api key roles #559

Workflow file for this run

	name: Build and Deploy
	on:
	push:
	branches:
	- 'dev'
	- 'main'
	pull_request:
	branches:
	- '*'

	jobs:
	test:
	name: Run Tests
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	name: Checkout Repo
	- name: Run tests
	run: make test
	- name: Test docs
	run: make gen-docs
	build:
	name: Build Image
	runs-on: ubuntu-latest
	needs: test
	steps:
	- uses: actions/checkout@v4
	name: Checkout Repo
	- name: Set sha_short
	id: vars
	run: \|-
	echo "sha_short=$(echo ${{ github.sha }} \| cut -c1-7)" >> $GITHUB_ENV
	# Set default branch name for PRs, as we still want to test build an image on PRs
	# but we have no branch to set a tag for.
	branch="test"
	if [[ "$GITHUB_REF" == "refs/heads/"* ]]; then
	branch="${GITHUB_REF#refs/heads/}"
	fi
	echo "branch=${branch}" >> $GITHUB_ENV
	- name: Install Cosign
	if: ${{ github.event_name == 'push' }}
	uses: sigstore/cosign-installer@main
	with:
	cosign-release: 'v1.13.1'
	- name: Login to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}
	- name: Install go dependencies
	run: go get -v ./...
	- name: Build Docs
	run: make gen-docs
	- name: Build Binaries
	run: make build
	- name: Build Image
	run: \|
	# if event is push, we'll do make docker-push, otherwise make docker
	cmd="docker"
	if [[ "${{ github.event_name }}" == "push" ]]; then
	cmd="docker-push"
	fi
	HUB=${{ secrets.DOCKER_USERNAME }} TAG=${{ env.branch }} make "$cmd"
	- name: Build Image with sha
	run: \|
	# if event is push, we'll do make docker-push, otherwise make docker
	cmd="docker"
	if [[ "${{ github.event_name }}" == "push" ]]; then
	cmd="docker-push"
	fi
	HUB=${{ secrets.DOCKER_USERNAME }} TAG=${{ env.branch }}-${{ env.sha_short }} make "$cmd"
	- name: Get image digest
	if: ${{ github.event_name == 'push' }}
	run: \|
	echo "image_digest_sha=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ secrets.DOCKER_USERNAME }}/api:${{ env.branch }}-${{ env.sha_short }})" >> $GITHUB_ENV
	echo "image_digest_branch=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ secrets.DOCKER_USERNAME }}/api:${{ env.branch }})" >> $GITHUB_ENV
	- name: Sign image
	if: ${{ github.event_name == 'push' }}
	run: cosign sign --key env://COSIGN_PRIVATE_KEY ${{ env.image_digest_sha }} ${{ env.image_digest_branch }} -y
	env:
	COSIGN_PASSWORD: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }}
	COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
	###########################################################################################################
	deploy-kzdv:
	name: Update KZDV GitOps Repo
	runs-on: ubuntu-latest
	needs: build
	if : ${{ github.event_name == 'push' && contains(fromJson('["refs/heads/dev", "refs/heads/main"]'), github.ref) }}

	steps:
	- name: Set sha_short
	id: vars
	run: \|-
	echo "sha_short=$(echo ${{ github.sha }} \| cut -c1-7)" >> $GITHUB_ENV
	# Set default branch name for PRs, as we still want to test build an image on PRs
	# but we have no branch to set a tag for.
	branch="test"
	if [[ "$GITHUB_REF" == "refs/heads/"* ]]; then
	branch="${GITHUB_REF#refs/heads/}"
	fi
	echo "branch=${branch}" >> $GITHUB_ENV
	- name: Checkout KZDV Gitops Repo
	uses: actions/checkout@v4
	with:
	token: ${{ secrets.GH_PIPELINE_PAT }}
	repository: 'kzdv/gitops'
	path: gitops
	- name: Configure git
	run: \|-
	cd $GITHUB_WORKSPACE/gitops
	git config user.name "${{ secrets.GH_PIPELINE_USERNAME }}"
	git config user.email "[email protected]"
	- name: Setup Kustomize
	uses: imranismail/setup-kustomize@v2
	with:
	kustomize-version: "4.4.1"
	- name: Update dev overlay
	if: ${{ github.ref == 'refs/heads/dev' }}
	run: \|
	cd $GITHUB_WORKSPACE/gitops/overlays/dev
	kustomize edit set image denartcc/api=adhp/api:${{ env.branch }}-${{ env.sha_short }}
	- name: Update prod overlay
	if: ${{ github.ref == 'refs/heads/main' }}
	run: \|
	cd $GITHUB_WORKSPACE/gitops/overlays/prod
	kustomize edit set image denartcc/api=adhp/api:${{ env.branch }}-${{ env.sha_short }}
	- name: Commit manifests
	run: \|
	cd $GITHUB_WORKSPACE/gitops
	git add .
	git commit -m "Update manifests for api"
	- name: Push to gitops repo
	run: \|
	cd $GITHUB_WORKSPACE/gitops
	git push origin main
	###########################################################################################################
	deploy-paza:
	name: Update PAZA GitOps Repo
	runs-on: ubuntu-latest
	needs: build
	if : ${{ github.event_name == 'push' && contains(fromJson('["refs/heads/dev", "refs/heads/main"]'), github.ref) }}
	steps:
	- name: Set sha_short
	id: vars
	run: \|-
	echo "sha_short=$(echo ${{ github.sha }} \| cut -c1-7)" >> $GITHUB_ENV
	# Set default branch name for PRs, as we still want to test build an image on PRs
	# but we have no branch to set a tag for.
	branch="test"
	if [[ "$GITHUB_REF" == "refs/heads/"* ]]; then
	branch="${GITHUB_REF#refs/heads/}"
	fi
	echo "branch=${branch}" >> $GITHUB_ENV
	- name: Checkout PAZA Gitops Repo
	uses: actions/checkout@v4
	with:
	token: ${{ secrets.PAZA_GITOPS_TOKEN }}
	repository: 'vpaza/gitops'
	path: gitops-paza
	- name: Configure git
	run: \|-
	cd $GITHUB_WORKSPACE/gitops-paza
	git config user.name "${{ secrets.PAZA_GITOPS_USER }}"
	git config user.email "${{ secrets.PAZA_GITOPS_EMAIL }}"
	- name: Setup Kustomize
	uses: imranismail/setup-kustomize@v2
	with:
	kustomize-version: "4.4.1"
	- name: Update dev overlay
	if: ${{ github.ref == 'refs/heads/dev' }}
	run: \|
	cd $GITHUB_WORKSPACE/gitops-paza/overlays/dev
	kustomize edit set image denartcc/api=adhp/api:${{ env.branch }}-${{ env.sha_short }}
	- name: Update prod overlay
	if: ${{ github.ref == 'refs/heads/main' }}
	run: \|
	HASH=`echo ${GITHUB_SHA} \| cut -c1-7`
	cd $GITHUB_WORKSPACE/gitops-paza/overlays/prod
	kustomize edit set image denartcc/api=adhp/api:${{ env.branch }}-${{ env.sha_short }}
	- name: Commit manifests
	run: \|
	cd $GITHUB_WORKSPACE/gitops-paza
	git add .
	git commit -m "Update manifests for api"
	- name: Push to gitops repo
	run: \|
	cd $GITHUB_WORKSPACE/gitops-paza
	git push origin main
	###########################################################################################################
	deploy-phzh:
	name: Update PHZH GitOps Repo
	runs-on: ubuntu-latest
	needs: build
	if : ${{ github.event_name == 'push' && contains(fromJson('["refs/heads/dev", "refs/heads/main"]'), github.ref) }}

	steps:
	- name: Set sha_short
	id: vars
	run: \|-
	echo "sha_short=$(echo ${{ github.sha }} \| cut -c1-7)" >> $GITHUB_ENV
	# Set default branch name for PRs, as we still want to test build an image on PRs
	# but we have no branch to set a tag for.
	branch="test"
	if [[ "$GITHUB_REF" == "refs/heads/"* ]]; then
	branch="${GITHUB_REF#refs/heads/}"
	fi
	echo "branch=${branch}" >> $GITHUB_ENV
	- name: Checkout PHZH Gitops Repo
	uses: actions/checkout@v4
	with:
	token: ${{ secrets.PAZA_GITOPS_TOKEN }}
	repository: 'vphzh/gitops'
	path: gitops-phzh
	- name: Configure git
	run: \|-
	cd $GITHUB_WORKSPACE/gitops-phzh
	git config user.name "${{ secrets.PAZA_GITOPS_USER }}"
	git config user.email "${{ secrets.PAZA_GITOPS_EMAIL }}"
	- name: Setup Kustomize
	uses: imranismail/setup-kustomize@v2
	with:
	kustomize-version: "4.4.1"
	- name: Update dev overlay
	if: ${{ github.ref == 'refs/heads/dev' }}
	run: \|
	cd $GITHUB_WORKSPACE/gitops-phzh/overlays/dev
	kustomize edit set image denartcc/api=adhp/api:${{ env.branch }}-${{ env.sha_short }}
	- name: Update prod overlay
	if: ${{ github.ref == 'refs/heads/main' }}
	run: \|
	cd $GITHUB_WORKSPACE/gitops-phzh/overlays/prod
	kustomize edit set image denartcc/api=adhp/api:${{ env.branch }}-${{ env.sha_short }}
	- name: Commit manifests
	run: \|
	cd $GITHUB_WORKSPACE/gitops-phzh
	git add .
	git commit -m "Update manifests for api"
	- name: Push to gitops repo
	run: \|
	cd $GITHUB_WORKSPACE/gitops-phzh
	git push origin main
	###########################################################################################################
	deploy-kzlc:
	name: Update KZLC GitOps Repo
	runs-on: ubuntu-latest
	needs: build
	if : ${{ github.event_name == 'push' && contains(fromJson('["refs/heads/dev", "refs/heads/main"]'), github.ref) }}

	steps:
	- name: Set sha_short
	id: vars
	run: \|-
	echo "sha_short=$(echo ${{ github.sha }} \| cut -c1-7)" >> $GITHUB_ENV
	# Set default branch name for PRs, as we still want to test build an image on PRs
	# but we have no branch to set a tag for.
	branch="test"
	if [[ "$GITHUB_REF" == "refs/heads/"* ]]; then
	branch="${GITHUB_REF#refs/heads/}"
	fi
	echo "branch=${branch}" >> $GITHUB_ENV
	- name: Checkout KZLC Gitops Repo
	uses: actions/checkout@v4
	with:
	token: ${{ secrets.KZLC_GITOPS_TOKEN }}
	repository: 'kzlc/gitops'
	path: gitops
	- name: Configure git
	run: \|-
	cd $GITHUB_WORKSPACE/gitops
	git config user.name "${{ secrets.KZLC_GITOPS_USER }}"
	git config user.email "${{ secrets.KZLC_GITOPS_EMAIL }}"
	- name: Setup Kustomize
	uses: imranismail/setup-kustomize@v2
	with:
	kustomize-version: "4.4.1"
	- name: Update dev overlay
	if: ${{ github.ref == 'refs/heads/dev' }}
	run: \|
	cd $GITHUB_WORKSPACE/gitops/overlays/dev
	kustomize edit set image zlcartcc/api=adhp/api:${{ env.branch }}-${{ env.sha_short }}
	- name: Update prod overlay
	if: ${{ github.ref == 'refs/heads/main' }}
	run: \|
	cd $GITHUB_WORKSPACE/gitops/overlays/prod
	kustomize edit set image zlcartcc/api=adhp/api:${{ env.branch }}-${{ env.sha_short }}
	- name: Commit manifests
	run: \|
	cd $GITHUB_WORKSPACE/gitops
	git add .
	git commit -m "Update manifests for api"
	- name: Push to gitops repo
	run: \|
	cd $GITHUB_WORKSPACE/gitops
	git push origin main

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

api key roles #559

Workflow file

api key roles #559

Jobs

Run details

Workflow file for this run