Place the HRSE token first in the list. (#4) #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CICD staging" | |
on: | |
# Test run before merging | |
pull_request: | |
branches: | |
- main | |
# On merged | |
push: | |
branches: | |
- main | |
jobs: | |
build-docker: | |
permissions: | |
id-token: write | |
contents: write | |
runs-on: ubuntu-22.04 | |
if: github.actor != 'dependabot[bot]' && github.ref_name == 'main' | |
name: "Deploy image" | |
strategy: | |
fail-fast: false | |
matrix: | |
application: [zilliqa-bridge-validator] | |
include: | |
- application: zilliqa-bridge-validator | |
image_name: zilliqa-bridge-validator | |
path: bridge-validators | |
tag_length: 8 | |
tag_latest: false | |
env: | |
DOCKER_DOMAIN: asia-docker.pkg.dev | |
REGISTRY: asia-docker.pkg.dev/prj-d-devops-services-4dgwlsse/zilliqa-public | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
submodules: "true" | |
ref: ${{ github.event.pull_request.head.ref }} | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
fetch-depth: 0 | |
- name: Docker build and push - staging | |
uses: Zilliqa/gh-actions-workflows/actions/ci-dockerized-app-build-push@v2 | |
with: | |
context: ${{ matrix.path }} | |
push: ${{ github.ref_name == github.event.repository.default_branch }} | |
tag: asia-docker.pkg.dev/prj-d-devops-services-4dgwlsse/zilliqa-public/${{ matrix.image_name }} | |
tag-length: ${{ matrix.tag_length }} | |
tag-latest: ${{ matrix.tag_latest }} | |
registry: asia-docker.pkg.dev | |
workload-identity-provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}" | |
service-account: "${{ secrets.GCP_STG_GITHUB_SA_DOCKER_REGISTRY }}" | |
cache-key: ${{ env.REGISTRY }}/${{ matrix.image_name }}-cache | |
build-args: | | |
DEPLOY_ENV=stg | |
build-makefile: | |
permissions: | |
id-token: write | |
contents: write | |
runs-on: ubuntu-22.04 | |
# To test deployments, remove the github.ref_name clause: see devops/docs/z2-testing-apps.md - rrw 2024-04-12 | |
# && github.ref_name == 'main' | |
if: github.actor != 'dependabot[bot]' | |
name: "Build image with Makefile" | |
strategy: | |
fail-fast: false | |
matrix: | |
application: [zilliqa-bridge-web] | |
include: | |
- application: zilliqa-bridge-web | |
image_name: zilliqa-bridge-web | |
path: bridge-web | |
tag_length: 8 | |
tag_latest: false | |
env: | |
DOCKER_DOMAIN: asia-docker.pkg.dev | |
REGISTRY: asia-docker.pkg.dev/prj-d-devops-services-4dgwlsse/zilliqa-public | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
ref: ${{ github.event.pull_request.head.ref }} | |
repository: ${{ github.event.pull_request.head.repo.full_name }} | |
fetch-depth: 0 | |
- name: "Authenticate to Google Cloud - staging" | |
id: google-auth | |
uses: "google-github-actions/auth@v1" | |
with: | |
token_format: "access_token" | |
workload_identity_provider: "${{ secrets.GCP_PRD_GITHUB_WIF }}" | |
service_account: "${{ secrets.GCP_STG_GITHUB_SA_DOCKER_REGISTRY }}" | |
create_credentials_file: true | |
- name: Login to the registry - staging | |
uses: docker/login-action@v2 | |
with: | |
registry: ${{ env.DOCKER_DOMAIN }} | |
username: "oauth2accesstoken" | |
password: "${{ steps.google-auth.outputs.access_token }}" | |
- name: Get tag version - staging | |
id: set-tag | |
uses: Zilliqa/gh-actions-workflows/actions/generate-tag@v1 | |
with: | |
tag: ${{ env.REGISTRY }}/${{ matrix.image_name }} | |
length: ${{ matrix.tag_length }} | |
- name: "Build and push ${{ matrix.application }} - staging" | |
env: | |
ENVIRONMENT: stg | |
IMAGE_TAG: ${{ steps.set-tag.outputs.tags }} | |
ENV_FILES_DECRYPTER_NONPRD: ${{ secrets.ENV_FILES_DECRYPTER_NONPRD }} | |
ENV_FILES_DECRYPTER_PRD: ${{ secrets.ENV_FILES_DECRYPTER_PRD }} | |
run: | | |
cd ${{ matrix.path }} | |
make image/build-and-push | |
- name: "Build and push ${{ matrix.application }} tag latest - staging" | |
if: ${{ matrix.tag_latest == true }} | |
env: | |
ENVIRONMENT: stg | |
IMAGE_TAG: "${{ env.REGISTRY }}/${{ matrix.image_name }}:latest" | |
ENV_FILES_DECRYPTER_NONPRD: ${{ secrets.ENV_FILES_DECRYPTER_NONPRD }} | |
ENV_FILES_DECRYPTER_PRD: ${{ secrets.ENV_FILES_DECRYPTER_PRD }} | |
run: | | |
cd ${{ matrix.path }} | |
make image/build-and-push |