Skip to content

Commit

Permalink
verify makes release tag
Browse files Browse the repository at this point in the history
  • Loading branch information
@jdettmannnava
jdettmannnava committed Feb 13, 2025
1 parent d5efb81 commit 0a37be8
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 219 deletions.
209 changes: 2 additions & 207 deletions .github/workflows/docker-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ jobs:
steps:
- name: "Checkout code"
uses: actions/checkout@v4
with:
ref: b6695282032a0de2d9ebb400d2f65faf65f976c2
- name: "Fetch git info"
run: |
git fetch --quiet
Expand All @@ -48,210 +50,3 @@ jobs:
echo "$DOCKER_TAG"
echo "docker_tag=$DOCKER_TAG" >> $GITHUB_OUTPUT
docker_build_rails_apps:
runs-on: self-hosted
strategy:
matrix:
ecr_repository: [ web-portal, web-admin, web ]
include:
# note this is confusing, but make ci-web-portal points to dpc-web-portal-test.sh which runs
# docker compose -p ... dpc_web
- ecr_repository: web-portal
make_command: make portal
- ecr_repository: web-admin
make_command: make admin
- ecr_repository: web
make_command: make website
steps:
- name: Assert Ownership
run: sudo chmod -R 777 .
- name: "Checkout code"
uses: actions/checkout@v4
- name: Cleanup Runner
run: ./scripts/cleanup-docker.sh

- name: Install python3
run: sudo dnf install python3

- name: Install docker compose manually
run: |
sudo mkdir -p /usr/local/lib/docker/cli-plugins
sudo curl -SL https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
sudo chown root:root /usr/local/lib/docker/cli-plugins/docker-compose
sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
- name: Build specified app
run: ${{ matrix.make_command }}

- name: gzip the image
run: docker save dpc-${{ matrix.ecr_repository }}:latest | gzip > ${{ runner.temp }}/dpc_${{ matrix.ecr_repository }}_latest.tar.gz
- name: upload tar artifact
uses: actions/upload-artifact@v4
with:
name: dpc-${{ matrix.ecr_repository }}
path: ${{ runner.temp }}/dpc_${{ matrix.ecr_repository }}_latest.tar.gz
retention-days: 1

docker_build_java: # builds dpc-api, dpc-attribution, dpc-aggregation, and dpc-consent
runs-on: self-hosted
steps:
- name: "Set up Ansible"
run: |
sudo dnf -y install python3 python3-pip
pip install ansible
- name: "Install npm for Postman tests"
run: |
sudo dnf -y install nodejs
npm --version
- name: Install docker compose manually
run: |
sudo mkdir -p /usr/local/lib/docker/cli-plugins
sudo curl -SL https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-x86_64 -o /usr/local/lib/docker/cli-plugins/docker-compose
sudo chown root:root /usr/local/lib/docker/cli-plugins/docker-compose
sudo chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
- name: "Checkout code"
uses: actions/checkout@v4

- name: Assert Ownership
run: sudo chmod -R 777 .
- name: Cleanup Runner
run: ./scripts/cleanup-docker.sh

- name: "Set up JDK 11"
uses: actions/setup-java@v3
with:
java-version: "11"
distribution: "corretto"
cache: maven

- name: Install Maven 3.6.3
run: |
export PATH="$PATH:/opt/maven/bin"
echo "PATH=$PATH" >> $GITHUB_ENV
if mvn -v; then echo "Maven already installed" && exit 0; else echo "Installing Maven"; fi
tmpdir="$(mktemp -d)"
curl -LsS https://archive.apache.org/dist/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz | tar xzf - -C "$tmpdir"
sudo rm -rf /opt/maven
sudo mv "$tmpdir/apache-maven-3.6.3" /opt/maven
- name: Clean maven
run: mvn -ntp -U clean

- name: Build ci app
id: api-build
run: |
export PATH=$PATH:~/.local/bin
make docker-base
make api
# add extra commands to log docker containers during failure
- name: Consent Logs
if: ${{ failure() && steps.api-build.outcome == 'failure' }}
run: docker logs start-v1-app-consent-1
- name: Attribution Logs
if: ${{ failure() && steps.api-build.outcome == 'failure' }}
run: docker logs start-v1-app-attribution-1
- name: Aggregation Logs
if: ${{ failure() && steps.api-build.outcome == 'failure' }}
run: docker logs start-v1-app-aggregation-1
- name: Api Logs
if: ${{ failure() && steps.api-build.outcome == 'failure' }}
run: docker logs start-v1-app-api-1

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ vars.AWS_REGION }}
role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/dpc-dev-github-actions

- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2

- name: gzip image (1 of 4) - API
run: docker save ${{ steps.login-ecr.outputs.registry }}/dpc-api:latest | gzip > ${{ runner.temp }}/dpc_api_latest.tar.gz
- name: upload tar artifact (1 of 4) - API
uses: actions/upload-artifact@v4
with:
name: dpc-api
path: ${{ runner.temp }}/dpc_api_latest.tar.gz
retention-days: 1

- name: gzip image (2 of 4) - Attribution
run: docker save ${{ steps.login-ecr.outputs.registry }}/dpc-attribution:latest | gzip > ${{ runner.temp }}/dpc_attribution_latest.tar.gz
- name: upload tar artifact (2 of 4) - Attribution
uses: actions/upload-artifact@v4
with:
name: dpc-attribution
path: ${{ runner.temp }}/dpc_attribution_latest.tar.gz
retention-days: 1

- name: gzip image (3 of 4) - Aggregation
run: docker save ${{ steps.login-ecr.outputs.registry }}/dpc-aggregation:latest | gzip > ${{ runner.temp }}/dpc_aggregation_latest.tar.gz
- name: upload tar artifact (3 of 4) - Aggregation
uses: actions/upload-artifact@v4
with:
name: dpc-aggregation
path: ${{ runner.temp }}/dpc_aggregation_latest.tar.gz
retention-days: 1

- name: gzip image (4 of 4) - Consent
run: docker save ${{ steps.login-ecr.outputs.registry }}/dpc-consent:latest | gzip > ${{ runner.temp }}/dpc_consent_latest.tar.gz
- name: upload tar artifact (4 of 4) - Consent
uses: actions/upload-artifact@v4
with:
name: dpc-consent
path: ${{ runner.temp }}/dpc_consent_latest.tar.gz
retention-days: 1

docker_push_all_apps:
runs-on: self-hosted
strategy:
matrix:
ecr_repository: [ web-portal, web-admin, web, api, attribution, aggregation, consent ]
env:
ECR_REPOSITORY: ${{ matrix.ecr_repository }}
needs: [ docker_build_rails_apps, docker_build_java, generate_docker_tag ]
steps:
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: dpc-${{ matrix.ecr_repository }}
path: ${{ runner.temp }}
- name: Load docker image from artifact download
run: |
docker load --input ${{ runner.temp }}/dpc_${{ matrix.ecr_repository }}_latest.tar.gz
docker image ls -a
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ vars.AWS_REGION }}
role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/dpc-dev-github-actions
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2

- name: Push to ECR
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ needs.generate_docker_tag.outputs.docker_tag }}
run: |
if [ ${{ matrix.ecr_repository }} == 'api' ] || \
[ ${{ matrix.ecr_repository }} == 'attribution' ] || \
[ ${{ matrix.ecr_repository }} == 'aggregation' ] || \
[ ${{ matrix.ecr_repository }} == 'consent' ]; then
echo "using image with registry as part of name for java app: ${{ matrix.ecr_repository }}"
docker tag $REGISTRY/dpc-$ECR_REPOSITORY $REGISTRY/dpc-$ECR_REPOSITORY:latest
docker tag $REGISTRY/dpc-$ECR_REPOSITORY $REGISTRY/dpc-$ECR_REPOSITORY:$IMAGE_TAG
docker push $REGISTRY/dpc-$ECR_REPOSITORY:$IMAGE_TAG
docker push $REGISTRY/dpc-$ECR_REPOSITORY:latest
else
docker tag dpc-$ECR_REPOSITORY:latest $REGISTRY/dpc-$ECR_REPOSITORY:latest
docker tag dpc-$ECR_REPOSITORY:latest $REGISTRY/dpc-$ECR_REPOSITORY:$IMAGE_TAG
docker push $REGISTRY/dpc-$ECR_REPOSITORY:$IMAGE_TAG
docker push $REGISTRY/dpc-$ECR_REPOSITORY:latest
fi
13 changes: 1 addition & 12 deletions .github/workflows/ecs-deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,22 +141,11 @@ jobs:
run: |
cd dpc-ops/terraform/${{ inputs.env }}/persistent
terraform apply dpc-release-${{ inputs.env }}.tfplan
- name: Calculate app version
id: calculate-version
env:
INPUT_APP_VERSION: ${{ inputs.app-version }}
run: |
if [ -z $INPUT_APP_VERSION ] || [ $INPUT_APP_VERSION = 'unknown' ]; then
IFS='-' read -ra TAG_BITS <<< ${{ steps.image-tag.outputs.image_tag }}
echo "app_version=${TAG_BITS[1]}" >> "$GITHUB_OUTPUT"
else
echo "app_version=$INPUT_APP_VERSION" >> "$GITHUB_OUTPUT"
fi
- name: Verify main environment plan
run: |
cd dpc-ops/terraform/${{ inputs.env }}
terraform init
terraform plan -var 'release_version=${{ steps.calculate-version.outputs.app_version }}' -var 'aggregation_image_tag=${{ steps.image-tag.outputs.image_tag }}' -var 'api_image_tag=${{ steps.image-tag.outputs.image_tag }}' -var 'attribution_image_tag=${{ steps.image-tag.outputs.image_tag }}' -var 'consent_image_tag=${{ steps.image-tag.outputs.image_tag }}' -var 'web_admin_image_tag=${{ steps.image-tag.outputs.image_tag }}' -var 'web_portal_image_tag=${{ steps.image-tag.outputs.image_tag }}' -var 'web_image_tag=${{ steps.image-tag.outputs.image_tag }}' -out dpc-release-${{ inputs.env }}.tfplan
terraform plan -var 'release_version=${{ inputs.app-version}}' -var 'aggregation_image_tag=${{ steps.image-tag.outputs.image_tag }}' -var 'api_image_tag=${{ steps.image-tag.outputs.image_tag }}' -var 'attribution_image_tag=${{ steps.image-tag.outputs.image_tag }}' -var 'consent_image_tag=${{ steps.image-tag.outputs.image_tag }}' -var 'web_admin_image_tag=${{ steps.image-tag.outputs.image_tag }}' -var 'web_portal_image_tag=${{ steps.image-tag.outputs.image_tag }}' -var 'web_image_tag=${{ steps.image-tag.outputs.image_tag }}' -out dpc-release-${{ inputs.env }}.tfplan
- name: Apply main environment plan
run: |
cd dpc-ops/terraform/${{ inputs.env }}
Expand Down

0 comments on commit 0a37be8

Please sign in to comment.