feat(billing): depraracate tax code setting on billing profile #15025
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: ${{ !contains(github.ref, 'refs/heads/main') && !contains(github.ref, 'refs/tags/') }} | |
| jobs: | |
| cache-rebuild: | |
| name: Rebuild GitHub Actions Caches | |
| runs-on: depot-ubuntu-latest-4 | |
| # To test e2e feel free to comment this out for a branch, then a branch specific cache will be created | |
| if: github.event_name == 'push' | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Nix | |
| uses: nixbuild/nix-quick-install-action@2c9db80fb984ceb1bcaa77cdda3fdf8cfba92035 # v34 | |
| with: | |
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
| nix_conf: | | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| keep-env-derivations = true | |
| keep-outputs = true | |
| - name: Build nix environment | |
| run: | | |
| nix flake check --impure | |
| nix develop --impure .#ci | |
| - name: Save Nix store cache | |
| uses: nix-community/cache-nix-action/save@7df957e333c1e5da7721f60227dbba6d06080569 # v7.0.2 | |
| with: | |
| primary-key: ${{ runner.os }}-openmeter-nix-build-${{ github.ref_name }}-${{ hashFiles('flake.*') }} | |
| save: "true" | |
| - name: Populate go caches - go mod download | |
| run: nix develop --impure .#ci -c go mod download | |
| - name: Save go caches - go mod | |
| uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | |
| with: | |
| path: .devenv/state/go | |
| key: ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| build: | |
| name: Build | |
| runs-on: depot-ubuntu-latest-8 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Nix | |
| uses: nixbuild/nix-quick-install-action@2c9db80fb984ceb1bcaa77cdda3fdf8cfba92035 # v34 | |
| with: | |
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
| nix_conf: | | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| keep-env-derivations = true | |
| keep-outputs = true | |
| - name: Restore Nix store | |
| uses: nix-community/cache-nix-action/restore@7df957e333c1e5da7721f60227dbba6d06080569 # v7.0.2 | |
| with: | |
| primary-key: ${{ runner.os }}-openmeter-nix-build-${{ github.ref_name }}-${{ hashFiles('flake.*') }} | |
| restore-prefixes-first-match: | | |
| ${{ runner.os }}-openmeter-nix-build-${{ github.ref_name }}- | |
| ${{ runner.os }}-openmeter-nix-build-main-${{ hashFiles('flake.*') }} | |
| ${{ runner.os }}-openmeter-nix-build-main- | |
| ${{ runner.os }}-openmeter-nix-build- | |
| - name: Restore go.mod cache if exists | |
| uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | |
| with: | |
| path: .devenv/state/go | |
| key: ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| # Prefer to restore the branch cache over the main cache | |
| restore-keys: | | |
| ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}- | |
| ${{ runner.os }}-openmeter-go-modules-main-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| ${{ runner.os }}-openmeter-go-modules-main | |
| - name: Validate Nix flake | |
| run: nix flake check --impure | |
| - name: Validate Node version file | |
| run: | | |
| FILE_NODE_VERSION="$(tr -d '\r\n' < .nvmrc)" | |
| NIX_NODE_VERSION="$(nix develop --impure .#ci -c node -v)" | |
| if [ "$NIX_NODE_VERSION" != "$FILE_NODE_VERSION" ]; then | |
| echo ".nvmrc is out of sync with the Nix CI shell" | |
| echo "nix develop --impure .#ci -c node -v => $NIX_NODE_VERSION" | |
| echo ".nvmrc => $FILE_NODE_VERSION" | |
| exit 1 | |
| fi | |
| - name: Build components | |
| run: | | |
| # On Depot runners, cgo external linking can spill large temporary linker | |
| # files into /run via the default temp dir. Keep Go and system temp files | |
| # on the workspace disk for this step to avoid "no space left on device", | |
| # while still allowing each parallel go build to get its own temp dir. | |
| mkdir -p \ | |
| "$GITHUB_WORKSPACE/.tmp/go-work" \ | |
| "$GITHUB_WORKSPACE/.tmp/system" | |
| env \ | |
| GOTMPDIR="$GITHUB_WORKSPACE/.tmp/go-work" \ | |
| TMPDIR="$GITHUB_WORKSPACE/.tmp/system" \ | |
| nix develop --impure .#ci -c make -j 4 build | |
| - name: Validate commit messages | |
| run: | | |
| nix develop --impure .#ci -c prek run -a | |
| nix develop --impure .#ci -c prek run --stage manual | |
| generators-openapi: | |
| name: Code Generators / OpenAPI | |
| runs-on: depot-ubuntu-latest-8 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Nix | |
| uses: nixbuild/nix-quick-install-action@2c9db80fb984ceb1bcaa77cdda3fdf8cfba92035 # v34 | |
| with: | |
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
| nix_conf: | | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| keep-env-derivations = true | |
| keep-outputs = true | |
| - name: Restore Nix store | |
| uses: nix-community/cache-nix-action/restore@7df957e333c1e5da7721f60227dbba6d06080569 # v7.0.2 | |
| with: | |
| primary-key: ${{ runner.os }}-openmeter-nix-build-${{ github.ref_name }}-${{ hashFiles('flake.*') }} | |
| restore-prefixes-first-match: | | |
| ${{ runner.os }}-openmeter-nix-build-${{ github.ref_name }}- | |
| ${{ runner.os }}-openmeter-nix-build-main-${{ hashFiles('flake.*') }} | |
| ${{ runner.os }}-openmeter-nix-build-main- | |
| ${{ runner.os }}-openmeter-nix-build- | |
| - name: Restore go.mod cache if exists | |
| uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | |
| with: | |
| path: .devenv/state/go | |
| key: ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| # Prefer to restore the branch cache over the main cache | |
| restore-keys: | | |
| ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}- | |
| ${{ runner.os }}-openmeter-go-modules-main-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| ${{ runner.os }}-openmeter-go-modules-main | |
| - name: Ensure code generators are run | |
| run: | | |
| nix develop --impure .#ci -c make update-openapi | |
| # does not detect new files | |
| if [ -n "$(git diff --exit-code)" ]; then | |
| git diff | |
| echo "Code generators have not been run, please run 'make generate-all' and commit the changes" | |
| exit 1 | |
| fi | |
| # detect files not committed | |
| if [ -n "$(git status --porcelain)" ]; then | |
| git status --porcelain | |
| echo "Code generators have not been run, please run 'make generate-all' and commit the changes" | |
| exit 1 | |
| fi | |
| generators-javascript-sdk: | |
| name: Code Generators / JavaScript SDK | |
| runs-on: depot-ubuntu-latest-8 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - name: Set up pnpm | |
| uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6 | |
| with: | |
| package_json_file: api/client/javascript/package.json | |
| - name: Set up Node.js | |
| uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 | |
| with: | |
| node-version-file: .nvmrc | |
| cache: pnpm | |
| cache-dependency-path: api/client/javascript/pnpm-lock.yaml | |
| - name: Ensure code generators are run | |
| run: | | |
| make generate-javascript-sdk | |
| # does not detect new files | |
| if [ -n "$(git diff --exit-code)" ]; then | |
| git diff | |
| echo "Code generators have not been run, please run 'make generate-all' and commit the changes" | |
| exit 1 | |
| fi | |
| # detect files not committed | |
| if [ -n "$(git status --porcelain)" ]; then | |
| git status --porcelain | |
| echo "Code generators have not been run, please run 'make generate-all' and commit the changes" | |
| exit 1 | |
| fi | |
| generators-go: | |
| name: Code Generators / Go | |
| runs-on: depot-ubuntu-latest-8 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Nix | |
| uses: nixbuild/nix-quick-install-action@2c9db80fb984ceb1bcaa77cdda3fdf8cfba92035 # v34 | |
| with: | |
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
| nix_conf: | | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| keep-env-derivations = true | |
| keep-outputs = true | |
| - name: Restore Nix store | |
| uses: nix-community/cache-nix-action/restore@7df957e333c1e5da7721f60227dbba6d06080569 # v7.0.2 | |
| with: | |
| primary-key: ${{ runner.os }}-openmeter-nix-build-${{ github.ref_name }}-${{ hashFiles('flake.*') }} | |
| restore-prefixes-first-match: | | |
| ${{ runner.os }}-openmeter-nix-build-${{ github.ref_name }}- | |
| ${{ runner.os }}-openmeter-nix-build-main-${{ hashFiles('flake.*') }} | |
| ${{ runner.os }}-openmeter-nix-build-main- | |
| ${{ runner.os }}-openmeter-nix-build- | |
| - name: Restore go.mod cache if exists | |
| uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | |
| with: | |
| path: .devenv/state/go | |
| key: ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| # Prefer to restore the branch cache over the main cache | |
| restore-keys: | | |
| ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}- | |
| ${{ runner.os }}-openmeter-go-modules-main-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| ${{ runner.os }}-openmeter-go-modules-main | |
| - name: Ensure code generators are run | |
| run: | | |
| nix develop --impure .#ci -c make patch-oapi-templates | |
| nix develop --impure .#ci -c go generate ./... | |
| # does not detect new files | |
| if [ -n "$(git diff --exit-code)" ]; then | |
| git diff | |
| echo "Code generators have not been run, please run 'make generate-all' and commit the changes" | |
| exit 1 | |
| fi | |
| # detect files not committed | |
| if [ -n "$(git status --porcelain)" ]; then | |
| git status --porcelain | |
| echo "Code generators have not been run, please run 'make generate-all' and commit the changes" | |
| exit 1 | |
| fi | |
| test: | |
| name: Test | |
| runs-on: depot-ubuntu-latest-8 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| # Let's start docker-compose early so that by the time we have the nix env set up it's already running | |
| - name: Start docker-compose dependencies | |
| run: | | |
| docker compose up postgres svix redis clickhouse -d | |
| - name: Set up Nix | |
| uses: nixbuild/nix-quick-install-action@2c9db80fb984ceb1bcaa77cdda3fdf8cfba92035 # v34 | |
| with: | |
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
| nix_conf: | | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| keep-env-derivations = true | |
| keep-outputs = true | |
| - name: Restore Nix store | |
| uses: nix-community/cache-nix-action/restore@7df957e333c1e5da7721f60227dbba6d06080569 # v7.0.2 | |
| with: | |
| primary-key: ${{ runner.os }}-openmeter-nix-build-${{ github.ref_name }}-${{ hashFiles('flake.*') }} | |
| restore-prefixes-first-match: | | |
| ${{ runner.os }}-openmeter-nix-build-${{ github.ref_name }}- | |
| ${{ runner.os }}-openmeter-nix-build-main-${{ hashFiles('flake.*') }} | |
| ${{ runner.os }}-openmeter-nix-build-main- | |
| ${{ runner.os }}-openmeter-nix-build- | |
| - name: Upsert Nix store | |
| run: nix develop --impure .#ci | |
| # This shaves off 5s or so | |
| - name: Restore go.mod cache if exists | |
| uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | |
| with: | |
| path: .devenv/state/go | |
| key: ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| # Prefer to restore the branch cache over the main cache | |
| restore-keys: | | |
| ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}- | |
| ${{ runner.os }}-openmeter-go-modules-main-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| ${{ runner.os }}-openmeter-go-modules-main | |
| - name: Wait for dependencies to be ready | |
| run: | | |
| ./tools/wait-for-compose.sh postgres svix redis clickhouse | |
| - name: Run tests | |
| env: | |
| GO_TEST_PACKAGE_PARALLELISM: 32 | |
| SVIX_HOST: localhost | |
| TEST_CLICKHOUSE_DSN: ${{ vars.TEST_CLICKHOUSE_DSN }} | |
| # Dev JWT secret, non-sensitive | |
| SVIX_JWT_SECRET: DUMMY_JWT_SECRET | |
| # count=1 is needed to force retest | |
| run: | | |
| # On Depot runners, cgo builds during tests can spill temporary files | |
| # into /run via the default temp dir. Keep Go and system temp files on | |
| # the workspace disk for this step to avoid "no space left on device". | |
| mkdir -p \ | |
| "$GITHUB_WORKSPACE/.tmp/go-work" \ | |
| "$GITHUB_WORKSPACE/.tmp/system" | |
| env \ | |
| GOTMPDIR="$GITHUB_WORKSPACE/.tmp/go-work" \ | |
| TMPDIR="$GITHUB_WORKSPACE/.tmp/system" \ | |
| nix develop --impure .#ci -c make test-nocache | |
| - name: Stop docker-compose dependencies | |
| if: always() | |
| run: | | |
| docker compose down -v | |
| migrations: | |
| name: Migration Checks | |
| runs-on: depot-ubuntu-latest-8 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| fetch-depth: 0 # Needed to compare against base branch | |
| persist-credentials: false | |
| - name: Set up Nix | |
| uses: nixbuild/nix-quick-install-action@2c9db80fb984ceb1bcaa77cdda3fdf8cfba92035 # v34 | |
| with: | |
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
| nix_conf: | | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| keep-env-derivations = true | |
| keep-outputs = true | |
| - name: Restore Nix store | |
| uses: nix-community/cache-nix-action/restore@7df957e333c1e5da7721f60227dbba6d06080569 # v7.0.2 | |
| with: | |
| primary-key: ${{ runner.os }}-openmeter-nix-build-${{ github.ref_name }}-${{ hashFiles('flake.*') }} | |
| restore-prefixes-first-match: | | |
| ${{ runner.os }}-openmeter-nix-build-${{ github.ref_name }}- | |
| ${{ runner.os }}-openmeter-nix-build-main-${{ hashFiles('flake.*') }} | |
| ${{ runner.os }}-openmeter-nix-build-main- | |
| ${{ runner.os }}-openmeter-nix-build- | |
| - name: Restore go.mod cache if exists | |
| uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | |
| with: | |
| path: .devenv/state/go | |
| key: ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}- | |
| ${{ runner.os }}-openmeter-go-modules-main-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| ${{ runner.os }}-openmeter-go-modules-main | |
| - name: Run migration checks | |
| run: nix develop --impure .#ci -c make migrate-check | |
| lint: | |
| name: Lint | |
| runs-on: depot-ubuntu-latest-8 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Nix | |
| uses: nixbuild/nix-quick-install-action@2c9db80fb984ceb1bcaa77cdda3fdf8cfba92035 # v34 | |
| with: | |
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
| nix_conf: | | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| keep-env-derivations = true | |
| keep-outputs = true | |
| - name: Restore Nix store | |
| uses: nix-community/cache-nix-action/restore@7df957e333c1e5da7721f60227dbba6d06080569 # v7.0.2 | |
| with: | |
| primary-key: ${{ runner.os }}-openmeter-nix-build-${{ github.ref_name }}-${{ hashFiles('flake.*') }} | |
| restore-prefixes-first-match: | | |
| ${{ runner.os }}-openmeter-nix-build-${{ github.ref_name }}- | |
| ${{ runner.os }}-openmeter-nix-build-main-${{ hashFiles('flake.*') }} | |
| ${{ runner.os }}-openmeter-nix-build-main- | |
| ${{ runner.os }}-openmeter-nix-build- | |
| - name: Upsert Nix store | |
| run: nix develop --impure .#ci | |
| # This shaves off 5s or so | |
| - name: Restore go.mod cache if exists | |
| uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | |
| with: | |
| path: .devenv/state/go | |
| key: ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| # Prefer to restore the branch cache over the main cache | |
| restore-keys: | | |
| ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}- | |
| ${{ runner.os }}-openmeter-go-modules-main-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| ${{ runner.os }}-openmeter-go-modules-main | |
| - name: Get main fork point | |
| id: base-commit | |
| run: | | |
| git fetch origin main | |
| echo "base candidate:" | |
| git log -1 --reverse --boundary HEAD ^origin/main | |
| BASE_COMMIT=$(git log -1 --reverse --boundary --format=%h HEAD ^origin/main) | |
| if [ -z "$BASE_COMMIT" ]; then | |
| BASE_COMMIT=$(git log -1 --format=%h) | |
| fi | |
| echo "sha=${BASE_COMMIT}" >> "$GITHUB_OUTPUT" | |
| echo "sha=${BASE_COMMIT}" | |
| - name: Lint cache | |
| uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | |
| with: | |
| path: .devenv/golangci-lint-cache | |
| key: ${{ runner.os }}-openmeter-golangci-lint-cache-${{ steps.base-commit.outputs.sha }}-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-openmeter-golangci-lint-cache-${{ steps.base-commit.outputs.sha }}-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| ${{ runner.os }}-openmeter-golangci-lint-cache-${{ steps.base-commit.outputs.sha }}- | |
| ${{ runner.os }}-openmeter-golangci-lint-cache- | |
| - name: Run linters - go | |
| env: | |
| GOLANGCI_LINT_CACHE: ${{ github.workspace }}/.devenv/golangci-lint-cache | |
| run: | | |
| # On Depot runners, golangci-lint still uses Go/system temp space for | |
| # transient analysis artifacts. Keep those temp files on the workspace | |
| # disk so lint does not spill into /run and fail with ENOSPC. | |
| mkdir -p \ | |
| "$GITHUB_WORKSPACE/.tmp/go-work" \ | |
| "$GITHUB_WORKSPACE/.tmp/system" | |
| env \ | |
| GOTMPDIR="$GITHUB_WORKSPACE/.tmp/go-work" \ | |
| TMPDIR="$GITHUB_WORKSPACE/.tmp/system" \ | |
| nix develop --impure .#ci -c make lint-go | |
| - name: Run linters - api spec | |
| run: | | |
| nix develop --impure .#ci -c make lint-api-spec | |
| - name: Run linters - openapi | |
| run: | | |
| nix develop --impure .#ci -c make lint-openapi | |
| - name: Run linters - helm | |
| run: | | |
| nix develop --impure .#ci -c make lint-helm | |
| trusted-artifacts: | |
| name: Artifacts | |
| uses: ./.github/workflows/artifacts.yaml | |
| if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }} | |
| with: | |
| publish: ${{ github.event_name == 'push' }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| security-events: write | |
| untrusted-artifacts: | |
| name: Untrusted Artifacts | |
| if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository }} | |
| uses: ./.github/workflows/untrusted-artifacts.yaml | |
| permissions: | |
| contents: read | |
| artifacts-pass: | |
| name: Artifacts | |
| needs: | |
| - trusted-artifacts | |
| - untrusted-artifacts | |
| if: ${{ always() }} | |
| uses: ./.github/workflows/workflow-result.yaml | |
| with: | |
| result: ${{ (contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || !contains(needs.*.result, 'success')) && 'fail' || 'pass' }} | |
| dependency-review: | |
| name: Dependency review | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - name: Dependency Review | |
| uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0 | |
| fossa-scan: | |
| name: FOSSA Scan | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' | |
| environment: prod | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - name: Run FOSSA Scan | |
| uses: fossas/fossa-action@ff70fe9fe17cbd2040648f1c45e8ec4e4884dcf3 # v1.9.0 | |
| with: | |
| api-key: ${{secrets.FOSSA_API_KEY}} | |
| quickstart: | |
| name: Quickstart | |
| runs-on: depot-ubuntu-latest-8 | |
| needs: | |
| - trusted-artifacts | |
| - untrusted-artifacts | |
| if: ${{ !cancelled() && !contains(needs.*.result, 'failure') && contains(needs.*.result, 'success') }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - name: Create override files for quickstart | |
| if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }} | |
| env: | |
| DEPOT_IMAGE_URL: ${{ needs.trusted-artifacts.outputs.container-image-url-depot }} | |
| run: | | |
| cat > quickstart/docker-compose.override.yaml <<EOF | |
| services: | |
| openmeter: | |
| image: $DEPOT_IMAGE_URL | |
| sink-worker: | |
| image: $DEPOT_IMAGE_URL | |
| balance-worker: | |
| image: $DEPOT_IMAGE_URL | |
| notification-service: | |
| image: $DEPOT_IMAGE_URL | |
| billing-worker: | |
| image: $DEPOT_IMAGE_URL | |
| openmeter-jobs: | |
| image: $DEPOT_IMAGE_URL | |
| EOF | |
| cat quickstart/docker-compose.override.yaml | |
| - name: Debug quickstart runner state | |
| run: | | |
| echo "### DEBUG" | |
| ss -ltnp | grep ':49000 ' || true | |
| docker ps -a | |
| docker network ls | |
| echo "### DEBUG" | |
| - name: Build as part of quickstart | |
| if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository }} | |
| run: | | |
| cat > quickstart/docker-compose.override.yaml <<EOF | |
| services: | |
| openmeter: | |
| image: openmeter-quickstart-openmeter:ci | |
| pull_policy: build | |
| build: .. | |
| sink-worker: | |
| image: openmeter-quickstart-sink-worker:ci | |
| pull_policy: build | |
| build: .. | |
| balance-worker: | |
| image: openmeter-quickstart-balance-worker:ci | |
| pull_policy: build | |
| build: .. | |
| notification-service: | |
| image: openmeter-quickstart-notification-service:ci | |
| pull_policy: build | |
| build: .. | |
| billing-worker: | |
| image: openmeter-quickstart-billing-worker:ci | |
| pull_policy: build | |
| build: .. | |
| openmeter-jobs: | |
| image: openmeter-quickstart-openmeter-jobs:ci | |
| pull_policy: build | |
| build: .. | |
| EOF | |
| - name: Launch Docker Compose | |
| run: docker compose -f docker-compose.yaml -f docker-compose.override.yaml up -d | |
| working-directory: quickstart | |
| - name: Set up Nix | |
| uses: nixbuild/nix-quick-install-action@2c9db80fb984ceb1bcaa77cdda3fdf8cfba92035 # v34 | |
| with: | |
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
| nix_conf: | | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| keep-env-derivations = true | |
| keep-outputs = true | |
| - name: Restore Nix store | |
| uses: nix-community/cache-nix-action/restore@7df957e333c1e5da7721f60227dbba6d06080569 # v7.0.2 | |
| with: | |
| primary-key: ${{ runner.os }}-openmeter-nix-build-${{ github.ref_name }}-${{ hashFiles('flake.*') }} | |
| restore-prefixes-first-match: | | |
| ${{ runner.os }}-openmeter-nix-build-${{ github.ref_name }}- | |
| ${{ runner.os }}-openmeter-nix-build-main-${{ hashFiles('flake.*') }} | |
| ${{ runner.os }}-openmeter-nix-build-main- | |
| ${{ runner.os }}-openmeter-nix-build- | |
| - name: Restore go.mod cache if exists | |
| uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | |
| with: | |
| path: .devenv/state/go | |
| key: ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| # Prefer to restore the branch cache over the main cache | |
| restore-keys: | | |
| ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}- | |
| ${{ runner.os }}-openmeter-go-modules-main-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| ${{ runner.os }}-openmeter-go-modules-main | |
| - name: Check container health | |
| run: docker inspect --format "{{json .State.Health }}" $(docker container list --all --filter 'name=^*-openmeter-*' --format '{{.Names}}') | |
| if: always() | |
| continue-on-error: true | |
| - name: Wait for worker to become ready | |
| run: | | |
| curl --retry 10 --retry-max-time 120 --retry-all-errors http://localhost:40000/healthz | |
| docker ps | |
| - name: Run tests | |
| env: | |
| OPENMETER_ADDRESS: http://localhost:48888 | |
| run: | | |
| nix develop --impure .#ci -c go test -v -count=1 ./quickstart/ | |
| - name: Cleanup Docker Compose | |
| run: docker compose -f docker-compose.yaml -f docker-compose.override.yaml down -v | |
| working-directory: quickstart | |
| if: always() | |
| e2e: | |
| name: E2E | |
| runs-on: depot-ubuntu-latest-8 | |
| # Note: This check is running against the image that is going to be pushed. | |
| needs: | |
| - trusted-artifacts | |
| - untrusted-artifacts | |
| if: ${{ !cancelled() && !contains(needs.*.result, 'failure') && contains(needs.*.result, 'success') }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - name: Create override files for e2e | |
| env: | |
| DEPOT_IMAGE_URL: ${{ needs.trusted-artifacts.outputs.container-image-url-depot }} | |
| if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }} | |
| run: | | |
| cat > e2e/docker-compose.override.yaml <<EOF | |
| services: | |
| openmeter: | |
| image: $DEPOT_IMAGE_URL | |
| sink-worker: | |
| image: $DEPOT_IMAGE_URL | |
| EOF | |
| cat e2e/docker-compose.override.yaml | |
| - name: Debug E2E runner state | |
| run: | | |
| echo "### DEBUG" | |
| ss -ltnp | grep ':39000 ' || true | |
| docker ps -a | |
| docker network ls | |
| echo "### DEBUG" | |
| - name: Build as part of e2e | |
| if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name != github.repository }} | |
| run: | | |
| cat > e2e/docker-compose.override.yaml <<EOF | |
| services: | |
| openmeter: | |
| build: .. | |
| sink-worker: | |
| build: .. | |
| EOF | |
| cat e2e/docker-compose.override.yaml | |
| - name: Launch Docker Compose infra | |
| run: docker compose -f docker-compose.infra.yaml -f docker-compose.openmeter.yaml -f docker-compose.override.yaml up -d | |
| working-directory: e2e | |
| - name: Set up Nix | |
| uses: nixbuild/nix-quick-install-action@2c9db80fb984ceb1bcaa77cdda3fdf8cfba92035 # v34 | |
| with: | |
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
| nix_conf: | | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| keep-env-derivations = true | |
| keep-outputs = true | |
| - name: Restore Nix store | |
| uses: nix-community/cache-nix-action/restore@7df957e333c1e5da7721f60227dbba6d06080569 # v7.0.2 | |
| with: | |
| primary-key: ${{ runner.os }}-openmeter-nix-build-${{ github.ref_name }}-${{ hashFiles('flake.*') }} | |
| restore-prefixes-first-match: | | |
| ${{ runner.os }}-openmeter-nix-build-${{ github.ref_name }}- | |
| ${{ runner.os }}-openmeter-nix-build-main-${{ hashFiles('flake.*') }} | |
| ${{ runner.os }}-openmeter-nix-build-main- | |
| ${{ runner.os }}-openmeter-nix-build- | |
| - name: Restore go.mod cache if exists | |
| uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 | |
| with: | |
| path: .devenv/state/go | |
| key: ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| # Prefer to restore the branch cache over the main cache | |
| restore-keys: | | |
| ${{ runner.os }}-openmeter-go-modules-${{ github.ref_name }}- | |
| ${{ runner.os }}-openmeter-go-modules-main-${{ hashFiles('flake.*', 'go.*', '.github/workflows/*.yaml') }} | |
| ${{ runner.os }}-openmeter-go-modules-main | |
| - name: Check container health | |
| run: docker inspect --format "{{json .State.Health }}" $(docker container list --all --filter 'name=^*-openmeter-*' --format '{{.Names}}') | |
| if: always() | |
| continue-on-error: true | |
| - name: Wait for worker to become ready | |
| run: | | |
| curl --retry 10 --retry-max-time 120 --retry-all-errors http://localhost:30000/healthz | |
| docker ps | |
| - name: Run tests | |
| env: | |
| OPENMETER_ADDRESS: http://localhost:38888 | |
| TZ: UTC | |
| run: | | |
| nix develop --impure .#ci -c go test -v -count=1 -timeout 3m ./e2e/ | |
| - name: Cleanup Docker Compose | |
| run: docker compose -f docker-compose.infra.yaml -f docker-compose.openmeter.yaml -f docker-compose.override.yaml down -v | |
| working-directory: e2e | |
| if: always() | |
| - name: Upload Openmeter logs as artifact | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| if: always() | |
| with: | |
| name: "[${{ github.job }}] Openmeter logs" | |
| path: | | |
| e2e/logs/openmeter/openmeter.log | |
| e2e/logs/sink-worker/openmeter.log | |
| retention-days: 14 |