Build and deploy #240
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and deploy | |
| on: | |
| push: | |
| branches: [ develop, master, release ] | |
| paths-ignore: | |
| - 'devops/**' | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| cancel-previous: | |
| name: 'Cancel Previous Runs' | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 3 | |
| steps: | |
| - uses: styfle/cancel-workflow-action@0.10.0 | |
| with: | |
| access_token: ${{ github.token }} | |
| configure: | |
| name: Configure variables | |
| runs-on: ubuntu-latest | |
| outputs: | |
| ENVIRONMENT: ${{ steps.configure.outputs.ENVIRONMENT }} | |
| PRERELEASE: ${{ steps.configure.outputs.PRERELEASE }} | |
| IMAGE_TAG: ${{ steps.configure.outputs.IMAGE_TAG }} | |
| TAG_DRY_RUN: ${{ steps.configure.outputs.TAG_DRY_RUN }} | |
| PUSH_DOCKER: ${{ steps.configure.outputs.PUSH_DOCKER }} | |
| steps: | |
| - uses: styfle/cancel-workflow-action@0.11.0 | |
| with: | |
| access_token: ${{ github.token }} | |
| - id: configure | |
| run: | | |
| echo "Running on branch ${{ github.ref }}" | |
| if [ "${{ github.ref }}" = "refs/heads/develop" ]; then | |
| echo "ENVIRONMENT=dev" >> $GITHUB_OUTPUT | |
| echo "PRERELEASE=true" >> $GITHUB_OUTPUT | |
| echo "IMAGE_TAG=$(uuidgen)" >> $GITHUB_OUTPUT | |
| echo "TAG_DRY_RUN=true" >> $GITHUB_OUTPUT | |
| echo "PUSH_DOCKER=true" >> $GITHUB_OUTPUT | |
| elif [ "${{ github.ref }}" = "refs/heads/master" ]; then | |
| echo "ENVIRONMENT=staging" >> $GITHUB_OUTPUT | |
| echo "PRERELEASE=true" >> $GITHUB_OUTPUT | |
| echo "IMAGE_TAG=staging" >> $GITHUB_OUTPUT | |
| echo "TAG_DRY_RUN=false" >> $GITHUB_OUTPUT | |
| echo "PUSH_DOCKER=true" >> $GITHUB_OUTPUT | |
| elif [ "${{ github.ref }}" = "refs/heads/release" ]; then | |
| echo "ENVIRONMENT=prod" >> $GITHUB_OUTPUT | |
| echo "PRERELEASE=false" >> $GITHUB_OUTPUT | |
| echo "IMAGE_TAG=latest" >> $GITHUB_OUTPUT | |
| echo "TAG_DRY_RUN=false" >> $GITHUB_OUTPUT | |
| echo "PUSH_DOCKER=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "Branch not configured" | |
| exit 1 | |
| fi | |
| tag-release: | |
| name: Push tag and create release | |
| runs-on: ubuntu-latest | |
| needs: [configure] | |
| outputs: | |
| tag: ${{ steps.tag_version.outputs.new_tag }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Bump version and push tag | |
| id: tag_version | |
| uses: mathieudutour/github-tag-action@v6.1 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| release_branches: release | |
| pre_release_branches: master # these branches will produce pre-release tag (eg. v0.1.2-beta.0) | |
| append_to_pre_release_tag: beta | |
| custom_release_rules: major:major:Major Changes,minor:minor:Minor Changes,chore:patch:Chores | |
| dry_run: ${{ needs.configure.outputs.TAG_DRY_RUN }} # pushes to develop won't trigger tagging | |
| - name: Create a GitHub release | |
| if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/release' | |
| uses: ncipollo/release-action@v1.12.0 | |
| with: | |
| prerelease: ${{ needs.configure.outputs.PRERELEASE }} # master branch will create a pre-release | |
| tag: ${{ steps.tag_version.outputs.new_tag }} | |
| name: Release ${{ steps.tag_version.outputs.new_tag }} | |
| body: ${{ steps.tag_version.outputs.changelog }} | |
| build-and-push-image: | |
| name: Build and push Docker image | |
| runs-on: ubuntu-latest | |
| needs: [tag-release, configure] | |
| environment: | |
| name: ${{ needs.configure.outputs.ENVIRONMENT }} | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v2.1.0 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # This step outputs Docker labels and Docker tag associated with github.ref (branch name in this scenario) | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v4.3.0 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| # When running on develop branch we want to tag Docker images with unique id and branch name only. | |
| # When running on master and release we're adding sem ver and latest (for release) tags too. | |
| - name: Setup Docker tags | |
| id: tags | |
| run: | | |
| if [ "${{ github.ref }}" = "refs/heads/develop" ]; then | |
| echo "TAGS=${{ steps.meta.outputs.tags }},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.configure.outputs.IMAGE_TAG }}" >> $GITHUB_OUTPUT | |
| else | |
| echo "TAGS=${{ steps.meta.outputs.tags }},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.configure.outputs.IMAGE_TAG }},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.tag-release.outputs.tag }}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: . | |
| push: ${{ needs.configure.outputs.PUSH_DOCKER }} | |
| platforms: linux/amd64 | |
| tags: ${{ steps.tags.outputs.TAGS }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| file: ./docker/prod/Dockerfile | |
| build-args: | | |
| SENTRY_RELEASE="${{ needs.configure.outputs.IMAGE_TAG }}" | |
| GIT_SHA=${{ github.sha }} | |
| # Sentry upload is done via a docker build in order to have access to the app files in the image | |
| - name: create Sentry release | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: . | |
| push: false | |
| file: ./docker/sentry-upload/Dockerfile | |
| build-args: | | |
| PUBLIC_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.configure.outputs.IMAGE_TAG }} | |
| SENTRY_RELEASE="${{ needs.configure.outputs.IMAGE_TAG }}" | |
| SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} | |
| SENTRY_ORG=${{ secrets.SENTRY_ORG }} | |
| SENTRY_PROJECT=${{ secrets.SENTRY_PROJECT }} | |
| SENTRY_COMMIT="${{ github.repository }}/${{ github.sha }}" | |
| - name: ArgoCD login | |
| uses: clowdhaus/argo-cd-action/@v1.12.1 | |
| id: argocd_login | |
| with: | |
| command: login ${{ secrets.ARGOCD_URL }} | |
| options: --insecure --password ${{ secrets.ARGOCD_PASS }} --username ${{ secrets.ARGOCD_USERNAME }} | |
| - name: ArgoCD overvrite values.yaml | |
| uses: clowdhaus/argo-cd-action/@v1.12.1 | |
| id: argocd_image_tag_overwrite | |
| with: | |
| command: app set iam-cache-server | |
| options: -p image.tag=${{needs.configure.outputs.IMAGE_TAG}} -p image.repository=${{env.REGISTRY}}/${{env.IMAGE_NAME}} | |
| - name: ArgoCD overvrite HELM values.yaml | |
| uses: clowdhaus/argo-cd-action/@v1.12.1 | |
| id: argocd_image_helm_tag_overwrite | |
| with: | |
| command: app set iam-cache-server | |
| options: -p iam-cache-server-helm.image.tag=${{needs.configure.outputs.IMAGE_TAG}} -p iam-cache-server-helm.image.repository=${{env.REGISTRY}}/${{env.IMAGE_NAME}} | |