-
Notifications
You must be signed in to change notification settings - Fork 8
148 lines (130 loc) · 5 KB
/
run_build_deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: Build and Deploy
on:
push:
branches:
- develop
workflow_dispatch: {}
concurrency:
cancel-in-progress: true
group: api-build
permissions:
id-token: write
contents: read
issues: write
env:
GITHUB_ORGANIZATION: ${{ github.repository_owner }}
GITHUB_REPO_NAME: ${{ github.event.repository.name }}
GITHUB_BRANCH_OR_TAG: ${{ github.ref_name }}
GITHUB_REF: ${{ github.ref }}
BUILD_NAME: ${{github.event_name}}
BUILD_NUMBER: ${{github.run_id}}
ECR_ADDRESS: 917902836630.dkr.ecr.us-east-1.amazonaws.com
DR_ECR_ADDRESS: 973422231492.dkr.ecr.us-west-2.amazonaws.com
OUT_DIR: ./out
AWS_REGION : "us-east-1"
DR_AWS_REGION : "us-west-2"
ECR_REPO: 917902836630.dkr.ecr.us-east-1.amazonaws.com/api-server
DR_ECR_REPO: 973422231492.dkr.ecr.us-west-2.amazonaws.com/api-server
jobs:
build_job:
name: Docker Build and Push
runs-on: ubuntu-latest
outputs:
IMAGE_NAME: ${{ steps.sha.outputs.IMAGE_NAME }}
IMAGE_SHA: ${{ steps.sha.outputs.SHORT_SHA }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::917902836630:role/cmiml-devops-oidc-github-role
role-session-name: gha-oidc-runner
aws-region: ${{ env.AWS_REGION }}
- name: Get secrets by name and by ARN
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
parse-json-secrets: true
secret-ids: |
,cmiml-devops
- name: Extract Jira ticket numbers from commit message
run: |
tickets=$(git log -1 --pretty=%B | grep -io 'M2-[0-9]\+' | tr '[:lower:]' '[:upper:]' | sort | uniq | tr '\n' ' ')
if [ -z "$tickets" ]; then
echo "No Jira tickets found in the latest commit message."
else
echo "Jira ticket numbers found: ${tickets}"
if [ "${GITHUB_BRANCH_OR_TAG}" != "develop" ]; then
echo "Skipping saving Jira ticket numbers to a file because the branch is not develop"
else
file="jira-tickets.json"
echo "{ \"issues\": $(echo "${tickets}" | jq -R -s -c 'split(" ")[:-1]') }" > "${file}"
echo "Jira ticket numbers saved to ${file}"
fi
fi
- name: Login to ECR
run: |
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${{ env.ECR_ADDRESS }}
- name: configure aws DR credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::973422231492:role/cmiml-dr-oidc-github-role
role-session-name: gha-oidc-runner
aws-region: ${{ env.DR_AWS_REGION }}
- name: Login to DR ECR
run: |
aws ecr get-login-password --region ${{ env.DR_AWS_REGION }} | docker login --username AWS --password-stdin ${{ env.DR_ECR_ADDRESS }}
- name: Generate short sha
id: sha
run: |
SHORT_SHA=$(git rev-parse --short HEAD)
echo "SHORT_SHA=${SHORT_SHA}" >> $GITHUB_OUTPUT
echo "IMAGE_NAME=${ECR_REPO}:${SHORT_SHA}" >> "$GITHUB_OUTPUT"
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
file: ./compose/fastapi/Dockerfile
push: true
build-args: |
PIPENV_EXTRA_ARGS=--dev
DD_GIT_REPOSITORY_URL=${{ github.repositoryUrl }}
DD_GIT_COMMIT_SHA=${{ github.sha }}
cache-to: mode=max,image-manifest=true,oci-mediatypes=true,type=registry,ref=${{ env.ECR_REPO }}:cache
cache-from: type=registry,ref=${{ env.ECR_REPO }}:cache
tags: |
${{ env.ECR_REPO }}:latest
${{ env.ECR_REPO }}:${{ steps.sha.outputs.SHORT_SHA }}
${{ env.DR_ECR_REPO }}:latest
${{ env.DR_ECR_REPO }}:${{ steps.sha.outputs.SHORT_SHA }}
platforms: linux/amd64,linux/arm64
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: build-artifacts
path: |
${GITHUB_REPO_NAME}/${OUT_DIR}/build.yml
${GITHUB_REPO_NAME}/${OUT_DIR}/jira-tickets.json
deploy_to_dev:
name: Deploy to Dev
needs: build_job
# environment: dev
#if: ${{ github.event.pull_request.merged }}
uses: ./.github/workflows/run_deploy_dev.yaml
with:
IMAGE_NAME: ${{ needs.build_job.outputs.IMAGE_NAME }}
# deploy_to_uat:
# needs: build_job
# uses: ./.github/workflows/run_deploy_uat.yaml
# with:
# COMMIT_HASH: ${{ github.sha }}
# IMAGE_NAME: ${{ needs.build_job.outputs.IMAGE_NAME }}
#
# deploy_to_test:
# needs: build_job
# uses: ChildMindInstitute/mindlogger-backend-refactor/.github/workflows/run_deploy_test.yaml@develop
# with:
# COMMIT_HASH: ${{ github.sha }}
# IMAGE_PREFIX: ${{ github.ref_name }}