Skip to content

Workflow file for this run

name: Build and Deploy Image
on:
workflow_dispatch:
push:
branches:
- workflow
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
GITHUB_IMAGE_REPO: ghcr.io/bcgov/dts-endorser-service/
OPENSHIFT_IMAGE_REPO: image-registry.apps.silver.devops.gov.bc.ca/4a9599-tools/
APP_NAMES: aries-endorser-agent,aries-endorser-db,aries-endorser-backup,aries-endorser-proxy,aries-endorser-api
jobs:
build:
if: (github.repository == 'bcgov/dts-endorser-service') || (github.event_name == 'workflow_dispatch')
name: Build Image
permissions:
packages: write
runs-on: ubuntu-latest
strategy:
matrix:
include:
- service: aries-endorser-agent
GIT_REPO_URL: hyperledger/aries-endorser-service
GIT_REF: ""
DOCKER_FILE_PATH: Dockerfile.acapy # The docker path, file, is the relative path to the docker file from the root of the repo.
SOURCE_CONTEXT_DIR: docker/acapy # The context dir, context, sets the context for the build. i.e. where the build will source files from
SOURCE_IMAGE_REGISTRY: ""
SOURCE_IMAGE_NAME: ""
SOURCE_IMAGE_TAG: ""
REGISTRY_USERNAME_SECRET_NAME: ARTIFACTORY_USERNAME
REGISTRY_PASSWORD_SECRET_NAME: ARTIFACTORY_PASSWORD
- service: aries-endorser-db
GIT_REPO_URL: hyperledger/aries-endorser-service
GIT_REF: ""
BRANCH: move-tests-to-askar
PATH: docker/wallet/config
SOURCE_IMAGE_REGISTRY: "hub.docker.com/"
SOURCE_IMAGE_NAME: "alpine"
SOURCE_IMAGE_TAG: "latest"
- service: aries-endorser-backup
GIT_REPO_URL: BCDevOps/backup-container
GIT_REF: ""
DOCKER_FILE_PATH: Dockerfile # The docker path, file, is the relative path to the docker file from the root of the repo.
SOURCE_CONTEXT_DIR: docker # The context dir, context, sets the context for the build. i.e. where the build will source files from
SOURCE_IMAGE_REGISTRY: ""
SOURCE_IMAGE_NAME: ""
SOURCE_IMAGE_TAG: ""
REGISTRY_USERNAME_SECRET_NAME: ARTIFACTORY_USERNAME
REGISTRY_PASSWORD_SECRET_NAME: ARTIFACTORY_PASSWORD
- service: aries-endorser-proxy
GIT_REF: ""
DOCKER_FILE_PATH: Dockerfile # The docker path, file, is the relative path to the docker file from the root of the repo.
SOURCE_CONTEXT_DIR: proxy # The context dir, context, sets the context for the build. i.e. where the build will source files from
SOURCE_IMAGE_REGISTRY: "artifacts.developer.gov.bc.ca/docker-remote/"
SOURCE_IMAGE_NAME: caddy
SOURCE_IMAGE_TAG: latest
REGISTRY_USERNAME_SECRET_NAME: ARTIFACTORY_USERNAME
REGISTRY_PASSWORD_SECRET_NAME: ARTIFACTORY_PASSWORD
- service: aries-endorser-api
GIT_REPO_URL: hyperledger/aries-endorser-service
GIT_REF: ""
BRANCH: move-tests-to-askar
DOCKER_FILE_PATH: Dockerfile.endorser # The docker path, file, is the relative path to the docker file from the root of the repo.
SOURCE_CONTEXT_DIR: endorser # The context dir, context, sets the context for the build. i.e. where the build will source files from
SOURCE_IMAGE_REGISTRY: artifacts.developer.gov.bc.ca/docker-remote/
SOURCE_IMAGE_NAME: python
SOURCE_IMAGE_TAG: 3.10-slim-buster
REGISTRY_USERNAME_SECRET_NAME: ARTIFACTORY_USERNAME
REGISTRY_PASSWORD_SECRET_NAME: ARTIFACTORY_PASSWORD
outputs:
aries-endorser-agent_digest: ${{ steps.digest.outputs.aries-endorser-agent_digest }}
aries-endorser-backup_digest: ${{ steps.digest.outputs.aries-endorser-backup_digest }}
aries-endorser-api_digest: ${{ steps.digest.outputs.aries-endorser-api_digest }}
aries-endorser-proxy_digest: ${{ steps.digest.outputs.aries-endorser-proxy_digest }}
aries-endorser-db_digest: ${{ steps.digests.outputs.aries-endorser-db_digest }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
repository: ${{ matrix.GIT_REPO_URL }}
ref: ${{ matrix.GIT_REF }}
# ref: github.ref
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to image registry
if: matrix.SOURCE_IMAGE_REGISTRY != '' && contains(fromJSON('["aries-endorser-db","aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service)
uses: docker/login-action@v3
with:

Check failure on line 98 in .github/workflows/main.yaml

View workflow run for this annotation

GitHub Actions / .github/workflows/main.yaml

Invalid workflow file

You have an error in your yaml syntax on line 98
registry: ${{ matrix.SOURCE_IMAGE_REGISTRY }}
username: ${{ secrets[matrix.REGISTRY_USERNAME_SECRET_NAME]}}
password: ${{ secrets[matrix.REGISTRY_PASSWORD_SECRET_NAME]}}
- name: Log in to the GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Create Docker file
if: contains(fromJSON('["aries-endorser-proxy"]'), matrix.service)
run: |
BASE_IMAGE="${SOURCE_IMAGE_REGISTRY}${SOURCE_IMAGE_NAME}:${SOURCE_IMAGE_TAG}"
echo "$BASE_IMAGE"
mkdir ${context} && cd ${context}
echo "FROM ${BASE_IMAGE}" > Dockerfile
echo "RUN chown 1001:root /usr/bin/caddy" >> Dockerfile
env:
context: ${{ matrix.SOURCE_CONTEXT_DIR }}
SOURCE_IMAGE_REGISTRY: ${{ matrix.SOURCE_IMAGE_REGISTRY }}
SOURCE_IMAGE_NAME: ${{ matrix.SOURCE_IMAGE_NAME }}
SOURCE_IMAGE_TAG: ${{ matrix.SOURCE_IMAGE_TAG }}
- name: Prepare docker tags for image
id: meta
if: contains(fromJSON('["aries-endorser-db","aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service)
uses: docker/metadata-action@v5
with:
images: ${{ env.GITHUB_IMAGE_REPO }}${{ matrix.service }}
flavor: |
latest=true
tags: |
type=schedule
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha,value=latest
labels: |
io.openshift.build.source-location=${{ github.repositoryUrl }}
io.openshift.build.commit.id=${{ github.sha }}
- name: Update Docker base image
if: matrix.SOURCE_IMAGE_REGISTRY != '' && contains(fromJSON('["aries-endorser-db","aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service)
run: |
BASE_IMAGE="${SOURCE_IMAGE_REGISTRY}${SOURCE_IMAGE_NAME}:${SOURCE_IMAGE_TAG}"
sed -i -e "s;FROM .*;FROM ${BASE_IMAGE};g" "$file"
env:
context: ${{ matrix.SOURCE_CONTEXT_DIR }}
SOURCE_IMAGE_REGISTRY: ${{ matrix.SOURCE_IMAGE_REGISTRY }}
SOURCE_IMAGE_NAME: ${{ matrix.SOURCE_IMAGE_NAME }}
SOURCE_IMAGE_TAG: ${{ matrix.SOURCE_IMAGE_TAG }}
file: ${{ matrix.SOURCE_CONTEXT_DIR }}/${{ matrix.DOCKER_FILE_PATH }}
- name: Build database image
id: build_image
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service)
uses: redhat-actions/s2i-build@v2
with:
path_context: ${{ matrix.PATH }}
# Builder image for a java project
builder_image: "${matrix.SOURCE_IMAGE_REGISTRY}${matrix.SOURCE_IMAGE_NAME}:${matrix.SOURCE_IMAGE_TAG}"
image: ${{ env.GITHUB_IMAGE_REPO }}${{ matrix.service }}
tags: ${{ steps.extract.outputs.tags }}
- name: Push database image
id: push
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service)
uses: redhat-actions/push-to-registry@v2
with:
tags: ${{ steps.build_image.outputs.tags }}
image: ${{ steps.build_image.outputs.image }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push Docker image
id: docker_build
if: contains(fromJSON('["aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service)
uses: docker/build-push-action@v5
with:
context: ${{ matrix.SOURCE_CONTEXT_DIR }}
file: ${{ matrix.SOURCE_CONTEXT_DIR }}/${{ matrix.DOCKER_FILE_PATH }}
push: true
tags: ${{ steps.meta.outputs.tags }}
outputs: type=image,name=target
- name: Extract Tags
id: extract
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service)
run: echo "tags=$(echo '${{ steps.meta.outputs.tags }}' | grep -oE ':([^[:space:]]+)' | sed '/workflow/d' | sed 's/://g' | tr '\n' ' ')" >> $GITHUB_OUTPUT
- name: Display ${{ matrix.service }} image results
id: digests
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service)
run: |
echo "registry_path=${{ steps.push.outputs.registry-paths }}"
digest=${{ steps.push.outputs.digest }}
echo "digest=${digest}"
echo "${{ matrix.service }}_digest=${digest}" >> $GITHUB_OUTPUT
- name: Display ${{ matrix.service}} image results
id: digest
if: contains(fromJSON('["aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service)
run: |
echo 'imageid=${{ steps.docker_build.outputs.imageid }}'
digest=${{ steps.docker_build.outputs.digest }}
echo "digest=${digest}"
echo "${{ matrix.service }}_digest=${digest}" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
# deploy2dev:
# needs: build
# env:
# ENVIRONMENT: dev
# permissions:
# packages: write
# runs-on: ubuntu-latest
# environment: dev
# strategy:
# # Serialize the deployments
# max-parallel: 1
# matrix:
# include:
# - service: aries-endorser-db
# - service: aries-endorser-agent
# - service: aries-endorser-backup
# - service: aries-endorser-proxy
# - service: aries-endorser-api
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# - name: Deploy to ${{ env.ENVIRONMENT }}
# uses: ./.github/workflows/actions/deploy
# with:
# environment: ${{ env.ENVIRONMENT }}
# ghcr_token: ${{ secrets.GITHUB_TOKEN }}
# github_image_name: ${{ env.GITHUB_IMAGE_REPO }}${{ matrix.service }}
# image_digest: ${{ needs.build.outputs[format ('{0}_digest', matrix.service)] }}
# openshift_image_name: ${{ env.OPENSHIFT_IMAGE_REPO }}${{ matrix.service }}
# openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }}
# namespace: ${{ vars.NAMESPACE }}
# deployment_configuration: ${{ matrix.service }}
# openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
# rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }}
# # deploy2test:
# # needs: [build, deploy2dev]
# # env:
# # ENVIRONMENT: test
# # permissions:
# # packages: write
# # runs-on: ubuntu-latest
# # environment: test
# # steps:
# # - name: Checkout
# # uses: actions/checkout@v3
# # - name: deploy to ${{ env.ENVIRONMENT }}
# # uses: ./.github/workflows/actions/deploy
# # with:
# # environment: ${{ env.ENVIRONMENT }}
# # ghcr_token: ${{ secrets.GITHUB_TOKEN }}
# # github_image_name: ${{ env.GITHUB_IMAGE_REPO }}${{ env.APP_NAME }}
# # image_digest: ${{ needs.build.outputs.image_digest }}
# # openshift_image_name: ${{ env.OPENSHIFT_IMAGE_REPO }}${{ env.APP_NAME }}
# # openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }}
# # namespace: ${{ vars.NAMESPACE }}
# # deployment_configuration: ${{ env.APP_NAME }}
# # openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
# # rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }}
# # deploy2prod:
# # needs: [build, deploy2dev, deploy2test]
# # env:
# # ENVIRONMENT: prod
# # permissions:
# # packages: write
# # runs-on: ubuntu-latest
# # environment: prod
# # steps:
# # - name: Checkout
# # uses: actions/checkout@v3
# # - name: deploy to prod
# # uses: ./.github/workflows/actions/deploy
# # with:
# # environment: ${{ env.ENVIRONMENT }}
# # ghcr_token: ${{ secrets.GITHUB_TOKEN }}
# # github_image_name: ${{ env.GITHUB_IMAGE_REPO }}${{ env.APP_NAME }}
# # image_digest: ${{ needs.build.outputs.image_digest }}
# # openshift_image_name: ${{ env.OPENSHIFT_IMAGE_REPO }}${{ env.APP_NAME }}
# # openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }}
# # namespace: ${{ vars.NAMESPACE }}
# # deployment_configuration: ${{ env.APP_NAME }}
# # openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
# # rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }}
# # aries-endorser-db, aries-endorser-backup, aries-endorser-proxy, aries-endorser-api