Update hive ci/cd

- move hive-cd to docker-publish - remove workflow_dispatch Signed-off-by: jmasar <[email protected]>
FRINXio · Feb 19, 2024 · fdf4107 · fdf4107
1 parent 46c94f1
commit fdf4107
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 55 deletions.
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -2,7 +2,7 @@ name: Docker
 
 on:
   push:
-    # Publish `master` as Docker `latest` image.
+    # Publish `master` and `stable` as Docker `latest` image.
     branches:
       - 'master'
       - '[0-9]+.X-stable'
@@ -14,7 +14,6 @@ on:
 
   # Run tests for any PRs.
   pull_request:
-  workflow_dispatch:
 
 env:
   # TODO: Change variable to your image's name.
@@ -48,37 +47,52 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Build image
-        run: docker build . --file Dockerfile --build-arg git_commit=$(git rev-parse HEAD) --tag $IMAGE_NAME
-
-      - uses: Azure/container-scan@v0
-        with:
-          image-name: ${{ env.IMAGE_NAME }}:latest
-          # severity-threshold: CRITICAL
-
       #### Set tags based on source type ####
 
-      - name: Set tag for latest image
+      - name: Set tag and hive token for latest image
         if: github.ref_type == 'branch' && startsWith(github.ref, 'refs/heads/master')
         run: |
           echo "IMAGE_TAG=$(echo 'latest')" >> "$GITHUB_ENV"
+          echo "HIVE_TOKEN=${{ secrets.HIVE_MASTER_LATEST_TOKEN }}" >> "$GITHUB_ENV"
 
-      - name: Set tag for stable-latest image
+      - name: Set tag and hive token for stable-latest image
         if: github.ref_type == 'branch' && endsWith(github.ref, '-stable')
         run: |
           echo "IMAGE_TAG=$(echo 'stable-latest')" >> "$GITHUB_ENV"
+          echo "HIVE_TOKEN=${{ secrets.HIVE_STABLE_LATEST_TOKEN }}" >> "$GITHUB_ENV"
 
-      - name: Set tag for stable-release image
+      - name: Set tag and hive token for stable-release image
         if: github.ref_type == 'tag' && endsWith(github.ref, '-stable')
         run: |
           echo "IMAGE_TAG=$(echo $GITHUB_REF | cut -d / -f 3 | sed -e 's/^v-//' | sed -e 's/-stable//')" >> "$GITHUB_ENV"
+          echo "HIVE_TOKEN=${{ secrets.HIVE_STABLE_RELEASE_TOKEN }}" >> "$GITHUB_ENV"
 
-      - name: Set tag for release image
+      - name: Set tag and hive token for release image
         if: ${{ github.ref_type == 'tag' && !endsWith(github.ref, '-stable') }}
         run: |
           echo "IMAGE_TAG=$(echo $GITHUB_REF | cut -d / -f 3 | sed -e 's/^v-//')" >> "$GITHUB_ENV"
+          echo "HIVE_TOKEN=${{ secrets.HIVE_MASTER_RELEASE_TOKEN }}" >> "$GITHUB_ENV"
+
+      - name: Build image
+        run: docker build . --file Dockerfile --build-arg git_commit=$(git rev-parse HEAD) --tag $IMAGE_NAME:${IMAGE_TAG}
+
+      - uses: Azure/container-scan@v0
+        with:
+          image-name: ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}
+          # severity-threshold: CRITICAL
+
+      - name: Log into docker hub
+        run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
+
+      - name: Push image
+        run: |
+          docker push $IMAGE_NAME:${IMAGE_TAG}
 
-      - name: Push stable-release image
+      - name: Hive publish
+        env:
+          SCHEMA_PATH: "schellar/graph/schema.graphqls"
         run: |
-          docker tag $IMAGE_NAME:latest $IMAGE_NAME:${IMAGE_TAG}
-#          docker push $IMAGE_NAME:${IMAGE_TAG}
+          curl -sSL https://graphql-hive.com/install.sh | sh
+          hive schema:publish ${{ env.SCHEMA_PATH }} \
+            --registry.accessToken ${HIVE_TOKEN} \
+            --github
diff --git a/.github/workflows/hive-cd.yml b/.github/workflows/hive-cd.yml
diff --git a/.github/workflows/hive-ci.yml b/.github/workflows/hive-ci.yml
@@ -10,21 +10,39 @@ on:
       - 'v*'
       - 'v[0-9]+.[0-9]+.[0-9]-stable'
 
-  workflow_dispatch:
-
 jobs:
   hive-check:
     runs-on: ubuntu-latest
     if: ${{ github.actor != 'dependabot[bot]' }}
     steps:
       - name: checkout
         uses: actions/checkout@v3
-      - name: schema check
+
+      - name: Stable token
+        if: github.ref_type == 'branch' && endsWith(github.ref, '-stable')
+        run: |
+          echo "HIVE_TOKEN=${{ secrets.HIVE_STABLE_LATEST_TOKEN }}" >> "$GITHUB_ENV"
+
+      - name: Master token
+        if: github.ref_type == 'branch' && startsWith(github.ref, 'refs/heads/master')
+        run: |
+          echo "HIVE_TOKEN=${{ secrets.HIVE_MASTER_LATEST_TOKEN }}" >> "$GITHUB_ENV"
+
+      - name: Stable release token
+        if: github.ref_type == 'tag' && endsWith(github.ref, '-stable')
+        run: |
+          echo "HIVE_TOKEN=${{ secrets.HIVE_STABLE_RELEASE_TOKEN }}" >> "$GITHUB_ENV"
+
+      - name: Master release token
+        if: ${{ github.ref_type == 'tag' && !endsWith(github.ref, '-stable') }}
+        run: |
+          echo "HIVE_TOKEN=${ secrets.HIVE_MASTER_RELEASE_TOKEN }" >> "$GITHUB_ENV"
+
+      - name: Schema check
         env:
-          HIVE_TOKEN: ${{ secrets.HIVE_TOKEN }}
           SCHEMA_PATH: "schellar/graph/schema.graphqls"
         run: |
           curl -sSL https://graphql-hive.com/install.sh | sh
           hive schema:check ${{ env.SCHEMA_PATH }} \
-            --registry.accessToken ${{ env.HIVE_TOKEN }} \
+            --registry.accessToken ${HIVE_TOKEN} \
             --github
diff --git a/.github/workflows/security-test.yml b/.github/workflows/security-test.yml
@@ -1,8 +1,6 @@
 name: PR check
 
-on: 
-  pull_request:
-  workflow_dispatch:
+on: pull_request
 
 env:
   IMAGE_NAME: frinx/uniflow-schellar