Skip to content

pin kubectl patch version #349

pin kubectl patch version

pin kubectl patch version #349

name: Publish Marxan Docker images
permissions:
id-token: write
contents: read
on:
push:
branches:
- 'main'
- 'staging'
paths:
- '.github/**'
- 'api/**'
- 'app/**'
- 'webshot/**'
workflow_dispatch:
inputs:
enable_maintenance_mode:
type: boolean
description: If maintenance mode should be enabled
default: false
waitForTest:
description: 'Set to "false" to skip waiting for tests to pass.'
required: true
default: 'true'
jobs:
wait_for_tests:
name: Wait for tests to finish running
if: ${{ github.event.inputs.enable_maintenance_mode != 'true' }}
runs-on: ubuntu-22.04
steps:
- name: Wait for API tests to run
if: ${{ github.event.inputs.waitForTest == 'true' }}
uses: fountainhead/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
checkName: API Tests
ref: ${{ github.event.pull_request.head.sha || github.sha }}
intervalSeconds: 20
- name: Wait for Client tests to run
if: ${{ github.event.inputs.waitForTest == 'true' }}
uses: fountainhead/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
checkName: Client Tests
ref: ${{ github.event.pull_request.head.sha || github.sha }}
intervalSeconds: 20
push_api_to_registry:
name: Push API Docker image to Azure Container Registry
needs: wait_for_tests
runs-on: ubuntu-22.04
steps:
- name: Check out the repo
uses: actions/checkout@v3
- name: 'Login via Azure CLI'
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Build and push image
uses: azure/docker-login@v1
with:
login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- run: |
docker build ./api -f api/api.Dockerfile \
-t ${{ secrets.REGISTRY_LOGIN_SERVER }}/marxan-api:${{ github.sha }} \
-t ${{ secrets.REGISTRY_LOGIN_SERVER }}/marxan-api:${{ github.ref != 'refs/heads/main' && 'staging' || 'production' }}
docker push -a ${{ secrets.REGISTRY_LOGIN_SERVER }}/marxan-api
push_geoprocessing_to_registry:
name: Push Geoprocessing Docker image to Azure Container Registry
needs: wait_for_tests
runs-on: ubuntu-22.04
steps:
- name: Check out the repo
uses: actions/checkout@v3
- name: Login via Azure CLI
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Build and push image
uses: azure/docker-login@v1
with:
login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- run: |
docker build ./api -f api/geo.Dockerfile \
-t ${{ secrets.REGISTRY_LOGIN_SERVER }}/marxan-geoprocessing:${{ github.sha }} \
-t ${{ secrets.REGISTRY_LOGIN_SERVER }}/marxan-geoprocessing:${{ github.ref != 'refs/heads/main' && 'staging' || 'production' }}
docker push -a ${{ secrets.REGISTRY_LOGIN_SERVER }}/marxan-geoprocessing
push_client_to_registry:
name: Push Client Docker image to Azure Container Registry
if: ${{ github.event.inputs.enable_maintenance_mode == 'true' && always() || success() }}
needs: wait_for_tests
runs-on: ubuntu-22.04
steps:
- name: Check out the repo
uses: actions/checkout@v3
- name: Login via Azure CLI
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Build and push image
uses: azure/docker-login@v1
with:
login-server: ${{ secrets.REGISTRY_LOGIN_SERVER }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- run: |
docker build ./app \
-t ${{ secrets.REGISTRY_LOGIN_SERVER }}/marxan-client:${{ github.sha }} \
-t ${{ secrets.REGISTRY_LOGIN_SERVER }}/marxan-client:${{ github.ref != 'refs/heads/main' && 'staging' || 'production' }} \
--build-arg NEXT_PUBLIC_URL=${{ github.ref != 'refs/heads/main' && secrets.NEXT_PUBLIC_URL_STAGING || secrets.NEXT_PUBLIC_URL_PRODUCTION }} \
--build-arg NEXT_PUBLIC_API_URL=${{ github.ref != 'refs/heads/main' && secrets.NEXT_PUBLIC_API_URL_STAGING || secrets.NEXT_PUBLIC_API_URL_PRODUCTION }} \
--build-arg NEXTAUTH_URL=${{ github.ref != 'refs/heads/main' && secrets.NEXTAUTH_URL_STAGING || secrets.NEXTAUTH_URL_PRODUCTION }} \
--build-arg NEXT_PUBLIC_FEATURE_FLAGS=${{ github.ref != 'refs/heads/main' && secrets.NEXT_PUBLIC_FEATURE_FLAGS_STAGING || secrets.NEXT_PUBLIC_FEATURE_FLAGS_PRODUCTION }} \
--build-arg NEXT_PUBLIC_MAPBOX_API_TOKEN=${{ secrets.NEXT_PUBLIC_MAPBOX_API_TOKEN }} \
--build-arg ENABLE_MAINTENANCE_MODE=${{ github.event.inputs.enable_maintenance_mode }} \
--build-arg NEXT_PUBLIC_CONTACT_EMAIL=${{ secrets.NEXT_PUBLIC_CONTACT_EMAIL }}
docker push -a ${{ secrets.REGISTRY_LOGIN_SERVER }}/marxan-client