feat: move permissions to shared, a new token proto #424
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: On pull request | |
on: | |
pull_request: | |
branches: [main] | |
jobs: | |
build_javascript: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get current time | |
uses: gerred/actions/current-time@master | |
id: current-time | |
- uses: actions/checkout@v2 | |
- name: Commitlint and Other Shared Build Steps | |
uses: momentohq/standards-and-practices/github-actions/shared-build@gh-actions-v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Install Node | |
uses: actions/setup-node@v1 | |
with: | |
node-version: 16 | |
- name: Install protoc | |
run: ./install_protoc.sh | |
- name: Build package | |
run: | | |
set -e | |
set -x | |
export PATH=`pwd`/protoc/bin/:$PATH | |
pushd javascript | |
npm ci | |
npm run build | |
popd | |
shell: bash | |
build_javascriptweb: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get current time | |
uses: gerred/actions/current-time@master | |
id: current-time | |
- uses: actions/checkout@v2 | |
- name: Install Node | |
uses: actions/setup-node@v1 | |
with: | |
node-version: 16 | |
- name: Install protoc | |
run: ./install_protoc.sh | |
- name: Build package | |
run: | | |
set -e | |
set -x | |
export PATH=`pwd`/protoc/bin/:$PATH | |
pushd javascript-web | |
npm ci | |
npm run build | |
popd | |
shell: bash | |
build_java: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get current time | |
uses: gerred/actions/current-time@master | |
id: current-time | |
- uses: actions/checkout@v2 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 11 | |
- name: Install protoc | |
run: ./install_protoc.sh | |
- name: Build package | |
run: | | |
set -e | |
set -x | |
export PATH=`pwd`/protoc/bin/:$PATH | |
pushd java | |
./gradlew clean build | |
popd | |
shell: bash | |
build_kotlin: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Assume Role | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
# TODO User: arn:aws:iam::***:user/shared-control-plane-deploy-user is not authorized to perform: sts:TagSession on resource: arn:aws:iam::***:role/control-plane-remote-deployer | |
role-skip-session-tagging: true | |
aws-access-key-id: ${{ secrets.PROD_CICD_DEPLOY_USER_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.PROD_CICD_DEPLOY_USER_SECRET_ACCESS_KEY }} | |
aws-region: us-west-2 | |
role-to-assume: arn:aws:iam::401011790710:role/control-plane-remote-deployer | |
role-session-name: cicd-deployer | |
role-duration-seconds: 900 | |
- name: Get CodeArtifact token | |
run: | | |
TOKEN=$(aws codeartifact get-authorization-token \ | |
--domain momento-prod --domain-owner 401011790710 \ | |
--query authorizationToken --output text) | |
echo "::add-mask::$TOKEN" | |
echo "CODEARTIFACT_AUTH_TOKEN=$TOKEN" >> $GITHUB_ENV | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 11 | |
- name: Cache Gradle packages | |
uses: actions/cache@v1 | |
with: | |
path: ~/.gradle/caches | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} | |
restore-keys: ${{ runner.os }}-gradle | |
- name: Build | |
run: | | |
pushd kotlin-messages | |
./gradlew build | |
popd | |
build_python: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get current time | |
uses: gerred/actions/current-time@master | |
id: current-time | |
- uses: actions/checkout@v3 | |
- name: Setup Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: "3.10" | |
- name: Bootstrap poetry | |
run: | | |
curl -sL https://install.python-poetry.org | python - -y --version 1.4.2 | |
- name: Configure poetry | |
run: poetry config virtualenvs.in-project true | |
- name: Install dependencies | |
working-directory: python | |
run: make install | |
- name: Build package | |
working-directory: python | |
run: make build | |
build_csharp: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get current time | |
uses: gerred/actions/current-time@master | |
id: current-time | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-dotnet@v1 | |
with: | |
dotnet-version: "6.0.x" | |
- name: Build | |
run: | | |
pushd csharp | |
dotnet build | |
popd | |
shell: bash | |
build_rust: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Get current time | |
uses: gerred/actions/current-time@master | |
id: current-time | |
- uses: actions/checkout@v2 | |
- name: Install protoc | |
run: ./install_protoc.sh | |
- name: Build package | |
run: | | |
set -e | |
set -x | |
pushd rust | |
echo make sure the code generator runs first so the files are there when we build momento-protos | |
cargo build -p codegenerator | |
cargo build | |
popd | |
shell: bash | |
- name: Set dryrun Cargo version | |
run: | | |
pushd rust | |
chmod +x set_cargo_package_version.sh | |
./set_cargo_package_version.sh 42.42.42 | |
popd | |
shell: bash | |
- name: Release dryrun | |
env: | |
# TODO: Match the token with https://github.com/momentohq/client-sdk-rust/blob/main/.github/workflows/cd.yml | |
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_PUBLISH_TOKEN }} | |
run: | | |
set -e | |
set -x | |
pushd rust | |
cargo publish -p momento-protos --verbose --dry-run --allow-dirty --no-verify | |
popd | |
shell: bash |