Github actions delivery bot - github-actions

We have set up Github actions for ci/cd pipelines, and it was working as expected a few days back. We use GitHub pr comments (/deploy staging) to deploy the code to the AWS S3 bucket and everything was working as expected, But now when we comment on pr(pull request), deployment does not trigger instead it triggers at midnight after 10 hours.
Here are my files.
workflows/deploy.yml
name: 'Deploy'
on: ['deployment']
jobs:
deployment:
name: 'Deploy to ${{ github.event.deployment.environment }}'
runs-on: ubuntu-latest
steps:
- name: Deployment pending
uses: deliverybot/deployment-status#master
with:
state: pending
token: '${{ github.token }}'
- name: Copy Repo Files
uses: actions/checkout#v1
- name: Set Variables
id: variables
run: |
if [ "$ENVIRONMENT" == "production" ]; then
echo ::set-output name=DEPLOY_BUCKET::$PROD_BUCKET
export PUBLIC_URL=https://app.virtualcombine.com/
else
echo ::set-output name=DEPLOY_BUCKET::$STAGING_BUCKET
export PUBLIC_URL=https://staging-app.virtualcombine.com/
fi
export VERSION="$(node -pe "require('./package.json').version")"
export COMMIT="$(sed -e 's/^\(.\{9\}\).*/\1/' <<< $(git rev-parse --short HEAD))"
echo ::set-output name=SOURCE_PATH::$VERSION/$COMMIT/$ENVIRONMENT
env:
ENVIRONMENT: ${{ github.event.deployment.environment }}
PROD_BUCKET: ${{ secrets.PROD_S3_UI_BUCKET }}
STAGING_BUCKET: ${{ secrets.STAGING_S3_UI_BUCKET }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials#v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- name: 'Deploy to ${{ github.event.deployment.environment }}'
run: |
aws s3 sync s3://${SOURCE_BUCKET_NAME}/${SOURCE_BUCKET_PATH} s3://${DEST_BUCKET_NAME} --delete
env:
SOURCE_BUCKET_NAME: ${{ secrets.AWS_S3_RELEASE_BUCKET }}
SOURCE_BUCKET_PATH: ${{ steps.variables.outputs.SOURCE_PATH }}
DEST_BUCKET_NAME: ${{ steps.variables.outputs.DEPLOY_BUCKET }}
- name: 'Deployment success'
if: success()
uses: 'deliverybot/deployment-status#master'
with:
state: 'success'
token: '${{ github.token }}'
- name: 'Deployment failure'
if: failure()
uses: 'deliverybot/deployment-status#master'
with:
state: 'failure'
token: '${{ github.token }}'
Workflows/mail.yml
name: Virtual Combine App UI
on:
push:
branches:
- 'release/'
- 'hotfix/'
jobs:
lint_test:
name: Affected Lint & Test
runs-on: ubuntu-latest
steps:
- name: Copy Repo Files
uses: actions/checkout#v1
- name: Yarn Install
uses: bahmutov/npm-install#v1
with:
useLockFile: true
- name: Setup Env Files
run: |
touch src/config/env-urls.js
echo "$ENV_URL_FILE" > src/config/env-urls.js
env:
ENV_URL_FILE: ${{ secrets.ALPHA_URL_FILE }}
- name: Lint Affected
run: yarn lint
- name: Test Affected
run: yarn test
build_staging:
name: Build Staging
needs:
- lint_test
runs-on: ubuntu-latest
steps:
- name: Copy Repo Files
uses: actions/checkout#v1
- name: Yarn Install
uses: bahmutov/npm-install#v1
with:
useLockFile: true
- name: Setup Env Files
run: |
touch src/config/env-urls.js
echo "$ENV_URL_FILE" > src/config/env-urls.js
env:
ENV_URL_FILE: ${{ secrets.ALPHA_URL_FILE }}
- name: Set Version
id: version
run: |
if [ "$EVENT" == "push" ]; then
export COMMIT="$(sed -e 's/^\(.\{9\}\).*/\1/' <<< "$SHA")"
else
export COMMIT="$(sed -e 's/^\(.\{9\}\).*/\1/' <<< "$PR_SHA")"
fi
export VERSION="$(node -pe "require('./package.json').version")"
echo ::set-output name=COMMIT::$COMMIT
echo ::set-output name=VERSION::$VERSION
echo ::set-output name=DEST_DIR::$VERSION/$COMMIT/staging
env:
EVENT: ${{ github.event_name }}
SHA: ${{ github.sha }}
PR_SHA: ${{ github.event.pull_request.head.sha }}
- name: Build
run: yarn build
env:
DEPLOY_COMMIT: ${{ steps.version.outputs.COMMIT }}
- name: Create Version File
run: |
echo "$VERSION/$COMMIT" > dist/apps/web/version.txt
env:
VERSION: ${{ steps.version.outputs.VERSION }}
COMMIT: ${{ steps.version.outputs.COMMIT }}
- name: Sync to S3
uses: jakejarvis/s3-sync-action#master
with:
args: --quiet --delete
env:
AWS_S3_BUCKET: ${{ secrets.AWS_S3_RELEASE_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: 'us-west-2'
SOURCE_DIR: 'dist/apps/web'
DEST_DIR: ${{ steps.version.outputs.DEST_DIR }}
build_production:
name: Build Production
needs:
- lint_test
runs-on: ubuntu-latest
steps:
- name: Copy Repo Files
uses: actions/checkout#v1
- name: Yarn Install
uses: bahmutov/npm-install#v1
with:
useLockFile: true
- name: Setup Env Files
run: |
touch src/config/env-urls.js
echo "$ENV_URL_FILE" > src/config/env-urls.js
env:
ENV_URL_FILE: ${{ secrets.PROD_URL_FILE }}
- name: Set Version
id: version
run: |
if [ "$EVENT" == "push" ]; then
export COMMIT="$(sed -e 's/^\(.\{9\}\).*/\1/' <<< "$SHA")"
else
export COMMIT="$(sed -e 's/^\(.\{9\}\).*/\1/' <<< "$PR_SHA")"
fi
export VERSION="$(node -pe "require('./package.json').version")"
echo ::set-output name=VERSION::$VERSION
echo ::set-output name=COMMIT::$COMMIT
echo ::set-output name=DEST_DIR::$VERSION/$COMMIT/production
env:
EVENT: ${{ github.event_name }}
SHA: ${{ github.sha }}
PR_SHA: ${{ github.event.pull_request.head.sha }}
- name: Build
run: yarn build
env:
DEPLOY_COMMIT: ${{ steps.version.outputs.COMMIT }}
- name: Create Version File
run: |
echo "$VERSION/$COMMIT" > dist/apps/web/version.txt
env:
VERSION: ${{ steps.version.outputs.VERSION }}
COMMIT: ${{ steps.version.outputs.COMMIT }}
- name: Sync to S3
uses: jakejarvis/s3-sync-action#master
with:
args: --quiet --delete
env:
AWS_S3_BUCKET: ${{ secrets.AWS_S3_RELEASE_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: 'us-west-2'
SOURCE_DIR: 'dist/apps/web'
DEST_DIR: ${{ steps.version.outputs.DEST_DIR }}
deploy.yml
staging:
environment: staging
production_environment: true
production:
environment: production
production_environment: true

Related

GitHub actions tag

I'm currently trying to allow tags only on the main branch. But I can't seem to get it to work. This is what I currently have but it also triggers the production build if a tag is being put on a develop/release/hotfix branch.. Is there a way to check if the tag has been created on the main branch?
Current YAML:
name: Release to production
on:
push:
branches:
- 'hotfix/**'
tags:
- 'v*'
jobs:
get-version-data:
runs-on: ubuntu-latest
steps:
- name: Get production version from tag
if: ${{ startsWith(github.ref, 'refs/tags/v') }}
id: get_version
run: echo "VERSION=$(echo ${{ github.ref }} | cut -d '/' -f 3 | cut -c2-)" >> $GITHUB_ENV
- name: Get hotfix version from tag
if: ${{ contains(github.ref, 'hotfix') }}
id: split
uses: jungwinter/split#v2
with:
separator: '/'
msg: ${{ github.ref }}
- name: Write hotfix version to env
if: ${{ contains(github.ref, 'hotfix') }}
run: echo "VERSION=${{ steps.split.outputs._3 }}" >> $GITHUB_ENV
- name: Exit if version could not be determined
if: ${{ env.VERSION == '' }}
run: exit -1
- name: Build Number
run: echo "BUILD_NUMBER=$(($GITHUB_RUN_NUMBER + 125))" >> $GITHUB_ENV
outputs:
version: ${{ env.VERSION }}
build-number: ${{ env.BUILD_NUMBER }}

Buildx failed with: ERROR: failed commit on ref "manifest-sha256:xxx": invalid content digest in response: invalid checksum digest format

I have a react app and I'm trying to set up ci/cd for this application.
I'm getting an error like this in GitHub actions and I get this error during "exporting to image"
name: "deploy-prod"
on:
push:
branches:
- "configure-ci/cd-pipeline-to-frontend-repo"
env:
REPOSITORY_NAME: ${{ github.event.repository.name }}
REACT_APP_BASENAME: "FooApp"
jobs:
build-backend:
runs-on: ubuntu-latest
steps:
- id: string
uses: ASzc/change-string-case-action#v1
with:
string: ${{ secrets.REGISTRY_HOST }}/${{ github.repository }}:build-${{ github.run_number }}
- name: Set up QEMU
uses: docker/setup-qemu-action#v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action#v2
- name: Login to Docker Hub
uses: docker/login-action#v2
with:
registry: ${{ secrets.REGISTRY_HOST }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Build and push
uses: docker/build-push-action#v3
with:
push: true
tags: ${{ steps.string.outputs.lowercase }}
build-args: |
REACT_APP_BASENAME=${{ env.REACT_APP_BASENAME }}
NGINX_AUTH_USERNAME=${{ secrets.NGINX_AUTH_USERNAME }}
NGINX_AUTH_PASSWORD=${{ secrets.NGINX_AUTH_PASSWORD }}
deploy-backend:
runs-on: [ self-hosted ]
needs: [ build-backend ]
steps:
- id: string
uses: ASzc/change-string-case-action#v1
with:
string: ${{ secrets.REGISTRY_HOST }}/${{ github.repository }}:build-${{ github.run_number }}
- name: Login to Docker Hub
uses: docker/login-action#v2
with:
registry: ${{ secrets.REGISTRY_HOST }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- run: docker rm -f ${{ env.REPOSITORY_NAME }} 2> /dev/null
- run: >
docker run
--network=main
--detach
--restart unless-stopped
--name=${{ github.event.repository.name }}
${{ steps.string.outputs.lowercase }}
I have github-runner and docker-registry in my server. Docker registry is running on the server, I checked it

Github action actions/create-release#v1 newTag based on step from another job

I have a github action yml file that i'm having issues in 2 areas first is the newTag is no longer working when I broke everything out into separate job names.
These lines no longer work. I get release-v instead of the actual bumped version number.
tag_name: ${{env.TAG_PREXIX}}${{ steps.bumpVersion.outputs.newTag }}
release_name: ${{env.TAG_PREXIX}}${{ steps.bumpVersion.outputs.newTag }}
Second Issue: The if statement for docker build
if: github.ref == 'ref/head/release' || contains(github.ref, '/tags/release')
The above if does not work. If I add a branch called release/test or using a tag name release it does not run
name: Publish
on:
push:
branches:
- main
- release/*
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}-image
TAG_PREXIX: release-v
jobs:
Publish:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout#v3
- name: "Bump package version"
id: bumpVersion
uses: "phips28/gh-action-bump-version#master"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PACKAGEJSON_DIR: "./client"
tag-prefix: ${{env.TAG_PREXIX}}
major-wording: "MAJOR,BREAKING CHANGE:"
minor-wording: "feat"
patch-wording: "patch,fix,bugfix,chore"
Build-Docker-Image:
runs-on: ubuntu-latest
needs: Publish
if: github.ref == 'ref/head/release' || contains(github.ref, '/tags/release')
steps:
- name: Log into Container registry ${{ env.REGISTRY }}
uses: docker/login-action#v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push Docker image
uses: docker/build-push-action#v3
with:
context: .
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{env.TAG_PREXIX}}${{steps.bumpVersion.outputs.newTag}}
Release:
runs-on: ubuntu-latest
needs: Publish
steps:
- name: Create Release
uses: actions/create-release#v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{env.TAG_PREXIX}}${{ steps.bumpVersion.outputs.newTag }}
release_name: ${{env.TAG_PREXIX}}${{ steps.bumpVersion.outputs.newTag }}

Github actions failed last step on result of next step

I am preety sure its not possible but still wanna try my luck. I have deploy-dev step and smoke-test-dev. So if smoke test for dev fails then I want to fail the last step which is deploy-dev.
deploy-dev:
if: ${{ github.event.workflow_run.conclusion == 'skipped' && github.actor == 'dependabot[bot]' }}
runs-on: ubuntu-latest
needs: [lint, test]
steps:
- uses: actions/checkout#v2
- name: Start deployment
uses: bobheadxi/deployments#v0.4.3
id: deployment
with:
step: start
token: ${{ secrets.GITHUB_TOKEN }}
env: dev
- name: Update deployment status
uses: bobheadxi/deployments#v0.4.3
if: always()
with:
step: finish
token: ${{ secrets.GITHUB_TOKEN }}
status: ${{ job.status }}
deployment_id: ${{ steps.deployment.outputs.deployment_id }}
smoke-tests-dev:
if: ${{ github.event.workflow_run.conclusion == 'skipped' && github.actor == 'dependabot[bot]' }}
runs-on: ubuntu-latest
needs: deploy-dev
steps:
- uses: actions/checkout#v2
- name: Checkout GitHub Action Repo
uses: actions/checkout#v2
with:
repository: my/github-actions
ref: ${{ env.COMMON_ACTIONS_VERSION }}
token: ${{ secrets.REPO_READ_TOKEN }}
path: ${{ env.COMMON_ACTIONS_PATH }}
- name: install and smoke test
uses: ./.github/common/actions/yarn
with:
npm_token: ${{ env.NPM_TOKEN }}
env: dev
action: test:smoke

How to read the secrets passed with github actions in NEXT js?

I have configured my github actions yml as shown below:
name: GZB Unit Tests
on:
push:
branches:
- main
pull_request:
branches: [main]
jobs:
frontend_unit_tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v1
with:
node-version: 16.13.1
- name: Install Yarn
run: |
yarn
- name: Run Unit Tests in CI
run: |
yarn test:ci
- name: Build the Project
env:
NEXT_PUBLIC_FB_CLIENT_API_KEY: ${{ secrets.NEXT_PUBLIC_FB_CLIENT_API_KEY }}
NEXT_PUBLIC_FB_CLIENT_AUTH_DOMAIN: ${{ secrets.NEXT_PUBLIC_FB_CLIENT_AUTH_DOMAIN }}
NEXT_PUBLIC_FB_CLIENT_STORAGE_BUCKET: ${{ secrets.NEXT_PUBLIC_FB_CLIENT_STORAGE_BUCKET }}
NEXT_PUBLIC_FB_CLIENT_MESSAGING_SENDER_ID: ${{ secrets.NEXT_PUBLIC_FB_CLIENT_MESSAGING_SENDER_ID }}
NEXT_PUBLIC_FB_CLIENT_PROJECT_ID: ${{ secrets.NEXT_PUBLIC_FB_CLIENT_PROJECT_ID }}
NEXT_PUBLIC_FB_CLIENT_APP_ID: ${{ secrets.NEXT_PUBLIC_FB_CLIENT_APP_ID }}
NEXT_PUBLIC_FB_CLIENT_MEASUREMENT_ID: ${{ secrets.NEXT_PUBLIC_FB_CLIENT_MEASUREMENT_ID }}
FB_ADMIN_PRIVATE_KEY: ${{ secrets.FB_ADMIN_PRIVATE_KEY }}
FB_ADMIN_CLIENT_EMAIL: ${{ secrets.FB_ADMIN_CLIENT_EMAIL }}
FB_ADMIN_RTDB_URL: ${{ secrets.FB_ADMIN_RTDB_URL }}
NODE_ENV: ${{ secrets.NODE_ENV }}
run: |
yarn build
Now when I try to access it via: process.env.<VARIABLE_NAME> it says undefined. Can anyone help me understand what am I doing wrong? The build process is failing, should I configure it some other way? I have added all these secrets in the secrets tab of github settings.

NEXT uses its own web config to read files from .env.local. I was able to achieve my use case by creating a file .env.local and then passing in the secrets as shown below:
name: GZB Unit Tests
on:
push:
branches:
- main
pull_request:
branches: [main]
jobs:
frontend_unit_tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout#v2
- uses: actions/setup-node#v1
with:
node-version: 16.13.1
- name: Install Yarn
run: |
yarn
- name: Run Unit Tests in CI
run: |
yarn test:ci
- name: Build the Project
run: |
touch .env.local
echo NEXT_PUBLIC_FB_CLIENT_API_KEY=${{ secrets.NEXT_PUBLIC_FB_CLIENT_API_KEY }} >> .env.local
echo NEXT_PUBLIC_FB_CLIENT_AUTH_DOMAIN=${{ secrets.NEXT_PUBLIC_FB_CLIENT_AUTH_DOMAIN }} >> .env.local
echo NEXT_PUBLIC_FB_CLIENT_STORAGE_BUCKET=${{ secrets.NEXT_PUBLIC_FB_CLIENT_STORAGE_BUCKET }} >> .env.local
echo NEXT_PUBLIC_FB_CLIENT_MESSAGING_SENDER_ID=${{ secrets.NEXT_PUBLIC_FB_CLIENT_MESSAGING_SENDER_ID }} >> .env.local
echo NEXT_PUBLIC_FB_CLIENT_PROJECT_ID=${{ secrets.NEXT_PUBLIC_FB_CLIENT_PROJECT_ID }} >> .env.local
echo NEXT_PUBLIC_FB_CLIENT_APP_ID=${{ secrets.NEXT_PUBLIC_FB_CLIENT_APP_ID }} >> .env.local
echo NEXT_PUBLIC_FB_CLIENT_MEASUREMENT_ID=${{ secrets.NEXT_PUBLIC_FB_CLIENT_MEASUREMENT_ID }} >> .env.local
echo FB_ADMIN_PRIVATE_KEY=${{ secrets.FB_ADMIN_PRIVATE_KEY }} >> .env.local
echo FB_ADMIN_CLIENT_EMAIL=${{ secrets.FB_ADMIN_CLIENT_EMAIL }} >> .env.local
echo FB_ADMIN_RTDB_URL=${{ secrets.FB_ADMIN_RTDB_URL }} >> .env.local
echo NODE_ENV=${{ secrets.NODE_ENV }} >> .env.local
yarn build