diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 1f491581..143e5f61 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -1,15 +1,7 @@ name: Build and Deploy Image on: - workflow_dispatch: - inputs: - tag: - description: 'Define the tag for the code' - required: false - branch: - description: 'Define branch name' - required: false - default: 'main' + push: branches: - workflow @@ -37,6 +29,11 @@ jobs: GIT_REPO_URL: hyperledger/aries-endorser-service DOCKER_FILE_PATH: Dockerfile.acapy # The docker path, file, is the relative path to the docker file from the root of the repo. SOURCE_CONTEXT_DIR: docker/acapy # The context dir, context, sets the context for the build. i.e. where the build will source files from + SOURCE_IMAGE_REGISTRY: "" + SOURCE_IMAGE_NAME: "" + SOURCE_IMAGE_TAG: "" + REGISTRY_USERNAME: ARTIFACTORY_USERNAME + REGISTRY_PASSWORD: ARTIFACTORY_PASSWORD - service: aries-endorser-db GIT_REPO_URL: hyperledger/aries-endorser-service PATH: docker/wallet/config @@ -45,12 +42,19 @@ jobs: GIT_REPO_URL: BCDevOps/backup-container DOCKER_FILE_PATH: Dockerfile # The docker path, file, is the relative path to the docker file from the root of the repo. SOURCE_CONTEXT_DIR: docker # The context dir, context, sets the context for the build. i.e. where the build will source files from + SOURCE_IMAGE_REGISTRY: "" + SOURCE_IMAGE_NAME: "" + SOURCE_IMAGE_TAG: "" + REGISTRY_USERNAME: ARTIFACTORY_USERNAME + REGISTRY_PASSWORD: ARTIFACTORY_PASSWORD - service: aries-endorser-proxy DOCKER_FILE_PATH: Dockerfile # The docker path, file, is the relative path to the docker file from the root of the repo. SOURCE_CONTEXT_DIR: proxy # The context dir, context, sets the context for the build. i.e. where the build will source files from SOURCE_IMAGE_REGISTRY: "artifacts.developer.gov.bc.ca/docker-remote/" SOURCE_IMAGE_NAME: caddy SOURCE_IMAGE_TAG: latest + REGISTRY_USERNAME: ARTIFACTORY_USERNAME + REGISTRY_PASSWORD: ARTIFACTORY_PASSWORD - service: aries-endorser-api GIT_REPO_URL: hyperledger/aries-endorser-service DOCKER_FILE_PATH: Dockerfile.endorser # The docker path, file, is the relative path to the docker file from the root of the repo. @@ -70,24 +74,26 @@ jobs: steps: - name: Checkout uses: actions/checkout@v4 - with: + with: repository: ${{ matrix.GIT_REPO_URL }} - ref: ${{ github.ref || github.event.inputs.tag || github.event.inputs.branch || 'main' }} - + ref: ${{ github.ref }} + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Login to image registry + if: matrix.SOURCE_IMAGE_REGISTRY != '' + uses: docker/login-action@v3 + with: + registry: ${{ matrix.SOURCE_IMAGE_REGISTRY }} + username: ${{ secrets[matrix.REGISTRY_USERNAME_SECRET_NAME]}} + password: ${{ secrets[matrix.REGISTRY_PASSWORD_SECRET_NAME]}} + + - name: Pull base image for proxy and Create Docker file if: contains(fromJSON('["aries-endorser-proxy"]'), matrix.service) run: | - if [[ -n "${BASE_SOURCE_IMAGE_REGISTRY}" ]]; then - docker login -u $REGISTRY_USERNAME -p $REGISTRY_PASSWORD $BASE_SOURCE_IMAGE_REGISTRY - BASE_IMAGE="${BASE_SOURCE_IMAGE_REGISTRY}${BASE_SOURCE_IMAGE_NAME}:${BASE_SOURCE_IMAGE_TAG}" - else - docker login -u $REGISTRY_USERNAME -p $REGISTRY_PASSWORD $SOURCE_IMAGE_REGISTRY BASE_IMAGE=${SOURCE_IMAGE_REGISTRY}${SOURCE_IMAGE_NAME}:${SOURCE_IMAGE_TAG} - fi - docker pull "${BASE_IMAGE}" mkdir ${context} && cd ${context} echo "FROM ${BASE_IMAGE}" > Dockerfile echo "RUN chown 1001:root /usr/bin/caddy" >> Dockerfile @@ -96,11 +102,7 @@ jobs: SOURCE_IMAGE_REGISTRY: ${{ matrix.SOURCE_IMAGE_REGISTRY }} SOURCE_IMAGE_NAME: ${{ matrix.SOURCE_IMAGE_NAME }} SOURCE_IMAGE_TAG: ${{ matrix.SOURCE_IMAGE_TAG }} - BASE_SOURCE_IMAGE_REGISTRY: ${{ matrix.BASE_SOURCE_IMAGE_REGISTRY }} - BASE_SOURCE_IMAGE_NAME: ${{ matrix.BASE_SOURCE_IMAGE_NAME }} - BASE_SOURCE_IMAGE_TAG: ${{ matrix.BASE_SOURCE_IMAGE_TAG }} - REGISTRY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }} - REGISTRY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }} + - name: Log in to the GHCR uses: docker/login-action@v3 @@ -130,22 +132,17 @@ jobs: io.openshift.build.commit.id=${{ github.sha }} - name: Update Docker base image and pull the base image if access is required - if: matrix.BASE_SOURCE_IMAGE_REGISTRY != '' && contains(fromJSON('["aries-endorser-db","aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service) + if: matrix.SOURCE_IMAGE_REGISTRY != '' && contains(fromJSON('["aries-endorser-db","aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service) run: | - if [[ -n "${REGISTRY_USERNAME}" ]]; then - docker login -u $REGISTRY_USERNAME -p $REGISTRY_PASSWORD $BASE_SOURCE_IMAGE_REGISTRY - fi BASE_IMAGE="${BASE_SOURCE_IMAGE_REGISTRY}${BASE_SOURCE_IMAGE_NAME}:${BASE_SOURCE_IMAGE_TAG}" sed -i -e "s;FROM .*;FROM ${BASE_IMAGE};g" "$file" - docker pull $BASE_IMAGE env: context: ${{ matrix.SOURCE_CONTEXT_DIR }} - BASE_SOURCE_IMAGE_REGISTRY: ${{ matrix.BASE_SOURCE_IMAGE_REGISTRY }} - BASE_SOURCE_IMAGE_NAME: ${{ matrix.BASE_SOURCE_IMAGE_NAME }} - BASE_SOURCE_IMAGE_TAG: ${{ matrix.BASE_SOURCE_IMAGE_TAG }} + SOURCE_IMAGE_REGISTRY: ${{ matrix.SOURCE_IMAGE_REGISTRY }} + SOURCE_IMAGE_NAME: ${{ matrix.SOURCE_IMAGE_NAME }} + SOURCE_IMAGE_TAG: ${{ matrix.SOURCE_IMAGE_TAG }} file: ${{ matrix.SOURCE_CONTEXT_DIR }}/${{ matrix.DOCKER_FILE_PATH }} - REGISTRY_USERNAME: ${{ secrets[matrix.REGISTRY_USERNAME_SECRET_NAME]}} - REGISTRY_PASSWORD: ${{ secrets[matrix.REGISTRY_PASSWORD_SECRET_NAME]}} + - name: Build and push Docker image id: docker_build @@ -157,11 +154,7 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} outputs: type=image,name=target - - - name: Pull database image - if: contains(fromJSON('["aries-endorser-db"]'), matrix.service) - run: | - docker pull ${{ matrix.BUILDER_IMAGE }} + - name: Extract Tags id: extract if: contains(fromJSON('["aries-endorser-db"]'), matrix.service) @@ -208,41 +201,41 @@ jobs: echo "${{ matrix.service }}_digest=${digest}" >> $GITHUB_OUTPUT cat $GITHUB_OUTPUT - deploy2dev: - needs: build - env: - ENVIRONMENT: dev - permissions: - packages: write - runs-on: ubuntu-latest - environment: dev - strategy: - # Serialize the deployments - max-parallel: 1 - matrix: - include: - - service: aries-endorser-db - - service: aries-endorser-agent - - service: aries-endorser-backup - - service: aries-endorser-proxy - - service: aries-endorser-api + # deploy2dev: + # needs: build + # env: + # ENVIRONMENT: dev + # permissions: + # packages: write + # runs-on: ubuntu-latest + # environment: dev + # strategy: + # # Serialize the deployments + # max-parallel: 1 + # matrix: + # include: + # - service: aries-endorser-db + # - service: aries-endorser-agent + # - service: aries-endorser-backup + # - service: aries-endorser-proxy + # - service: aries-endorser-api - steps: - - name: Checkout - uses: actions/checkout@v4 + # steps: + # - name: Checkout + # uses: actions/checkout@v4 - - name: Deploy to ${{ env.ENVIRONMENT }} - uses: ./.github/workflows/actions/deploy - with: - environment: ${{ env.ENVIRONMENT }} - ghcr_token: ${{ secrets.GITHUB_TOKEN }} - github_image_name: ${{ env.GITHUB_IMAGE_REPO }}${{ matrix.service }} - image_digest: ${{ needs.build.outputs[format ('{0}_digest', matrix.service)] }} - openshift_image_name: ${{ env.OPENSHIFT_IMAGE_REPO }}${{ matrix.service }} - openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }} - namespace: ${{ vars.NAMESPACE }} - deployment_configuration: ${{ matrix.service }} - openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} + # - name: Deploy to ${{ env.ENVIRONMENT }} + # uses: ./.github/workflows/actions/deploy + # with: + # environment: ${{ env.ENVIRONMENT }} + # ghcr_token: ${{ secrets.GITHUB_TOKEN }} + # github_image_name: ${{ env.GITHUB_IMAGE_REPO }}${{ matrix.service }} + # image_digest: ${{ needs.build.outputs[format ('{0}_digest', matrix.service)] }} + # openshift_image_name: ${{ env.OPENSHIFT_IMAGE_REPO }}${{ matrix.service }} + # openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }} + # namespace: ${{ vars.NAMESPACE }} + # deployment_configuration: ${{ matrix.service }} + # openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} # rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }} # # deploy2test: