name: Deploy on: workflow_dispatch: inputs: flavor: description: 'Select what enverionment to deploy to' type: choice default: canary options: - canary - beta - stable - internal env: NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }} permissions: contents: 'write' id-token: 'write' packages: 'write' jobs: output-prev-version: name: Output previous version runs-on: ubuntu-latest environment: ${{ github.event.inputs.flavor }} outputs: prev: ${{ steps.print.outputs.version }} namespace: ${{ steps.print.outputs.namespace }} steps: - uses: actions/checkout@v4 - name: Auth to Cluster uses: './.github/actions/cluster-auth' with: gcp-project-number: ${{ secrets.GCP_PROJECT_NUMBER }} gcp-project-id: ${{ secrets.GCP_PROJECT_ID }} service-account: ${{ secrets.GCP_HELM_DEPLOY_SERVICE_ACCOUNT }} cluster-name: ${{ secrets.GCP_CLUSTER_NAME }} cluster-location: ${{ secrets.GCP_CLUSTER_LOCATION }} - name: Output previous version id: print run: | namespace="" if [ "${{ github.event.inputs.flavor }}" = "canary" ]; then namespace="dev" elif [ "${{ github.event.inputs.flavor }}" = "beta" ]; then namespace="beta" elif [ "${{ github.event.inputs.flavor }}" = "stable" ]; then namespace="production" else echo "Invalid flavor: ${{ github.event.inputs.flavor }}" exit 1 fi echo "Namespace set to: $namespace" # Get the previous version from the deployment prev_version=$(kubectl get deployment -n $namespace affine-graphql -o=jsonpath='{.spec.template.spec.containers[0].image}' | awk -F '-' '{print $3}') echo "Previous version: $prev_version" echo "version=$prev_version" >> $GITHUB_OUTPUT echo "namesapce=$namespace" >> $GITHUB_OUTPUT build-server-image: name: Build Server Image uses: ./.github/workflows/build-server-image.yml with: flavor: ${{ github.event.inputs.flavor }} build-web: name: Build @affine/web runs-on: ubuntu-latest environment: ${{ github.event.inputs.flavor }} steps: - uses: actions/checkout@v4 - name: Setup Version id: version uses: ./.github/actions/setup-version - name: Setup Node.js uses: ./.github/actions/setup-node - name: Build Core run: yarn nx build @affine/web --skip-nx-cache env: R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} BUILD_TYPE: ${{ github.event.inputs.flavor }} CAPTCHA_SITE_KEY: ${{ secrets.CAPTCHA_SITE_KEY }} SENTRY_ORG: ${{ secrets.SENTRY_ORG }} SENTRY_PROJECT: 'affine-web' SENTRY_RELEASE: ${{ steps.version.outputs.APP_VERSION }} SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} SENTRY_DSN: ${{ secrets.SENTRY_DSN }} PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }} MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }} - name: Upload web artifact uses: actions/upload-artifact@v4 with: name: web path: ./packages/frontend/web/dist if-no-files-found: error build-admin: name: Build @affine/admin runs-on: ubuntu-latest environment: ${{ github.event.inputs.flavor }} steps: - uses: actions/checkout@v4 - name: Setup Version id: version uses: ./.github/actions/setup-version - name: Setup Node.js uses: ./.github/actions/setup-node - name: Build Core run: yarn nx build @affine/admin --skip-nx-cache env: R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} BUILD_TYPE: ${{ github.event.inputs.flavor }} CAPTCHA_SITE_KEY: ${{ secrets.CAPTCHA_SITE_KEY }} SENTRY_ORG: ${{ secrets.SENTRY_ORG }} SENTRY_PROJECT: 'affine-admin' SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} SENTRY_DSN: ${{ secrets.SENTRY_DSN }} PERFSEE_TOKEN: ${{ secrets.PERFSEE_TOKEN }} MIXPANEL_TOKEN: ${{ secrets.MIXPANEL_TOKEN }} - name: Upload admin artifact uses: actions/upload-artifact@v4 with: name: admin path: ./packages/frontend/admin/dist if-no-files-found: error build-frontend-image: name: Build Frontend Image runs-on: ubuntu-latest needs: - build-web - build-admin steps: - uses: actions/checkout@v4 - name: Download web artifact uses: actions/download-artifact@v4 with: name: web path: ./packages/frontend/web/dist - name: Download admin artifact uses: actions/download-artifact@v4 with: name: admin path: ./packages/frontend/admin/dist - name: Setup env run: | echo "GIT_SHORT_HASH=$(git rev-parse --short HEAD)" >> "$GITHUB_ENV" if [ -z "${{ inputs.flavor }}" ] then echo "RELEASE_FLAVOR=canary" >> "$GITHUB_ENV" else echo "RELEASE_FLAVOR=${{ inputs.flavor }}" >> "$GITHUB_ENV" fi - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io logout: false username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build front Dockerfile uses: docker/build-push-action@v6 with: context: . push: true pull: true platforms: linux/amd64,linux/arm64 provenance: true file: .github/deployment/front/Dockerfile tags: ghcr.io/toeverything/affine-front:${{env.RELEASE_FLAVOR}}-${{ env.GIT_SHORT_HASH }},ghcr.io/toeverything/affine-front:${{env.RELEASE_FLAVOR}} deploy: name: Deploy to cluster if: ${{ github.event_name == 'workflow_dispatch' }} environment: ${{ github.event.inputs.flavor }} needs: - build-frontend-image - build-server-image runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Version id: version uses: ./.github/actions/setup-version - name: Deploy to ${{ github.event.inputs.flavor }} uses: ./.github/actions/deploy with: build-type: ${{ github.event.inputs.flavor }} gcp-project-number: ${{ secrets.GCP_PROJECT_NUMBER }} gcp-project-id: ${{ secrets.GCP_PROJECT_ID }} service-account: ${{ secrets.GCP_HELM_DEPLOY_SERVICE_ACCOUNT }} cluster-name: ${{ secrets.GCP_CLUSTER_NAME }} cluster-location: ${{ secrets.GCP_CLUSTER_LOCATION }} env: APP_VERSION: ${{ steps.version.outputs.APP_VERSION }} DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }} CANARY_DEPLOY_HOST: ${{ secrets.CANARY_DEPLOY_HOST }} R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} CAPTCHA_TURNSTILE_SECRET: ${{ secrets.CAPTCHA_TURNSTILE_SECRET }} COPILOT_OPENAI_API_KEY: ${{ secrets.COPILOT_OPENAI_API_KEY }} COPILOT_FAL_API_KEY: ${{ secrets.COPILOT_FAL_API_KEY }} COPILOT_UNSPLASH_API_KEY: ${{ secrets.COPILOT_UNSPLASH_API_KEY }} METRICS_CUSTOMER_IO_TOKEN: ${{ secrets.METRICS_CUSTOMER_IO_TOKEN }} MAILER_SENDER: ${{ secrets.OAUTH_EMAIL_SENDER }} MAILER_USER: ${{ secrets.OAUTH_EMAIL_LOGIN }} MAILER_PASSWORD: ${{ secrets.OAUTH_EMAIL_PASSWORD }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} AFFINE_GOOGLE_CLIENT_ID: ${{ secrets.AFFINE_GOOGLE_CLIENT_ID }} AFFINE_GOOGLE_CLIENT_SECRET: ${{ secrets.AFFINE_GOOGLE_CLIENT_SECRET }} DATABASE_URL: ${{ secrets.DATABASE_URL }} DATABASE_USERNAME: ${{ secrets.DATABASE_USERNAME }} DATABASE_PASSWORD: ${{ secrets.DATABASE_PASSWORD }} DATABASE_NAME: ${{ secrets.DATABASE_NAME }} GCLOUD_CONNECTION_NAME: ${{ secrets.GCLOUD_CONNECTION_NAME }} GCLOUD_CLOUD_SQL_INTERNAL_ENDPOINT: ${{ secrets.GCLOUD_CLOUD_SQL_INTERNAL_ENDPOINT }} REDIS_HOST: ${{ secrets.REDIS_HOST }} REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }} CLOUD_SQL_IAM_ACCOUNT: ${{ secrets.CLOUD_SQL_IAM_ACCOUNT }} STRIPE_API_KEY: ${{ secrets.STRIPE_API_KEY }} STRIPE_WEBHOOK_KEY: ${{ secrets.STRIPE_WEBHOOK_KEY }} STATIC_IP_NAME: ${{ secrets.STATIC_IP_NAME }} deploy-done: needs: - output-prev-version - build-frontend-image - build-server-image - deploy if: always() runs-on: ubuntu-latest name: Post deploy message steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - uses: actions/checkout@v4 with: repository: toeverything/blocksuite path: blocksuite fetch-depth: 0 fetch-tags: true - name: Setup Node.js uses: ./.github/actions/setup-node with: extra-flags: 'workspaces focus @affine/changelog' electron-install: false - name: Output deployed info if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} id: set_info run: | if [ "${{ github.event.inputs.flavor }}" = "canary" ]; then echo "deployed_url=https://affine.fail" >> $GITHUB_OUTPUT elif [ "${{ github.event.inputs.flavor }}" = "beta" ]; then echo "deployed_url=https://insider.affine.pro" >> $GITHUB_OUTPUT elif [ "${{ github.event.inputs.flavor }}" = "stable" ]; then echo "deployed_url=https://app.affine.pro" >> $GITHUB_OUTPUT else exit 1 fi env: GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - name: Post Success event to a Slack channel if: ${{ always() && !contains(needs.*.result, 'failure') && !contains(needs.*.result, 'cancelled') }} run: node ./tools/changelog/index.js env: CHANNEL_ID: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }} SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} DEPLOYED_URL: ${{ steps.set_info.outputs.deployed_url }} PREV_VERSION: ${{ needs.output-prev-version.outputs.prev }} NAMESPACE: ${{ needs.output-prev-version.outputs.namespace }} DEPLOYMENT: 'SERVER' FLAVOR: ${{ github.event.inputs.flavor }} BLOCKSUITE_REPO_PATH: ${{ github.workspace }}/blocksuite - name: Post Failed event to a Slack channel id: failed-slack uses: slackapi/slack-github-action@v1.26.0 if: ${{ always() && contains(needs.*.result, 'failure') }} with: channel-id: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }} payload: | { "blocks": [ { "type": "section", "text": { "text": "<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Backend deploy failed `${{ github.event.inputs.flavor }}`>", "type": "mrkdwn" } } ] } env: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - name: Post Cancel event to a Slack channel id: cancel-slack uses: slackapi/slack-github-action@v1.26.0 if: ${{ always() && contains(needs.*.result, 'cancelled') && !contains(needs.*.result, 'failure') }} with: channel-id: ${{ secrets.RELEASE_SLACK_CHNNEL_ID }} payload: | { "blocks": [ { "type": "section", "text": { "text": "<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Backend deploy cancelled `${{ github.event.inputs.flavor }}`>", "type": "mrkdwn" } } ] } env: SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}