Merge pull request #39 from Sefaria/dev #159
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous | |
on: | |
push: | |
pull_request: | |
concurrency: | |
group: ${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
duplication-check: | |
runs-on: ubuntu-latest | |
outputs: | |
inPR: ${{ steps.check.outputs.number != '' }} | |
steps: | |
- name: Check if push is in PR | |
id: check | |
uses: 8BitJonny/[email protected] | |
with: | |
filterOutClosed: true | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
build-generic: | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
runs-on: ubuntu-latest | |
needs: duplication-check | |
if: ${{ github.event_name == 'pull_request' || ( github.event_name == 'push' && needs.duplication-check.outputs.inPR == 'false' ) }} | |
strategy: | |
matrix: | |
app: [ web, node ] | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- id: auth | |
name: Authenticate to Google Cloud | |
uses: google-github-actions/auth@v1 | |
with: | |
token_format: 'access_token' | |
workload_identity_provider: 'projects/${{ secrets.CONTEXTUS_GKE_PROJECT_ID}}/locations/global/workloadIdentityPools/github/providers/github' | |
service_account: '${{ secrets.CONTEXTUS_GKE_SA }}' | |
- name: Login to GCR | |
uses: docker/login-action@v1 | |
with: | |
registry: gcr.io | |
username: oauth2accesstoken | |
password: '${{ steps.auth.outputs.access_token }}' | |
- name: Login to GAR | |
uses: docker/login-action@v1 | |
with: | |
registry: us-east1-docker.pkg.dev | |
username: oauth2accesstoken | |
password: '${{ steps.auth.outputs.access_token }}' | |
- name: Get branch name | |
id: branch-raw | |
uses: tj-actions/[email protected] | |
- name: Format branch name | |
id: branch-name | |
run: >- | |
echo "current_branch="$(echo ${{ steps.branch-raw.outputs.current_branch }} | |
| awk '{print tolower($0)}' | |
| sed 's|.*/\([^/]*\)/.*|\1|; t; s|.*|\0|' | |
| sed 's/[^a-z0-9\.\-]//g') | |
>> $GITHUB_OUTPUT | |
- name: Get current date | |
id: date | |
run: echo "date=$(date +'%Y%m%d%H%M')" >> $GITHUB_OUTPUT | |
- name: Generate image metadata | |
id: meta | |
uses: docker/metadata-action@v3 | |
with: | |
images: | | |
us-east1-docker.pkg.dev/${{ secrets.PROD_GKE_PROJECT }}/containers/contextus-${{ matrix.app }}-${{ steps.branch-name.outputs.current_branch }} | |
# generate Docker tags based on the following events/attributes | |
tags: | | |
type=ref,event=branch | |
type=sha,enable=true,priority=100,prefix=sha-,suffix=-${{ steps.date.outputs.date }},format=short | |
type=sha | |
flavor: | | |
latest=true | |
- name: build and push | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
push: true | |
build-args: | | |
TYPE=build | |
file: ./build/${{ matrix.app }}/Dockerfile | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
build-derived: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
needs: | |
- duplication-check | |
- build-generic | |
strategy: | |
matrix: | |
app: [ asset, linker ] | |
if: ${{ github.event_name == 'pull_request' || ( github.event_name == 'push' && needs.duplication-check.outputs.inPR == 'false' ) }} | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- id: auth | |
name: Authenticate to Google Cloud | |
uses: google-github-actions/auth@v1 | |
with: | |
token_format: 'access_token' | |
workload_identity_provider: 'projects/${{ secrets.CONTEXTUS_GKE_PROJECT_ID}}/locations/global/workloadIdentityPools/github/providers/github' | |
service_account: '${{ secrets.CONTEXTUS_GKE_SA }}' | |
- name: Login to GCR | |
uses: docker/login-action@v1 | |
with: | |
registry: gcr.io | |
username: oauth2accesstoken | |
password: '${{ steps.auth.outputs.access_token }}' | |
- name: Login to GAR | |
uses: docker/login-action@v1 | |
with: | |
registry: us-east1-docker.pkg.dev | |
username: oauth2accesstoken | |
password: '${{ steps.auth.outputs.access_token }}' | |
- name: Get branch name | |
id: branch-raw | |
uses: tj-actions/[email protected] | |
- name: Format branch name | |
id: branch-name | |
run: >- | |
echo "current_branch="$(echo ${{ steps.branch-raw.outputs.current_branch }} | |
| awk '{print tolower($0)}' | |
| sed 's|.*/\([^/]*\)/.*|\1|; t; s|.*|\0|' | |
| sed 's/[^a-z0-9\.\-]//g') | |
>> $GITHUB_OUTPUT | |
- name: Get current date | |
id: date | |
run: echo "date=$(date +'%Y%m%d%H%M')" >> $GITHUB_OUTPUT | |
- name: Generate image metadata | |
id: meta | |
uses: docker/metadata-action@v3 | |
with: | |
images: | | |
us-east1-docker.pkg.dev/${{ secrets.PROD_GKE_PROJECT }}/containers/contextus-${{ matrix.app }}-${{ steps.branch-name.outputs.current_branch }} | |
# generate Docker tags based on the following events/attributes | |
tags: | | |
type=ref,event=branch | |
type=sha,enable=true,priority=100,prefix=sha-,suffix=-${{ steps.date.outputs.date }},format=short | |
type=sha | |
flavor: | | |
latest=true | |
- name: Set outputs | |
id: get-sha | |
run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
- name: build and push | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
push: true | |
build-args: | | |
SRC_IMG=us-east1-docker.pkg.dev/${{ secrets.PROD_GKE_PROJECT }}/containers/contextus-web-${{ steps.branch-name.outputs.current_branch }}:sha-${{ steps.get-sha.outputs.sha_short }} | |
file: ./build/${{ matrix.app }}/Dockerfile | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} |