test #103
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Deploy Image | |
on: | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: 'Define the tag for the code' | |
required: false | |
branch: | |
description: 'Define branch name' | |
required: false | |
default: 'main' | |
push: | |
branches: | |
- workflow | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
GITHUB_IMAGE_REPO: ghcr.io/bcgov/dts-endorser-service/ | |
OPENSHIFT_IMAGE_REPO: image-registry.apps.silver.devops.gov.bc.ca/4a9599-tools/ | |
APP_NAMES: aries-endorser-agent,aries-endorser-db,aries-endorser-backup,aries-endorser-proxy,aries-endorser-api | |
jobs: | |
build: | |
if: (github.repository == 'bcgov/dts-endorser-service') || (github.event_name == 'workflow_dispatch') | |
name: Build Image | |
permissions: | |
packages: write | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- service: aries-endorser-agent | |
GIT_REPO_URL: hyperledger/aries-endorser-service | |
DOCKER_FILE_PATH: Dockerfile.acapy # The docker path, file, is the relative path to the docker file from the root of the repo. | |
SOURCE_CONTEXT_DIR: docker/acapy # The context dir, context, sets the context for the build. i.e. where the build will source files from | |
- service: aries-endorser-db | |
GIT_REPO_URL: hyperledger/aries-endorser-service | |
PATH: docker/wallet/config | |
BUILDER_IMAGE: 'quay.io/fedora/postgresql-13:13' | |
- service: aries-endorser-backup | |
GIT_REPO_URL: BCDevOps/backup-container | |
DOCKER_FILE_PATH: Dockerfile # The docker path, file, is the relative path to the docker file from the root of the repo. | |
SOURCE_CONTEXT_DIR: docker # The context dir, context, sets the context for the build. i.e. where the build will source files from | |
- service: aries-endorser-proxy | |
DOCKER_FILE_PATH: Dockerfile # The docker path, file, is the relative path to the docker file from the root of the repo. | |
SOURCE_CONTEXT_DIR: proxy # The context dir, context, sets the context for the build. i.e. where the build will source files from | |
SOURCE_IMAGE_REGISTRY: "artifacts.developer.gov.bc.ca/docker-remote/" | |
SOURCE_IMAGE_NAME: caddy | |
SOURCE_IMAGE_TAG: latest | |
- service: aries-endorser-api | |
GIT_REPO_URL: hyperledger/aries-endorser-service | |
DOCKER_FILE_PATH: Dockerfile.endorser # The docker path, file, is the relative path to the docker file from the root of the repo. | |
SOURCE_CONTEXT_DIR: endorser # The context dir, context, sets the context for the build. i.e. where the build will source files from | |
BASE_SOURCE_IMAGE_REGISTRY: artifacts.developer.gov.bc.ca/docker-remote/ | |
BASE_SOURCE_IMAGE_NAME: python | |
BASE_SOURCE_IMAGE_TAG: 3.10-slim-buster | |
REGISTRY_USERNAME_SECRET_NAME: ARTIFACTORY_USERNAME | |
REGISTRY_PASSWORD_SECRET_NAME: ARTIFACTORY_PASSWORD | |
outputs: | |
aries-endorser-agent_digest: ${{ steps.digest.outputs.aries-endorser-agent_digest }} | |
aries-endorser-backup_digest: ${{ steps.digest.outputs.aries-endorser-backup_digest }} | |
aries-endorser-api_digest: ${{ steps.digest.outputs.aries-endorser-api_digest }} | |
aries-endorser-proxy_digest: ${{ steps.digest.outputs.aries-endorser-proxy_digest }} | |
aries-endorser-db_digest: ${{ steps.digests.outputs.aries-endorser-db_digest }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
repository: ${{ matrix.GIT_REPO_URL }} | |
ref: ${{ github.event.tag }} | |
if: ${{ github.event.tag != '' }} | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
repository: ${{ matrix.GIT_REPO_URL }} | |
ref: ${{ github.event.branch }} | |
if: ${{ github.event.tag == '' }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Pull base image for proxy and Create Docker file | |
if: contains(fromJSON('["aries-endorser-proxy"]'), matrix.service) | |
run: | | |
if [[ -n "${BASE_SOURCE_IMAGE_REGISTRY}" ]]; then | |
docker login -u $REGISTRY_USERNAME -p $REGISTRY_PASSWORD $BASE_SOURCE_IMAGE_REGISTRY | |
BASE_IMAGE="${BASE_SOURCE_IMAGE_REGISTRY}${BASE_SOURCE_IMAGE_NAME}:${BASE_SOURCE_IMAGE_TAG}" | |
else | |
docker login -u $REGISTRY_USERNAME -p $REGISTRY_PASSWORD $SOURCE_IMAGE_REGISTRY | |
BASE_IMAGE=${SOURCE_IMAGE_REGISTRY}${SOURCE_IMAGE_NAME}:${SOURCE_IMAGE_TAG} | |
fi | |
docker pull "${BASE_IMAGE}" | |
mkdir ${context} && cd ${context} | |
echo "FROM ${BASE_IMAGE}" > Dockerfile | |
echo "RUN chown 1001:root /usr/bin/caddy" >> Dockerfile | |
env: | |
context: ${{ matrix.SOURCE_CONTEXT_DIR }} | |
SOURCE_IMAGE_REGISTRY: ${{ matrix.SOURCE_IMAGE_REGISTRY }} | |
SOURCE_IMAGE_NAME: ${{ matrix.SOURCE_IMAGE_NAME }} | |
SOURCE_IMAGE_TAG: ${{ matrix.SOURCE_IMAGE_TAG }} | |
BASE_SOURCE_IMAGE_REGISTRY: ${{ matrix.BASE_SOURCE_IMAGE_REGISTRY }} | |
BASE_SOURCE_IMAGE_NAME: ${{ matrix.BASE_SOURCE_IMAGE_NAME }} | |
BASE_SOURCE_IMAGE_TAG: ${{ matrix.BASE_SOURCE_IMAGE_TAG }} | |
REGISTRY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }} | |
REGISTRY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }} | |
- name: Log in to the GHCR | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Prepare docker tags for image | |
id: meta | |
if: contains(fromJSON('["aries-endorser-db","aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service) | |
uses: docker/metadata-action@v5 | |
with: | |
images: ghcr.io/bcgov/dts-endorser-service/${{ matrix.service }} | |
flavor: | | |
latest=true | |
tags: | | |
type=schedule | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}} | |
type=sha,value=latest | |
labels: | | |
acapy.version=0.1O.3 | |
annotations: | | |
org.opencontainers.image.description="Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized id" | |
- name: Update Docker base image and pull the base image if access is required | |
if: matrix.BASE_SOURCE_IMAGE_REGISTRY != '' && contains(fromJSON('["aries-endorser-db","aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service) | |
run: | | |
if [[ -n "${REGISTRY_USERNAME}" ]]; then | |
docker login -u $REGISTRY_USERNAME -p $REGISTRY_PASSWORD $BASE_SOURCE_IMAGE_REGISTRY | |
fi | |
BASE_IMAGE="${BASE_SOURCE_IMAGE_REGISTRY}${BASE_SOURCE_IMAGE_NAME}:${BASE_SOURCE_IMAGE_TAG}" | |
sed -i -e "s;FROM .*;FROM ${BASE_IMAGE};g" "$file" | |
docker pull $BASE_IMAGE | |
env: | |
context: ${{ matrix.SOURCE_CONTEXT_DIR }} | |
BASE_SOURCE_IMAGE_REGISTRY: ${{ matrix.BASE_SOURCE_IMAGE_REGISTRY }} | |
BASE_SOURCE_IMAGE_NAME: ${{ matrix.BASE_SOURCE_IMAGE_NAME }} | |
BASE_SOURCE_IMAGE_TAG: ${{ matrix.BASE_SOURCE_IMAGE_TAG }} | |
file: ${{ matrix.SOURCE_CONTEXT_DIR }}/${{ matrix.DOCKER_FILE_PATH }} | |
REGISTRY_USERNAME: ${{ secrets[matrix.REGISTRY_USERNAME_SECRET_NAME]}} | |
REGISTRY_PASSWORD: ${{ secrets[matrix.REGISTRY_PASSWORD_SECRET_NAME]}} | |
- name: Build and push Docker image | |
id: docker_build | |
if: contains(fromJSON('["aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service) | |
uses: docker/build-push-action@v5 | |
with: | |
context: ${{ matrix.SOURCE_CONTEXT_DIR }} | |
file: ${{ matrix.SOURCE_CONTEXT_DIR }}/${{ matrix.DOCKER_FILE_PATH }} | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
# annotations: ${{ steps.meta.outputs.annotations }} | |
outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized id | |
labels: ${{ steps.meta.outputs.labels }} | |
# labels: | | |
# acapy.version=0.1O.3 | |
# description = aries-cloudagent provides a base image for running Hyperledger Aries agents in Docker. This | |
# io.buildah.version=126.4 | |
# io.k8s.description=aries-cloudagent provides a base image for running Hyperledger Aries agents in Docker. This | |
# io.k8s.display-name=aries-endorser-agent-15 | |
# 4a9599-tools | |
# io.openshift.build.namespace= | |
# io.openshift.build.source-context-dir=docker/acapy | |
# maintainer=aries-coudagent | |
# org.opencontainers.image.created=2023-09-29T16:15:13.175Z | |
# org.opencontainers.image.description=Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized id | |
# org.opencontainers.image.licenses=Apache-2.0 | |
# org.opencontainers.image.revision=736cdfb38b68900b779e6159f8a16d299127fdc8 | |
# org.opencontainers.image.source=https://github.com/hyperledger/aries-cloudagent-python | |
# org.opencontainers.image.title=aries-doudagent-Python | |
# org.opencontainers.image.url=https://github.com/hyperledger/aries-cloudagent-python | |
# Py39-0103 | |
# org.opencontainers.image.version=aries-cloudaaent image | |
- name: Pull database image | |
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service) | |
run: | | |
docker pull ${{ matrix.BUILDER_IMAGE }} | |
- name: Extract Values | |
id: extract | |
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service) | |
run: echo "tags=$(echo '${{ steps.meta.outputs.tags }}' | grep -oE ':([^[:space:]]+)' | sed '/workflow/d' | sed 's/://g' | tr '\n' ' ')" >> $GITHUB_OUTPUT | |
- name: Build database image | |
id: build_image | |
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service) | |
uses: redhat-actions/s2i-build@v2 | |
with: | |
path_context: ${{ matrix.PATH }} | |
# Builder image for a java project | |
builder_image: ${{ matrix.BUILDER_IMAGE }} | |
image: dts-endorser-service/${{ matrix.service }} | |
tags: ${{ steps.extract.outputs.tags }} | |
- name: Push database image | |
id: push | |
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service) | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
tags: ${{ steps.build_image.outputs.tags }} | |
image: ${{ steps.build_image.outputs.image }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
registry: ghcr.io/bcgov | |
- name: Display ${{ matrix.service }} image results | |
id: digests | |
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service) | |
run: | | |
echo "registry_path=${{ steps.push.outputs.registry-paths }}" | |
digest=${{ steps.push.outputs.digest }} | |
echo 'digest=${digest}' | |
echo "${{ matrix.service }}_digest=${digest}" >> $GITHUB_OUTPUT | |
- name: Display ${{ matrix.service}} image results | |
id: digest | |
if: contains(fromJSON('["aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service) | |
run: | | |
echo 'imageid=${{ steps.docker_build.outputs.imageid }}' | |
digest=${{ steps.docker_build.outputs.digest }} | |
echo 'digest=${digest}' | |
echo "${{ matrix.service }}_digest=${digest}" >> $GITHUB_OUTPUT | |
cat $GITHUB_OUTPUT | |
deploy2dev: | |
needs: build | |
env: | |
ENVIRONMENT: dev | |
permissions: | |
packages: write | |
runs-on: ubuntu-latest | |
environment: dev | |
strategy: | |
# Serialize the deployments | |
max-parallel: 1 | |
matrix: | |
include: | |
- service: aries-endorser-db | |
- service: aries-endorser-agent | |
- service: aries-endorser-backup | |
- service: aries-endorser-proxy | |
- service: aries-endorser-api | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Deploy to ${{ env.ENVIRONMENT }} | |
uses: ./.github/workflows/actions/deploy | |
with: | |
environment: ${{ env.ENVIRONMENT }} | |
ghcr_token: ${{ secrets.GITHUB_TOKEN }} | |
github_image_name: ${{ env.GITHUB_IMAGE_REPO }}${{ matrix.service }} | |
image_digest: ${{ needs.build.outputs[format ('{0}_digest', matrix.service)] }} | |
openshift_image_name: ${{ env.OPENSHIFT_IMAGE_REPO }}${{ matrix.service }} | |
openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }} | |
namespace: ${{ vars.NAMESPACE }} | |
deployment_configuration: ${{ matrix.service }} | |
openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} | |
# rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }} | |
# # docker pull ghcr.io/bcgov/dts-endorser-service@sha256:57f946ab1053726ac6fcb71c85a98d355e926904ebe26db4798353668b3f6c68 | |
# # docker pull ghcr.io/bcgov/dts-endorser-service/aries-endorser-api:sha-e237467 | |
# # docker pull ${{ inputs.github_image_name }}@${{ inputs.image_digest }} | |
# # github_image_name: ${{ env.GITHUB_IMAGE_REPO }}${{ matrix.service }} | |
# # GITHUB_IMAGE_REPO: ghcr.io/bcgov/dts-endorser-service | |
# # docker pull ghcr.io/bcgov/dts-endorser-service | |
# # github_image_name: ghcr.io/bcgov/dts-endorser-service | |
# # docker push ghcr.io/bcgov/dts-endorser-service/aries-endorser-api | |
# # rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }} | |
# # deploy2test: | |
# # needs: [build, deploy2dev] | |
# # env: | |
# # ENVIRONMENT: test | |
# # permissions: | |
# # packages: write | |
# # runs-on: ubuntu-latest | |
# # environment: test | |
# # steps: | |
# # - name: Checkout | |
# # uses: actions/checkout@v3 | |
# # - name: deploy to ${{ env.ENVIRONMENT }} | |
# # uses: ./.github/workflows/actions/deploy | |
# # with: | |
# # environment: ${{ env.ENVIRONMENT }} | |
# # ghcr_token: ${{ secrets.GITHUB_TOKEN }} | |
# # github_image_name: ${{ env.GITHUB_IMAGE_REPO }}${{ env.APP_NAME }} | |
# # image_digest: ${{ needs.build.outputs.image_digest }} | |
# # openshift_image_name: ${{ env.OPENSHIFT_IMAGE_REPO }}${{ env.APP_NAME }} | |
# # openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }} | |
# # namespace: ${{ vars.NAMESPACE }} | |
# # deployment_configuration: ${{ env.APP_NAME }} | |
# # openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} | |
# # rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }} | |
# # deploy2prod: | |
# # needs: [build, deploy2dev, deploy2test] | |
# # env: | |
# # ENVIRONMENT: prod | |
# # permissions: | |
# # packages: write | |
# # runs-on: ubuntu-latest | |
# # environment: prod | |
# # steps: | |
# # - name: Checkout | |
# # uses: actions/checkout@v3 | |
# # - name: deploy to prod | |
# # uses: ./.github/workflows/actions/deploy | |
# # with: | |
# # environment: ${{ env.ENVIRONMENT }} | |
# # ghcr_token: ${{ secrets.GITHUB_TOKEN }} | |
# # github_image_name: ${{ env.GITHUB_IMAGE_REPO }}${{ env.APP_NAME }} | |
# # image_digest: ${{ needs.build.outputs.image_digest }} | |
# # openshift_image_name: ${{ env.OPENSHIFT_IMAGE_REPO }}${{ env.APP_NAME }} | |
# # openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }} | |
# # namespace: ${{ vars.NAMESPACE }} | |
# # deployment_configuration: ${{ env.APP_NAME }} | |
# # openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} | |
# # rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }} | |
# # aries-endorser-db, aries-endorser-backup, aries-endorser-proxy, aries-endorser-api |