-
Notifications
You must be signed in to change notification settings - Fork 1
147 lines (132 loc) · 5.28 KB
/
build-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: Build and deploy
concurrency:
group: "${{ github.workflow }}-${{ github.ref }}-build-deploy"
cancel-in-progress: true
on:
workflow_call:
workflow_dispatch:
jobs:
env:
name: Generate environment variables
runs-on: ubuntu-latest
steps:
- name: Derive environment from git ref
id: environment
run: |
if [ "${{ github.ref }}" = "refs/heads/main" ]; then
ENVIRONMENT="production"
APP_NAME_SUFFIX=""
elif [ "${{ github.ref }}" = "refs/heads/develop" ]; then
ENVIRONMENT="development"
APP_NAME_SUFFIX="-development"
elif [ "${{github.event_name}}" = "pull_request"]; then
ENVIRONMENT="pr/${{ github.event.pull_request.number }}"
APP_NAME_SUFFIX="-pr-${{ github.event.pull_request.number }}"
else
exit 1
fi
echo "ENVIRONMENT=$ENVIRONMENT" >> $GITHUB_OUTPUT
echo "APP_NAME_SUFFIX=$APP_NAME_SUFFIX" >> $GITHUB_OUTPUT
outputs:
environment: "${{ steps.environment.outputs.ENVIRONMENT }}"
app_name: "nomansland-website${{ steps.environment.outputs.APP_NAME_SUFFIX }}"
registry: "ghcr.io"
image: "${{ github.repository }}"
vars:
name: Generate public url
needs: [env]
runs-on: ubuntu-latest
environment:
name: "${{ needs.env.outputs.environment }}"
steps:
- name: Generate public URL
id: public_url
run: |
if [ -z "${{ vars.PUBLIC_URL }}" ]; then
PUBLIC_URL="https://${{ needs.env.outputs.app_name }}.${{ vars.KUBE_INGRESS_BASE_DOMAIN }}"
else
PUBLIC_URL="${{ vars.PUBLIC_URL }}"
fi
echo "PUBLIC_URL=$PUBLIC_URL" >> $GITHUB_OUTPUT
outputs:
public_url: "${{ steps.public_url.outputs.PUBLIC_URL }}"
build:
name: Build and push docker image
needs: [env, vars]
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
environment:
name: "${{ needs.env.outputs.environment }}"
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Ensure astro build artefacts folder exists
run: mkdir -p node_modules/.astro
- name: Cache astro build artefacts
uses: actions/cache@v4
with:
path: node_modules/.astro/
key: ${{ runner.os }}-astro-20.x-${{ github.run_id }}
restore-keys: ${{ runner.os }}-astro-20.x
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: "${{ needs.env.outputs.registry }}"
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: "${{ needs.env.outputs.registry }}/${{ needs.env.outputs.image }}"
tags: |
type=raw,value={{sha}}
type=ref,event=branch
# type=ref,event=pr
# type=semver,pattern={{version}}
# type=semver,pattern={{major}}.{{minor}}
# type=raw,value=latest
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: "${{ steps.meta.outputs.tags }}"
labels: "${{ steps.meta.outputs.labels }}"
build-args: |
"PUBLIC_APP_BASE_PATH=${{ vars.PUBLIC_APP_BASE_PATH }}"
# not using public_url, because that points to cluster-internal domain
# "PUBLIC_APP_BASE_URL=${{ needs.vars.outputs.public_url }}"
"PUBLIC_APP_BASE_URL=${{ vars.PUBLIC_APP_BASE_URL }}"
"PUBLIC_BOTS=${{ vars.PUBLIC_BOTS }}"
"PUBLIC_GOOGLE_SITE_VERIFICATION=${{ vars.PUBLIC_GOOGLE_SITE_VERIFICATION }}"
"PUBLIC_KEYSTATIC_GITHUB_APP_SLUG=${{ vars.PUBLIC_KEYSTATIC_GITHUB_APP_SLUG }}"
"PUBLIC_KEYSTATIC_GITHUB_REPO_NAME=${{ vars.PUBLIC_KEYSTATIC_GITHUB_REPO_NAME }}"
"PUBLIC_KEYSTATIC_GITHUB_REPO_OWNER=${{ vars.PUBLIC_KEYSTATIC_GITHUB_REPO_OWNER }}"
"PUBLIC_KEYSTATIC_MODE=${{ vars.PUBLIC_KEYSTATIC_MODE }}"
"PUBLIC_MATOMO_BASE_URL=${{ vars.PUBLIC_MATOMO_BASE_URL }}"
"PUBLIC_MATOMO_ID=${{ vars.PUBLIC_MATOMO_ID }}"
"PUBLIC_REDMINE_ID=${{ vars.SERVICE_ID }}"
secrets: |
"KEYSTATIC_GITHUB_CLIENT_ID=${{ secrets.K8S_SECRET_KEYSTATIC_GITHUB_CLIENT_ID }}"
"KEYSTATIC_GITHUB_CLIENT_SECRET=${{ secrets.K8S_SECRET_KEYSTATIC_GITHUB_CLIENT_SECRET }}"
"KEYSTATIC_SECRET=${{ secrets.K8S_SECRET_KEYSTATIC_SECRET }}"
cache-from: type=gha
cache-to: type=gha,mode=max
deploy:
name: Deploy docker image
needs: [env, vars, build]
uses: acdh-oeaw/gl-autodevops-minimal-port/.github/workflows/deploy.yml@main
secrets: inherit
with:
environment: "${{ needs.env.outputs.environment }}"
DOCKER_TAG: "${{ needs.env.outputs.registry }}/${{ needs.env.outputs.image }}"
APP_NAME: "${{ needs.env.outputs.app_name }}"
APP_ROOT: "/"
SERVICE_ID: "${{ vars.SERVICE_ID }}"
PUBLIC_URL: "${{ needs.vars.outputs.public_url }}"
default_port: "3000"