ci(task-nr): update readme and AWS secret names #236
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | ||
on: | ||
pull_request: | ||
types: [opened, synchronize, reopened, closed] | ||
branches: | ||
- main | ||
release: | ||
types: [published] | ||
concurrency: | ||
group: ${{ github.ref }} | ||
cancel-in-progress: true | ||
jobs: | ||
prepare: | ||
runs-on: ubuntu-latest | ||
outputs: | ||
tag_version: ${{ steps.set-tag-version.outputs.TAG_VERSION }} | ||
push_image: ${{ steps.set-push-image.outputs.PUSH_IMAGE }} | ||
deploy: ${{ steps.set-deploy.outputs.DEPLOY }} | ||
environment: ${{ steps.set-deploy.outputs.ENVIRONMENT }} | ||
port: ${{ steps.set-deploy.outputs.PORT }} | ||
env: | ||
pr_merged: ${{ github.event_name == 'pull_request' && github.event.pull_request.merged == true }} | ||
release_published: ${{ github.event_name == 'release' && github.event.action == 'published' }} | ||
steps: | ||
- name: Validate release target branch | ||
if: ${{ github.event_name == 'release' }} | ||
run: | | ||
if [[ "${{ github.event.release.target_commitish }}" != "${{ github.event.repository.default_branch }}" ]]; then | ||
echo "Release target branch is not the default branch" | ||
exit 1 | ||
fi | ||
- name: Set tag version | ||
id: set-tag-version | ||
shell: bash | ||
run: | | ||
if [ -n "${{ github.event.release.tag_name }}" ]; then | ||
echo "Setting TAG_VERSION to ${{ github.event.release.tag_name }}" | ||
echo "TAG_VERSION=${{ github.event.release.tag_name }}" >> "$GITHUB_OUTPUT" | ||
else | ||
echo "Setting TAG_VERSION to `echo ${{ github.sha }} | cut -c1-7`" | ||
echo "TAG_VERSION=`echo ${{ github.sha }} | cut -c1-7`" >> "$GITHUB_OUTPUT" | ||
fi | ||
- name: Set push image | ||
id: set-push-image | ||
shell: bash | ||
run: | | ||
if [[ ${{env.pr_merged}} == true || ${{env.release_published}} == true ]]; then | ||
echo "Setting PUSH_IMAGE to true" | ||
echo "PUSH_IMAGE=true" >> "$GITHUB_OUTPUT" | ||
else | ||
echo "Setting PUSH_IMAGE to false" | ||
echo "PUSH_IMAGE=false" >> "$GITHUB_OUTPUT" | ||
fi | ||
- name: Set deploy | ||
id: set-deploy | ||
shell: bash | ||
run: | | ||
if [[ ${{env.pr_merged}} == true ]]; then | ||
echo "Setting DEPLOY to true" | ||
echo "Setting ENVIRONMENT to staging" | ||
echo "DEPLOY=true" >> "$GITHUB_OUTPUT" | ||
echo "ENVIRONMENT=STAGING" >> "$GITHUB_OUTPUT" | ||
echo "PORT=8080" >> "$GITHUB_OUTPUT" | ||
elif [[ ${{env.release_published}} == true ]]; then | ||
echo "Setting DEPLOY to true" | ||
echo "Setting ENVIRONMENT to production" | ||
echo "DEPLOY=true" >> "$GITHUB_OUTPUT" | ||
echo "ENVIRONMENT=PRODUCTION" >> "$GITHUB_OUTPUT" | ||
echo "PORT=8081" >> "$GITHUB_OUTPUT" | ||
else | ||
echo "Setting DEPLOY to false" | ||
echo "DEPLOY=false" >> "$GITHUB_OUTPUT" | ||
fi | ||
build-and-test: | ||
if: github.event_name != 'release' | ||
runs-on: ubuntu-latest | ||
needs: prepare | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- name: Set up JDK 17 | ||
uses: actions/setup-java@v2 | ||
with: | ||
distribution: 'adopt' | ||
java-version: '17' | ||
- name: Compile | ||
run: | | ||
echo "Compiling the code" | ||
./mvnw compile | ||
- name: Test | ||
run: | | ||
echo "Running the tests" | ||
./mvnw test | ||
- name: Add coverage to PR | ||
id: jacoco | ||
uses: madrapps/[email protected] | ||
with: | ||
paths: | | ||
${{ github.workspace }}/target/site/jacoco/jacoco.xml | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
min-coverage-overall: 40 | ||
min-coverage-changed-files: 60 | ||
title: Coverage report | ||
skip-if-no-changes: true | ||
build-image-push: | ||
if: always() | ||
runs-on: ubuntu-latest | ||
needs: [prepare, build-and-test] | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
- name: Login to Docker Hub | ||
uses: docker/login-action@v1 | ||
with: | ||
username: ${{ secrets.DOCKER_USERNAME }} | ||
password: ${{ secrets.DOCKER_PASSWORD }} | ||
- name: Extract metadata (tags, labels) for Docker | ||
uses: docker/metadata-action@v3 | ||
with: | ||
images: ${{ github.event.repository.name }}:${{ needs.prepare.outputs.tag_version }} | ||
- name: Build and push image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
file: Dockerfile | ||
push: ${{ needs.prepare.outputs.push_image }} | ||
tags: ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ needs.prepare.outputs.tag_version }} | ||
deploy: | ||
runs-on: ubuntu-latest | ||
needs: [prepare, build-image-push] | ||
if: always() && (needs.build-image-push.result == 'success' && needs.prepare.outputs.deploy == 'true') | ||
steps: | ||
- name: Login to Docker Hub | ||
uses: docker/login-action@v1 | ||
with: | ||
username: ${{ secrets.DOCKER_USERNAME }} | ||
password: ${{ secrets.DOCKER_PASSWORD }} | ||
- name: Set permissions for private key | ||
run: | | ||
Check failure on line 144 in .github/workflows/CI-CD.yml GitHub Actions / CI/CDInvalid workflow file
|
||
echo "${{ secrets.`AWS_EC2_PRIVATE_KEY }}" > key.pem | ||
chmod 600 key.pem | ||
- name: Pull Docker image | ||
run: | | ||
ssh -o StrictHostKeyChecking=no -i key.pem ${{ secrets.AWS_EC2_USERNAME }}@${{ secrets.AWS_EC2_IPADDRESS }} 'sudo docker pull ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ needs.prepare.outputs.tag_version }}' | ||
- name: Stop running container | ||
run: | | ||
ssh -o StrictHostKeyChecking=no -i key.pem ${{ secrets.AWS_EC2_USERNAME }}@${{ secrets.AWS_EC2_IPADDRESS }} 'sudo docker stop spring-boot-tests-cicd-${{ needs.prepare.outputs.environment }} || true' | ||
ssh -o StrictHostKeyChecking=no -i key.pem ${{ secrets.AWS_EC2_USERNAME }}@${{ secrets.AWS_EC2_IPADDRESS }} 'sudo docker rm spring-boot-tests-cicd-${{ needs.prepare.outputs.environment }} || true' | ||
- name: Run new container | ||
run: | | ||
ssh -o StrictHostKeyChecking=no -i key.pem ${{ secrets.AWS_EC2_USERNAME }}@${{ secrets.AWS_EC2_IPADDRESS }} 'sudo docker run -d --env APP_ENV=${{ needs.prepare.outputs.environment }} --name spring-boot-tests-cicd-${{ needs.prepare.outputs.environment }} -p ${{ needs.prepare.outputs.port }}:8080 ${{ secrets.DOCKER_USERNAME }}/${{ github.event.repository.name }}:${{ needs.prepare.outputs.tag_version }}' |