Skip to content

Workflow file for this run

name: Create and publish a container image, update helm chart 'appVersion'
on:
push:
branches: ["main", "develop", "fix/cicd"]
#############################################
#
# Branch
# - develop > github packages
# - main > amazon ecr repository
#
#############################################
# # [origin] start
# jobs:
# build:
# name: Build Docker Image
# runs-on: ubuntu-latest
# steps:
# - name: Checkout Repository
# uses: actions/checkout@v3
# - name: Set up JDK 21
# uses: actions/setup-java@v2
# with:
# distribution: 'adopt'
# java-version: '21'
# - name: Build JAR
# run: ./gradlew build -x test
# - name: Determine ECR Repository
# id: ecr_repo
# run: |
# REPO_NAME=$(echo ${{ github.repository }} | awk -F '/' '{print $2}' | tr '[:upper:]' '[:lower:]')
# echo "repo=${REPO_NAME}" >> $GITHUB_OUTPUT
# if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
# echo "environment=prod" >> $GITHUB_OUTPUT
# elif [[ "${{ github.ref }}" == "refs/heads/develop" ]]; then
# echo "environment=stag" >> $GITHUB_OUTPUT
# else
# echo "::error::Unsupported branch: ${{ github.event_name }} on ${{ github.ref }}"
# exit 1
# fi
# - name: Configure AWS credentials
# uses: aws-actions/configure-aws-credentials@v2
# with:
# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
# - name: Login to Amazon ECR
# id: login-ecr
# uses: aws-actions/amazon-ecr-login@v2
# - name: Docker Build and Push
# run: |
# docker build -t ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com/${{ steps.ecr_repo.outputs.repo }}_${{ steps.ecr_repo.outputs.environment }}:${{ github.sha }} .
# docker push ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com/${{ steps.ecr_repo.outputs.repo }}_${{ steps.ecr_repo.outputs.environment }}:${{ github.sha }}
# - name: Checkout Private Repository
# uses: actions/checkout@v4
# with:
# repository: NTF-marketplace/devops
# fetch-depth: 0
# ref: develop
# token: ${{ secrets.PAT }}
# - name: Replace image tag in helm values (LOCAL)
# uses: mikefarah/yq@master
# env:
# IMAGE_TAG: ${{ github.sha }}
# with:
# cmd: yq eval -i '.image.tag = env(IMAGE_TAG)' 'chart/${{ steps.ecr_repo.outputs.repo }}_${{ steps.ecr_repo.outputs.environment }}/values.yaml'
# - name: Commit helm chart changes
# env:
# IMAGE_TAG: ${{ github.sha }}
# run: |
# cd chart/${{ steps.ecr_repo.outputs.repo }}_${{ steps.ecr_repo.outputs.environment }}
# git config --global user.email "[email protected]"
# git config --global user.name "dongdorrong"
# git add values.yaml
# git commit --message "ci: update ${{ steps.ecr_repo.outputs.repo }}_${{ steps.ecr_repo.outputs.environment }} image tag to $IMAGE_TAG"
# - name: Push commit
# uses: ad-m/github-push-action@master
# with:
# github_token: ${{ secrets.PAT }}
# repository: NTF-marketplace/devops
# branch: develop
# # [origin] end
env:
REGISTRY_DEV: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
develop:
# https://docs.github.com/ko/actions/publishing-packages/publishing-docker-images#github-packages%EC%97%90-%EC%9D%B4%EB%AF%B8%EC%A7%80-%EA%B2%8C%EC%8B%9C
# if: github.ref == 'refs/heads/develop'
if: github.ref == 'refs/heads/fix/cicd'
name: Build and Push Docker Image to GitHub Container Registry
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
attestations: write
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Log in to the Container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ${{ env.REGISTRY_DEV }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Container image
id: meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: ${{ env.REGISTRY_DEV }}/${{ env.IMAGE_NAME }}
- name: Set up JDK 21
uses: actions/setup-java@v2
with:
distribution: 'adopt'
java-version: '21'
- name: Build JAR
run: ./gradlew clean build -x test
- name: Build and push Docker image
id: push
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
# - name: Docker Build and Push to GitHub Container Registry
# run: |
# docker build -t ghcr.io/${{ github.repository }}:${{ github.sha }} .
# echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
# docker push ghcr.io/${{ github.repository }}:${{ github.sha }}
# - name: Checkout Private Repository
# uses: actions/checkout@v4
# with:
# repository: NTF-marketplace/devops
# fetch-depth: 0
# ref: develop
# token: ${{ secrets.PAT }}
# - name: Replace image tag in helm values (LOCAL)
# uses: mikefarah/yq@master
# env:
# IMAGE_TAG: ${{ github.sha }}
# with:
# cmd: yq eval -i '.image.tag = env(IMAGE_TAG)' 'chart/my-repo_dev/values.yaml'
# - name: Commit helm chart changes
# env:
# IMAGE_TAG: ${{ github.sha }}
# run: |
# cd chart/my-repo_dev
# git config --global user.email "[email protected]"
# git config --global user.name "dongdorrong"
# git add values.yaml
# git commit --message "ci: update my-repo_dev image tag to $IMAGE_TAG"
# - name: Push commit
# uses: ad-m/github-push-action@master
# with:
# github_token: ${{ secrets.PAT }}
# repository: NTF-marketplace/devops
# branch: develop
# main:
# if: github.ref == 'refs/heads/main'
# name: Build and Push Docker Image to ECR
# runs-on: ubuntu-latest
# steps:
# - name: Checkout Repository
# uses: actions/checkout@v3
# - name: Set up JDK 21
# uses: actions/setup-java@v2
# with:
# distribution: 'adopt'
# java-version: '21'
# - name: Build JAR
# run: ./gradlew clean build -x test
# - name: Configure AWS credentials
# uses: aws-actions/configure-aws-credentials@v2
# with:
# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
# - name: Login to Amazon ECR
# uses: aws-actions/amazon-ecr-login@v2
# - name: Docker Build and Push to ECR
# run: |
# docker build -t ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com/my-repo_prod:${{ github.sha }} .
# docker push ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com/my-repo_prod:${{ github.sha }}
# - name: Checkout Private Repository
# uses: actions/checkout@v4
# with:
# repository: NTF-marketplace/devops
# fetch-depth: 0
# ref: develop
# token: ${{ secrets.PAT }}
# - name: Replace image tag in helm values (LOCAL)
# uses: mikefarah/yq@master
# env:
# IMAGE_TAG: ${{ github.sha }}
# with:
# cmd: yq eval -i '.image.tag = env(IMAGE_TAG)' 'chart/my-repo_prod/values.yaml'
# - name: Commit helm chart changes
# env:
# IMAGE_TAG: ${{ github.sha }}
# run: |
# cd chart/my-repo_prod
# git config --global user.email "[email protected]"
# git config --global user.name "dongdorrong"
# git add values.yaml
# git commit --message "ci: update my-repo_prod image tag to $IMAGE_TAG"
# - name: Push commit
# uses: ad-m/github-push-action@master
# with:
# github_token: ${{ secrets.PAT }}
# repository: NTF-marketplace/devops
# branch: develop