-
Notifications
You must be signed in to change notification settings - Fork 0
215 lines (191 loc) · 7.84 KB
/
cicd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
name: ci
on:
workflow_run:
workflows:
- "tests"
branches:
- main
types:
- completed
jobs:
build_local:
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
steps:
- name: Check out repository
uses: actions/checkout@v2
with:
ref: main
- name: Extract building params
id: building-params
run: |
echo "::set-output name=environment::production"
- name: Analyze JSON Package
id: package_json
run: |
content=`cat ./package.json`
content="${content//'%'/'%25'}"
content="${content//$'\n'/'%0A'}"
content="${content//$'\r'/'%0D'}"
echo "::set-output name=packageJson::$content"
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ECR }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ECR }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Log in to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Extract Docker-image params
id: docker-params
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
export IMAGE="$ECR_REGISTRY/sanctuary"
export GIT_COMMIT_VERSION=$(git rev-parse main | cut -c1-8)
export DATE=$(date +%s)
echo "::set-output name=image::$IMAGE"
echo "::set-output name=commit_version::$(echo ${GIT_COMMIT_VERSION}_${DATE})"
echo "::set-output name=version::${{fromJson(steps.package_json.outputs.packageJson).version}}"
- name: Build, tag, and push image to Amazon ECR
env:
IMAGE: ${{ steps.docker-params.outputs.image }}
IMAGE_GIT_TAG: ${{ steps.docker-params.outputs.commit_version }}
IMAGE_VERSION_TAG: ${{ steps.docker-params.outputs.version }}
IMAGE_GIT_TAG_SBX: ${{ steps.docker-params.outputs.commit_version }}_sbx
run: |
docker build -t $IMAGE:$IMAGE_VERSION_TAG -t $IMAGE:$IMAGE_GIT_TAG -t $IMAGE:${{ steps.building-params.outputs.environment }} -t $IMAGE:$IMAGE_GIT_TAG_SBX -t $IMAGE:sandbox .
docker push $IMAGE:$IMAGE_VERSION_TAG
docker push $IMAGE:$IMAGE_GIT_TAG
docker push $IMAGE:${{ steps.building-params.outputs.environment }}
docker push $IMAGE:$IMAGE_GIT_TAG_SBX
docker push $IMAGE:sandbox
- name: Log out of Amazon ECR
if: always()
run: docker logout ${{ steps.login-ecr.outputs.registry }}
- name: Store new Docker-image name, build-id and environemnt
env:
IMAGE_GIT_TAG: ${{ steps.docker-params.outputs.commit_version }}
BUILDING_ENVIRONMENT: ${{ steps.building-params.outputs.environment }}
IMAGE: ${{ steps.docker-params.outputs.image }}
# IMAGE_VERSION_TAG: ${{ steps.docker-params.outputs.version }}
run: |
echo $IMAGE > image.txt
echo $IMAGE_GIT_TAG > version.txt
echo $BUILDING_ENVIRONMENT > environment.txt
printf $(printf ${GITHUB_REF##*/} | shasum) > build-id.txt
- name: Upload Docker-image name to be used by the next job
uses: actions/upload-artifact@v2
with:
name: image
path: image.txt
retention-days: 1
- name: Upload Docker-image version to be used by the next job
uses: actions/upload-artifact@v2
with:
name: version
path: version.txt
retention-days: 1
# - name: Upload Dockerhub-image version to be used by the next job
# uses: actions/upload-artifact@v2
# with:
# name: dockerhub_version
# path: dockerhub_version.txt
# retention-days: 1
- name: Upload environment to be used by the next job
uses: actions/upload-artifact@v2
with:
name: environment
path: environment.txt
retention-days: 1
- name: Upload build-id to be used by the next job
uses: actions/upload-artifact@v2
with:
name: build-id
path: build-id.txt
retention-days: 1
gitops:
needs: build_local
runs-on: ubuntu-latest
steps:
- name: Install YQ
run: sudo snap install yq
- name: Install Github CLI
run: |
sudo apt-get update
sudo apt install curl -y
curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
&& sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
&& echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
&& sudo apt update \
&& sudo apt install gh -y
- name: Check out repository
uses: actions/checkout@v2
with:
repository: ${{ secrets.GITOPS_REPOSITORY_NAME }}
token: ${{ secrets.BOT_GITHUB_TOKEN }}
- name: Retrieve image
uses: actions/download-artifact@v2
with:
name: image
- name: Retrieve version
uses: actions/download-artifact@v2
with:
name: version
- name: Retrieve environment
uses: actions/download-artifact@v2
with:
name: environment
- name: Retrieve build-id
uses: actions/download-artifact@v2
with:
name: build-id
- name: Extract building params
id: atifact-reader
run: |
IMAGE_ECR=$(cat image.txt)
VERSION=$(cat version.txt)
BUILDING_ENVIRONMENT=$(cat environment.txt)
BUILD_ID=$(cat build-id.txt)
rm -rf version.txt environment.txt build-id.txt
IMAGE="$IMAGE_ECR:$VERSION"
echo "::set-output name=version::$VERSION"
echo "::set-output name=environment::$BUILDING_ENVIRONMENT"
echo "::set-output name=build-id::$BUILD_ID"
echo "::set-output name=image::$IMAGE"
- name: Update GitOps Sandbox repository
env:
VERSION: ${{ steps.atifact-reader.outputs.version }}_sbx
BUILDING_ENVIRONMENT: "non-prod/sbx"
run: >-
yq eval ".images[0].newTag = \"$VERSION\"" -i $BUILDING_ENVIRONMENT/backends/sanctuary/base/kustomization.yaml
- name: Commit and Push to master for SANDBOX
env:
GH_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
IMAGE: ${{ steps.atifact-reader.outputs.image }}
BUILD_ID: ${{ steps.atifact-reader.outputs.build-id}}
run: |
git config user.email "[email protected]"
git config user.name "umb-dev"
git commit -a -m "chore(build): SANDBOX - $IMAGE"
git push
- name: Update GitOps repository
env:
VERSION: ${{ steps.atifact-reader.outputs.version }}
BUILDING_ENVIRONMENT: ${{ steps.atifact-reader.outputs.environment }}
run: >-
yq eval ".images[0].newTag = \"$VERSION\"" -i $BUILDING_ENVIRONMENT/backends/sanctuary/base/kustomization.yaml
- name: Commit, Push and create Pull Request
env:
GH_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }}
IMAGE: ${{ steps.atifact-reader.outputs.image-name }}
BUILD_ID: ${{ steps.atifact-reader.outputs.build-id}}
run: |
BRANCH="feature/sanctuary-$BUILD_ID"
git config user.email "[email protected]"
git config user.name "umb-dev"
git checkout -b $BRANCH
git commit -a -m "chore(build): $IMAGE"
git push origin -f $BRANCH
gh pr create --base master --title "sanctuary Release" --body "sanctuary" || exit 0