chore: make image work locally or live #6
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker build and deploy to argoCD | |
| on: | |
| push: | |
| tags: | |
| - "*" | |
| env: | |
| PROJECTNAME: pixelaw-core | |
| REGISTRY: ${{ secrets.DOCKERHUB_USERNAME}} | |
| VERSION: ${{github.ref_name}} | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| buildImage: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v2 | |
| with: | |
| submodules: true | |
| - name: Cache node modules | |
| uses: actions/cache@v2 | |
| env: | |
| cache-name: cache-node-modules | |
| with: | |
| # npm cache files are stored in `~/.npm` on Linux/macOS | |
| path: node_modules | |
| key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('yarn.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-build-${{ env.cache-name }}- | |
| ${{ runner.os }}-build- | |
| ${{ runner.os }}- | |
| - name: Login to Dockerhub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME}} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # - name: push README to Dockerhub | |
| # uses: christian-korneck/update-container-description-action@v1 | |
| # env: | |
| # DOCKER_USER: ${{ secrets.DOCKERHUB_USERNAME}} | |
| # DOCKER_PASS: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # with: | |
| # destination_container_repo: oostvoort/pixelaw | |
| # provider: dockerhub | |
| # short_description: '' | |
| # readme_file: 'README.md' | |
| - name: Build, tag, and push image | |
| id: build-image | |
| run: | | |
| docker build -t $REGISTRY/$PROJECTNAME:${VERSION} -t $REGISTRY/$PROJECTNAME:latest . | |
| docker push $REGISTRY/$PROJECTNAME:latest | |
| docker push $REGISTRY/$PROJECTNAME:${VERSION} | |
| testImage: | |
| needs: [buildImage] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'image' | |
| image-ref: 'oostvoort/pixelaw-core:latest' | |
| severity: 'HIGH,CRITICAL' | |
| exit-code: '0' | |
| helmTest: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Install Helm | |
| run: | | |
| curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | |
| chmod 700 get_helm.sh | |
| ./get_helm.sh | |
| - name: Lint Helm Chart | |
| run: | | |
| helm lint --values ./chart/$PROJECTNAME/values.yaml ./chart/$PROJECTNAME | |
| helmRelease: | |
| needs: [helmTest] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Configure Git | |
| run: | | |
| git config user.name "$GITHUB_ACTOR" | |
| git config user.email "[email protected]" | |
| - name: Install Helm | |
| uses: azure/setup-helm@v1 | |
| with: | |
| version: v3.8.1 | |
| - name: custom packaging | |
| run: | | |
| VERSION=${{github.ref_name}} | |
| rm -rf .cr-release-packages | |
| mkdir -p .cr-release-packages | |
| helm package chart/$PROJECTNAME --app-version=${VERSION:1} --version=${VERSION:1} --destination=.cr-release-packages | |
| - name: Run chart-releaser | |
| # switch back to helm/chart-releaser-action if this contribution is ever mergedd | |
| uses: askcloudarchitech/chart-releaser-action@skip-packaging-option | |
| with: | |
| skip_packaging: true | |
| env: | |
| CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Create GitHub Release | |
| env: | |
| GH_TOKEN: "${{ secrets.GITHUB_TOKEN }}" | |
| run: | | |
| TAG=${{ github.ref }} | |
| VERSION=${TAG#refs/tags/} | |
| gh release create $VERSION -t $VERSION -n "Release notes for $VERSION" | |
| deploy: | |
| needs: [testImage] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Install ArgoCD CLI if not exists | |
| run: | | |
| if ! command -v argocd &> /dev/null; then | |
| curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 | |
| chmod +x /usr/local/bin/argocd | |
| fi | |
| - name: Deploy Application Dry Run | |
| env: | |
| ARGOCD_SERVER: ${{ secrets.ARGOCD_SERVER }} | |
| ARGOCD_AUTH_TOKEN: ${{ secrets.ARGOCD_AUTH_TOKEN }} | |
| run: | | |
| argocd app create $PROJECTNAME \ | |
| --repo https://pixelaw.github.io/core/ \ | |
| --path chart/ \ | |
| --revision ${VERSION:1} \ | |
| --helm-chart $PROJECTNAME \ | |
| --dest-namespace $PROJECTNAME-main \ | |
| --dest-server https://kubernetes.default.svc \ | |
| --helm-set-string dockerImage=$REGISTRY/$PROJECTNAME:${VERSION} \ | |
| --upsert \ | |
| --server $ARGOCD_SERVER \ | |
| --auth-token $ARGOCD_AUTH_TOKEN | |
| argocd app sync $PROJECTNAME | |
| argocd app wait $PROJECTNAME |