name: CI on: push: branches: [main, dev] pull_request: branches: [main, dev] workflow_dispatch: inputs: ref: description: "Branch or ref to run CI against" required: false default: "main" jobs: lint-typecheck: name: Lint & Typecheck runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: pnpm/action-setup@v4 with: version: '9.15.4' - uses: actions/setup-node@v4 with: node-version: 22 cache: pnpm - name: Install dependencies run: pnpm install --frozen-lockfile - name: Typecheck run: pnpm --filter @groombook/api typecheck - name: Lint run: pnpm --filter @groombook/api lint test: name: Test runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: pnpm/action-setup@v4 with: version: '9.15.4' - uses: actions/setup-node@v4 with: node-version: 22 cache: pnpm - name: Install dependencies run: pnpm install --frozen-lockfile - name: Run tests run: pnpm --filter @groombook/api test build: name: Build runs-on: ubuntu-latest needs: [lint-typecheck, test] steps: - uses: actions/checkout@v4 - uses: pnpm/action-setup@v4 with: version: '9.15.4' - uses: actions/setup-node@v4 with: node-version: 22 cache: pnpm - name: Install dependencies run: pnpm install --frozen-lockfile - name: Build run: pnpm --filter @groombook/api build docker: name: Build & Push Docker Images runs-on: ubuntu-latest needs: [build] outputs: tag: ${{ steps.version.outputs.tag }} permissions: contents: read packages: write steps: - uses: actions/checkout@v4 - name: Generate image tag id: version run: | if [ "${{ github.event_name }}" = "pull_request" ]; then TAG="pr-${{ github.event.pull_request.number }}-${GITHUB_SHA::7}" else TAG="$(date -u +%Y.%m.%d)-${GITHUB_SHA::7}" fi echo "tag=$TAG" >> "$GITHUB_OUTPUT" echo "Image tag: $TAG" - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push API image uses: docker/build-push-action@v6 with: context: . file: Dockerfile target: runner push: true tags: | ghcr.io/groombook/api:${{ steps.version.outputs.tag }} ${{ github.ref == 'refs/heads/main' && 'ghcr.io/groombook/api:latest' || '' }} cache-from: type=gha cache-to: type=gha,mode=max - name: Build and push Migrate image uses: docker/build-push-action@v6 with: context: . file: Dockerfile target: migrate push: true tags: | ghcr.io/groombook/migrate:${{ steps.version.outputs.tag }} ${{ github.ref == 'refs/heads/main' && 'ghcr.io/groombook/migrate:latest' || '' }} cache-from: type=gha cache-to: type=gha,mode=max - name: Build and push Seed image uses: docker/build-push-action@v6 with: context: . file: Dockerfile target: seed push: true tags: | ghcr.io/groombook/seed:${{ steps.version.outputs.tag }} ${{ github.ref == 'refs/heads/main' && 'ghcr.io/groombook/seed:latest' || '' }} cache-from: type=gha cache-to: type=gha,mode=max - name: Build and push Reset image uses: docker/build-push-action@v6 with: context: . file: Dockerfile target: reset push: true tags: | ghcr.io/groombook/reset:${{ steps.version.outputs.tag }} ${{ github.ref == 'refs/heads/main' && 'ghcr.io/groombook/reset:latest' || '' }} cache-from: type=gha cache-to: type=gha,mode=max cd: name: Update Infra Image Tags runs-on: ubuntu-latest needs: [docker] if: (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev') && github.event_name == 'push' permissions: contents: write pull-requests: write steps: - name: Generate infra repo token id: infra-token uses: tibdex/github-app-token@v2 with: app_id: ${{ vars.GH_APP_ID }} private_key: ${{ secrets.GH_APP_PRIVATE_KEY }} - name: Clone groombook/infra run: | git clone https://x-access-token:${{ steps.infra-token.outputs.token }}@github.com/groombook/infra.git /tmp/infra - name: Install yq run: | sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 sudo chmod +x /usr/local/bin/yq - name: Update dev overlay image tags env: TAG: ${{ needs.docker.outputs.tag }} SHA: ${{ github.sha }} run: | if [ -z "$TAG" ]; then TAG="$(date -u +%Y.%m.%d)-${SHA::7}" fi export SHORT_SHA="${SHA::7}" echo "Updating dev overlay image tags to: $TAG" echo "Updating migration/seed Job names with SHA: $SHORT_SHA" cd /tmp/infra DEV_KUST="apps/overlays/dev/kustomization.yaml" yq -i '(.images[] | select(.name == "ghcr.io/groombook/api")).newTag = env(TAG)' "$DEV_KUST" yq -i '(.images[] | select(.name == "ghcr.io/groombook/migrate")).newTag = env(TAG)' "$DEV_KUST" yq -i '(.images[] | select(.name == "ghcr.io/groombook/seed")).newTag = env(TAG)' "$DEV_KUST" yq -i '(.images[] | select(.name == "ghcr.io/groombook/reset")).newTag = env(TAG)' "$DEV_KUST" MIGRATE_JOB="apps/base/migrate-job.yaml" if [ -f "$MIGRATE_JOB" ]; then yq -i '.metadata.name = "migrate-schema-" + env(SHORT_SHA)' "$MIGRATE_JOB" yq -i '.metadata.annotations."groombook.app/deploy-version" = env(TAG)' "$MIGRATE_JOB" yq -i '.spec.ttlSecondsAfterFinished = (.spec.ttlSecondsAfterFinished // 86400)' "$MIGRATE_JOB" fi SEED_JOB="apps/base/seed-job.yaml" if [ -f "$SEED_JOB" ]; then yq -i '.metadata.name = "seed-test-data-" + env(SHORT_SHA)' "$SEED_JOB" yq -i '.metadata.annotations."groombook.app/deploy-version" = env(TAG)' "$SEED_JOB" yq -i '.spec.ttlSecondsAfterFinished = (.spec.ttlSecondsAfterFinished // 86400)' "$SEED_JOB" fi git -C /tmp/infra diff --stat - name: Create PR on groombook/infra env: TAG: ${{ needs.docker.outputs.tag }} GH_TOKEN: ${{ steps.infra-token.outputs.token }} run: | if [ -z "$TAG" ]; then TAG="$(date -u +%Y.%m.%d)-${GITHUB_SHA::7}" fi cd /tmp/infra git config user.name "groombook-engineer[bot]" git config user.email "3141748+groombook-engineer[bot]@users.noreply.github.com" git checkout -b "chore/update-image-tags-${TAG}" git add apps/overlays/dev/ apps/base/migrate-job.yaml apps/base/seed-job.yaml git commit -m "chore: update image tags and migration/seed Job names to ${TAG}" git push -u origin "chore/update-image-tags-${TAG}" EXISTING_PR=$(gh pr list --repo groombook/infra --head "chore/update-image-tags-${TAG}" --state open --json number -q '.[0].number' || true) if [ -n "$EXISTING_PR" ]; then echo "PR #$EXISTING_PR already exists for this tag, merging existing PR" gh pr merge "$EXISTING_PR" --repo groombook/infra --merge else PR_URL=$(gh pr create \ --repo groombook/infra \ --base main \ --head "chore/update-image-tags-${TAG}" \ --title "chore: deploy ${TAG} to dev" \ --body "[GRO-178](/GRO/issues/GRO-178) — automated image tag update from main merge") gh pr merge "$PR_URL" --merge fi