Skip to content

Commit

Permalink
DEVOPS-TASK-77: GH action update
Browse files Browse the repository at this point in the history
  • Loading branch information
evmos-lde committed Oct 13, 2023
1 parent 9764499 commit ff6b256
Showing 1 changed file with 113 additions and 38 deletions.
151 changes: 113 additions & 38 deletions .github/workflows/build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ jobs:
github-token: ${{ secrets.github_token }}
# Check only if there are differences in the source code
if: env.GIT_DIFF

test-unit:
needs: golangci
runs-on: ubuntu-latest
Expand All @@ -55,9 +56,54 @@ jobs:
run: |
make test
if: env.GIT_DIFF

set-environment:
runs-on: ubuntu-latest
needs: [golangci, test-unit]
outputs:
env-variable: ${{ steps.set-env-var.outputs.patch_env }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0 # Note: This fetches all branches and tags

- name: Check base ref
run: |
BASE_REF=$(git describe --contains --all HEAD)
echo "BASE_REF=$BASE_REF" >> $GITHUB_ENV
- name: Set ENV variable
id: set-env-var
run: |
PATCH_ENV="unknown" # Default value
case $GITHUB_REF in
refs/tags/*)
TAG_COMMIT=$(git rev-list -n 1 ${{ github.ref }})
BRANCHE=$(git branch -r --contains $TAG_COMMIT | sed 's/ *origin\///' | grep -v "HEAD" | head -n 1)
if [ "$BRANCHE" == "main" ]; then
PATCH_ENV="production"
fi
;;
refs/heads/main)
PATCH_ENV="non-production"
;;
esac
echo "PATCH_ENV=$PATCH_ENV" >> $GITHUB_ENV
echo "BRANCHE=$BRANCHE" >> $GITHUB_ENV
echo "::set-output name=patch_env::$PATCH_ENV"
- name: Debug
run: |
echo "Env: ${PATCH_ENV}"
echo "Ref: ${{ github.ref }}"
echo "GitHub Ref: $GITHUB_REF"
echo "Base Ref: $BASE_REF"
echo "Branch: $BRANCHE"
build:
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
needs: test-unit
if: (github.event_name == 'push') && (needs.set-environment.outputs.env-variable == 'non-production')
needs: [set-environment]
permissions:
contents: read
id-token: write
Expand All @@ -78,43 +124,22 @@ jobs:
path: "./cors"
dockerfile: "compose.dockerfile"
image_name: "dashboard-backend_nginx"
env:
IMG_NAME: ${{ github.repository }}
steps:
- name: Checkout
uses: actions/checkout@v3

# - name: Debug
# run: |
# echo "github.ref -> ${{ github.ref }}"
# - uses: hmarr/debug-action@v2
- name: Authenticate with Google Cloud
id: auth
uses: google-github-actions/auth@v1
with:
workload_identity_provider: ${{ vars.GCP_PROVIDER }}
service_account: ${{ vars.GCP_SERVICE_ACCOUNT }}
access_token_lifetime: 600s

- name: Docker metadata
id: metadata
uses: docker/[email protected]
with:
images: |
${{ vars.GCP_REGISTRY }}/${{ vars.GCP_PROJECT }}/${{ env.IMG_NAME }}/${{ matrix.component.name }}
ghcr.io/${{ github.repository }}/${{ matrix.component.name }}
tags: |
type=semver,pattern={{version}}
type=raw,value={{sha}},enable=${{ github.ref_type != 'tag' }}
flavor: |
latest=${{ github.ref == 'refs/heads/main' }}
# Configure docker to use the gcloud command-line tool as a credential helper
# This avoids using docker/login-action as a middle man.
- name: Configure Docker with GCloud credentials
shell: bash
run: gcloud auth configure-docker --quiet ${{ vars.GCP_REGISTRY}}

# Login to GitHub Container Registry (GHCR)
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
Expand Down Expand Up @@ -142,17 +167,6 @@ jobs:
name: image-tag-${{ matrix.component.name }}
path: metadata-${{ matrix.component.name }}.txt

- name: Clean up old images
uses: "docker://europe-docker.pkg.dev/gcr-cleaner/gcr-cleaner/gcr-cleaner-cli"
# env:
# GCRCLEANER_LOG: debug
with:
args: >-
-repo=${{ vars.GCP_REGISTRY }}/${{ vars.GCP_PROJECT }}/${{ env.IMG_NAME }}/${{ matrix.component.name }}
-grace=336h
-keep=5
-tag-filter-any=^[a-zA-Z0-9-\.]+$
- name: Prune old images on ghcr.io
uses: vlaurin/[email protected]
with:
Expand All @@ -165,12 +179,72 @@ jobs:
prune-untagged: true
prune-tags-regexes: ^[a-zA-Z0-9-\.]+$

retag-and-push:
if: needs.set-environment.outputs.env-variable == 'production'
needs: [set-environment]
runs-on: ubuntu-latest
outputs:
relese-tag: ${{ steps.get_version.outputs.TAG_VER }}
strategy:
matrix:
component:
- name: "api"
path: "."
dockerfile: "Dockerfile"
image_name: "dashboard-backend_api"
- name: "cron"
path: "./cronjobs"
dockerfile: "Dockerfile"
image_name: "dashboard-backend_cron"
- name: "nginx"
path: "./cors"
dockerfile: "Dockerfile"
image_name: "dashboard-backend_nginx"
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Extract Tag Name
id: get_version
run: echo "TAG_VER=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

# Login to GitHub Container Registry (GHCR)
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Re-tag image
run: |
COMMIT_HASH=$(git rev-parse --short "$TAG_VER")
docker pull ghcr.io/${{ github.repository }}/${{ matrix.component.name }}:${COMMIT_HASH}
docker tag ghcr.io/${{ github.repository }}/${{ matrix.component.name }}:${COMMIT_HASH} ghcr.io/${{ github.repository }}/${{ matrix.component.name }}:${TAG_VER}
docker push ghcr.io/${{ github.repository }}/${{ matrix.component.name }}:${TAG_VER}
echo "${{ matrix.component.name }} ghcr.io/${{ github.repository }}/${{ matrix.component.name }}:$TAG_VER" > metadata-${{ matrix.component.name }}.txt
- name: Upload image tags
uses: actions/upload-artifact@v2
with:
name: image-tag-${{ matrix.component.name }}
path: metadata-${{ matrix.component.name }}.txt

update-deployment-tags:
needs: build
if: always() && needs.set-environment.outputs.env-variable != 'unknown'
needs: [set-environment,build,retag-and-push]
runs-on: ubuntu-latest
env:
IMG_NAME: ${{ github.repository }}
environment:
name: ${{ needs.set-environment.outputs.env-variable }}
steps:
- name: Use environment
run: |
echo "Deploying to environment ${{ needs.set-environment.outputs.env-variable }}"
echo "K8S_MANIFEST: ${{ vars.K8S_MANIFEST }}"
- name: Download all artifacts
uses: actions/download-artifact@v2
with:
Expand All @@ -184,12 +258,13 @@ jobs:
ARGOCD_APPS_REPO: ${{ secrets.ARGOCD_APPS_REPO }}

- name: Update k8s deployment
if: needs.set-environment.outputs.env-variable != 'unknown'
run: |
find build-artifacts -name "*.txt" | while read filename; do
while read line; do
COMPONENT=$(echo $line | cut -d' ' -f1)
NEW_IMAGE=$(echo $line | cut -d' ' -f2-)
sed -i "s|${{ vars.GCP_REGISTRY }}/${{ vars.GCP_PROJECT }}/${{ env.IMG_NAME }}/${COMPONENT}:[^ ]*|${NEW_IMAGE}|" APPS/${{ vars.K8S_MANIFEST }}
echo "ghcr.io/${{ github.repository }}/${COMPONENT}:${NEW_IMAGE}" > APPS/${{ vars.K8S_MANIFEST }}
done < $filename
done
Expand Down

0 comments on commit ff6b256

Please sign in to comment.