Merge pull request #45 from FusionAuth/degroff/ENG-622/prompt #51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Deploy | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| command: | |
| type: choice | |
| options: | |
| - build # build only | |
| - publish # build & publish to rubygems | |
| - release # build & release to svn | |
| default: build | |
| permissions: | |
| contents: read | |
| id-token: write | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| shell: /usr/bin/bash -l -e -o pipefail {0} | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v4 | |
| - name: setup java | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: 21 | |
| java-package: jre | |
| - name: install savant | |
| run: | | |
| curl -O https://repository.savantbuild.org/org/savantbuild/savant-core/2.0.0/savant-2.0.0.tar.gz | |
| tar xzvf savant-2.0.0.tar.gz | |
| savant-2.0.0/bin/sb --version | |
| SAVANT_PATH=$(realpath -s "./savant-2.0.0/bin") | |
| echo "${SAVANT_PATH}" >> $GITHUB_PATH | |
| mkdir -p ~/.savant/plugins | |
| cat << EOF > ~/.savant/plugins/org.savantbuild.plugin.java.properties | |
| 21=${JAVA_HOME} | |
| EOF | |
| # Installs the version specified in the .ruby-version file in the repo root. | |
| - name: install ruby | |
| uses: ruby/setup-ruby@v1 | |
| - name: compile | |
| shell: bash -l {0} | |
| run: sb compile | |
| ### Everything below this line will only run on a workflow_dispatch | |
| - name: set aws credentials | |
| if: inputs.command == 'release' || inputs.command == 'publish' | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::752443094709:role/gha-fusionauth-ruby-client | |
| role-session-name: aws-auth-action | |
| aws-region: us-west-2 | |
| - name: get secret | |
| if: inputs.command == 'release' || inputs.command == 'publish' | |
| run: | | |
| while IFS=$'\t' read -r key value; do | |
| echo "::add-mask::${value}" | |
| echo "${key}=${value}" >> $GITHUB_ENV | |
| done < <(aws secretsmanager get-secret-value \ | |
| --region us-west-2 \ | |
| --secret-id platform/rubygems \ | |
| --query SecretString \ | |
| --output text | \ | |
| jq -r 'to_entries[] | [.key, .value] | @tsv') | |
| - name: set gem credentials | |
| if: inputs.command == 'release' || inputs.command == 'publish' | |
| run: | | |
| mkdir -p ~/.gem | |
| echo ":rubygems_api_key: ${{ env.API_KEY }}" > ~/.gem/credentials | |
| chmod 600 ~/.gem/credentials | |
| - name: release to svn | |
| if: inputs.command == 'release' | |
| run: sb release | |
| - name: publish to rubygems | |
| if: inputs.command == 'publish' | |
| run: sb publish |