chore: MGX-1483 add workflow protection and separate build and deploy…

… steps for stash (#244) * chore: add workflow protection * chore: MGX-1483: separate build and deploy for stash * chore: fix failing tests of stash (#245) (#247) chore: fix failing tests * chore: MGX-1483: add yarn install and build steps to deploy
gasp-xyz · Sep 20, 2024 · 8c3eae0 · 8c3eae0
1 parent cfa4aa1
commit 8c3eae0
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 13 deletions.
diff --git a/.github/workflows/stash-rollup-dev.yml b/.github/workflows/stash-rollup-dev.yml
@@ -17,7 +17,7 @@ env:
 
 jobs:
   build:
-    name: Deploy to Google App Angine
+    name: Build Project
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -29,25 +29,44 @@ jobs:
           node-version: '18'
           cache: 'yarn'
           cache-dependency-path: "./stash/yarn.lock"
-      
+
       - uses: google-github-actions/auth@v2
         id: auth
         with:
           workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
           service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
       - uses: google-github-actions/setup-gcloud@v2
       - uses: mdgreenwald/mozilla-sops-action@v1.6.0
-      
+
       - run: yarn install --immutable
       - run: sops exec-env ${ENVIRONMENT}.enc.env 'yarn run build'
       - run: sops exec-env ${ENVIRONMENT}.enc.env 'yarn run test-ci'
 
-      - name: Deploy to Google App Engine
+  deploy:
+    name: Deploy to Google App Engine
+    runs-on: ubuntu-latest
+    needs: build
+    defaults:
+      run:
         working-directory: stash
+    steps:
+      - uses: actions/checkout@v4
+      - uses: google-github-actions/auth@v2
+        id: auth
+        with:
+          workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
+      - uses: google-github-actions/setup-gcloud@v2
+      - uses: mdgreenwald/mozilla-sops-action@v1.6.0
+
+      - run: yarn install --immutable
+      - run: sops exec-env ${ENVIRONMENT}.enc.env 'yarn run build'
+
+      - name: Deploy to Google App Engine
         run: |
           sops exec-env ${ENVIRONMENT}.enc.env "envsubst < app-${ENVIRONMENT}.yaml > app.tmp.yaml"
           gcloud app deploy app.tmp.yaml --quiet
-      
+
       # TODO: temporary disable smoke test
       # - name: smoke test
       #   run: |
@@ -57,4 +76,4 @@ jobs:
       # - name: Delete old versions
       #   # This command deletes all versions except the last 14
       #   # Ref: https://stackoverflow.com/a/66911696/9645556
-      #   run: gcloud app versions list --service=mangata-stash-${ENVIRONMENT} --format="value(version.id)" --sort-by="~version.createTime" | tail -n +15 | xargs -r gcloud app versions delete --quiet
+      #   run: gcloud app versions list --service=mangata-stash-${ENVIRONMENT} --format="value(version.id)" --sort-by="~version.createTime" | tail -n +15 | xargs -r gcloud app versions delete --quiet
diff --git a/.github/workflows/stash-rollup-testnet.yml b/.github/workflows/stash-rollup-testnet.yml
@@ -11,8 +11,9 @@ env:
 
 jobs:
   build:
-    name: Deploy to Google App Angine
+    name: Build Project
     runs-on: ubuntu-latest
+    environment: stash-holesky
     defaults:
       run:
         working-directory: stash
@@ -23,25 +24,37 @@ jobs:
           node-version: '18'
           cache: 'yarn'
           cache-dependency-path: "./stash/yarn.lock"
-
+
+      - run: yarn install --immutable
+      - run: sops exec-env ${ENVIRONMENT}.enc.env 'yarn run build'
+      - run: sops exec-env ${ENVIRONMENT}.enc.env 'yarn run test-ci'
+
+  deploy:
+    name: Deploy to Google App Engine
+    runs-on: ubuntu-latest
+    needs: build
+    environment: stash-holesky
+    defaults:
+      run:
+        working-directory: stash
+    steps:
+      - uses: actions/checkout@v4
       - uses: google-github-actions/auth@v2
         id: auth
         with:
           workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
           service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
       - uses: google-github-actions/setup-gcloud@v2
       - uses: mdgreenwald/mozilla-sops-action@v1.6.0
-      
+
       - run: yarn install --immutable
       - run: sops exec-env ${ENVIRONMENT}.enc.env 'yarn run build'
-      - run: sops exec-env ${ENVIRONMENT}.enc.env 'yarn run test-ci'
 
       - name: Deploy to Google App Engine
-        working-directory: stash
         run: |
           sops exec-env ${ENVIRONMENT}.enc.env "envsubst < app-${ENVIRONMENT}.yaml > app.tmp.yaml"
           gcloud app deploy app.tmp.yaml --quiet
-      
+
       # TODO: temporary disable smoke test
       # - name: smoke test
       #   run: |
@@ -51,4 +64,4 @@ jobs:
       # - name: Delete old versions
       #   # This command deletes all versions except the last 14
       #   # Ref: https://stackoverflow.com/a/66911696/9645556
-      #   run: gcloud app versions list --service=mangata-stash-rollup-dev --format="value(version.id)" --sort-by="~version.createTime" | tail -n +15 | xargs -r gcloud app versions delete --quiet
+      #   run: gcloud app versions list --service=mangata-stash-rollup-dev --format="value(version.id)" --sort-by="~version.createTime" | tail -n +15 | xargs -r gcloud app versions delete --quiet