-
Notifications
You must be signed in to change notification settings - Fork 8
129 lines (114 loc) · 4.11 KB
/
run_build_deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: Build and Deploy
on:
push:
# branches:
# - develop
workflow_dispatch: {}
# pull_request:
# types:
# - closed
concurrency:
cancel-in-progress: true
group: api-build
permissions:
id-token: write
contents: read
issues: write
env:
GITHUB_ORGANIZATION: ${{ github.repository_owner }}
GITHUB_REPO_NAME: ${{ github.event.repository.name }}
GITHUB_BRANCH_OR_TAG: ${{ github.ref_name }}
GITHUB_REF: ${{ github.ref }}
BUILD_NAME: ${{github.event_name}}
BUILD_NUMBER: ${{github.run_id}}
ECR_ADDRESS: 917902836630.dkr.ecr.us-east-1.amazonaws.com
OUT_DIR: ./out
AWS_REGION : "us-east-1"
ECR_REPO: 917902836630.dkr.ecr.us-east-1.amazonaws.com/api-server
jobs:
build_job:
name: Docker Build and Push
runs-on: ubuntu-latest
outputs:
IMAGE_NAME: ${{ steps.sha.outputs.IMAGE_NAME }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::917902836630:role/cmiml-devops-oidc-github-role
role-session-name: gha-oidc-runner
aws-region: ${{ env.AWS_REGION }}
- name: Get secrets by name and by ARN
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
parse-json-secrets: true
secret-ids: |
,cmiml-devops
- name: Extract Jira ticket numbers from commit message
run: |
tickets=$(git log -1 --pretty=%B | grep -io 'M2-[0-9]\+' | tr '[:lower:]' '[:upper:]' | sort | uniq | tr '\n' ' ')
if [ -z "$tickets" ]; then
echo "No Jira tickets found in the latest commit message."
else
echo "Jira ticket numbers found: ${tickets}"
if [ "${GITHUB_BRANCH_OR_TAG}" != "develop" ]; then
echo "Skipping saving Jira ticket numbers to a file because the branch is not develop"
else
file="jira-tickets.json"
echo "{ \"issues\": $(echo "${tickets}" | jq -R -s -c 'split(" ")[:-1]') }" > "${file}"
echo "Jira ticket numbers saved to ${file}"
fi
fi
- name: Login to ECR
run: |
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${{ env.ECR_ADDRESS }}
- name: Generate short sha
id: sha
run: |
SHORT_SHA=$(git rev-parse --short HEAD)
echo "SHORT_SHA=${SHORT_SHA}" >> $GITHUB_OUTPUT
echo "IMAGE_NAME=${ECR_REPO}:${SHORT_SHA}" >> "$GITHUB_OUTPUT"
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
file: ./compose/fastapi/Dockerfile
push: true
build-args: |
PIPENV_EXTRA_ARGS=--dev
cache-to: mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ env.ECR_REPO }}:cache
cache-from: type=registry,ref=${{ env.ECR_REPO }}:cache
tags: ${{ steps.sha.outputs.IMAGE_NAME }},${{ env.ECR_REPO }}:latest
platforms: linux/amd64,linux/arm64
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: build-artifacts
path: |
${GITHUB_REPO_NAME}/${OUT_DIR}/build.yml
${GITHUB_REPO_NAME}/${OUT_DIR}/jira-tickets.json
deploy_to_dev:
name: Deploy to Dev
needs: build_job
# environment: dev
#if: ${{ github.event.pull_request.merged }}
uses: ./.github/workflows/run_deploy_dev.yaml
with:
IMAGE_NAME: ${{ needs.build_job.outputs.IMAGE_NAME }}
# deploy_to_uat:
# needs: build_job
# uses: ./.github/workflows/run_deploy_uat.yaml
# with:
# COMMIT_HASH: ${{ github.sha }}
# IMAGE_NAME: ${{ needs.build_job.outputs.IMAGE_NAME }}
#
# deploy_to_test:
# needs: build_job
# uses: ChildMindInstitute/mindlogger-backend-refactor/.github/workflows/run_deploy_test.yaml@develop
# with:
# COMMIT_HASH: ${{ github.sha }}
# IMAGE_PREFIX: ${{ github.ref_name }}