Build and deploy from branch. #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, push and update | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| skip-unit-test: | |
| type: boolean | |
| required: true | |
| description: Skip unit-test | |
| jobs: | |
| build_push_update: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| packages: write | |
| contents: write | |
| steps: | |
| # | |
| # Checkout the source code. | |
| # | |
| - name: Checkout the source code | |
| uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab | |
| with: | |
| token: ${{ secrets.GIT_PAT }} | |
| fetch-depth: 0 | |
| # | |
| # Cache JDK. | |
| # | |
| - name: Cache JDK | |
| uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 | |
| id: cache-jdk | |
| with: | |
| key: OpenJDK21U-jdk_x64_linux_hotspot_21.0.2_13.tar.gz | |
| path: | | |
| ${{ runner.temp }}/jdk_setup.tar.gz | |
| ${{ runner.temp }}/jdk_setup.sha256 | |
| # | |
| # Download JDK and verify its hash. | |
| # | |
| - name: Download JDK and verify its hash | |
| if: steps.cache-jdk.outputs.cache-hit != 'true' | |
| run: | | |
| echo "454bebb2c9fe48d981341461ffb6bf1017c7b7c6e15c6b0c29b959194ba3aaa5 ${{ runner.temp }}/jdk_setup.tar.gz" >> ${{ runner.temp }}/jdk_setup.sha256 | |
| curl -L "https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.2%2B13/OpenJDK21U-jdk_x64_linux_hotspot_21.0.2_13.tar.gz" -o "${{ runner.temp }}/jdk_setup.tar.gz" | |
| sha256sum --check --status "${{ runner.temp }}/jdk_setup.sha256" | |
| # | |
| # Setup JDK. | |
| # | |
| - name: Setup JDK | |
| uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 | |
| with: | |
| distribution: "jdkfile" | |
| jdkFile: "${{ runner.temp }}/jdk_setup.tar.gz" | |
| java-version: "21" | |
| cache: maven | |
| # | |
| # Cache Maven. | |
| # | |
| - name: Cache Maven | |
| uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 | |
| id: cache-maven | |
| with: | |
| key: apache-maven-3.9.6-bin.tar.gz | |
| path: | | |
| ${{ runner.temp }}/maven_setup.tar.gz | |
| ${{ runner.temp }}/maven_setup.sha256 | |
| # | |
| # Download Maven and verify its hash. | |
| # | |
| - name: Download Maven and verify its hash | |
| if: steps.cache-maven.outputs.cache-hit != 'true' | |
| run: | | |
| echo "6eedd2cae3626d6ad3a5c9ee324bd265853d64297f07f033430755bd0e0c3a4b ${{ runner.temp }}/maven_setup.tar.gz" >> ${{ runner.temp }}/maven_setup.sha256 | |
| curl -L "https://archive.apache.org/dist/maven/maven-3/3.9.6/binaries/apache-maven-3.9.6-bin.tar.gz" -o "${{ runner.temp }}/maven_setup.tar.gz" | |
| sha256sum --check --status "${{ runner.temp }}/maven_setup.sha256" | |
| # | |
| # Setup Maven. | |
| # | |
| - name: Setup Maven | |
| run: | | |
| mkdir ${{ runner.temp }}/maven | |
| tar -xvf ${{ runner.temp }}/maven_setup.tar.gz -C ${{ runner.temp }}/maven --strip-components=1 | |
| echo "<settings><servers><server><id>github</id><username>${{ secrets.GIT_USER }}</username><password>${{ secrets.GIT_PAT }}</password></server></servers></settings>" >> ${{ runner.temp }}/settings.xml | |
| # | |
| # Build native executable. | |
| # | |
| - name: Build native executable | |
| run: ${{ runner.temp }}/maven/bin/mvn clean package -Pnative -Dmaven.test.skip=true -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image@sha256:ce70e1a8016471ff0fc9c8f048cd9e37afddacd3de37ed0bca74201d102e45f5 -s ${{ runner.temp }}/settings.xml --no-transfer-progress | |
| # | |
| # Build Docker image. | |
| # | |
| - name: Build Docker image | |
| run: | | |
| BRANCH_NAME="${GITHUB_REF////_}" | |
| docker build -f src/main/docker/Dockerfile.native-micro -t ghcr.io/${{ github.repository }}:$BRANCH_NAME . | |
| # | |
| # Push Docker image. | |
| # | |
| - name: Push Docker image | |
| run: | | |
| echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| docker push -a ghcr.io/${{ github.repository }} | |
| # | |
| # Get Docker image with sha256. | |
| # | |
| - name: Get Docker image with sha256 | |
| run: echo "image_sha256=$(docker image inspect -f '{{index .RepoDigests 0}}' ghcr.io/${{ github.repository }}:$BRANCH_NAME)" >> "$GITHUB_ENV" | |
| # | |
| # Login to Azure. | |
| # | |
| - name: Login to Azure | |
| uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| # | |
| # Update Container App. | |
| # | |
| - name: Update Container App | |
| uses: azure/CLI@fa0f960f00db49b95fdb54328a767aee31e80105 | |
| with: | |
| inlineScript: | | |
| az config set extension.use_dynamic_install=yes_without_prompt | |
| az containerapp update -n ${{ secrets.AZURE_CONTAINER_APP_NAME }} -g ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} -i ${{ env.image_sha256 }} |