Score Humanitec - New route
support
#55
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# You need to set up Workload Identity Federation in your Google Cloud project in order to use this GitHub Actions definition: https://medium.com/p/3932dce678b8. | |
# And the secrets.GSA_ID needs to have the roles/artifactregistry.repoAdmin role in order push and delete container images. | |
name: open-pr | |
permissions: | |
contents: read | |
id-token: write | |
pull-requests: write | |
on: | |
pull_request: | |
env: | |
ENVIRONMENT_ID: pr-${{ github.event.number }} | |
IMAGE_NAME: ${{ secrets.REGISTRY_LOCATION }}-docker.pkg.dev/${{ secrets.PROJECT_ID }}/${{ secrets.REGISTRY_NAME }}/${{ vars.APP_NAME }} | |
SCORE_COMPOSE_VERSION: 'latest' | |
SCORE_HELM_VERSION: 'latest' | |
SCORE_HUMANITEC_VERSION: 'latest' | |
jobs: | |
build-run-test-push: | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout code | |
uses: actions/checkout@v3 | |
- name: install score-compose | |
uses: score-spec/setup-score@v2 | |
with: | |
file: score-compose | |
token: ${{ secrets.GITHUB_TOKEN }} | |
version: ${{ env.SCORE_COMPOSE_VERSION }} | |
- name: generate docker compose files | |
run: | | |
score-compose run \ | |
--build app/ \ | |
-f score/score.yaml \ | |
-o ${{ vars.APP_NAME }}-compose.yaml | |
cat <<EOF > base-compose.yaml | |
services: | |
my-sample-app: | |
image: ${{ env.IMAGE_NAME }}:${{ env.ENVIRONMENT_ID }} | |
read_only: true | |
cap_drop: | |
- ALL | |
user: "1000" | |
EOF | |
- name: build & run container | |
run: | | |
docker compose \ | |
-f ${{ vars.APP_NAME }}-compose.yaml \ | |
-f base-compose.yaml \ | |
up \ | |
-d \ | |
--wait \ | |
--wait-timeout 30 | |
- name: test container | |
run: | | |
sleep 10 | |
curl \ | |
-s \ | |
--connect-timeout 30 \ | |
localhost:8080 | |
- name: create kind cluster | |
run: | | |
kind create cluster | |
kind load docker-image ${{ env.IMAGE_NAME }}:${{ env.ENVIRONMENT_ID }} | |
- name: install score-helm | |
uses: score-spec/setup-score@v2 | |
with: | |
file: score-helm | |
token: ${{ secrets.GITHUB_TOKEN }} | |
version: ${{ env.SCORE_HELM_VERSION }} | |
- name: generate helm values file | |
run: | | |
score-helm run \ | |
-f score/score.yaml \ | |
-o ${{ vars.APP_NAME }}-values.yaml | |
- name: helm install | |
id: helm-install | |
run: | | |
helm repo add \ | |
score-helm-charts \ | |
https://score-spec.github.io/score-helm-charts | |
helm install \ | |
${{ vars.APP_NAME }} \ | |
score-helm-charts/workload \ | |
--values ${{ vars.APP_NAME }}-values.yaml \ | |
--set containers.${{ vars.APP_NAME }}.image.name=${{ env.IMAGE_NAME }}:${{ env.ENVIRONMENT_ID }} \ | |
--wait \ | |
--timeout=30s | |
kubectl wait \ | |
--for=condition=available \ | |
--timeout=30s \ | |
deployment/${{ vars.APP_NAME }} | |
- name: catch helm install errors | |
if: ${{ failure() && steps.helm-install.outcome == 'failure' }} | |
run: | | |
kubectl get events | |
kubectl logs \ | |
-l app.kubernetes.io/name=${{ vars.APP_NAME }} | |
- name: authenticate to google cloud | |
uses: google-github-actions/auth@v1 | |
with: | |
workload_identity_provider: '${{ secrets.WI_PROVIDER_ID }}' | |
service_account: '${{ secrets.GSA_ID }}' | |
- name: setup gcloud | |
uses: google-github-actions/setup-gcloud@v1 | |
with: | |
version: latest | |
- name: sign-in to gar | |
run: | | |
gcloud auth configure-docker \ | |
${{ secrets.REGISTRY_LOCATION }}-docker.pkg.dev \ | |
--quiet | |
- name: delete previous container image in gar | |
run: | | |
gcloud artifacts docker images delete \ | |
${IMAGE_NAME}:${{ env.ENVIRONMENT_ID }} \ | |
--delete-tags \ | |
--quiet \ | |
|| true | |
- name: push the container to gar | |
run: | | |
docker push \ | |
${{ env.IMAGE_NAME }}:${{ env.ENVIRONMENT_ID }} | |
deploy-preview-env: | |
needs: build-run-test-push | |
runs-on: ubuntu-latest | |
env: | |
BASE_ENVIRONMENT: 'development' | |
ENVIRONMENT_TYPE: 'development' | |
ENVIRONMENT_NAME: PR-${{ github.event.number }} | |
steps: | |
- name: checkout code | |
uses: actions/checkout@v3 | |
- name: create humanitec preview env | |
run: | | |
.github/workflows/bin/humctl create environment ${{ env.ENVIRONMENT_ID }} \ | |
--token ${{ secrets.HUMANITEC_TOKEN }} \ | |
--context /orgs/${{ secrets.HUMANITEC_ORG }}/apps/${{ vars.APP_NAME }} \ | |
--name ${{ env.ENVIRONMENT_NAME }} \ | |
-t ${{ env.ENVIRONMENT_TYPE }} \ | |
--from ${{ env.BASE_ENVIRONMENT }} \ | |
|| true | |
- name: authenticate to google cloud | |
uses: google-github-actions/auth@v1 | |
with: | |
workload_identity_provider: '${{ secrets.WI_PROVIDER_ID }}' | |
service_account: '${{ secrets.GSA_ID }}' | |
- name: setup gcloud | |
uses: google-github-actions/setup-gcloud@v1 | |
with: | |
version: latest | |
- name: sign-in to gar | |
run: | | |
gcloud auth configure-docker \ | |
${{ secrets.REGISTRY_LOCATION }}-docker.pkg.dev \ | |
--quiet | |
- name: get container image digest | |
run: | | |
echo "IMAGE_DIGEST=$(oras manifest fetch ${{ env.IMAGE_NAME }}:${{ env.ENVIRONMENT_ID }} \ | |
--descriptor \ | |
| jq -r .digest)" >> $GITHUB_ENV | |
- name: install score-humanitec | |
uses: score-spec/setup-score@v2 | |
with: | |
file: score-humanitec | |
token: ${{ secrets.GITHUB_TOKEN }} | |
version: ${{ env.SCORE_HUMANITEC_VERSION }} | |
- name: deploy score-humanitec | |
run: | | |
score-humanitec delta \ | |
--retry \ | |
--deploy \ | |
--token ${{ secrets.HUMANITEC_TOKEN }} \ | |
--org ${{ secrets.HUMANITEC_ORG }} \ | |
--app ${{ vars.APP_NAME }} \ | |
--env ${{ env.ENVIRONMENT_ID }} \ | |
-f score/score.yaml \ | |
--extensions score/humanitec.score.yaml \ | |
--property containers.${{ vars.APP_NAME }}.image=${{ env.IMAGE_NAME }}@${IMAGE_DIGEST} \ | |
| tee score_output.json | |
- name: wait for deployment | |
run: | | |
sleep 1 | |
IS_DONE=false | |
while [ "$IS_DONE" = false ]; do | |
CURRENT_STATUS=$(.github/workflows/bin/humctl get environment ${{ env.ENVIRONMENT_ID }} -o json \ | |
--token ${{ secrets.HUMANITEC_TOKEN }} \ | |
--context /orgs/${{ secrets.HUMANITEC_ORG }}/apps/${{ vars.APP_NAME }} \ | |
| jq -r .object.last_deploy.status) | |
INPROGRESS="in progress" | |
if [ "$CURRENT_STATUS" = "$INPROGRESS" ]; then | |
echo "Deployment still in progress..." | |
sleep 1 | |
else | |
echo "Deployment complete!" | |
IS_DONE=true | |
fi | |
done | |
- name: build comment message | |
run: | | |
ENV_URL=$(jq -r ".metadata.url" score_output.json) | |
DEPLOYMENT_ID=$(jq -r ".id" score_output.json) | |
DOMAINS=$(.github/workflows/bin/humctl get active-resources \ | |
--token ${{ secrets.HUMANITEC_TOKEN }} \ | |
--context /orgs/${{ secrets.HUMANITEC_ORG }}/apps/${{ vars.APP_NAME }}/envs/${{ env.ENVIRONMENT_ID }} -o json \ | |
| jq -r '. | map(. | select(.object.type == "dns")) | map((.object.res_id | split(".") | .[1]) + ": [" + .object.resource.host + "](https://" + .object.resource.host + ")") | join("\n")') | |
echo "## Deployment Complete for ${{ env.ENVIRONMENT_NAME }}! :tada:" >> pr_message.txt | |
echo "" >> pr_message.txt | |
echo "### [View in Humanitec]($ENV_URL)" >> pr_message.txt | |
echo "Deployment ID: $DEPLOYMENT_ID" >> pr_message.txt | |
echo "" >> pr_message.txt | |
echo "### Domains:" >> pr_message.txt | |
echo "" >> pr_message.txt | |
echo "$DOMAINS" >> pr_message.txt | |
echo "" >> pr_message.txt | |
echo "<details><summary>Deployment diff</summary>" >> pr_message.txt | |
echo "" >> pr_message.txt | |
echo "### Deployment diff:" >> pr_message.txt | |
echo '```json' >> pr_message.txt | |
echo "" >> pr_message.txt | |
.github/workflows/bin/humctl diff env ${{ env.ENVIRONMENT_ID }} ${{ env.BASE_ENVIRONMENT }} \ | |
--token ${{ secrets.HUMANITEC_TOKEN }} \ | |
--context /orgs/${{ secrets.HUMANITEC_ORG }}/apps/${{ vars.APP_NAME }} -o json >> pr_message.txt | |
echo "" >> pr_message.txt | |
echo '```' >> pr_message.txt | |
echo "" >> pr_message.txt | |
echo "</details>" >> pr_message.txt | |
echo "<details><summary>Score Output</summary>" >> pr_message.txt | |
echo "" >> pr_message.txt | |
echo "### Score Output:" >> pr_message.txt | |
echo '```json' >> pr_message.txt | |
echo "" >> pr_message.txt | |
cat score_output.json >> pr_message.txt | |
echo "" >> pr_message.txt | |
echo '```' >> pr_message.txt | |
echo "" >> pr_message.txt | |
echo "</details>" >> pr_message.txt | |
cat pr_message.txt | |
- name: comment pr | |
uses: thollander/actions-comment-pull-request@v2 | |
with: | |
filePath: pr_message.txt |