-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Donghyeon Im
committed
Jul 24, 2024
1 parent
c088626
commit a5c33a8
Showing
1 changed file
with
253 additions
and
80 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,90 +1,263 @@ | ||
| name: Build and Push Docker Image to ECR | ||
| name: Create and publish a container image, update helm chart 'appVersion' | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| - develop | ||
| branches: ["main", "develop", "fix/cicd"] | ||
|
|
||
| ############################################# | ||
| # | ||
| # Branch | ||
| # - develop > github packages | ||
| # - main > amazon ecr repository | ||
| # | ||
| ############################################# | ||
|
|
||
| # # [origin] start | ||
| # jobs: | ||
| # build: | ||
| # name: Build Docker Image | ||
| # runs-on: ubuntu-latest | ||
|
|
||
| # steps: | ||
| # - name: Checkout Repository | ||
| # uses: actions/checkout@v3 | ||
|
|
||
| # - name: Set up JDK 21 | ||
| # uses: actions/setup-java@v2 | ||
| # with: | ||
| # distribution: 'adopt' | ||
| # java-version: '21' | ||
|
|
||
| # - name: Build JAR | ||
| # run: ./gradlew build -x test | ||
|
|
||
| # - name: Determine ECR Repository | ||
| # id: ecr_repo | ||
| # run: | | ||
| # REPO_NAME=$(echo ${{ github.repository }} | awk -F '/' '{print $2}' | tr '[:upper:]' '[:lower:]') | ||
|
|
||
| # echo "repo=${REPO_NAME}" >> $GITHUB_OUTPUT | ||
|
|
||
| # if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then | ||
| # echo "environment=prod" >> $GITHUB_OUTPUT | ||
| # elif [[ "${{ github.ref }}" == "refs/heads/develop" ]]; then | ||
| # echo "environment=stag" >> $GITHUB_OUTPUT | ||
| # else | ||
| # echo "::error::Unsupported branch: ${{ github.event_name }} on ${{ github.ref }}" | ||
| # exit 1 | ||
| # fi | ||
|
|
||
| # - name: Configure AWS credentials | ||
| # uses: aws-actions/configure-aws-credentials@v2 | ||
| # with: | ||
| # aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| # aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| # aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | ||
|
|
||
| # - name: Login to Amazon ECR | ||
| # id: login-ecr | ||
| # uses: aws-actions/amazon-ecr-login@v2 | ||
|
|
||
| # - name: Docker Build and Push | ||
| # run: | | ||
| # docker build -t ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com/${{ steps.ecr_repo.outputs.repo }}_${{ steps.ecr_repo.outputs.environment }}:${{ github.sha }} . | ||
| # docker push ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com/${{ steps.ecr_repo.outputs.repo }}_${{ steps.ecr_repo.outputs.environment }}:${{ github.sha }} | ||
|
|
||
| # - name: Checkout Private Repository | ||
| # uses: actions/checkout@v4 | ||
| # with: | ||
| # repository: NTF-marketplace/devops | ||
| # fetch-depth: 0 | ||
| # ref: develop | ||
| # token: ${{ secrets.PAT }} | ||
|
|
||
| # - name: Replace image tag in helm values (LOCAL) | ||
| # uses: mikefarah/yq@master | ||
| # env: | ||
| # IMAGE_TAG: ${{ github.sha }} | ||
| # with: | ||
| # cmd: yq eval -i '.image.tag = env(IMAGE_TAG)' 'chart/${{ steps.ecr_repo.outputs.repo }}_${{ steps.ecr_repo.outputs.environment }}/values.yaml' | ||
|
|
||
| # - name: Commit helm chart changes | ||
| # env: | ||
| # IMAGE_TAG: ${{ github.sha }} | ||
| # run: | | ||
| # cd chart/${{ steps.ecr_repo.outputs.repo }}_${{ steps.ecr_repo.outputs.environment }} | ||
| # git config --global user.email "[email protected]" | ||
| # git config --global user.name "dongdorrong" | ||
|
|
||
| # git add values.yaml | ||
| # git commit --message "ci: update ${{ steps.ecr_repo.outputs.repo }}_${{ steps.ecr_repo.outputs.environment }} image tag to $IMAGE_TAG" | ||
|
|
||
| # - name: Push commit | ||
| # uses: ad-m/github-push-action@master | ||
| # with: | ||
| # github_token: ${{ secrets.PAT }} | ||
| # repository: NTF-marketplace/devops | ||
| # branch: develop | ||
| # # [origin] end | ||
|
|
||
| env: | ||
| REGISTRY_DEV: ghcr.io | ||
| IMAGE_NAME: ${{ github.repository }} | ||
|
|
||
| jobs: | ||
| build: | ||
| name: Build Docker Image | ||
| develop: | ||
| # https://docs.github.com/ko/actions/publishing-packages/publishing-docker-images#github-packages%EC%97%90-%EC%9D%B4%EB%AF%B8%EC%A7%80-%EA%B2%8C%EC%8B%9C | ||
| # if: github.ref == 'refs/heads/develop' | ||
| if: github.ref == 'refs/heads/fix/cicd' | ||
| name: Build and Push Docker Image to GitHub Container Registry | ||
| runs-on: ubuntu-latest | ||
|
|
||
|
|
||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| attestations: write | ||
| id-token: write | ||
|
|
||
| steps: | ||
| - name: Checkout Repository | ||
| uses: actions/checkout@v3 | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Log in to the Container registry | ||
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | ||
| with: | ||
| registry: ${{ env.REGISTRY_DEV }} | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.PAT }} | ||
|
|
||
| - name: Extract metadata (tags, labels) for Container image | ||
| id: meta | ||
| uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 | ||
| with: | ||
| images: ${{ env.REGISTRY_DEV }}/${{ env.IMAGE_NAME }} | ||
|
|
||
| - name: Build and push Docker image | ||
| id: push | ||
| uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 | ||
| with: | ||
| context: . | ||
| push: true | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
|
|
||
| - name: Generate artifact attestation | ||
| uses: actions/attest-build-provenance@v1 | ||
| with: | ||
| subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} | ||
| subject-digest: ${{ steps.push.outputs.digest }} | ||
| push-to-registry: true | ||
|
|
||
| - name: Set up JDK 21 | ||
| uses: actions/setup-java@v2 | ||
| with: | ||
| distribution: 'adopt' | ||
| java-version: '21' | ||
|
|
||
| # - name: Build JAR | ||
| # run: ./gradlew clean build -x test | ||
|
|
||
| # - name: Docker Build and Push to GitHub Container Registry | ||
| # run: | | ||
| # docker build -t ghcr.io/${{ github.repository }}:${{ github.sha }} . | ||
| # echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | ||
| # docker push ghcr.io/${{ github.repository }}:${{ github.sha }} | ||
|
|
||
| # - name: Checkout Private Repository | ||
| # uses: actions/checkout@v4 | ||
| # with: | ||
| # repository: NTF-marketplace/devops | ||
| # fetch-depth: 0 | ||
| # ref: develop | ||
| # token: ${{ secrets.PAT }} | ||
|
|
||
| # - name: Replace image tag in helm values (LOCAL) | ||
| # uses: mikefarah/yq@master | ||
| # env: | ||
| # IMAGE_TAG: ${{ github.sha }} | ||
| # with: | ||
| # cmd: yq eval -i '.image.tag = env(IMAGE_TAG)' 'chart/my-repo_dev/values.yaml' | ||
|
|
||
| # - name: Commit helm chart changes | ||
| # env: | ||
| # IMAGE_TAG: ${{ github.sha }} | ||
| # run: | | ||
| # cd chart/my-repo_dev | ||
| # git config --global user.email "[email protected]" | ||
| # git config --global user.name "dongdorrong" | ||
|
|
||
| # git add values.yaml | ||
| # git commit --message "ci: update my-repo_dev image tag to $IMAGE_TAG" | ||
|
|
||
| # - name: Push commit | ||
| # uses: ad-m/github-push-action@master | ||
| # with: | ||
| # github_token: ${{ secrets.PAT }} | ||
| # repository: NTF-marketplace/devops | ||
| # branch: develop | ||
|
|
||
| # main: | ||
| # if: github.ref == 'refs/heads/main' | ||
| # name: Build and Push Docker Image to ECR | ||
| # runs-on: ubuntu-latest | ||
|
|
||
| # steps: | ||
| # - name: Checkout Repository | ||
| # uses: actions/checkout@v3 | ||
|
|
||
| - name: Set up JDK 17 | ||
| uses: actions/setup-java@v2 | ||
| with: | ||
| distribution: 'adopt' | ||
| java-version: '17' | ||
| # - name: Set up JDK 21 | ||
| # uses: actions/setup-java@v2 | ||
| # with: | ||
| # distribution: 'adopt' | ||
| # java-version: '21' | ||
|
|
||
| - name: Build JAR | ||
| run: ./gradlew build -x test | ||
| # - name: Build JAR | ||
| # run: ./gradlew clean build -x test | ||
|
|
||
| - name: Determine ECR Repository | ||
| id: ecr_repo | ||
| run: | | ||
| REPO_NAME=$(echo ${{ github.repository }} | awk -F '/' '{print $2}' | tr '[:upper:]' '[:lower:]') | ||
| echo "repo=${REPO_NAME}" >> $GITHUB_OUTPUT | ||
| if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then | ||
| echo "environment=prod" >> $GITHUB_OUTPUT | ||
| elif [[ "${{ github.ref }}" == "refs/heads/develop" ]]; then | ||
| echo "environment=stag" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "::error::Unsupported branch: ${{ github.event_name }} on ${{ github.ref }}" | ||
| exit 1 | ||
| fi | ||
| - name: Configure AWS credentials | ||
| uses: aws-actions/configure-aws-credentials@v2 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | ||
|
|
||
| - name: Login to Amazon ECR | ||
| id: login-ecr | ||
| uses: aws-actions/amazon-ecr-login@v2 | ||
|
|
||
| - name: Docker Build and Push | ||
| run: | | ||
| docker build -t ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com/${{ steps.ecr_repo.outputs.repo }}_${{ steps.ecr_repo.outputs.environment }}:${{ github.sha }} . | ||
| docker push ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com/${{ steps.ecr_repo.outputs.repo }}_${{ steps.ecr_repo.outputs.environment }}:${{ github.sha }} | ||
| - name: Checkout Private Repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| repository: NTF-marketplace/devops | ||
| fetch-depth: 0 | ||
| ref: develop | ||
| token: ${{ secrets.PAT }} | ||
|
|
||
| - name: Replace image tag in helm values (LOCAL) | ||
| uses: mikefarah/yq@master | ||
| env: | ||
| IMAGE_TAG: ${{ github.sha }} | ||
| with: | ||
| cmd: yq eval -i '.image.tag = env(IMAGE_TAG)' 'chart/${{ steps.ecr_repo.outputs.repo }}_${{ steps.ecr_repo.outputs.environment }}/values.yaml' | ||
|
|
||
| - name: Commit helm chart changes | ||
| env: | ||
| IMAGE_TAG: ${{ github.sha }} | ||
| run: | | ||
| cd chart/${{ steps.ecr_repo.outputs.repo }}_${{ steps.ecr_repo.outputs.environment }} | ||
| git config --global user.email "[email protected]" | ||
| git config --global user.name "dongdorrong" | ||
| git add values.yaml | ||
| git commit --message "ci: update ${{ steps.ecr_repo.outputs.repo }}_${{ steps.ecr_repo.outputs.environment }} image tag to $IMAGE_TAG" | ||
| - name: Push commit | ||
| uses: ad-m/github-push-action@master | ||
| with: | ||
| github_token: ${{ secrets.PAT }} | ||
| repository: NTF-marketplace/devops | ||
| branch: develop | ||
| # - name: Configure AWS credentials | ||
| # uses: aws-actions/configure-aws-credentials@v2 | ||
| # with: | ||
| # aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| # aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| # aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | ||
|
|
||
| # - name: Login to Amazon ECR | ||
| # uses: aws-actions/amazon-ecr-login@v2 | ||
|
|
||
| # - name: Docker Build and Push to ECR | ||
| # run: | | ||
| # docker build -t ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com/my-repo_prod:${{ github.sha }} . | ||
| # docker push ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com/my-repo_prod:${{ github.sha }} | ||
|
|
||
| # - name: Checkout Private Repository | ||
| # uses: actions/checkout@v4 | ||
| # with: | ||
| # repository: NTF-marketplace/devops | ||
| # fetch-depth: 0 | ||
| # ref: develop | ||
| # token: ${{ secrets.PAT }} | ||
|
|
||
| # - name: Replace image tag in helm values (LOCAL) | ||
| # uses: mikefarah/yq@master | ||
| # env: | ||
| # IMAGE_TAG: ${{ github.sha }} | ||
| # with: | ||
| # cmd: yq eval -i '.image.tag = env(IMAGE_TAG)' 'chart/my-repo_prod/values.yaml' | ||
|
|
||
| # - name: Commit helm chart changes | ||
| # env: | ||
| # IMAGE_TAG: ${{ github.sha }} | ||
| # run: | | ||
| # cd chart/my-repo_prod | ||
| # git config --global user.email "[email protected]" | ||
| # git config --global user.name "dongdorrong" | ||
|
|
||
| # git add values.yaml | ||
| # git commit --message "ci: update my-repo_prod image tag to $IMAGE_TAG" | ||
|
|
||
| # - name: Push commit | ||
| # uses: ad-m/github-push-action@master | ||
| # with: | ||
| # github_token: ${{ secrets.PAT }} | ||
| # repository: NTF-marketplace/devops | ||
| # branch: develop |