ci #150
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| on: | |
| workflow_run: | |
| workflows: | |
| - "tests" | |
| branches: | |
| - main | |
| types: | |
| - completed | |
| jobs: | |
| build_local: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v2 | |
| with: | |
| ref: main | |
| - name: Extract building params | |
| id: building-params | |
| run: | | |
| echo "::set-output name=environment::production" | |
| - name: Analyze JSON Package | |
| id: package_json | |
| run: | | |
| content=`cat ./package.json` | |
| content="${content//'%'/'%25'}" | |
| content="${content//$'\n'/'%0A'}" | |
| content="${content//$'\r'/'%0D'}" | |
| echo "::set-output name=packageJson::$content" | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ECR }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ECR }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Log in to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Extract Docker-image params | |
| id: docker-params | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| run: | | |
| export IMAGE="$ECR_REGISTRY/sanctuary" | |
| export GIT_COMMIT_VERSION=$(git rev-parse main | cut -c1-8) | |
| export DATE=$(date +%s) | |
| echo "::set-output name=image::$IMAGE" | |
| echo "::set-output name=commit_version::$(echo ${GIT_COMMIT_VERSION}_${DATE})" | |
| echo "::set-output name=version::${{fromJson(steps.package_json.outputs.packageJson).version}}" | |
| - name: Build, tag, and push image to Amazon ECR | |
| env: | |
| IMAGE: ${{ steps.docker-params.outputs.image }} | |
| IMAGE_GIT_TAG: ${{ steps.docker-params.outputs.commit_version }} | |
| IMAGE_VERSION_TAG: ${{ steps.docker-params.outputs.version }} | |
| IMAGE_GIT_TAG_SBX: ${{ steps.docker-params.outputs.commit_version }}_sbx | |
| run: | | |
| docker build -t $IMAGE:$IMAGE_VERSION_TAG -t $IMAGE:$IMAGE_GIT_TAG -t $IMAGE:${{ steps.building-params.outputs.environment }} -t $IMAGE:$IMAGE_GIT_TAG_SBX -t $IMAGE:sandbox . | |
| docker push $IMAGE:$IMAGE_VERSION_TAG | |
| docker push $IMAGE:$IMAGE_GIT_TAG | |
| docker push $IMAGE:${{ steps.building-params.outputs.environment }} | |
| docker push $IMAGE:$IMAGE_GIT_TAG_SBX | |
| docker push $IMAGE:sandbox | |
| - name: Log out of Amazon ECR | |
| if: always() | |
| run: docker logout ${{ steps.login-ecr.outputs.registry }} | |
| - name: Store new Docker-image name, build-id and environemnt | |
| env: | |
| IMAGE_GIT_TAG: ${{ steps.docker-params.outputs.commit_version }} | |
| BUILDING_ENVIRONMENT: ${{ steps.building-params.outputs.environment }} | |
| IMAGE: ${{ steps.docker-params.outputs.image }} | |
| # IMAGE_VERSION_TAG: ${{ steps.docker-params.outputs.version }} | |
| run: | | |
| echo $IMAGE > image.txt | |
| echo $IMAGE_GIT_TAG > version.txt | |
| echo $BUILDING_ENVIRONMENT > environment.txt | |
| printf $(printf ${GITHUB_REF##*/} | shasum) > build-id.txt | |
| - name: Upload Docker-image name to be used by the next job | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: image | |
| path: image.txt | |
| retention-days: 1 | |
| - name: Upload Docker-image version to be used by the next job | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: version | |
| path: version.txt | |
| retention-days: 1 | |
| # - name: Upload Dockerhub-image version to be used by the next job | |
| # uses: actions/upload-artifact@v2 | |
| # with: | |
| # name: dockerhub_version | |
| # path: dockerhub_version.txt | |
| # retention-days: 1 | |
| - name: Upload environment to be used by the next job | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: environment | |
| path: environment.txt | |
| retention-days: 1 | |
| - name: Upload build-id to be used by the next job | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: build-id | |
| path: build-id.txt | |
| retention-days: 1 | |
| gitops: | |
| needs: build_local | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install YQ | |
| run: sudo snap install yq | |
| - name: Install Github CLI | |
| run: | | |
| sudo apt-get update | |
| sudo apt install curl -y | |
| curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \ | |
| && sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \ | |
| && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ | |
| && sudo apt update \ | |
| && sudo apt install gh -y | |
| - name: Check out repository | |
| uses: actions/checkout@v2 | |
| with: | |
| repository: ${{ secrets.GITOPS_REPOSITORY_NAME }} | |
| token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| - name: Retrieve image | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: image | |
| - name: Retrieve version | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: version | |
| - name: Retrieve environment | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: environment | |
| - name: Retrieve build-id | |
| uses: actions/download-artifact@v2 | |
| with: | |
| name: build-id | |
| - name: Extract building params | |
| id: atifact-reader | |
| run: | | |
| IMAGE_ECR=$(cat image.txt) | |
| VERSION=$(cat version.txt) | |
| BUILDING_ENVIRONMENT=$(cat environment.txt) | |
| BUILD_ID=$(cat build-id.txt) | |
| rm -rf version.txt environment.txt build-id.txt | |
| IMAGE="$IMAGE_ECR:$VERSION" | |
| echo "::set-output name=version::$VERSION" | |
| echo "::set-output name=environment::$BUILDING_ENVIRONMENT" | |
| echo "::set-output name=build-id::$BUILD_ID" | |
| echo "::set-output name=image::$IMAGE" | |
| - name: Update GitOps Sandbox repository | |
| env: | |
| VERSION: ${{ steps.atifact-reader.outputs.version }}_sbx | |
| BUILDING_ENVIRONMENT: "non-prod/sbx" | |
| run: >- | |
| yq eval ".images[0].newTag = \"$VERSION\"" -i $BUILDING_ENVIRONMENT/backends/sanctuary/base/kustomization.yaml | |
| - name: Commit and Push to master for SANDBOX | |
| env: | |
| GH_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| IMAGE: ${{ steps.atifact-reader.outputs.image }} | |
| BUILD_ID: ${{ steps.atifact-reader.outputs.build-id}} | |
| run: | | |
| git config user.email "[email protected]" | |
| git config user.name "umb-dev" | |
| git commit -a -m "chore(build): SANDBOX - $IMAGE" | |
| git push | |
| - name: Update GitOps repository | |
| env: | |
| VERSION: ${{ steps.atifact-reader.outputs.version }} | |
| BUILDING_ENVIRONMENT: ${{ steps.atifact-reader.outputs.environment }} | |
| run: >- | |
| yq eval ".images[0].newTag = \"$VERSION\"" -i $BUILDING_ENVIRONMENT/backends/sanctuary/base/kustomization.yaml | |
| - name: Commit, Push and create Pull Request | |
| env: | |
| GH_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| IMAGE: ${{ steps.atifact-reader.outputs.image-name }} | |
| BUILD_ID: ${{ steps.atifact-reader.outputs.build-id}} | |
| run: | | |
| BRANCH="feature/sanctuary-$BUILD_ID" | |
| git config user.email "[email protected]" | |
| git config user.name "umb-dev" | |
| git checkout -b $BRANCH | |
| git commit -a -m "chore(build): $IMAGE" | |
| git push origin -f $BRANCH | |
| gh pr create --base master --title "sanctuary Release" --body "sanctuary" || exit 0 |