This repository has been archived by the owner on Jan 13, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
172 lines (134 loc) · 4.96 KB
/
dockerCI.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
name: Docker Image Build
on:
pull_request:
types: [opened, reopened, synchronize, closed]
branches:
- main
paths-ignore:
- 'docs/**'
- '.devcontainer/**'
- 'src/**/__tests__'
- '**.md'
- 'TestFiles/**'
push:
branches:
- main
paths-ignore:
- 'docs/**'
- '.devcontainer/**'
- 'src/**/__tests__'
- '**.md'
- 'TestFiles/**'
tags:
- v*
jobs:
docker-build-push:
runs-on: ubuntu-latest
env:
# copy the config value to environment variables
# do not copy the actual secrets!
KEYVAULT_NAME: ${{ secrets.KEYVAULT_NAME }}
DOCKER_REPO: ${{ secrets.DOCKER_REPO }}
ACR_REPO: ${{ secrets.ACR_REPO }}
ACR_IMAGE: ${{ secrets.ACR_IMAGE }}
ACR_REG: ${{ secrets.ACR_REG }}
# These are used in if: conditions
AZURE_SET: false
DOCKER_SET: false
ACR_SET: false
steps:
- uses: actions/checkout@v2
- name: Set conditions
run: |
# check that all Azure secrets are set
if [[ "${{ secrets.SERVICE_PRINCIPAL_SECRET }}" != "" && "${{ secrets.TENANT }}" != "" && "${{ secrets.SERVICE_PRINCIPAL }}" != "" && "${{ secrets.KEYVAULT_NAME }}" != "" ]];
then
echo "AZURE_SET=true" >> $GITHUB_ENV
fi
# check that all Docker secrets are set
if [[ "${{ secrets.DOCKER_PAT }}" != "" && "${{ secrets.DOCKER_REPO }}" != "" && "${{ secrets.DOCKER_USER }}" != "" ]];
then
echo "DOCKER_SET=true" >> $GITHUB_ENV
fi
# check that all ACR secrets are set
if [[ "${{ secrets.ACR_REG }}" != "" && "${{ secrets.ACR_REPO }}" != "" && "${{ secrets.ACR_IMAGE }}" != "" ]];
then
echo "ACR_SET=true" >> $GITHUB_ENV
fi
- name: PR Closed
if: ${{ github.event_name == 'pull_request' && github.event.action == 'closed' && ! github.event.pull_request.merged }}
run: |
# handle PR Closed event by building / pushing main branch
# checkout parent branch (usually "main")
git config pull.ff only
git fetch --all
git checkout ${{ github.base_ref }}
git pull
- name: PR Merged
if: ${{ github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged }}
run: |
# Do not build on PR Merged
# Skip remaining steps
echo "AZURE_SET=false" >> $GITHUB_ENV
echo "DOCKER_SET=false" >> $GITHUB_ENV
echo "ACR_SET=false" >> $GITHUB_ENV
- name: Validate Azure Access
if: ${{ env.AZURE_SET == 'true' }}
run: |
# login to Azure
az login --service-principal -u ${{ secrets.SERVICE_PRINCIPAL }} --tenant ${{ secrets.TENANT }} -p ${{ secrets.SERVICE_PRINCIPAL_SECRET }}
- name: Docker Login
if: ${{ env.DOCKER_SET == 'true' }}
run: |
# login to dockerhub
echo "${{ secrets.DOCKER_PAT }}" | docker login -u ${{ secrets.DOCKER_USER }} --password-stdin
- name: Docker Pull Release
if: ${{ env.AZURE_SET == 'true' || env.DOCKER_SET == 'true' || env.ACR_SET == 'true' }}
run: |
# Pull the latest image if needed
# This doesn't have to be a separate step, but makes the output easier to read and debug
docker pull node
docker pull node:lts-alpine
- name: Docker Build Release
if: ${{ env.DOCKER_SET == 'true' || env.ACR_SET == 'true' }}
run: |
# build release image
docker build . -t helium
- name: Docker Tag and Push
if: ${{ env.DOCKER_SET == 'true' }}
run: |
# tag the repo with :beta
docker tag helium $DOCKER_REPO:beta
# Tag image based on repo tag if a github label
if [[ "${{ github.ref }}" == "refs/tags/"* ]]
then
# Strip git ref prefix from version
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,' | sed -e 's/^v//')
# tag the image with :version and :stable
docker tag helium $DOCKER_REPO:$VERSION
docker tag helium $DOCKER_REPO:stable
fi
# Push to the repo
docker push -a $DOCKER_REPO
- name: ACR Push
if: ${{ env.ACR_SET == 'true' && env.AZURE_SET == 'true' }}
run: |
# login to acr
az acr login -n ${ACR_REG}
# build the complete image name
ACR_IMAGE=$ACR_REG.azurecr.io/$ACR_REPO/$ACR_IMAGE
# build release image
docker tag helium $ACR_IMAGE:beta
# Tag image based on repo tag if a github label
if [[ "${{ github.ref }}" == "refs/tags/"* ]]
then
# Strip git ref prefix from version
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
# Strip "v" prefix from tag name
VERSION=$(echo $VERSION | sed -e 's/^v//')
# tag the image with :version and :stable
docker tag helium $ACR_IMAGE:$VERSION
docker tag helium $ACR_IMAGE:stable
fi
# push the repo
docker push -a $ACR_IMAGE