test #165
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy Image | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - workflow | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| GITHUB_IMAGE_REPO: ghcr.io/bcgov/dts-endorser-service/ | |
| OPENSHIFT_IMAGE_REPO: image-registry.apps.silver.devops.gov.bc.ca/4a9599-tools/ | |
| APP_NAMES: aries-endorser-agent,aries-endorser-db,aries-endorser-backup,aries-endorser-proxy,aries-endorser-api | |
| jobs: | |
| build: | |
| if: (github.repository == 'bcgov/dts-endorser-service') || (github.event_name == 'workflow_dispatch') | |
| name: Build Image | |
| permissions: | |
| packages: write | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - service: aries-endorser-agent | |
| GIT_REPO_URL: hyperledger/aries-endorser-service | |
| GIT_REF: "" | |
| DOCKER_FILE_PATH: Dockerfile.acapy # The docker path, file, is the relative path to the docker file from the root of the repo. | |
| SOURCE_CONTEXT_DIR: docker/acapy # The context dir, context, sets the context for the build. i.e. where the build will source files from | |
| SOURCE_IMAGE_REGISTRY: "" | |
| SOURCE_IMAGE_NAME: "" | |
| SOURCE_IMAGE_TAG: "" | |
| REGISTRY_USERNAME_SECRET_NAME: ARTIFACTORY_USERNAME | |
| REGISTRY_PASSWORD_SECRET_NAME: ARTIFACTORY_PASSWORD | |
| - service: aries-endorser-db | |
| GIT_REPO_URL: hyperledger/aries-endorser-service | |
| GIT_REF: "" | |
| SOURCE_CONTEXT_DIR: docker/wallet/config | |
| SOURCE_IMAGE_REGISTRY: "quay.io/" | |
| SOURCE_IMAGE_NAME: "fedora/postgresql-13" | |
| SOURCE_IMAGE_TAG: "13" | |
| - service: aries-endorser-backup | |
| GIT_REPO_URL: BCDevOps/backup-container | |
| GIT_REF: 2.5.1 | |
| DOCKER_FILE_PATH: Dockerfile # The docker path, file, is the relative path to the docker file from the root of the repo. | |
| SOURCE_CONTEXT_DIR: docker # The context dir, context, sets the context for the build. i.e. where the build will source files from | |
| SOURCE_IMAGE_REGISTRY: artifacts.developer.gov.bc.ca/docker-remote/ | |
| SOURCE_IMAGE_NAME: centos/postgresql-13-centos7 | |
| SOURCE_IMAGE_TAG: 20210722-70dc4d3 | |
| REGISTRY_USERNAME_SECRET_NAME: ARTIFACTORY_USERNAME | |
| REGISTRY_PASSWORD_SECRET_NAME: ARTIFACTORY_PASSWORD | |
| - service: aries-endorser-proxy | |
| GIT_REF: "" | |
| DOCKER_FILE_PATH: Dockerfile # The docker path, file, is the relative path to the docker file from the root of the repo. | |
| SOURCE_CONTEXT_DIR: proxy # The context dir, context, sets the context for the build. i.e. where the build will source files from | |
| SOURCE_IMAGE_REGISTRY: "artifacts.developer.gov.bc.ca/docker-remote/" | |
| SOURCE_IMAGE_NAME: caddy | |
| SOURCE_IMAGE_TAG: latest | |
| REGISTRY_USERNAME_SECRET_NAME: ARTIFACTORY_USERNAME | |
| REGISTRY_PASSWORD_SECRET_NAME: ARTIFACTORY_PASSWORD | |
| - service: aries-endorser-api | |
| GIT_REPO_URL: hyperledger/aries-endorser-service | |
| GIT_REF: "" | |
| DOCKER_FILE_PATH: Dockerfile.endorser # The docker path, file, is the relative path to the docker file from the root of the repo. | |
| SOURCE_CONTEXT_DIR: endorser # The context dir, context, sets the context for the build. i.e. where the build will source files from | |
| SOURCE_IMAGE_REGISTRY: artifacts.developer.gov.bc.ca/docker-remote/ | |
| SOURCE_IMAGE_NAME: python | |
| SOURCE_IMAGE_TAG: 3.10-slim-buster | |
| REGISTRY_USERNAME_SECRET_NAME: ARTIFACTORY_USERNAME | |
| REGISTRY_PASSWORD_SECRET_NAME: ARTIFACTORY_PASSWORD | |
| outputs: | |
| aries-endorser-agent_digest: ${{ steps.digest.outputs.aries-endorser-agent_digest }} | |
| aries-endorser-backup_digest: ${{ steps.digest.outputs.aries-endorser-backup_digest }} | |
| aries-endorser-api_digest: ${{ steps.digest.outputs.aries-endorser-api_digest }} | |
| aries-endorser-proxy_digest: ${{ steps.digest.outputs.aries-endorser-proxy_digest }} | |
| aries-endorser-db_digest: ${{ steps.digests.outputs.aries-endorser-db_digest }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ matrix.GIT_REPO_URL }} | |
| ref: ${{ matrix.GIT_REF }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to image registry | |
| if: matrix.SOURCE_IMAGE_REGISTRY != '' && contains(fromJSON('["aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service) | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ matrix.SOURCE_IMAGE_REGISTRY }} | |
| username: ${{ secrets[matrix.REGISTRY_USERNAME_SECRET_NAME]}} | |
| password: ${{ secrets[matrix.REGISTRY_PASSWORD_SECRET_NAME]}} | |
| - name: Create Dockerfile for ${{ matrix.service }} | |
| if: contains(fromJSON('["aries-endorser-proxy"]'), matrix.service) | |
| run: | | |
| BASE_IMAGE="${{ matrix.SOURCE_IMAGE_REGISTRY }}${{ matrix.SOURCE_IMAGE_NAME }}:${{ matrix.SOURCE_IMAGE_TAG }}" | |
| echo "$BASE_IMAGE" | |
| mkdir ${{ matrix.SOURCE_CONTEXT_DIR }} && cd ${{ matrix.SOURCE_CONTEXT_DIR }} | |
| echo "FROM ${BASE_IMAGE}" > Dockerfile | |
| echo "RUN chown 1001:root /usr/bin/caddy" >> Dockerfile | |
| # env: | |
| # context: ${{ matrix.SOURCE_CONTEXT_DIR }} | |
| # SOURCE_IMAGE_REGISTRY: ${{ matrix.SOURCE_IMAGE_REGISTRY }} | |
| # SOURCE_IMAGE_NAME: ${{ matrix.SOURCE_IMAGE_NAME }} | |
| # SOURCE_IMAGE_TAG: ${{ matrix.SOURCE_IMAGE_TAG }} | |
| - name: Prepare docker tags for image | |
| id: meta | |
| # if: contains(fromJSON('["aries-endorser-db","aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service) | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.GITHUB_IMAGE_REPO }}${{ matrix.service }} | |
| flavor: | | |
| latest=true | |
| tags: | | |
| type=schedule | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha,value=latest | |
| labels: | | |
| ca.bc.gov.digitaltrust.build.source-location=${{ github.repositoryUrl }} | |
| ca.bc.gov.digitaltrust.build.commit.id=${{ github.sha }} | |
| - name: Update Docker base image | |
| if: matrix.SOURCE_IMAGE_REGISTRY != '' && contains(fromJSON('["aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service) | |
| run: | | |
| BASE_IMAGE="${{ matrix.SOURCE_IMAGE_REGISTRY }}$${{ matrix.SOURCE_IMAGE_NAME }}:${{ matrix.SOURCE_IMAGE_TAG }}" | |
| sed -i -e "s;FROM .*;FROM ${BASE_IMAGE};g" "${{ matrix.SOURCE_CONTEXT_DIR }}/${{ matrix.DOCKER_FILE_PATH }}" | |
| # env: | |
| # context: ${{ matrix.SOURCE_CONTEXT_DIR }} | |
| # SOURCE_IMAGE_REGISTRY: ${{ matrix.SOURCE_IMAGE_REGISTRY }} | |
| # SOURCE_IMAGE_NAME: ${{ matrix.SOURCE_IMAGE_NAME }} | |
| # SOURCE_IMAGE_TAG: ${{ matrix.SOURCE_IMAGE_TAG }} | |
| # file: ${{ matrix.SOURCE_CONTEXT_DIR }}/${{ matrix.DOCKER_FILE_PATH }} | |
| - name: Extract Tags | |
| id: extract | |
| if: contains(fromJSON('["aries-endorser-db"]'), matrix.service) | |
| run: echo "tags=$(echo '${{ steps.meta.outputs.tags }}' | grep -oE ':([^[:space:]]+)' | sed '/workflow/d' | sed 's/://g' | tr '\n' ' ')" >> $GITHUB_OUTPUT | |
| # - name: Pull database image | |
| # if: contains(fromJSON('["aries-endorser-db"]'), matrix.service) | |
| # run: | | |
| # docker pull ${{ matrix.SOURCE_IMAGE_REGISTRY }}${{ matrix.SOURCE_IMAGE_NAME }}:${{ matrix.SOURCE_IMAGE_TAG }} | |
| - name: Build database image | |
| id: build_image | |
| if: contains(fromJSON('["aries-endorser-db"]'), matrix.service) | |
| uses: redhat-actions/s2i-build@v2 | |
| with: | |
| path_context: ${{ matrix.PATH }} | |
| builder_image: "${{ matrix.SOURCE_IMAGE_REGISTRY }}${{ matrix.SOURCE_IMAGE_NAME }}:${{ matrix.SOURCE_IMAGE_TAG }}" | |
| image: ${{ matrix.service }} | |
| tags: ${{ steps.extract.outputs.tags }} | |
| labels: | | |
| ca.bc.gov.digitaltrust.build.source-location=${{ github.repositoryUrl }} | |
| ca.bc.gov.digitaltrust.build.commit.id=${{ github.sha }} | |
| - name: Push database image | |
| id: push | |
| if: contains(fromJSON('["aries-endorser-db"]'), matrix.service) | |
| uses: redhat-actions/push-to-registry@v2 | |
| with: | |
| tags: ${{ steps.build_image.outputs.tags }} | |
| image: ${{ steps.build_image.outputs.image }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| registry: ${{ env.GITHUB_IMAGE_REPO }} | |
| # - name: Log in to the GHCR | |
| # uses: docker/login-action@v3 | |
| # with: | |
| # registry: ghcr.io | |
| # username: ${{ github.actor }} | |
| # password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push Docker image | |
| id: docker_build | |
| if: contains(fromJSON('["aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service) | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ${{ matrix.SOURCE_CONTEXT_DIR }} | |
| file: ${{ matrix.SOURCE_CONTEXT_DIR }}/${{ matrix.DOCKER_FILE_PATH }} | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| outputs: type=image,name=target | |
| labels: | | |
| ca.bc.gov.digitaltrust.build.source-location=${{ github.repositoryUrl }} | |
| ca.bc.gov.digitaltrust.build.commit.id=${{ github.sha }} | |
| - name: Display ${{ matrix.service }} image results | |
| id: digests | |
| if: contains(fromJSON('["aries-endorser-db"]'), matrix.service) | |
| run: | | |
| echo "registry_path=${{ steps.push.outputs.registry-paths }}" | |
| digest=${{ steps.push.outputs.digest }} | |
| echo "digest=${digest}" | |
| echo "${{ matrix.service }}_digest=${digest}" >> $GITHUB_OUTPUT | |
| - name: Display ${{ matrix.service}} image results | |
| id: digest | |
| if: contains(fromJSON('["aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service) | |
| run: | | |
| echo 'imageid=${{ steps.docker_build.outputs.imageid }}' | |
| digest=${{ steps.docker_build.outputs.digest }} | |
| echo "digest=${digest}" | |
| echo "${{ matrix.service }}_digest=${digest}" >> $GITHUB_OUTPUT | |
| cat $GITHUB_OUTPUT | |
| # deploy2dev: | |
| # needs: build | |
| # env: | |
| # ENVIRONMENT: dev | |
| # permissions: | |
| # packages: write | |
| # runs-on: ubuntu-latest | |
| # environment: dev | |
| # strategy: | |
| # # Serialize the deployments | |
| # max-parallel: 1 | |
| # matrix: | |
| # include: | |
| # - service: aries-endorser-db | |
| # - service: aries-endorser-agent | |
| # - service: aries-endorser-backup | |
| # - service: aries-endorser-proxy | |
| # - service: aries-endorser-api | |
| # steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@v4 | |
| # - name: Deploy to ${{ env.ENVIRONMENT }} | |
| # uses: ./.github/workflows/actions/deploy | |
| # with: | |
| # environment: ${{ env.ENVIRONMENT }} | |
| # ghcr_token: ${{ secrets.GITHUB_TOKEN }} | |
| # github_image_name: ${{ env.GITHUB_IMAGE_REPO }}${{ matrix.service }} | |
| # image_digest: ${{ needs.build.outputs[format ('{0}_digest', matrix.service)] }} | |
| # openshift_image_name: ${{ env.OPENSHIFT_IMAGE_REPO }}${{ matrix.service }} | |
| # openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }} | |
| # namespace: ${{ vars.NAMESPACE }} | |
| # deployment_configuration: ${{ matrix.service }} | |
| # openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} | |
| # rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }} | |
| # # deploy2test: | |
| # # needs: [build, deploy2dev] | |
| # # env: | |
| # # ENVIRONMENT: test | |
| # # permissions: | |
| # # packages: write | |
| # # runs-on: ubuntu-latest | |
| # # environment: test | |
| # # steps: | |
| # # - name: Checkout | |
| # # uses: actions/checkout@v3 | |
| # # - name: deploy to ${{ env.ENVIRONMENT }} | |
| # # uses: ./.github/workflows/actions/deploy | |
| # # with: | |
| # # environment: ${{ env.ENVIRONMENT }} | |
| # # ghcr_token: ${{ secrets.GITHUB_TOKEN }} | |
| # # github_image_name: ${{ env.GITHUB_IMAGE_REPO }}${{ env.APP_NAME }} | |
| # # image_digest: ${{ needs.build.outputs.image_digest }} | |
| # # openshift_image_name: ${{ env.OPENSHIFT_IMAGE_REPO }}${{ env.APP_NAME }} | |
| # # openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }} | |
| # # namespace: ${{ vars.NAMESPACE }} | |
| # # deployment_configuration: ${{ env.APP_NAME }} | |
| # # openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} | |
| # # rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }} | |
| # # deploy2prod: | |
| # # needs: [build, deploy2dev, deploy2test] | |
| # # env: | |
| # # ENVIRONMENT: prod | |
| # # permissions: | |
| # # packages: write | |
| # # runs-on: ubuntu-latest | |
| # # environment: prod | |
| # # steps: | |
| # # - name: Checkout | |
| # # uses: actions/checkout@v3 | |
| # # - name: deploy to prod | |
| # # uses: ./.github/workflows/actions/deploy | |
| # # with: | |
| # # environment: ${{ env.ENVIRONMENT }} | |
| # # ghcr_token: ${{ secrets.GITHUB_TOKEN }} | |
| # # github_image_name: ${{ env.GITHUB_IMAGE_REPO }}${{ env.APP_NAME }} | |
| # # image_digest: ${{ needs.build.outputs.image_digest }} | |
| # # openshift_image_name: ${{ env.OPENSHIFT_IMAGE_REPO }}${{ env.APP_NAME }} | |
| # # openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }} | |
| # # namespace: ${{ vars.NAMESPACE }} | |
| # # deployment_configuration: ${{ env.APP_NAME }} | |
| # # openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} | |
| # # rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }}`` |