test #173
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Deploy Image | |
on: | |
workflow_dispatch: | |
inputs: | |
git_ref: | |
description: 'Git ref to build from' | |
required: true | |
push: | |
branches: | |
- workflow | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
GITHUB_IMAGE_REPO: ghcr.io/bcgov/dts-endorser-service/ | |
OPENSHIFT_IMAGE_REPO: image-registry.apps.silver.devops.gov.bc.ca/4a9599-tools/ | |
APP_NAMES: aries-endorser-agent,aries-endorser-db,aries-endorser-backup,aries-endorser-proxy,aries-endorser-api | |
jobs: | |
build: | |
if: (github.repository == 'bcgov/dts-endorser-service') || (github.event_name == 'workflow_dispatch') | |
name: Build Image | |
permissions: | |
packages: write | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- service: aries-endorser-agent | |
GIT_REPO_URL: hyperledger/aries-endorser-service | |
GIT_REF: "" | |
DOCKER_FILE_PATH: Dockerfile.acapy # The docker path, file, is the relative path to the docker file from the root of the repo. | |
SOURCE_CONTEXT_DIR: docker/acapy # The context dir, context, sets the context for the build. i.e. where the build will source files from | |
SOURCE_IMAGE_REGISTRY: "" | |
SOURCE_IMAGE_NAME: "" | |
SOURCE_IMAGE_TAG: "" | |
REGISTRY_USERNAME_SECRET_NAME: "" | |
REGISTRY_PASSWORD_SECRET_NAME: "" | |
- service: aries-endorser-db | |
GIT_REPO_URL: hyperledger/aries-endorser-service | |
GIT_REF: "" | |
SOURCE_CONTEXT_DIR: docker/wallet/config | |
SOURCE_IMAGE_REGISTRY: "quay.io/" | |
SOURCE_IMAGE_NAME: "fedora/postgresql-13" | |
SOURCE_IMAGE_TAG: "13" | |
- service: aries-endorser-backup | |
GIT_REPO_URL: BCDevOps/backup-container | |
GIT_REF: 2.5.1 | |
DOCKER_FILE_PATH: Dockerfile # The docker path, file, is the relative path to the docker file from the root of the repo. | |
SOURCE_CONTEXT_DIR: docker # The context dir, context, sets the context for the build. i.e. where the build will source files from | |
SOURCE_IMAGE_REGISTRY: artifacts.developer.gov.bc.ca/docker-remote/ | |
SOURCE_IMAGE_NAME: centos/postgresql-13-centos7 | |
SOURCE_IMAGE_TAG: 20210722-70dc4d3 | |
REGISTRY_USERNAME_SECRET_NAME: ARTIFACTORY_USERNAME | |
REGISTRY_PASSWORD_SECRET_NAME: ARTIFACTORY_PASSWORD | |
- service: aries-endorser-proxy | |
GIT_REF: "" | |
DOCKER_FILE_PATH: Dockerfile # The docker path, file, is the relative path to the docker file from the root of the repo. | |
SOURCE_CONTEXT_DIR: proxy # The context dir, context, sets the context for the build. i.e. where the build will source files from | |
SOURCE_IMAGE_REGISTRY: "artifacts.developer.gov.bc.ca/docker-remote/" | |
SOURCE_IMAGE_NAME: caddy | |
SOURCE_IMAGE_TAG: latest | |
REGISTRY_USERNAME_SECRET_NAME: ARTIFACTORY_USERNAME | |
REGISTRY_PASSWORD_SECRET_NAME: ARTIFACTORY_PASSWORD | |
- service: aries-endorser-api | |
GIT_REPO_URL: hyperledger/aries-endorser-service | |
GIT_REF: "" | |
DOCKER_FILE_PATH: Dockerfile.endorser # The docker path, file, is the relative path to the docker file from the root of the repo. | |
SOURCE_CONTEXT_DIR: endorser # The context dir, context, sets the context for the build. i.e. where the build will source files from | |
SOURCE_IMAGE_REGISTRY: artifacts.developer.gov.bc.ca/docker-remote/ | |
SOURCE_IMAGE_NAME: python | |
SOURCE_IMAGE_TAG: 3.10-slim-buster | |
REGISTRY_USERNAME_SECRET_NAME: ARTIFACTORY_USERNAME | |
REGISTRY_PASSWORD_SECRET_NAME: ARTIFACTORY_PASSWORD | |
outputs: | |
aries-endorser-agent_digest: ${{ steps.digest.outputs.aries-endorser-agent_digest }} | |
aries-endorser-backup_digest: ${{ steps.digest.outputs.aries-endorser-backup_digest }} | |
aries-endorser-api_digest: ${{ steps.digest.outputs.aries-endorser-api_digest }} | |
aries-endorser-proxy_digest: ${{ steps.digest.outputs.aries-endorser-proxy_digest }} | |
aries-endorser-db_digest: ${{ steps.digests.outputs.aries-endorser-db_digest }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
repository: ${{ matrix.GIT_REPO_URL }} | |
ref: ${{ matrix.GIT_REF }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to image registry | |
if: matrix.REGISTRY_USERNAME_SECRET_NAME != '' | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ matrix.SOURCE_IMAGE_REGISTRY }} | |
username: ${{ secrets[matrix.REGISTRY_USERNAME_SECRET_NAME]}} | |
password: ${{ secrets[matrix.REGISTRY_PASSWORD_SECRET_NAME]}} | |
- name: Create Dockerfile for ${{ matrix.service }} | |
if: contains(fromJSON('["aries-endorser-proxy"]'), matrix.service) | |
run: | | |
BASE_IMAGE="${{ matrix.SOURCE_IMAGE_REGISTRY }}${{ matrix.SOURCE_IMAGE_NAME }}:${{ matrix.SOURCE_IMAGE_TAG }}" | |
echo "$BASE_IMAGE" | |
mkdir "${{ matrix.SOURCE_CONTEXT_DIR }}" && cd "${{ matrix.SOURCE_CONTEXT_DIR }}" | |
echo "FROM ${BASE_IMAGE}" > Dockerfile | |
echo "RUN chown 1001:root /usr/bin/caddy" >> Dockerfile | |
# env: | |
# context: ${{ matrix.SOURCE_CONTEXT_DIR }} | |
# SOURCE_IMAGE_REGISTRY: ${{ matrix.SOURCE_IMAGE_REGISTRY }} | |
# SOURCE_IMAGE_NAME: ${{ matrix.SOURCE_IMAGE_NAME }} | |
# SOURCE_IMAGE_TAG: ${{ matrix.SOURCE_IMAGE_TAG }} | |
- name: Prepare docker tags for image | |
id: meta | |
# if: contains(fromJSON('["aries-endorser-db","aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service) | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.GITHUB_IMAGE_REPO }}${{ matrix.service }} | |
flavor: | | |
latest=true | |
tags: | | |
type=schedule | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}} | |
type=sha,value=latest | |
labels: | | |
ca.bc.gov.digitaltrust.build.source-location=${{ github.repositoryUrl }} | |
ca.bc.gov.digitaltrust.build.commit.id=${{ github.sha }} | |
- name: Update Docker base image | |
if: matrix.SOURCE_IMAGE_REGISTRY != '' && contains(fromJSON('["aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service) | |
run: | | |
BASE_IMAGE="${{ matrix.SOURCE_IMAGE_REGISTRY }}${{ matrix.SOURCE_IMAGE_NAME }}:${{ matrix.SOURCE_IMAGE_TAG }}" | |
sed -i -e "s;FROM .*;FROM ${BASE_IMAGE};g" "${{ matrix.SOURCE_CONTEXT_DIR }}/${{ matrix.DOCKER_FILE_PATH }}" | |
# env: | |
# context: ${{ matrix.SOURCE_CONTEXT_DIR }} | |
# SOURCE_IMAGE_REGISTRY: ${{ matrix.SOURCE_IMAGE_REGISTRY }} | |
# SOURCE_IMAGE_NAME: ${{ matrix.SOURCE_IMAGE_NAME }} | |
# SOURCE_IMAGE_TAG: ${{ matrix.SOURCE_IMAGE_TAG }} | |
# file: ${{ matrix.SOURCE_CONTEXT_DIR }}/${{ matrix.DOCKER_FILE_PATH }} | |
- name: Extract Tags | |
id: extract | |
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service) | |
run: echo "tags=$(echo '${{ steps.meta.outputs.tags }}' | grep -oE ':([^[:space:]]+)' | sed '/workflow/d' | sed 's/://g' | tr '\n' ' ')" >> $GITHUB_OUTPUT | |
- name: Pull database image | |
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service) | |
run: | | |
docker pull ${{ matrix.SOURCE_IMAGE_REGISTRY }}${{ matrix.SOURCE_IMAGE_NAME }}:${{ matrix.SOURCE_IMAGE_TAG }} | |
- name: Build database image | |
id: build_image | |
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service) | |
uses: redhat-actions/s2i-build@v2 | |
with: | |
path_context: ${{ matrix.SOURCE_CONTEXT_DIR}} | |
builder_image: "${{ matrix.SOURCE_IMAGE_REGISTRY }}${{ matrix.SOURCE_IMAGE_NAME }}:${{ matrix.SOURCE_IMAGE_TAG }}" | |
image: ${{ matrix.service }} | |
tags: ${{ steps.extract.outputs.tags }} | |
- name: Push database image | |
id: push | |
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service) | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
tags: ${{ steps.build_image.outputs.tags }} | |
image: ${{ steps.build_image.outputs.image }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
registry: ${{ env.GITHUB_IMAGE_REPO }} | |
- name: Log in to the GHCR | |
if: contains(fromJSON('["aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service) | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push Docker image | |
id: docker_build | |
if: contains(fromJSON('["aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service) | |
uses: docker/build-push-action@v5 | |
with: | |
context: ${{ matrix.SOURCE_CONTEXT_DIR }} | |
file: ${{ matrix.SOURCE_CONTEXT_DIR }}/${{ matrix.DOCKER_FILE_PATH }} | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
outputs: type=image,name=target | |
labels: | | |
ca.bc.gov.digitaltrust.build.source-location=${{ github.repositoryUrl }} | |
ca.bc.gov.digitaltrust.build.commit.id=${{ github.sha }} | |
- name: Display ${{ matrix.service }} image results | |
id: digests | |
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service) | |
run: | | |
echo "registry_path=${{ steps.push.outputs.registry-paths }}" | |
digest=${{ steps.push.outputs.digest }} | |
echo "digest=${digest}" | |
echo "${{ matrix.service }}_digest=${digest}" >> $GITHUB_OUTPUT | |
- name: Display ${{ matrix.service}} image results | |
id: digest | |
if: contains(fromJSON('["aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service) | |
run: | | |
echo 'imageid=${{ steps.docker_build.outputs.imageid }}' | |
digest=${{ steps.docker_build.outputs.digest }} | |
echo "digest=${digest}" | |
echo "${{ matrix.service }}_digest=${digest}" >> $GITHUB_OUTPUT | |
cat $GITHUB_OUTPUT | |
# deploy2dev: | |
# needs: build | |
# env: | |
# ENVIRONMENT: dev | |
# permissions: | |
# packages: write | |
# runs-on: ubuntu-latest | |
# environment: dev | |
# strategy: | |
# # Serialize the deployments | |
# max-parallel: 1 | |
# matrix: | |
# include: | |
# - service: aries-endorser-db | |
# - service: aries-endorser-agent | |
# - service: aries-endorser-backup | |
# - service: aries-endorser-proxy | |
# - service: aries-endorser-api | |
# steps: | |
# - name: Checkout | |
# uses: actions/checkout@v4 | |
# - name: Deploy to ${{ env.ENVIRONMENT }} | |
# uses: ./.github/workflows/actions/deploy | |
# with: | |
# environment: ${{ env.ENVIRONMENT }} | |
# ghcr_token: ${{ secrets.GITHUB_TOKEN }} | |
# github_image_name: ${{ env.GITHUB_IMAGE_REPO }}${{ matrix.service }} | |
# image_digest: ${{ needs.build.outputs[format ('{0}_digest', matrix.service)] }} | |
# openshift_image_name: ${{ env.OPENSHIFT_IMAGE_REPO }}${{ matrix.service }} | |
# openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }} | |
# namespace: ${{ vars.NAMESPACE }} | |
# deployment_configuration: ${{ matrix.service }} | |
# openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} | |
# rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }} | |
# # deploy2test: | |
# # needs: [build, deploy2dev] | |
# # env: | |
# # ENVIRONMENT: test | |
# # permissions: | |
# # packages: write | |
# # runs-on: ubuntu-latest | |
# # environment: test | |
# # steps: | |
# # - name: Checkout | |
# # uses: actions/checkout@v3 | |
# # - name: deploy to ${{ env.ENVIRONMENT }} | |
# # uses: ./.github/workflows/actions/deploy | |
# # with: | |
# # environment: ${{ env.ENVIRONMENT }} | |
# # ghcr_token: ${{ secrets.GITHUB_TOKEN }} | |
# # github_image_name: ${{ env.GITHUB_IMAGE_REPO }}${{ env.APP_NAME }} | |
# # image_digest: ${{ needs.build.outputs.image_digest }} | |
# # openshift_image_name: ${{ env.OPENSHIFT_IMAGE_REPO }}${{ env.APP_NAME }} | |
# # openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }} | |
# # namespace: ${{ vars.NAMESPACE }} | |
# # deployment_configuration: ${{ env.APP_NAME }} | |
# # openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} | |
# # rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }} | |
# # deploy2prod: | |
# # needs: [build, deploy2dev, deploy2test] | |
# # env: | |
# # ENVIRONMENT: prod | |
# # permissions: | |
# # packages: write | |
# # runs-on: ubuntu-latest | |
# # environment: prod | |
# # steps: | |
# # - name: Checkout | |
# # uses: actions/checkout@v3 | |
# # - name: deploy to prod | |
# # uses: ./.github/workflows/actions/deploy | |
# # with: | |
# # environment: ${{ env.ENVIRONMENT }} | |
# # ghcr_token: ${{ secrets.GITHUB_TOKEN }} | |
# # github_image_name: ${{ env.GITHUB_IMAGE_REPO }}${{ env.APP_NAME }} | |
# # image_digest: ${{ needs.build.outputs.image_digest }} | |
# # openshift_image_name: ${{ env.OPENSHIFT_IMAGE_REPO }}${{ env.APP_NAME }} | |
# # openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }} | |
# # namespace: ${{ vars.NAMESPACE }} | |
# # deployment_configuration: ${{ env.APP_NAME }} | |
# # openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} | |
# # rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }}`` |