Skip to content

Merge pull request #182 from adh-partnership/dependabot/go_modules/go… #631

Merge pull request #182 from adh-partnership/dependabot/go_modules/go…

Merge pull request #182 from adh-partnership/dependabot/go_modules/go… #631

Workflow file for this run

name: Build and Deploy
on:
push:
branches:
- 'dev'
- 'main'
pull_request:
branches:
- '*'
jobs:
test:
name: Run Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
name: Checkout Repo
- name: Run tests
run: make test
- name: Test docs
run: make gen-docs
build:
name: Build Image
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v4
name: Checkout Repo
- name: Set sha_short
id: vars
run: |-
echo "sha_short=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV
# Set default branch name for PRs, as we still want to test build an image on PRs
# but we have no branch to set a tag for.
branch="test"
if [[ "$GITHUB_REF" == "refs/heads/"* ]]; then
branch="${GITHUB_REF#refs/heads/}"
fi
echo "branch=${branch}" >> $GITHUB_ENV
- name: Install Cosign
if: ${{ github.event_name == 'push' }}
uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.13.1'
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Install go dependencies
run: go get -v ./...
- name: Build Docs
run: make gen-docs
- name: Build Binaries
run: make build
- name: Build Image
run: |
# if event is push, we'll do make docker-push, otherwise make docker
cmd="docker"
if [[ "${{ github.event_name }}" == "push" ]]; then
cmd="docker-push"
fi
HUB=${{ secrets.DOCKER_USERNAME }} TAG=${{ env.branch }} make "$cmd"
- name: Build Image with sha
run: |
# if event is push, we'll do make docker-push, otherwise make docker
cmd="docker"
if [[ "${{ github.event_name }}" == "push" ]]; then
cmd="docker-push"
fi
HUB=${{ secrets.DOCKER_USERNAME }} TAG=${{ env.branch }}-${{ env.sha_short }} make "$cmd"
- name: Get image digest
if: ${{ github.event_name == 'push' }}
run: |
echo "image_digest_sha=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ secrets.DOCKER_USERNAME }}/api:${{ env.branch }}-${{ env.sha_short }})" >> $GITHUB_ENV
echo "image_digest_branch=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ secrets.DOCKER_USERNAME }}/api:${{ env.branch }})" >> $GITHUB_ENV
- name: Sign image
if: ${{ github.event_name == 'push' }}
run: cosign sign --key env://COSIGN_PRIVATE_KEY ${{ env.image_digest_sha }} ${{ env.image_digest_branch }} -y
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }}
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
###########################################################################################################
deploy:
name: Update ${{ matrix.name }} GitOps Repo
strategy:
matrix:
facility: [zdv, zan, hcf, zlc, zfw, zkc, zid]
include:
- facility: hcf
name: HCF
secret: ADH_PIPELINE_PAT
repo: vphzh/gitops
api: denartcc/api
- facility: zan
name: PAZA
secret: ADH_PIPELINE_PAT
repo: vpaza/gitops
api: denartcc/api
- facility: zdv
name: KZDV
secret: GH_PIPELINE_PAT
repo: kzdv/gitops
api: denartcc/api
- facility: zfw
name: KZFW
secret: ADH_PIPELINE_PAT
repo: kzfw/gitops
api: adhp/api
- facility: zlc
name: KZLC
secret: KZLC_GITOPS_TOKEN
repo: kzlc/gitops
api: zlcartcc/api
- facility: zkc
name: KZKC
secret: KZKC_GITOPS_TOKEN
repo: kzkcartcc/gitops
api: zkcartcc/api
- facility: zid
name: KZID
secret: KZID_GITOPS_TOKEN
repo: zid-wm/gitops
api: zidartcc/api
runs-on: ubuntu-latest
needs: build
if : ${{ github.event_name == 'push' && contains(fromJson('["refs/heads/dev", "refs/heads/main"]'), github.ref) }}
steps:
- name: Set sha_short
id: vars
run: |-
echo "sha_short=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV
# Set default branch name for PRs, as we still want to test build an image on PRs
# but we have no branch to set a tag for.
branch="test"
if [[ "$GITHUB_REF" == "refs/heads/"* ]]; then
branch="${GITHUB_REF#refs/heads/}"
fi
echo "branch=${branch}" >> $GITHUB_ENV
- name: Checkout ${{ matrix.name }} Gitops Repo
uses: actions/checkout@v4
with:
token: ${{ secrets[matrix.secret] }}
repository: ${{ matrix.repo }}
path: gitops
- name: Configure git
run: |-
cd $GITHUB_WORKSPACE/gitops
git config user.name "${{ secrets.GH_PIPELINE_USERNAME }}"
git config user.email "[email protected]"
- name: Setup Kustomize
uses: imranismail/setup-kustomize@v2
with:
kustomize-version: "4.4.1"
- name: Update dev overlay
if: ${{ github.ref == 'refs/heads/dev' }}
run: |
cd $GITHUB_WORKSPACE/gitops/overlays/dev
kustomize edit set image denartcc/api=adhp/api:${{ env.branch }}-${{ env.sha_short }}
- name: Update prod overlay
if: ${{ github.ref == 'refs/heads/main' }}
run: |
cd $GITHUB_WORKSPACE/gitops/overlays/prod
kustomize edit set image denartcc/api=adhp/api:${{ env.branch }}-${{ env.sha_short }}
- name: Commit manifests
run: |
cd $GITHUB_WORKSPACE/gitops
git add .
git commit -m "Update manifests for api"
- name: Push to gitops repo
run: |
cd $GITHUB_WORKSPACE/gitops
git push origin main