name: Preview (build) on: pull_request: types: [opened, synchronize, reopened, closed] paths-ignore: - '.changeset/**' - 'contrib/**' - 'docs/**' - 'microsite/**' - 'beps/**' - 'scripts/**' - 'storybook/**' - '**/*.test.*' - '**/package.json' - '*.md' jobs: build-backstage: env: NODE_OPTIONS: --max-old-space-size=4096 UFFIZZI_URL: https://app.uffizzi.com name: Build PR image runs-on: ubuntu-latest if: ${{ github.event_name != 'pull_request' || github.event.action != 'closed' }} outputs: tags: ${{ steps.meta.outputs.tags }} steps: - name: Harden Runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: egress-policy: audit - name: checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: setup-node uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: node-version: 18.x registry-url: https://registry.npmjs.org/ - name: yarn install uses: backstage/actions/yarn-install@a674369920067381b450d398b27df7039b7ef635 # v0.6.5 with: cache-prefix: linux-v18 - name: Use Uffizzi's backstage app config run: | cp -f ./.github/uffizzi/uffizzi.production.app-config.yaml ./app-config.yaml - name: backstage build run: | yarn workspace example-backend build - name: Set up Docker Buildx uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 - name: Generate UUID image name id: uuid run: echo "UUID_TAG_APP=backstage-$(uuidgen --time)" >> $GITHUB_ENV - name: Docker metadata id: meta uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: registry.uffizzi.com/${{ env.UUID_TAG_APP }} tags: type=raw,value=60d - name: Build Image uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 with: context: . file: packages/backend/Dockerfile tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} push: true cache-from: type=gha cache-to: type=gha,mode=max render-kustomize: name: Render Kustomize Manifests runs-on: ubuntu-latest needs: - build-backstage steps: - name: Harden Runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: egress-policy: audit - name: Checkout git repo uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Render Compose File run: | # update image after the build above cd ./.github/uffizzi/k8s/manifests kustomize edit set image backstage=${{ needs.build-backstage.outputs.tags }} kustomize build . > manifests.rendered.yml cat manifests.rendered.yml - name: Upload Rendered Manifests File as Artifact uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3 with: name: preview-spec path: ./.github/uffizzi/k8s/manifests/manifests.rendered.yml retention-days: 2 - name: Upload PR Event as Artifact uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: preview-spec path: ${{ github.event_path }} retention-days: 2 delete-preview: name: Call for Preview Deletion runs-on: ubuntu-latest if: ${{ github.event.action == 'closed' }} steps: - name: Harden Runner uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 with: egress-policy: audit # If this PR is closing, we will not render a compose file nor pass it to the next workflow. - name: Upload PR Event as Artifact uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: preview-spec path: ${{ github.event_path }} retention-days: 2