-
Notifications
You must be signed in to change notification settings - Fork 1
147 lines (147 loc) · 6.58 KB
/
github-release-build-and-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: Release Deployment
on:
release:
types: [published]
jobs:
build-release-image:
permissions:
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions
runs-on: ubuntu-20.04
steps:
- name: Check out repository code
uses: actions/checkout@v3
- name: AWS credentials configuration
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}}
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-build-image
aws-region: us-east-1
- name: Amazon ECR login
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build, tag, and push image to Amazon ECR
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: agr_curation
ENV_TAG: "${{github.event.release.prerelease == false && 'production' || 'beta'}}"
run: |
docker build --build-arg OVERWRITE_VERSION=${{ github.event.release.tag_name }} -t $ECR_REGISTRY/$ECR_REPOSITORY:${{ github.event.release.tag_name }} .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:${{ github.event.release.tag_name }}
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:${{ github.event.release.tag_name }} $ECR_REGISTRY/$ECR_REPOSITORY:$ENV_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$ENV_TAG
build-deploy-maven-central-package:
needs: [build-release-image]
runs-on: ubuntu-20.04
steps:
- name: Check out repository code
uses: actions/checkout@v3
- name: Set up Maven Central Repository
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
server-id: ossrh
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
- name: Set Proper version
run: mvn versions:set -ntp -DnewVersion=${{ github.event.release.tag_name }}
- id: install-secret-key
name: Install gpg secret key
run: |
cat <(echo -e "${{ secrets.OSSRH_GPG_SECRET_KEY }}") | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
- name: Publish package
run: mvn --batch-mode -Dmaven.test.skip=true -Dquarkus.hibernate-search-orm.elasticsearch.version=1.2.4 deploy
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
generate-deployment-package:
needs: [build-release-image]
runs-on: ubuntu-20.04
steps:
- name: Check out repository code
uses: actions/checkout@v3
- name: Save curation app version to be deployed in EB env variables through config file
run: |
cat .ebextensions/version.config
sed -i.bak "s/0.0.0/${{ github.event.release.tag_name }}/g" .ebextensions/version.config
cat .ebextensions/version.config
- name: Generate deployment package
run: zip -r ${{ github.event.release.tag_name }}.zip docker-compose.yml .ebextensions/
- name: Store deployment package in cache
uses: actions/cache@v4
with:
path: ${{ github.event.release.tag_name }}.zip
key: ${{github.workflow}}.${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-eb-deployment-zip
deploy-to-production:
if: github.event.release.prerelease == false
permissions:
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions
needs: [generate-deployment-package]
runs-on: ubuntu-20.04
steps:
- name: Fetch deployment package from cache
uses: actions/cache@v4
with:
path: ${{ github.event.release.tag_name }}.zip
key: ${{github.workflow}}.${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-eb-deployment-zip
- name: AWS credentials configuration
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}}
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-eb-deploy-production
aws-region: us-east-1
- name: Deploy to EB
uses: einaregilsson/beanstalk-deploy@v21
with:
aws_access_key: ${{ env.AWS_ACCESS_KEY_ID }}
aws_secret_key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws_session_token: ${{env.AWS_SESSION_TOKEN}}
application_name: curation-app
environment_name: curation-production
version_label: ${{ github.event.release.tag_name }}
deployment_package: ${{ github.event.release.tag_name }}.zip
use_existing_version_if_available: true
region: us-east-1
- name: Slack Notification
uses: tokorom/action-slack-incoming-webhook@main
env:
INCOMING_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
text: "Deployment of release ${{ github.event.release.tag_name }} to production completed! :tada:"
deploy-to-beta:
if: github.event.release.prerelease == true
needs: [generate-deployment-package]
permissions:
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions
runs-on: ubuntu-20.04
steps:
- name: Fetch deployment package from cache
uses: actions/cache@v4
with:
path: ${{ github.event.release.tag_name }}.zip
key: ${{github.workflow}}.${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-eb-deployment-zip
- name: AWS credentials configuration
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}}
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-eb-deploy-beta
aws-region: us-east-1
- name: Deploy to EB
uses: einaregilsson/beanstalk-deploy@v21
with:
aws_access_key: ${{ env.AWS_ACCESS_KEY_ID }}
aws_secret_key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws_session_token: ${{env.AWS_SESSION_TOKEN}}
application_name: curation-app
environment_name: curation-beta
version_label: ${{ github.event.release.tag_name }}
deployment_package: ${{ github.event.release.tag_name }}.zip
use_existing_version_if_available: true
region: us-east-1
- name: Slack Notification
uses: tokorom/action-slack-incoming-webhook@main
env:
INCOMING_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
text: "Deployment of (pre)release ${{ github.event.release.tag_name }} to beta completed! :tada:"