Enable certificationsHideNone for ZDV (#341) #679
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy | |
| on: | |
| push: | |
| branches: ["main"] | |
| tags: ["v1.[0-9]+.[0-9]+.[0-9]+"] | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| jobs: | |
| eslint: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| node-version: [20.x] | |
| steps: | |
| - uses: actions/[email protected] | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: ${{ matrix.node-version }} | |
| cache: yarn | |
| cache-dependency-path: yarn.lock | |
| - name: Install dependencies | |
| run: yarn install --immutable | |
| - name: Run eslint | |
| run: yarn lint | |
| - name: Test build | |
| run: yarn build | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| needs: eslint | |
| strategy: | |
| matrix: | |
| facility: [zdv, zan, hcf, zlc] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| name: Checkout repo | |
| - name: Set sha_short | |
| id: vars | |
| run: |- | |
| echo "sha_short=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV | |
| # Set default branch name for PRs, as we still want to test build an image on PRs | |
| # but we have no branch to set a tag for. | |
| branch="test" | |
| if [[ "$GITHUB_REF" == "refs/heads/"* ]]; then | |
| branch="${GITHUB_REF#refs/heads/}" | |
| fi | |
| echo "branch=${branch}" >> $GITHUB_ENV | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Install cosign | |
| uses: sigstore/cosign-installer@main | |
| with: | |
| cosign-release: 'v1.13.1' | |
| - name: Create HCF env | |
| run: | | |
| SHA_SHORT=$(echo ${{ github.sha }} | cut -c1-7) | |
| cat <<EOF > .env | |
| VITE_GIT_HASH="$SHA_SHORT" | |
| EOF | |
| - name: Set base version from .version | |
| if: ${{ !startsWith(github.ref, 'refs/tags/v') }} | |
| run: | | |
| VERSION=$(cat .version | tr -d '\n') | |
| echo "VITE_VERSION_BASE=$VERSION" >> .env | |
| - name: Set version as tag | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: | | |
| echo "VITE_VERSION_BASE=$GITHUB_REF_NAME" >> .env | |
| - name: Setup Facility file | |
| run: | | |
| cp src/facility-${{ matrix.facility }}.ts src/facility.ts | |
| - name: Build Image | |
| if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') }} | |
| run: | | |
| docker build -t ${{ secrets.DOCKER_USERNAME }}/frontend:${{ matrix.facility }}-${{ github.ref_name }}-${{ env.sha_short }} -t ${{ secrets.DOCKER_USERNAME }}/frontend:${{ matrix.facility }}-${{ github.ref_name }} . | |
| # If dev branch, we want to target the dev API... so we do this through an ARG that sets the mode to staging. | |
| - name: Build Staging Image | |
| if: ${{ env.branch == 'main' }} | |
| run: | | |
| docker build --build-arg build_cmd="build-dev" -t ${{ secrets.DOCKER_USERNAME }}/frontend:${{ matrix.facility }}-${{ env.branch }}-${{ env.sha_short }} -t ${{ secrets.DOCKER_USERNAME }}/frontend:${{ matrix.facility }}-${{ env.branch }} . | |
| - name: Build test image | |
| if: ${{ github.event_name == 'pull_request' }} | |
| run: | | |
| docker build --build-arg build_cmd="build-dev" -t ${{ secrets.DOCKER_USERNAME }}/frontend:trash . | |
| - name: Push Image | |
| if: ${{ github.event_name == 'push' }} | |
| run: | | |
| docker push --all-tags ${{ secrets.DOCKER_USERNAME }}/frontend | |
| - name: Sign image | |
| if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') }} | |
| env: | |
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} | |
| COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} | |
| run: | | |
| image_digest_sha=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ secrets.DOCKER_USERNAME }}/frontend:${{ matrix.facility }}-${{ github.ref_name }}-${{ env.sha_short }}) | |
| image_digest_branch=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ secrets.DOCKER_USERNAME }}/frontend:${{ matrix.facility }}-${{ github.ref_name }}) | |
| cosign sign --key env://COSIGN_PRIVATE_KEY $image_digest_sha $image_digest_branch | |
| ########################################################################################################### | |
| deploy-kzdv: | |
| name: Update KZDV GitOps Repo | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: ${{ github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/heads/main')) }} | |
| steps: | |
| - name: Set sha_short | |
| id: vars | |
| run: |- | |
| echo "sha_short=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV | |
| # Set default branch name for PRs, as we still want to test build an image on PRs | |
| # but we have no branch to set a tag for. | |
| branch="test" | |
| if [[ "$GITHUB_REF" == "refs/heads/"* ]]; then | |
| branch="${GITHUB_REF#refs/heads/}" | |
| fi | |
| echo "branch=${branch}" >> $GITHUB_ENV | |
| - name: Checkout KZDV Gitops Repo | |
| uses: actions/checkout@v3 | |
| with: | |
| token: ${{ secrets.GH_PIPELINE_PAT }} | |
| repository: 'kzdv/gitops' | |
| path: gitops | |
| - name: Configure git | |
| run: |- | |
| cd $GITHUB_WORKSPACE/gitops | |
| git config user.name "${{ secrets.GH_PIPELINE_USERNAME }}" | |
| git config user.email "[email protected]" | |
| - name: Setup Kustomize | |
| uses: imranismail/setup-kustomize@v2 | |
| with: | |
| kustomize-version: "4.4.1" | |
| - name: Update dev overlay | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| run: | | |
| cd $GITHUB_WORKSPACE/gitops/overlays/dev | |
| kustomize edit set image adhp/zdv-frontend=adhp/frontend:zdv-${{ env.branch }}-${{ env.sha_short }} | |
| - name: Update prod overlay | |
| if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
| run: | | |
| cd $GITHUB_WORKSPACE/gitops/overlays/prod | |
| kustomize edit set image adhp/zdv-frontend=adhp/frontend:zdv-${{ github.ref_name }}-${{ env.sha_short }} | |
| - name: Commit manifests | |
| run: | | |
| cd $GITHUB_WORKSPACE/gitops | |
| git add . | |
| git commit -m "Update manifests for frontend" | |
| - name: Push to gitops repo | |
| run: | | |
| cd $GITHUB_WORKSPACE/gitops | |
| git push origin main | |
| ########################################################################################################### | |
| deploy-paza: | |
| name: Update PAZA GitOps Repo | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: ${{ github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/heads/main')) }} | |
| steps: | |
| - name: Set sha_short | |
| id: vars | |
| run: |- | |
| echo "sha_short=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV | |
| # Set default branch name for PRs, as we still want to test build an image on PRs | |
| # but we have no branch to set a tag for. | |
| branch="test" | |
| if [[ "$GITHUB_REF" == "refs/heads/"* ]]; then | |
| branch="${GITHUB_REF#refs/heads/}" | |
| fi | |
| echo "branch=${branch}" >> $GITHUB_ENV | |
| - name: Checkout PAZA Gitops Repo | |
| uses: actions/checkout@v3 | |
| with: | |
| token: ${{ secrets.PAZA_GITOPS_TOKEN }} | |
| repository: 'vpaza/gitops' | |
| path: gitops-paza | |
| - name: Configure git | |
| run: |- | |
| cd $GITHUB_WORKSPACE/gitops-paza | |
| git config user.name "${{ secrets.PAZA_GITOPS_USER }}" | |
| git config user.email "${{ secrets.PAZA_GITOPS_EMAIL }}" | |
| - name: Setup Kustomize | |
| uses: imranismail/setup-kustomize@v2 | |
| with: | |
| kustomize-version: "4.4.1" | |
| - name: Update dev overlay | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| run: | | |
| cd $GITHUB_WORKSPACE/gitops-paza/overlays/dev | |
| kustomize edit set image adhp/zan-frontend=adhp/frontend:zan-${{ env.branch }}-${{ env.sha_short }} | |
| - name: Update prod overlay | |
| if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
| run: | | |
| HASH=`echo ${GITHUB_SHA} | cut -c1-7` | |
| cd $GITHUB_WORKSPACE/gitops-paza/overlays/prod | |
| kustomize edit set image adhp/zan-frontend=adhp/frontend:zan-${{ github.ref_name }}-${{ env.sha_short }} | |
| - name: Commit manifests | |
| run: | | |
| cd $GITHUB_WORKSPACE/gitops-paza | |
| git add . | |
| git commit -m "Update manifests for frontend" | |
| - name: Push to gitops repo | |
| run: | | |
| cd $GITHUB_WORKSPACE/gitops-paza | |
| git push origin main | |
| ########################################################################################################### | |
| deploy-phzh: | |
| name: Update PHZH GitOps Repo | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: ${{ github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/heads/main')) }} | |
| steps: | |
| - name: Set sha_short | |
| id: vars | |
| run: |- | |
| echo "sha_short=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV | |
| # Set default branch name for PRs, as we still want to test build an image on PRs | |
| # but we have no branch to set a tag for. | |
| branch="test" | |
| if [[ "$GITHUB_REF" == "refs/heads/"* ]]; then | |
| branch="${GITHUB_REF#refs/heads/}" | |
| fi | |
| echo "branch=${branch}" >> $GITHUB_ENV | |
| - name: Checkout PHZH Gitops Repo | |
| uses: actions/checkout@v3 | |
| with: | |
| token: ${{ secrets.PAZA_GITOPS_TOKEN }} | |
| repository: 'vphzh/gitops' | |
| path: gitops-phzh | |
| - name: Configure git | |
| run: |- | |
| cd $GITHUB_WORKSPACE/gitops-phzh | |
| git config user.name "${{ secrets.PAZA_GITOPS_USER }}" | |
| git config user.email "${{ secrets.PAZA_GITOPS_EMAIL }}" | |
| - name: Setup Kustomize | |
| uses: imranismail/setup-kustomize@v2 | |
| with: | |
| kustomize-version: "4.4.1" | |
| - name: Update dev overlay | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| run: | | |
| cd $GITHUB_WORKSPACE/gitops-phzh/overlays/dev | |
| kustomize edit set image adhp/hcf-frontend=adhp/frontend:hcf-${{ env.branch }}-${{ env.sha_short }} | |
| - name: Update prod overlay | |
| if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
| run: | | |
| cd $GITHUB_WORKSPACE/gitops-phzh/overlays/prod | |
| kustomize edit set image adhp/hcf-frontend=adhp/frontend:hcf-${{ github.ref_name }}-${{ env.sha_short }} | |
| - name: Commit manifests | |
| run: | | |
| cd $GITHUB_WORKSPACE/gitops-phzh | |
| git add . | |
| git commit -m "Update manifests for frontend" | |
| - name: Push to gitops repo | |
| run: | | |
| cd $GITHUB_WORKSPACE/gitops-phzh | |
| git push origin main | |
| ########################################################################################################### | |
| deploy-kzlc: | |
| name: Update KZLC GitOps Repo | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: ${{ github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/heads/main')) }} | |
| steps: | |
| - name: Set sha_short | |
| id: vars | |
| run: |- | |
| echo "sha_short=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV | |
| # Set default branch name for PRs, as we still want to test build an image on PRs | |
| # but we have no branch to set a tag for. | |
| branch="test" | |
| if [[ "$GITHUB_REF" == "refs/heads/"* ]]; then | |
| branch="${GITHUB_REF#refs/heads/}" | |
| fi | |
| echo "branch=${branch}" >> $GITHUB_ENV | |
| - name: Checkout KZLC Gitops Repo | |
| uses: actions/checkout@v3 | |
| with: | |
| token: ${{ secrets.KZLC_GITOPS_TOKEN }} | |
| repository: 'kzlc/gitops' | |
| path: gitops | |
| - name: Configure git | |
| run: |- | |
| cd $GITHUB_WORKSPACE/gitops | |
| git config user.name "${{ secrets.KZLC_GITOPS_USER }}" | |
| git config user.email "${{ secrets.KZLC_GITOPS_EMAIL }}" | |
| - name: Setup Kustomize | |
| uses: imranismail/setup-kustomize@v2 | |
| with: | |
| kustomize-version: "4.4.1" | |
| - name: Update dev overlay | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| run: | | |
| cd $GITHUB_WORKSPACE/gitops/overlays/dev | |
| kustomize edit set image adhp/zlc-frontend=adhp/frontend:zlc-${{ env.branch }}-${{ env.sha_short }} | |
| - name: Update prod overlay | |
| if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
| run: | | |
| cd $GITHUB_WORKSPACE/gitops/overlays/prod | |
| kustomize edit set image adhp/zlc-frontend=adhp/frontend:zlc-${{ github.ref_name }}-${{ env.sha_short }} | |
| - name: Commit manifests | |
| run: | | |
| cd $GITHUB_WORKSPACE/gitops | |
| git add . | |
| git commit -m "Update manifests for frontend" | |
| - name: Push to gitops repo | |
| run: | | |
| cd $GITHUB_WORKSPACE/gitops | |
| git push origin main |