docs(release): Clarify deployment workflow and rename scripts (#175) #244
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - 'v*.*.*' | |
| - 'v*.*.*-dev.*' | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write # Required for OIDC authentication to npm | |
| jobs: | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: '24' | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.14' | |
| - name: Install uv | |
| run: | | |
| curl -LsSf https://astral.sh/uv/install.sh | sh | |
| echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
| - name: Install esbuild | |
| run: npm install -g esbuild | |
| - name: Install Node.js dependencies | |
| run: npm ci | |
| - name: Create temp directory for tests | |
| run: mkdir -p .tmp | |
| - name: Install Python dependencies | |
| working-directory: docker | |
| run: uv sync --all-extras | |
| - name: Run Python tests | |
| working-directory: docker | |
| run: uv run pytest -v -m "not local" | |
| - name: Run Node.js tests | |
| run: npm run test:ci | |
| - name: Build package | |
| run: npm run build | |
| docker: | |
| name: Build and Push Docker Image | |
| runs-on: ubuntu-latest | |
| needs: test | |
| if: startsWith(github.ref, 'refs/tags/') | |
| outputs: | |
| image_uri: ${{ steps.image.outputs.IMAGE_URI }} | |
| version: ${{ steps.version.outputs.VERSION }} | |
| tag: ${{ steps.version.outputs.TAG }} | |
| is_prerelease: ${{ steps.version.outputs.IS_PRERELEASE }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.14' | |
| - name: Install uv | |
| run: | | |
| curl -LsSf https://astral.sh/uv/install.sh | sh | |
| echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
| - name: Install Python dependencies | |
| working-directory: docker | |
| run: uv sync --all-extras | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v5 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| platforms: linux/amd64 | |
| - name: Ensure ECR repository exists | |
| run: | | |
| REPO_NAME="quiltdata/benchling" | |
| if ! aws ecr describe-repositories --repository-names "$REPO_NAME" --region us-east-1 >/dev/null 2>&1; then | |
| echo "Creating ECR repository: $REPO_NAME" | |
| aws ecr create-repository --repository-name "$REPO_NAME" --region us-east-1 | |
| else | |
| echo "ECR repository already exists: $REPO_NAME" | |
| fi | |
| - name: Extract version from tag | |
| id: version | |
| run: | | |
| VERSION=${GITHUB_REF#refs/tags/v} | |
| TAG=${GITHUB_REF#refs/tags/} | |
| echo "VERSION=$VERSION" >> $GITHUB_OUTPUT | |
| echo "TAG=$TAG" >> $GITHUB_OUTPUT | |
| # Check if this is a prerelease (contains timestamp, -dev, -alpha, -beta, -rc) | |
| if [[ "$VERSION" =~ -[0-9]{8}T[0-9]{6}Z$ ]] || [[ "$VERSION" =~ -(dev|alpha|beta|rc) ]]; then | |
| echo "IS_PRERELEASE=true" >> $GITHUB_OUTPUT | |
| echo "This is a prerelease: $TAG" | |
| else | |
| echo "IS_PRERELEASE=false" >> $GITHUB_OUTPUT | |
| echo "This is a production release: $TAG" | |
| fi | |
| - name: Build and push Docker image | |
| working-directory: docker | |
| run: make push-ci VERSION=${{ steps.version.outputs.VERSION }} | |
| env: | |
| DOCKER_DEFAULT_PLATFORM: linux/amd64 | |
| AWS_REGION: us-east-1 | |
| - name: Get Docker image URI | |
| id: image | |
| run: | | |
| AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) | |
| IMAGE_URI="${AWS_ACCOUNT_ID}.dkr.ecr.us-east-1.amazonaws.com/quiltdata/benchling:${{ steps.version.outputs.VERSION }}" | |
| echo "IMAGE_URI=$IMAGE_URI" >> $GITHUB_OUTPUT | |
| echo "Docker Image: $IMAGE_URI" | |
| release: | |
| name: Create GitHub Release | |
| runs-on: ubuntu-latest | |
| needs: docker | |
| if: startsWith(github.ref, 'refs/tags/') | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v5 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: '24' | |
| # No registry-url needed for OIDC publishing | |
| # npm publish --provenance uses OIDC directly without tokens | |
| - name: Install Node.js dependencies | |
| run: npm ci | |
| - name: Generate release notes | |
| id: release_notes | |
| run: | | |
| VERSION="${{ needs.docker.outputs.version }}" | |
| IMAGE_URI="${{ needs.docker.outputs.image_uri }}" | |
| IS_PRERELEASE="${{ needs.docker.outputs.is_prerelease }}" | |
| PACKAGE_NAME=$(jq -r '.name' package.json) | |
| ./bin/release-notes.sh "$VERSION" "$IMAGE_URI" "$IS_PRERELEASE" "$PACKAGE_NAME" > /tmp/release_notes.md | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| name: Release ${{ needs.docker.outputs.tag }} | |
| body_path: /tmp/release_notes.md | |
| draft: false | |
| prerelease: ${{ needs.docker.outputs.is_prerelease == 'true' }} | |
| generate_release_notes: true | |
| files: | | |
| docker/app-manifest.yaml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Update package.json version for pre-releases | |
| if: needs.docker.outputs.is_prerelease == 'true' | |
| run: | | |
| VERSION="${{ needs.docker.outputs.version }}" | |
| echo "Temporarily updating package.json version to $VERSION for pre-release publish" | |
| jq --arg version "$VERSION" '.version = $version' package.json > package.json.tmp | |
| mv package.json.tmp package.json | |
| echo "Updated version: $(jq -r .version package.json)" | |
| - name: Publish to NPM | |
| run: | | |
| echo "=== NPM Configuration Debug ===" | |
| echo "Registry: $(npm config get registry)" | |
| echo "Package version: $(jq -r .version package.json)" | |
| echo "Checking authentication..." | |
| npm whoami || echo "npm whoami failed" | |
| cat $NPM_CONFIG_USERCONFIG || echo "No .npmrc found" | |
| echo "===============================" | |
| if [ "${{ needs.docker.outputs.is_prerelease }}" == "true" ]; then | |
| echo "Publishing pre-release to npm with 'dev' tag" | |
| npm publish --provenance --access public --tag dev | |
| else | |
| echo "Publishing production release to npm with 'latest' tag" | |
| npm publish --provenance --access public --tag latest | |
| fi | |
| - name: Summary | |
| run: | | |
| echo "## Release Summary" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**Version:** ${{ needs.docker.outputs.tag }}" >> $GITHUB_STEP_SUMMARY | |
| echo "**Type:** ${{ needs.docker.outputs.is_prerelease == 'true' && 'Pre-release' || 'Production Release' }}" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**Docker Image:**" >> $GITHUB_STEP_SUMMARY | |
| echo "\`\`\`" >> $GITHUB_STEP_SUMMARY | |
| echo "${{ needs.docker.outputs.image_uri }}" >> $GITHUB_STEP_SUMMARY | |
| echo "\`\`\`" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| echo "**NPM Package:** https://www.npmjs.com/package/@quiltdata/benchling-webhook" >> $GITHUB_STEP_SUMMARY |