Temporarily disable actuator security #100
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Merged to Master | |
concurrency: master | |
on: | |
push: | |
branches: | |
- master | |
jobs: | |
detect-changes: | |
runs-on: ubuntu-latest | |
outputs: | |
api: ${{ steps.filter.outputs.api }} | |
website: ${{ steps.filter.outputs.website }} | |
keycloak: ${{ steps.filter.outputs.keycloak }} | |
k8s: ${{ steps.filter.outputs.k8s }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dorny/paths-filter@v2 | |
id: filter | |
with: | |
filters: | | |
api: | |
- apps/api/** | |
website: | |
- apps/website/** | |
keycloak: | |
- apps/keycloak/** | |
k8s: | |
- .k8s/prod/** | |
test-api: | |
runs-on: ubuntu-latest | |
needs: detect-changes | |
if: ${{ needs.detect-changes.outputs.api == 'true' }} | |
timeout-minutes: 3 | |
defaults: | |
run: | |
working-directory: apps/api | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-java@v3 | |
with: | |
distribution: temurin | |
java-version: 19 | |
- name: Cache SonarCloud packages | |
uses: actions/cache@v3 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonarcloud | |
- name: Cache Gradle packages | |
uses: actions/cache@v3 | |
with: | |
path: /home/runner/.gradle | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} | |
restore-keys: ${{ runner.os }}-gradle | |
- run: ./gradlew test jacocoTestReport sonar | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
build-api-image: | |
runs-on: ubuntu-latest | |
needs: test-api | |
timeout-minutes: 15 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: docker/setup-buildx-action@v2 | |
with: | |
platforms: linux/arm64 | |
- uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GH_PACKAGES_TOKEN }} | |
- uses: docker/build-push-action@v3 | |
with: | |
push: true | |
tags: | | |
ghcr.io/nikitades/carres-api:latest | |
ghcr.io/nikitades/carres-api:${{ github.sha }} | |
cache-from: type=gha,scope=api | |
cache-to: type=gha,mode=max,scope=api | |
context: apps/api | |
platforms: linux/arm64 | |
build-website-image: | |
runs-on: ubuntu-latest | |
needs: detect-changes | |
if: ${{ needs.detect-changes.outputs.website == 'true' }} | |
timeout-minutes: 10 | |
defaults: | |
run: | |
working-directory: apps/website | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: docker/setup-buildx-action@v2 | |
with: | |
platforms: linux/arm64 | |
- uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GH_PACKAGES_TOKEN }} | |
- uses: docker/build-push-action@v3 | |
with: | |
push: true | |
tags: | | |
ghcr.io/nikitades/carres-website:latest | |
ghcr.io/nikitades/carres-website:${{ github.sha }} | |
cache-from: type=gha,scope=website | |
cache-to: type=gha,mode=max,scope=website | |
context: apps/website | |
platforms: linux/arm64 | |
build-keycloak-image: | |
runs-on: ubuntu-latest | |
needs: detect-changes | |
if: ${{ needs.detect-changes.outputs.keycloak == 'true' }} | |
timeout-minutes: 5 | |
defaults: | |
run: | |
working-directory: apps/website | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: docker/setup-buildx-action@v2 | |
with: | |
platforms: linux/arm64 | |
- uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GH_PACKAGES_TOKEN }} | |
- uses: docker/build-push-action@v3 | |
with: | |
push: true | |
tags: | | |
ghcr.io/nikitades/carres-keycloak:latest | |
ghcr.io/nikitades/carres-keycloak:${{ github.sha }} | |
cache-from: type=gha,scope=keycloak | |
cache-to: type=gha,mode=max,scope=keycloak | |
context: apps/keycloak | |
platforms: linux/arm64 | |
deploy: | |
name: Deploy | |
runs-on: ubuntu-latest | |
needs: [detect-changes, build-api-image, build-website-image, build-keycloak-image] | |
if: ${{ always() && needs.build-api-image.result != 'failure' && needs.build-website-image.result != 'failure' && needs.build-keycloak-image.result != 'failure' && (needs.detect-changes.outputs.k8s == 'true' || needs.build-api-image.result == 'success' || needs.build-website-image.result == 'success' || needs.build-keycloak-image.result == 'success') }} | |
timeout-minutes: 7 | |
steps: | |
- name: Set the Kubernetes context | |
uses: azure/k8s-set-context@v2 | |
with: | |
method: service-account | |
k8s-url: ${{ secrets.KUBERNETES_SERVER_URL }} | |
k8s-secret: ${{ secrets.KUBERNETES_SECRET }} | |
- uses: actions/checkout@v3 | |
- uses: azure/k8s-deploy@v4 | |
with: | |
namespace: carres | |
imagepullsecrets: ghcr | |
manifests: .k8s/prod | |
images: | | |
ghcr.io/nikitades/carres-api:latest | |
ghcr.io/nikitades/carres-website:latest | |
ghcr.io/nikitades/carres-keycloak:latest |