fix: fix tools assignment loop (#2545) #1677
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Please | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - 'release/*' | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| release-please: | |
| name: Release Please | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| issues: write | |
| id-token: write | |
| outputs: | |
| platform_release_created: ${{ steps.release-please.outputs['platform--release_created'] }} | |
| platform_version: ${{ steps.release-please.outputs['platform--version'] }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| - name: Generate a token | |
| id: generate-token | |
| uses: ./.github/actions/generate-release-token | |
| with: | |
| app-id: ${{ secrets.ARCHESTRA_RELEASER_GITHUB_APP_ID }} | |
| private-key: ${{ secrets.ARCHESTRA_RELEASER_GITHUB_APP_PRIVATE_KEY }} | |
| - uses: googleapis/release-please-action@c2a5a2bd6a758a0937f1ddb1e8950609867ed15c # v4.3.0 | |
| id: release-please | |
| with: | |
| token: ${{ steps.generate-token.outputs.token }} | |
| config-file: .github/release-please/release-please-config.json | |
| manifest-file: .github/release-please/.release-please-manifest.json | |
| target-branch: ${{ github.ref_name }} | |
| - name: Log release-please outputs | |
| # HACK to get toJson to sorta print the output to the console without failing this job | |
| continue-on-error: true | |
| env: | |
| OUTPUTS: ${{ toJson(steps.release-please.outputs) }} | |
| run: | | |
| echo "$OUTPUTS" | |
| build-and-push-mcp-server-docker-image: | |
| name: Build and push MCP Server Docker image | |
| if: needs.release-please.outputs.platform_release_created | |
| uses: ./.github/workflows/build-base-mcp-server-docker-image.yml | |
| needs: | |
| - release-please | |
| permissions: | |
| contents: read | |
| id-token: write # Required for Workload Identity Federation | |
| with: | |
| push_to_gcr: true | |
| version: ${{ needs.release-please.outputs.platform_version }} | |
| secrets: | |
| GCP_SERVICE_ACCOUNT_NAME: ${{ secrets.DEVELOPMENT_OAUTH_PROXY_RELEASER_GCP_SERVICE_ACCOUNT_NAME }} | |
| GCP_WORKLOAD_IDENTITY_PROVIDER_IDENTIFIER: ${{ secrets.DEVELOPMENT_OAUTH_PROXY_RELEASER_GCP_WORKLOAD_IDENTITY_PROVIDER_IDENTIFIER }} | |
| build-and-push-platform-docker-image-to-dockerhub: | |
| name: Build and push platform Docker image to Docker Hub | |
| # The platform Docker image references the MCP server base image via ARCHESTRA_ORCHESTRATOR_MCP_SERVER_BASE_IMAGE. | |
| # This job depends on build-and-push-mcp-server-docker-image to ensure the MCP server base image is published | |
| # first. If the MCP server image build fails, this job won't run, preventing the platform image from | |
| # referencing a non-existent MCP server base image tag. | |
| if: needs.release-please.outputs.platform_release_created | |
| uses: ./.github/workflows/build-dockerhub-image.yml | |
| needs: | |
| - release-please | |
| - build-and-push-mcp-server-docker-image | |
| permissions: | |
| contents: read | |
| id-token: write | |
| with: | |
| image_directory: ./platform | |
| image_name: platform | |
| version: ${{ needs.release-please.outputs.platform_version }} | |
| push_image: true | |
| secrets: | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| PLATFORM_NEXTJS_SOURCE_MAP_SENTRY_AUTH_TOKEN: ${{ secrets.PLATFORM_NEXTJS_SOURCE_MAP_SENTRY_AUTH_TOKEN }} | |
| TURBOREPO_REMOTE_CACHING_TOKEN: ${{ secrets.TURBOREPO_REMOTE_CACHING_TOKEN }} | |
| TURBOREPO_REMOTE_CACHING_TEAM: ${{ secrets.TURBOREPO_REMOTE_CACHING_TEAM }} | |
| publish-platform-helm-chart: | |
| name: Publish platform Helm chart | |
| # Depends on platform Docker image being published first, as the Helm chart references it | |
| if: needs.release-please.outputs.platform_release_created | |
| uses: ./.github/workflows/publish-platform-helm-chart.yml | |
| needs: | |
| - release-please | |
| - build-and-push-platform-docker-image-to-dockerhub | |
| permissions: | |
| contents: write | |
| id-token: write # Required for Workload Identity Federation | |
| with: | |
| version: ${{ needs.release-please.outputs.platform_version }} | |
| push_chart: true | |
| secrets: | |
| GCP_SERVICE_ACCOUNT_NAME: ${{ secrets.DEVELOPMENT_OAUTH_PROXY_RELEASER_GCP_SERVICE_ACCOUNT_NAME }} | |
| GCP_WORKLOAD_IDENTITY_PROVIDER_IDENTIFIER: ${{ secrets.DEVELOPMENT_OAUTH_PROXY_RELEASER_GCP_WORKLOAD_IDENTITY_PROVIDER_IDENTIFIER }} | |
| trigger-website-deploy: | |
| name: Trigger Website Deploy | |
| # Depends on Helm chart being published first, so the website shows the latest release info | |
| if: needs.release-please.outputs.platform_release_created | |
| uses: ./.github/workflows/trigger-website-deploy.yml | |
| needs: | |
| - release-please | |
| - publish-platform-helm-chart | |
| secrets: | |
| WEBSITE_VERCEL_DEPLOY_HOOK_URL: ${{ secrets.WEBSITE_VERCEL_DEPLOY_HOOK_URL }} |