forked from overture-stack/arranger
-
Notifications
You must be signed in to change notification settings - Fork 0
132 lines (122 loc) · 4.58 KB
/
pilot-pipeline-admin-server.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: CI pipeline admin server
on:
push:
branches:
- pilot_develop
paths:
- 'modules/admin/**'
pull_request:
branches:
- pilot_develop
paths:
- 'modules/admin/**'
jobs:
extract-branch-name:
runs-on: ubuntu-20.04
outputs:
branch: ${{steps.extract_branch.outputs.branch}}
steps:
- name: Extract Branch Name
id: extract_branch
shell: bash
run: echo "branch=${GITHUB_REF#refs/heads/}" >> $GITHUB_OUTPUT
get-version:
runs-on: ubuntu-20.04
outputs:
app_version: ${{steps.get-version.outputs.app_version}}
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Get Version
id: get-version
shell: bash
run: |
BRANCH=${GITHUB_REF#refs/heads/}
BASE_VERSION=`sed -n 's/^ *"version":.*"\([^"]*\)".*/\1/p' modules/admin/package.json`
echo "app_version=$BASE_VERSION" >> $GITHUB_OUTPUT
build-and-push-admin-server-image:
needs: [extract-branch-name, get-version]
name: Build admin server Docker image and push to repositories
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
- name: Login to Github Packages
uses: docker/login-action@v2
with:
registry: indocpilot.azurecr.io
username: ${{ secrets.ACR_CLIENT }}
password: ${{ secrets.ACR_SECRET }}
- name: Docker metadata
id: meta
uses: docker/metadata-action@v4
with:
# list of Docker images to use as base name for tags
images: |
indocpilot.azurecr.io/arranger/arranger-admin-server
# generate Docker tags based on the following events/attributes
sep-tags: ','
tags: |
type=raw,prefix=arranger-admin-server-,suffix=,value=${{needs.get-version.outputs.app_version}}
# - name: Image digest
# run: echo ${{ steps.meta.outputs.tags }}
- name: Image digest
run: echo ${{ steps.meta.outputs.tags }}
- name: Check if Docker image tags exist
shell: bash
run: |
image_tag=$(echo "${{ steps.meta.outputs.tags }}")
if docker manifest inspect $image_tag >/dev/null; then
echo "Docker image with tag already exists. Please update the version."
exit 1
else
echo "Image tags do not exist, proceeding..."
fi
- name: Build image and push to GitHub Container Registry
uses: docker/build-push-action@v4
with:
# relative path to the place where source code with Dockerfile is located
context: .
# Note: tags has to be all lower-case
tags: ${{ steps.meta.outputs.tags }}
# build on feature branches, push only on main branch
push: ${{ github.event_name != 'pull_request' }}
# Sets the target stage to build
target: arranger-admin-server
load: true
- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
image-ref: '${{ steps.meta.outputs.tags }}'
format: 'table'
severity: 'CRITICAL'
exit-code: '1'
trivyignores: .github/.trivyignore
env:
TRIVY_IGNORE_STATUS: 'will_not_fix'
trigger_pilot_dev_deployment:
needs: [build-and-push-admin-server-image, get-version]
runs-on: ubuntu-20.04
if: github.event_name != 'pull_request'
steps:
- name: Checkout helmfile repo
uses: actions/checkout@v2
with:
repository: PilotDataPlatform/pilot-helmfile
ref: 'main' #always checkout main branch
ssh-key: ${{ secrets.PILOT_HELMFILE_REPO_DEPLOYMENT_KEY }}
- name: Update service version
run: |
git config user.name "GitHub Actions"
git config user.email "[email protected]"
BASE_FILE='./helmfile.d/values/shared/lab/shared-services-values.yaml'
pattern="arranger_admin_server"
current_version=$(grep -m 1 $pattern $BASE_FILE)
echo "current version is $current_version"
sed -i "/$pattern/,/charts/ s/$current_version/ $pattern: ${{needs.get-version.outputs.app_version}}/" $BASE_FILE
git add $BASE_FILE
git commit -m "Deploy arranger-admin-server ${{needs.get-version.outputs.app_version}} [app_name:arranger-admin-server, app_version:${{needs.get-version.outputs.app_version}}]"
git push origin main