Merge pull request #182 from adh-partnership/dependabot/go_modules/go… #631
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Deploy | |
on: | |
push: | |
branches: | |
- 'dev' | |
- 'main' | |
pull_request: | |
branches: | |
- '*' | |
jobs: | |
test: | |
name: Run Tests | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
name: Checkout Repo | |
- name: Run tests | |
run: make test | |
- name: Test docs | |
run: make gen-docs | |
build: | |
name: Build Image | |
runs-on: ubuntu-latest | |
needs: test | |
steps: | |
- uses: actions/checkout@v4 | |
name: Checkout Repo | |
- name: Set sha_short | |
id: vars | |
run: |- | |
echo "sha_short=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV | |
# Set default branch name for PRs, as we still want to test build an image on PRs | |
# but we have no branch to set a tag for. | |
branch="test" | |
if [[ "$GITHUB_REF" == "refs/heads/"* ]]; then | |
branch="${GITHUB_REF#refs/heads/}" | |
fi | |
echo "branch=${branch}" >> $GITHUB_ENV | |
- name: Install Cosign | |
if: ${{ github.event_name == 'push' }} | |
uses: sigstore/cosign-installer@main | |
with: | |
cosign-release: 'v1.13.1' | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Install go dependencies | |
run: go get -v ./... | |
- name: Build Docs | |
run: make gen-docs | |
- name: Build Binaries | |
run: make build | |
- name: Build Image | |
run: | | |
# if event is push, we'll do make docker-push, otherwise make docker | |
cmd="docker" | |
if [[ "${{ github.event_name }}" == "push" ]]; then | |
cmd="docker-push" | |
fi | |
HUB=${{ secrets.DOCKER_USERNAME }} TAG=${{ env.branch }} make "$cmd" | |
- name: Build Image with sha | |
run: | | |
# if event is push, we'll do make docker-push, otherwise make docker | |
cmd="docker" | |
if [[ "${{ github.event_name }}" == "push" ]]; then | |
cmd="docker-push" | |
fi | |
HUB=${{ secrets.DOCKER_USERNAME }} TAG=${{ env.branch }}-${{ env.sha_short }} make "$cmd" | |
- name: Get image digest | |
if: ${{ github.event_name == 'push' }} | |
run: | | |
echo "image_digest_sha=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ secrets.DOCKER_USERNAME }}/api:${{ env.branch }}-${{ env.sha_short }})" >> $GITHUB_ENV | |
echo "image_digest_branch=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ secrets.DOCKER_USERNAME }}/api:${{ env.branch }})" >> $GITHUB_ENV | |
- name: Sign image | |
if: ${{ github.event_name == 'push' }} | |
run: cosign sign --key env://COSIGN_PRIVATE_KEY ${{ env.image_digest_sha }} ${{ env.image_digest_branch }} -y | |
env: | |
COSIGN_PASSWORD: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} | |
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
########################################################################################################### | |
deploy: | |
name: Update ${{ matrix.name }} GitOps Repo | |
strategy: | |
matrix: | |
facility: [zdv, zan, hcf, zlc, zfw, zkc, zid] | |
include: | |
- facility: hcf | |
name: HCF | |
secret: ADH_PIPELINE_PAT | |
repo: vphzh/gitops | |
api: denartcc/api | |
- facility: zan | |
name: PAZA | |
secret: ADH_PIPELINE_PAT | |
repo: vpaza/gitops | |
api: denartcc/api | |
- facility: zdv | |
name: KZDV | |
secret: GH_PIPELINE_PAT | |
repo: kzdv/gitops | |
api: denartcc/api | |
- facility: zfw | |
name: KZFW | |
secret: ADH_PIPELINE_PAT | |
repo: kzfw/gitops | |
api: adhp/api | |
- facility: zlc | |
name: KZLC | |
secret: KZLC_GITOPS_TOKEN | |
repo: kzlc/gitops | |
api: zlcartcc/api | |
- facility: zkc | |
name: KZKC | |
secret: KZKC_GITOPS_TOKEN | |
repo: kzkcartcc/gitops | |
api: zkcartcc/api | |
- facility: zid | |
name: KZID | |
secret: KZID_GITOPS_TOKEN | |
repo: zid-wm/gitops | |
api: zidartcc/api | |
runs-on: ubuntu-latest | |
needs: build | |
if : ${{ github.event_name == 'push' && contains(fromJson('["refs/heads/dev", "refs/heads/main"]'), github.ref) }} | |
steps: | |
- name: Set sha_short | |
id: vars | |
run: |- | |
echo "sha_short=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV | |
# Set default branch name for PRs, as we still want to test build an image on PRs | |
# but we have no branch to set a tag for. | |
branch="test" | |
if [[ "$GITHUB_REF" == "refs/heads/"* ]]; then | |
branch="${GITHUB_REF#refs/heads/}" | |
fi | |
echo "branch=${branch}" >> $GITHUB_ENV | |
- name: Checkout ${{ matrix.name }} Gitops Repo | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets[matrix.secret] }} | |
repository: ${{ matrix.repo }} | |
path: gitops | |
- name: Configure git | |
run: |- | |
cd $GITHUB_WORKSPACE/gitops | |
git config user.name "${{ secrets.GH_PIPELINE_USERNAME }}" | |
git config user.email "[email protected]" | |
- name: Setup Kustomize | |
uses: imranismail/setup-kustomize@v2 | |
with: | |
kustomize-version: "4.4.1" | |
- name: Update dev overlay | |
if: ${{ github.ref == 'refs/heads/dev' }} | |
run: | | |
cd $GITHUB_WORKSPACE/gitops/overlays/dev | |
kustomize edit set image denartcc/api=adhp/api:${{ env.branch }}-${{ env.sha_short }} | |
- name: Update prod overlay | |
if: ${{ github.ref == 'refs/heads/main' }} | |
run: | | |
cd $GITHUB_WORKSPACE/gitops/overlays/prod | |
kustomize edit set image denartcc/api=adhp/api:${{ env.branch }}-${{ env.sha_short }} | |
- name: Commit manifests | |
run: | | |
cd $GITHUB_WORKSPACE/gitops | |
git add . | |
git commit -m "Update manifests for api" | |
- name: Push to gitops repo | |
run: | | |
cd $GITHUB_WORKSPACE/gitops | |
git push origin main |