Check for new artifacts #510
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Check for new artifacts | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| # https://crontab.guru/#0_7_*_*_* | |
| # Every day at 7am | |
| - cron: "0 7 * * *" | |
| jobs: | |
| check_release: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| latest_release_tag: ${{ steps.get_latest_release.outputs.latest_release }} | |
| new_release_found: ${{ steps.compare.outputs.new_release_found }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Get latest release | |
| id: get_latest_release | |
| run: | | |
| LATEST_RELEASE=$(curl --fail -s -H "Authorization: Bearer ${{ secrets.PRIVATE_SG_ACCESS_TOKEN }}" https://api.github.com/repos/sourcegraph/sourcegraph/releases/latest | jq -r .tag_name) | |
| if [ -z "$LATEST_RELEASE" ]; then | |
| echo "unable the fetch releases from github" | |
| exit 1 | |
| fi | |
| echo "latest_release=${LATEST_RELEASE}" >> $GITHUB_OUTPUT | |
| - name: Read TAG file | |
| id: read_current_tag | |
| run: | | |
| current_tag=$(cat TAG) | |
| echo "current_tag=${current_tag}" >> $GITHUB_OUTPUT | |
| - name: Compare releases | |
| id: compare | |
| env: | |
| LATEST_RELEASE: ${{ steps.get_latest_release.outputs.latest_release }} | |
| CURRENT_TAG: ${{ steps.read_current_tag.outputs.current_tag }} | |
| run: | | |
| if [[ "${LATEST_RELEASE}" == "${CURRENT_TAG}" ]]; then | |
| echo "Latest release (${LATEST_RELEASE}) matches current tag (${CURRENT_TAG})." | |
| echo "new_release_found=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "new_release_found=true" >> $GITHUB_OUTPUT | |
| fi | |
| pull_latest_artifacts: | |
| runs-on: ubuntu-latest | |
| needs: [check_release] | |
| if: needs.check_release.outputs.new_release_found == 'true' | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Update TAG file | |
| env: | |
| latest_release_tag: ${{ needs.check_release.outputs.latest_release_tag }} | |
| run: echo "$latest_release_tag" > TAG | |
| - name: Pull sourcegraph schemas | |
| env: | |
| latest_release_tag: ${{ needs.check_release.outputs.latest_release_tag }} | |
| run: | | |
| file_name="sg_schema_${latest_release_tag}.tar.gz" | |
| # Download the tar file using curl | |
| curl -O "https://storage.googleapis.com/sg_schemas/$file_name" | |
| # extract tar file | |
| tar -xvf "$file_name" -C schemas | |
| # delete the tar | |
| rm -rf "$file_name" | |
| - name: Pull graphql schemas | |
| env: | |
| latest_release_tag: ${{ needs.check_release.outputs.latest_release_tag }} | |
| run: | | |
| file_name="gql_schema_${latest_release_tag}.tar.gz" | |
| # Download the tar file using curl | |
| curl -O "https://storage.googleapis.com/graphql_schema/$file_name" | |
| # extract tar file | |
| tar -xvf "$file_name" -C gql | |
| # delete the tar | |
| rm -rf "$file_name" | |
| - name: Pull database migrations | |
| env: | |
| latest_release_tag: ${{ needs.check_release.outputs.latest_release_tag }} | |
| run: | | |
| # TODO(@BolajiOlajide): Remove this when we start pushing schemas on every releaase. | |
| normalized_version=$(echo "$latest_release_tag" | awk -F. '{print $1"."$2".0"}' | sed 's/^v//; s/^/v/') | |
| file_name="migrations-${normalized_version}.tar.gz" | |
| # Download the tar file using curl | |
| curl -O "https://storage.googleapis.com/schemas-migrations/migrations/$file_name" | |
| # extract tar file | |
| tar -xvf "$file_name" | |
| # delete the tar | |
| rm -rf "$file_name" | |
| - name: Commit changes | |
| env: | |
| latest_release_tag: ${{ needs.check_release.outputs.latest_release_tag }} | |
| run: | | |
| git config user.name sourcegraph-bot-devx | |
| git config user.email 127119266+sourcegraph-bot-devx@users.noreply.github.com | |
| git remote set-url origin https://x-access-token:${{ secrets.ARTIFACTS_GH_TOKEN }}@github.com/${{ github.repository }}.git | |
| git add migrations | |
| git add TAG | |
| git add gql | |
| git add schemas | |
| git commit -m "Add artifacts for $latest_release_tag" | |
| git push origin main | |
| - name: Create new tag | |
| env: | |
| latest_release_tag: ${{ needs.check_release.outputs.latest_release_tag }} | |
| run: | | |
| git tag $latest_release_tag | |
| git push origin $latest_release_tag | |
| - name: Create Release | |
| env: | |
| latest_release_tag: ${{ needs.check_release.outputs.latest_release_tag }} | |
| run: | | |
| RELEASE_NAME="Release $latest_release_tag" | |
| BODY="Automatically created release with tag $latest_release_tag." | |
| curl -X POST -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
| -d "{\"tag_name\": \"$latest_release_tag\", \"name\": \"$RELEASE_NAME\", \"body\": \"$BODY\"}" \ | |
| "https://api.github.com/repos/${{ github.repository }}/releases" | |
| report_failure: | |
| needs: pull_latest_artifacts | |
| if: ${{ failure() }} | |
| uses: sourcegraph/workflows/.github/workflows/report-job-failure.yml@main | |
| secrets: inherit |