Skip to content

K8s rollout workflow #919

K8s rollout workflow

K8s rollout workflow #919

Workflow file for this run

name: Build, push to AWS ECR, and deploy
on:
pull_request:
branches:
- main
push:
branches:
- main
env:
AWS_REGION: ca-central-1
DOCKER_ORG: public.ecr.aws/v6b8u5o6
DOCKER_SLUG: public.ecr.aws/v6b8u5o6/notify-api
KUBECTL_VERSION: '1.23.6'
WORKFLOW_PAT: ${{ secrets.WORKFLOW_GITHUB_PAT }}
DOCKER_SHA: ${GITHUB_SHA::7}
permissions:
id-token: write # This is required for requesting the OIDC JWT
contents: read # This is required for actions/checkout
jobs:
deploy:
runs-on: ubuntu-latest
name: Build and push
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install AWS CLI
run: |
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip -q awscliv2.zip
sudo ./aws/install --update
aws --version
- name: Install kubectl
run: |
curl -LO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
kubectl version --client
mkdir -p $HOME/.kube
- name: Rollout in Kubernetes
run: |
curl -L -X POST -H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $WORKFLOW_PAT" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/repos/cds-snc/notification-manifests/actions/workflows/rollout-k8s-staging.yaml/dispatches \
-d "{"ref":"main","inputs":{"docker_sha":"$DOCKER_SHA"}}"
- name: my-app-install token
id: notify-pr-bot
uses: getsentry/action-github-app-token@38a3ce582e170ddfe8789f509597c6944f2292a9 # v1.0.6
with:
app_id: ${{ secrets.NOTIFY_PR_BOT_APP_ID }}
private_key: ${{ secrets.NOTIFY_PR_BOT_PRIVATE_KEY }}
- uses: cds-snc/notification-pr-bot@main
env:
TOKEN: ${{ steps.notify-pr-bot.outputs.token }}
- name: Generate docker SBOM
uses: cds-snc/security-tools/.github/actions/generate-sbom@eecd7a02a0294b379411c126b61e5c29e253676a # v2.1.4
with:
docker_image: "${{ env.DOCKER_SLUG }}:latest"
dockerfile_path: "ci/Dockerfile"
sbom_name: "notification-api"
token: "${{ secrets.GITHUB_TOKEN }}"