER_CLI_EXPERIMENTAL: "enabled" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - uses: perses/github-actions@v0.11.0 | |
| - uses: ./.github/perses-ci/actions/setup_environment | |
| with: | |
| enable_go: true | |
| - name: Download react build | |
| uses: actions/download-artifact@v6 | |
| with: | |
| name: ui-libs | |
| path: ui | |
| - name: Generate endpoints | |
| run: make generate | |
| - name: Extract Changelog | |
| run: make extract-changelog | |
| - # Add support for more platforms with QEMU (optional) | |
| # https://github.com/docker/setup-qemu-action | |
| name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| if: ${{ github.event_name == 'push' && (startsWith(github.ref_name, 'v') || github.ref_name == 'main') }} | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Override version | |
| if: ${{ github.ref_name == 'main' }} | |
| run: ./scripts/override_version.sh | |
| - name: install goreleaser | |
| uses: goreleaser/goreleaser-action@v6 | |
| with: | |
| distribution: goreleaser | |
| install-only: true | |
| - name: Build Go binaries and docker images | |
| run: make cross-build | |
| - name: Publish main docker image | |
| if: ${{ github.ref_name == 'main' }} | |
| run: make push-main-docker-image | |
| - name: Publish Release and binaries | |
| ## This step will only run when a new tag is pushed. | |
| ## It will build the Go binaries and the docker images and then publish: | |
| ## - the GitHub release with the archive built | |
| ## - docker images on the different docker registry selected | |
| if: ${{ github.event_name == 'push' && startsWith(github.ref_name, 'v') }} | |
| run: make cross-release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |