diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index d43e11ac..00000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,195 +0,0 @@ -name: CI - -on: - push: - branches: - - staging - - feature* - -jobs: - check-lint: - name: "Check / Lint" - runs-on: ubuntu-latest - container: - image: ghcr.io/matrixai/github-runner - steps: - - uses: actions/checkout@v4 - - name: Run linting - run: | - nix develop .#ci --command bash -c $' - npm run lint - ' - - check-build: - name: "Check / Build" - runs-on: ubuntu-latest - container: - image: ghcr.io/matrixai/github-runner - steps: - - uses: actions/checkout@v4 - with: - lfs: true - - name: Run build - run: | - nix develop .#ci --command bash -c $' - npm run build --verbose - ' - - uses: actions/upload-artifact@v4 - with: - name: public - path: ./public - - check-deployment: - name: "Check / Deployment" - runs-on: ubuntu-latest - container: - image: ghcr.io/matrixai/github-runner - concurrency: - group: check-deployment - cancel-in-progress: false - environment: feature - needs: check-build - if: startsWith(github.ref, 'refs/heads/feature') - steps: - - uses: actions/checkout@v4 - with: - lfs: true - - uses: actions/download-artifact@v4 - with: - name: public - path: ./public - - name: Run deployment - env: - name: "feature/${{ github.ref_name }}" - url: "https://${{ github.ref_name }}.dev.polykey.com/docs" - deployment_tier: 'development' - CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} - CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} - POLYKEY_DOCS_ENV: ${{ secrets.POLYKEY_DOCS_ENV }} - run: | - echo 'Perform service deployment for feature' - nix develop .#ci --command bash -c $' - npm run deploy -- \ - --feature "$GITHUB_REF_NAME" \ - --env "$GITHUB_REF_NAME" - ' - - build-pull: - name: "Build / Pull Request" - runs-on: ubuntu-latest - needs: - - check-lint - - check-build - if: github.ref == 'refs/heads/staging' - steps: - - uses: actions/checkout@v4 - - name: Create pull request - env: - GH_TOKEN: ${{ secrets.GH_TOKEN }} - run: | - gh pr create \ - --head staging \ - --base master \ - --title "ci: merge staging to master" \ - --body "This is an automatic PR generated by the CI/CD pipeline. This will be automatically fast-forward merged if successful." \ - --assignee "@me" \ - --no-maintainer-edit || true - printf "Pipeline Attempt on $GITHUB_RUN_ID for $GITHUB_SHA\n\n$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" \ - | gh pr comment staging \ - --body-file - \ - --repo "$GH_PROJECT_PATH" - - integration-deployment: - name: "Integration / Deployment" - runs-on: ubuntu-latest - container: - image: ghcr.io/matrixai/github-runner - concurrency: - group: integration-deployment - cancel-in-progress: false - environment: staging - needs: [check-lint, check-build] - if: github.ref == 'refs/heads/staging' - steps: - - uses: actions/checkout@v4 - with: - lfs: true - - uses: actions/download-artifact@v4 - with: - name: public - path: ./public - - name: Run deployment - env: - name: 'staging' - url: 'https://staging.polykey.com/docs/' - deployment_tier: 'staging' - CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} - CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} - POLYKEY_DOCS_ENV: ${{ secrets.POLYKEY_DOCS_ENV }} - run: | - nix develop .#ci --command bash -c $' - npm run deploy -- --env staging - ' - - integration-merge: - name: "Integration / Merge" - runs-on: ubuntu-latest - concurrency: - group: integration-merge - cancel-in-progress: true - needs: - - build-pull - - integration-deployment - if: github.ref == 'refs/heads/staging' - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - token: ${{ secrets.GH_TOKEN }} - - name: Merge into master - env: - GH_TOKEN: ${{ secrets.GH_TOKEN }} - GIT_AUTHOR_EMAIL: ${{ secrets.GIT_AUTHOR_EMAIL }} - GIT_AUTHOR_NAME: ${{ secrets.GIT_AUTHOR_NAME }} - GIT_COMMITTER_EMAIL: ${{ secrets.GIT_COMMITTER_EMAIL }} - GIT_COMMITTER_NAME: ${{ secrets.GIT_COMMITTER_NAME }} - run: | - printf "Pipeline Succeeded on $GITHUB_RUN_ID for $GITHUB_SHA\n\n$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" \ - | gh pr comment staging \ - --body-file - \ - --repo "$GH_PROJECT_PATH" - git checkout master - git merge --ff-only "$GITHUB_SHA" - git push origin master - - release-deployment: - name: "Release / Deployment" - runs-on: ubuntu-latest - container: - image: ghcr.io/matrixai/github-runner - concurrency: - group: release-deployment - cancel-in-progress: false - environment: production - needs: integration-merge - if: github.ref == 'refs/heads/staging' - steps: - - uses: actions/checkout@v4 - with: - lfs: true - - uses: actions/download-artifact@v4 - with: - name: public - path: ./public - - name: Run deployment - env: - name: 'production' - url: 'https://polykey.com/docs/' - deployment_tier: 'production' - CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} - CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} - POLYKEY_DOCS_ENV: ${{ secrets.POLYKEY_DOCS_ENV }} - run: | - nix develop .#ci --command bash -c $' - npm run deploy -- --env production - ' diff --git a/.github/workflows/clean.yml b/.github/workflows/clean.yml deleted file mode 100644 index 75cc6a32..00000000 --- a/.github/workflows/clean.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: Clean - -on: - pull_request: - types: - - closed - -jobs: - check-deployment-stop: - name: "Check / Deployment Stop" - runs-on: ubuntu-latest - container: - image: ghcr.io/matrixai/github-runner - concurrency: - group: check-deployment-stop - cancel-in-progress: false - environment: feature - if: startsWith(github.head_ref, 'feature') - steps: - - uses: actions/checkout@v4 - - name: Run deployment - env: - CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} - CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} - ZONE_ID: ${{ secrets.ZONE_ID }} - POLYKEY_DOCS_CLOUDFLARE_CLEANUP_TOKEN: ${{ secrets.POLYKEY_DOCS_CLOUDFLARE_CLEANUP_TOKEN }} - run: | - echo 'Perform service deployment for feature' - nix develop .#ci --command bash -c $' - wrangler delete --name "polykey-docs-dev-$GITHUB_HEAD_REF" --force - DOMAIN="$GITHUB_HEAD_REF.dev.polykey.com/docs" ./scripts/certs_cleanup.sh - ' diff --git a/.github/workflows/feature-closed.yml b/.github/workflows/feature-closed.yml new file mode 100644 index 00000000..f37e88eb --- /dev/null +++ b/.github/workflows/feature-closed.yml @@ -0,0 +1,26 @@ +name: "CI / Feature Closed" + +on: + pull_request: + types: + - closed + workflow_dispatch: + inputs: + featureBranch: + description: Specify the feature branch when triggering manually + required: true + +jobs: + use-application-js-cloudflare-feature-closed: + permissions: + contents: read + uses: MatrixAI/.github/.github/workflows/application-js-cloudflare-feature-closed.yml@master + with: + appName: zeta-house-docs + appHostname: docs.zeta.house + featureBranch: ${{ github.head_ref || inputs.featureBranch }} + secrets: + NIXPKGS_PRIVATE_PAT: ${{ secrets.NIXPKGS_PRIVATE_PAT }} + CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} + CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }} + CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }} diff --git a/.github/workflows/feature.yml b/.github/workflows/feature.yml new file mode 100644 index 00000000..6bf0da77 --- /dev/null +++ b/.github/workflows/feature.yml @@ -0,0 +1,28 @@ +name: "CI / Feature" + +on: + push: + branches: + - feature* + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + use-application-js-cloudflare-feature: + permissions: + contents: read + actions: write + checks: write + uses: MatrixAI/.github/.github/workflows/application-js-cloudflare-feature.yml@master + with: + ref: master + secrets: + NIXPKGS_PRIVATE_PAT: ${{ secrets.NIXPKGS_PRIVATE_PAT }} + DEPLOY_SECRETS: | + CLOUDFLARE_ACCOUNT_ID=${{ toJSON(secrets.CLOUDFLARE_ACCOUNT_ID) }} + CLOUDFLARE_ZONE_ID=${{ toJSON(secrets.CLOUDFLARE_ZONE_ID) }} + CLOUDFLARE_API_TOKEN=${{ toJSON(secrets.CLOUDFLARE_API_TOKEN) }} + ZETA_HOUSE_DOCS_ENV=${{ toJSON(secrets.ZETA_HOUSE_DOCS_ENV) }} diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml new file mode 100644 index 00000000..6b114fbb --- /dev/null +++ b/.github/workflows/master.yml @@ -0,0 +1,27 @@ +name: "CI / Master" + +on: + push: + branches: + - master + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + use-application-js-cloudflare-master: + permissions: + contents: read + actions: write + uses: MatrixAI/.github/.github/workflows/application-js-cloudflare-master.yml@master + with: + ref: master + secrets: + NIXPKGS_PRIVATE_PAT: ${{ secrets.NIXPKGS_PRIVATE_PAT }} + DEPLOY_SECRETS: | + CLOUDFLARE_ACCOUNT_ID=${{ toJSON(secrets.CLOUDFLARE_ACCOUNT_ID) }} + CLOUDFLARE_ZONE_ID=${{ toJSON(secrets.CLOUDFLARE_ZONE_ID) }} + CLOUDFLARE_API_TOKEN=${{ toJSON(secrets.CLOUDFLARE_API_TOKEN) }} + ZETA_HOUSE_DOCS_ENV=${{ toJSON(secrets.ZETA_HOUSE_DOCS_ENV) }} diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml new file mode 100644 index 00000000..f816d652 --- /dev/null +++ b/.github/workflows/staging.yml @@ -0,0 +1,34 @@ +name: "CI / Staging" + +on: + push: + branches: + - staging + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + use-application-js-cloudflare-staging: + permissions: + contents: write + actions: write + checks: write + pull-requests: write + uses: MatrixAI/.github/.github/workflows/application-js-cloudflare-staging.yml@master + with: + ref: master + secrets: + NIXPKGS_PRIVATE_PAT: ${{ secrets.NIXPKGS_PRIVATE_PAT }} + DEPLOY_SECRETS: | + CLOUDFLARE_ACCOUNT_ID=${{ toJSON(secrets.CLOUDFLARE_ACCOUNT_ID) }} + CLOUDFLARE_ZONE_ID=${{ toJSON(secrets.CLOUDFLARE_ZONE_ID) }} + CLOUDFLARE_API_TOKEN=${{ toJSON(secrets.CLOUDFLARE_API_TOKEN) }} + ZETA_HOUSE_DOCS_ENV=${{ toJSON(secrets.ZETA_HOUSE_DOCS_ENV) }} + GH_TOKEN: ${{ secrets.GH_TOKEN }} + GIT_AUTHOR_EMAIL: ${{ secrets.GIT_AUTHOR_EMAIL }} + GIT_AUTHOR_NAME: ${{ secrets.GIT_AUTHOR_NAME }} + GIT_COMMITTER_EMAIL: ${{ secrets.GIT_COMMITTER_EMAIL }} + GIT_COMMITTER_NAME: ${{ secrets.GIT_COMMITTER_NAME }} diff --git a/flake.lock b/flake.lock index e9cc7664..5c7bdc98 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -20,17 +20,17 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724223767, - "narHash": "sha256-Ifph01gDo4i4B50rpeqmhta/BYX2LQwXby4+BjlLqLM=", + "lastModified": 1736139540, + "narHash": "sha256-39Iclrd+9tPLmvuFVyoG63WnHZJ9kCOC6eRytRYLAWw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3f33387a5c85d94b305062a4f97d5b2899094efa", + "rev": "8ab83a21276434aaf44969b8dd0bc0e65b97a240", "type": "github" }, "original": { "owner": "NixOS", "repo": "nixpkgs", - "rev": "3f33387a5c85d94b305062a4f97d5b2899094efa", + "rev": "8ab83a21276434aaf44969b8dd0bc0e65b97a240", "type": "github" } }, @@ -39,11 +39,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1728611672, - "narHash": "sha256-jqM6akOBRR+eSYNO/zQ8Iz/NpIHnn/0ZXmHE05kNu1c=", + "lastModified": 1736140072, + "narHash": "sha256-MgtcAA+xPldS0WlV16TjJ0qgFzGvKuGM9p+nPUxpUoA=", "owner": "MatrixAI", "repo": "nixpkgs-matrix", - "rev": "c696ada734a21ee0821e86176b00f6b0b03f3d74", + "rev": "029084026bc4a35bce81bac898aa695f41993e18", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 512efb65..51310f31 100644 --- a/flake.nix +++ b/flake.nix @@ -19,7 +19,7 @@ shellHook = '' echo "Entering $(npm pkg get name)" set -o allexport - . <(pk secrets env Polykey-Docs:.) + . <(polykey secrets env Polykey-Docs) set +o allexport set -v ${lib.optionalString ci ''