# Ref: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions on: workflow_dispatch: inputs: services: description: 'Comma separated names of services to build(in small letters).' required: true default: 'chalice,frontend' name: Build patches from main branch, Raise PR to Main, and Push to tag jobs: deploy: name: Build Patch from main runs-on: ubuntu-latest env: DEPOT_TOKEN: ${{ secrets.DEPOT_TOKEN }} DEPOT_PROJECT_ID: ${{ secrets.DEPOT_PROJECT_ID }} steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} - name: Rebase with main branch, to make sure the code has latest main changes if: github.ref != 'refs/heads/main' run: | git remote -v git config --global user.email "action@github.com" git config --global user.name "GitHub Action" git config --global rebase.autoStash true git fetch origin main:main git rebase main git log -3 - name: Downloading yq run: | VERSION="v4.42.1" sudo wget https://github.com/mikefarah/yq/releases/download/${VERSION}/yq_linux_amd64 -O /usr/bin/yq sudo chmod +x /usr/bin/yq # Configure AWS credentials for the first registry - name: Configure AWS credentials for RELEASE_ARM_REGISTRY uses: aws-actions/configure-aws-credentials@v1 with: aws-access-key-id: ${{ secrets.AWS_DEPOT_ACCESS_KEY }} aws-secret-access-key: ${{ secrets.AWS_DEPOT_SECRET_KEY }} aws-region: ${{ secrets.AWS_DEPOT_DEFAULT_REGION }} - name: Login to Amazon ECR for RELEASE_ARM_REGISTRY id: login-ecr-arm run: | aws ecr get-login-password --region ${{ secrets.AWS_DEPOT_DEFAULT_REGION }} | docker login --username AWS --password-stdin ${{ secrets.RELEASE_ARM_REGISTRY }} aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${{ secrets.RELEASE_OSS_REGISTRY }} - uses: depot/setup-action@v1 env: DEPOT_TOKEN: ${{ secrets.DEPOT_TOKEN }} - name: Get HEAD Commit ID run: echo "HEAD_COMMIT_ID=$(git rev-parse HEAD)" >> $GITHUB_ENV - name: Define Branch Name run: echo "BRANCH_NAME=patch/main/${HEAD_COMMIT_ID}" >> $GITHUB_ENV - name: Set Remote with GITHUB_TOKEN run: | git config --unset http.https://github.com/.extraheader git remote set-url origin https://x-access-token:${{ secrets.ACTIONS_COMMMIT_TOKEN }}@github.com/${{ github.repository }}.git - name: Build id: build-image env: DOCKER_REPO_ARM: ${{ secrets.RELEASE_ARM_REGISTRY }} DOCKER_REPO_OSS: ${{ secrets.RELEASE_OSS_REGISTRY }} MSAAS_REPO_CLONE_TOKEN: ${{ secrets.MSAAS_REPO_CLONE_TOKEN }} MSAAS_REPO_URL: ${{ secrets.MSAAS_REPO_URL }} MSAAS_REPO_FOLDER: /tmp/msaas SERVICES_INPUT: ${{ github.event.inputs.services }} run: | #!/bin/bash set -euo pipefail # Configuration readonly WORKING_DIR=$(pwd) readonly BUILD_SCRIPT_NAME="build.sh" readonly BACKEND_SERVICES_FILE="/tmp/backend.txt" # Initialize git configuration setup_git() { git config --local user.email "action@github.com" git config --local user.name "GitHub Action" git checkout -b "$BRANCH_NAME" } # Get and increment image version image_version() { local service=$1 local chart_path="$WORKING_DIR/scripts/helmcharts/openreplay/charts/$service/Chart.yaml" local current_version new_version current_version=$(yq eval '.AppVersion' "$chart_path") new_version=$(echo "$current_version" | awk -F. '{$NF += 1; print $1"."$2"."$3}') echo "$new_version" } # Clone MSAAS repository if not exists clone_msaas() { if [[ ! -d "$MSAAS_REPO_FOLDER" ]]; then git clone -b dev --recursive "https://x-access-token:${MSAAS_REPO_CLONE_TOKEN}@${MSAAS_REPO_URL}" "$MSAAS_REPO_FOLDER" cd "$MSAAS_REPO_FOLDER" cd openreplay && git fetch origin && git checkout main git log -1 cd "$MSAAS_REPO_FOLDER" bash git-init.sh git checkout fi } # Build managed services build_managed() { local service=$1 local version=$2 echo "Building managed service: $service" clone_msaas if [[ $service == 'chalice' ]]; then cd "$MSAAS_REPO_FOLDER/openreplay/api" else cd "$MSAAS_REPO_FOLDER/openreplay/$service" fi local build_cmd="IMAGE_TAG=$version DOCKER_RUNTIME=depot DOCKER_BUILD_ARGS=--push ARCH=arm64 DOCKER_REPO=$DOCKER_REPO_ARM PUSH_IMAGE=0 bash build.sh" echo "Executing: $build_cmd" if ! eval "$build_cmd" 2>&1; then echo "Build failed for $service" exit 1 fi } # Build service with given arguments build_service() { local service=$1 local version=$2 local build_args=$3 local build_script=${4:-$BUILD_SCRIPT_NAME} local command="IMAGE_TAG=$version DOCKER_RUNTIME=depot DOCKER_BUILD_ARGS=--push ARCH=amd64 DOCKER_REPO=$DOCKER_REPO_OSS PUSH_IMAGE=0 bash $build_script $build_args" echo "Executing: $command" eval "$command" } # Update chart version and commit changes update_chart_version() { local service=$1 local version=$2 local chart_path="$WORKING_DIR/scripts/helmcharts/openreplay/charts/$service/Chart.yaml" # Ensure we're in the original working directory/repository cd "$WORKING_DIR" yq eval ".AppVersion = \"$version\"" -i "$chart_path" git add "$chart_path" git commit -m "Increment $service chart version to $version" git push --set-upstream origin "$BRANCH_NAME" cd - } # Main execution main() { setup_git # Get backend services list ls backend/cmd >"$BACKEND_SERVICES_FILE" # Parse services input (fix for GitHub Actions syntax) echo "Services: ${SERVICES_INPUT:-$1}" IFS=',' read -ra services <<<"${SERVICES_INPUT:-$1}" # Process each service for service in "${services[@]}"; do echo "Processing service: $service" cd "$WORKING_DIR" local foss_build_args="" ee_build_args="" build_script="$BUILD_SCRIPT_NAME" # Determine build configuration based on service type if grep -q "$service" "$BACKEND_SERVICES_FILE"; then # Backend service cd backend foss_build_args="nil $service" ee_build_args="ee $service" else # Non-backend service case "$service" in chalice | alerts | crons) cd "$WORKING_DIR/api" ;; *) cd "$service" ;; esac # Special build scripts for alerts/crons if [[ $service == 'alerts' || $service == 'crons' ]]; then build_script="build_${service}.sh" fi ee_build_args="ee" fi # Get version and build local version version=$(image_version "$service") # Build FOSS and EE versions build_service "$service" "$version" "$foss_build_args" build_service "$service" "${version}-ee" "$ee_build_args" # Build managed version for specific services if [[ "$service" != "chalice" && "$service" != "frontend" ]]; then echo "Nothing to build in managed for service $service" else build_managed "$service" "$version" fi # Update chart and commit update_chart_version "$service" "$version" done cd "$WORKING_DIR" # Cleanup rm -f "$BACKEND_SERVICES_FILE" } echo "Working directory: $WORKING_DIR" # Run main function with all arguments main "$SERVICES_INPUT" - name: Create Pull Request uses: repo-sync/pull-request@v2 with: github_token: ${{ secrets.ACTIONS_COMMMIT_TOKEN }} source_branch: ${{ env.BRANCH_NAME }} destination_branch: "main" pr_title: "Updated patch build from main ${{ env.HEAD_COMMIT_ID }}" pr_body: | This PR updates the Helm chart version after building the patch from $HEAD_COMMIT_ID. Once this PR is merged, tag update job will run automatically. # - name: Debug Job # if: ${{ failure() }} # uses: mxschmitt/action-tmate@v3 # env: # DOCKER_REPO_ARM: ${{ secrets.RELEASE_ARM_REGISTRY }} # DOCKER_REPO_OSS: ${{ secrets.RELEASE_OSS_REGISTRY }} # MSAAS_REPO_CLONE_TOKEN: ${{ secrets.MSAAS_REPO_CLONE_TOKEN }} # MSAAS_REPO_URL: ${{ secrets.MSAAS_REPO_URL }} # MSAAS_REPO_FOLDER: /tmp/msaas # with: # limit-access-to-actor: true