-
Notifications
You must be signed in to change notification settings - Fork 4
161 lines (147 loc) · 5.2 KB
/
build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
name: Build and Deploy
on:
push:
branches: ["main"]
pull_request:
types: [opened, synchronize, reopened]
branches: ["main"]
jobs:
build:
name: Build
runs-on: ubuntu-latest
strategy:
matrix:
facility: [zan]
include:
- facility: zan
name: PAZA
secret: ADH_PIPELINE_PAT
repo: vpaza/gitops
facility: [zlc]
include:
- facility: zlc
name: KZLC
secret: KZLC_GITOPS_TOKEN
repo: kzlc/gtiops
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Set sha_short
run: |
echo "sha_short=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV
# Set default branch name for PRs, as we still want to test build an image on PRs
# but we have no branch to set a tag for.
branch="test"
if [[ "$GITHUB_REF" == "refs/heads/"* ]]; then
branch="${GITHUB_REF#refs/heads/}"
fi
echo "branch=${branch}" >> $GITHUB_ENV
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Install cosign
uses: sigstore/cosign-installer@v3
- name: Copy subdivision frontend config
run: |
cd frontend
cp configs/${{ matrix.facility }}.json config.json
- name: Build and Push Container Image
if: ${{ github.event_name == 'push' && env.branch == 'main' }}
run: |
TAG=${{ env.branch }}-${{ env.sha_short }} bash scripts/build.sh
- name: Build Container Image
if: ${{ env.branch != 'main' }}
run: |
DRY_RUN=1 TAG=${{ env.branch }}-${{ env.sha_short }} bash scripts/build.sh
- name: Sign Image
if: ${{ github.event_name == 'push' && env.branch == 'main' }}
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }}
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
run: |
TAG=${{ matrix.facility }}-${{ env.branch }}-${{ env.sha_short }}
image_digest_fe=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ secrets.DOCKER_USERNAME }}/ids-frontend:$TAG)
image_digest_be=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ secrets.DOCKER_USERNAME }}/ids-backend:$TAG)
cosign sign --yes --key env://COSIGN_PRIVATE_KEY $image_digest_fe $image_digest_be
deploy:
name: Deploy
runs-on: ubuntu-latest
needs: build
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
strategy:
matrix:
facility: [zan]
include:
- facility: zan
name: PAZA
secret: ADH_PIPELINE_PAT
repo: vpaza/gitops
facility: [zlc]
include:
- facility: zlc
name: KZLC
secret: ADH_PIPELINE_PAT
repo: kzlc/gtiops
steps:
- name: Checkout Repo
uses: actions/checkout@v4
- name: Set sha_short
id: vars
run: |-
echo "sha_short=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV
# Set default branch name for PRs, as we still want to test build an image on PRs
# but we have no branch to set a tag for.
branch="test"
if [[ "$GITHUB_REF" == "refs/heads/"* ]]; then
branch="${GITHUB_REF#refs/heads/}"
fi
echo "branch=${branch}" >> $GITHUB_ENV
- name: Checkout ${{ matrix.name }} Gitops Repo
uses: actions/checkout@v4
with:
token: ${{ secrets[matrix.secret] }}
repository: ${{ matrix.repo }}
path: gitops
- name: Configure git
run: |-
cd $GITHUB_WORKSPACE/gitops
git config user.name "adh-pipeline"
git config user.email "[email protected]"
- name: Setup Kustomize
env:
BIN_DIR: "/tmp/bin"
KUSTOMIZE_VERSION: "5.3.0"
run: |
mkdir -p "${BIN_DIR}"
pushd "${BIN_DIR}" || exit 1
KUSTOMIZE_FILENAME="kustomize_v${KUSTOMIZE_VERSION}_linux_amd64.tar.gz"
set -e
KUSTOMIZE_DOWNLOAD_PATH="${BIN_DIR}/${KUSTOMIZE_FILENAME}"
if [ -f "${KUSTOMIZE_DOWNLOAD_PATH}" ]; then
echo "Kustomize already downloaded"
else
curl -o "${KUSTOMIZE_FILENAME}" -L "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv${KUSTOMIZE_VERSION}/${KUSTOMIZE_FILENAME}"
fi
tar xzf "${KUSTOMIZE_FILENAME}"
chmod u+x kustomize
popd
echo "${BIN_DIR}" >> $GITHUB_PATH
"${BIN_DIR}/kustomize" version
kustomize version
- name: Update prod overlay
if: ${{ env.branch == 'main' }}
run: |
TAG=${{ env.branch }}-${{ env.sha_short }}
cd $GITHUB_WORKSPACE/gitops/overlays/prod
kustomize edit set image adhp/ids-frontend=docker.io/adhp/ids-frontend:${{ matrix.facility }}-$TAG
kustomize edit set image adhp/ids-backend=docker.io/adhp/ids-backend:${{ matrix.facility }}-$TAG
- name: Commit and Push
if: ${{ env.branch == 'main' }}
run: |
TAG=${{ env.branch }}-${{ env.sha_short }}
cd $GITHUB_WORKSPACE/gitops
git add overlays/prod
git commit -m "Update prod overlay for ${{ matrix.facility }}-$TAG"
git push