-
Notifications
You must be signed in to change notification settings - Fork 0
140 lines (124 loc) · 5.04 KB
/
build-n-push-main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: Build, push and update
on:
workflow_dispatch:
inputs:
skip-unit-test:
type: boolean
required: true
description: Skip unit-test
jobs:
build_push_update:
runs-on: ubuntu-latest
permissions:
id-token: write
packages: write
contents: write
steps:
#
# Checkout the source code.
#
- name: Checkout the source code
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
with:
token: ${{ secrets.GIT_PAT }}
fetch-depth: 0
#
# Cache JDK.
#
- name: Cache JDK
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
id: cache-jdk
with:
key: OpenJDK21U-jdk_x64_linux_hotspot_21.0.2_13.tar.gz
path: |
${{ runner.temp }}/jdk_setup.tar.gz
${{ runner.temp }}/jdk_setup.sha256
#
# Download JDK and verify its hash.
#
- name: Download JDK and verify its hash
if: steps.cache-jdk.outputs.cache-hit != 'true'
run: |
echo "454bebb2c9fe48d981341461ffb6bf1017c7b7c6e15c6b0c29b959194ba3aaa5 ${{ runner.temp }}/jdk_setup.tar.gz" >> ${{ runner.temp }}/jdk_setup.sha256
curl -L "https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.2%2B13/OpenJDK21U-jdk_x64_linux_hotspot_21.0.2_13.tar.gz" -o "${{ runner.temp }}/jdk_setup.tar.gz"
sha256sum --check --status "${{ runner.temp }}/jdk_setup.sha256"
#
# Setup JDK.
#
- name: Setup JDK
uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2
with:
distribution: "jdkfile"
jdkFile: "${{ runner.temp }}/jdk_setup.tar.gz"
java-version: "21"
cache: maven
#
# Cache Maven.
#
- name: Cache Maven
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
id: cache-maven
with:
key: apache-maven-3.9.6-bin.tar.gz
path: |
${{ runner.temp }}/maven_setup.tar.gz
${{ runner.temp }}/maven_setup.sha256
#
# Download Maven and verify its hash.
#
- name: Download Maven and verify its hash
if: steps.cache-maven.outputs.cache-hit != 'true'
run: |
echo "6eedd2cae3626d6ad3a5c9ee324bd265853d64297f07f033430755bd0e0c3a4b ${{ runner.temp }}/maven_setup.tar.gz" >> ${{ runner.temp }}/maven_setup.sha256
curl -L "https://archive.apache.org/dist/maven/maven-3/3.9.6/binaries/apache-maven-3.9.6-bin.tar.gz" -o "${{ runner.temp }}/maven_setup.tar.gz"
sha256sum --check --status "${{ runner.temp }}/maven_setup.sha256"
#
# Setup Maven.
#
- name: Setup Maven
run: |
mkdir ${{ runner.temp }}/maven
tar -xvf ${{ runner.temp }}/maven_setup.tar.gz -C ${{ runner.temp }}/maven --strip-components=1
echo "<settings><servers><server><id>github</id><username>${{ secrets.GIT_USER }}</username><password>${{ secrets.GIT_PAT }}</password></server></servers></settings>" >> ${{ runner.temp }}/settings.xml
#
# Build native executable.
#
- name: Build native executable
run: ${{ runner.temp }}/maven/bin/mvn clean package -Pnative -Dmaven.test.skip=${{ github.event.inputs.skip-unit-test }} -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image@sha256:05baf3fd2173f6f25ad35216b6b066c35fbfb97f06daba75efb5b22bc0a85b9c -s ${{ runner.temp }}/settings.xml --no-transfer-progress
#
# Build Docker image.
#
- name: Build Docker image
run: |
BRANCH_NAME="${GITHUB_REF////_}"
docker build -f src/main/docker/Dockerfile.native-micro -t ghcr.io/${{ github.repository }}:$BRANCH_NAME .
#
# Push Docker image.
#
- name: Push Docker image
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
docker push -a ghcr.io/${{ github.repository }}
#
# Get Docker image with sha256.
#
- name: Get Docker image with sha256
run: echo "image_sha256=$(docker image inspect -f '{{index .RepoDigests 0}}' ghcr.io/${{ github.repository }}:$BRANCH_NAME)" >> "$GITHUB_ENV"
#
# Login to Azure.
#
- name: Login to Azure
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
#
# Update Container App.
#
- name: Update Container App
uses: azure/CLI@fa0f960f00db49b95fdb54328a767aee31e80105
with:
inlineScript: |
az config set extension.use_dynamic_install=yes_without_prompt
az containerapp update -n ${{ secrets.AZURE_CONTAINER_APP_NAME }} -g ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} -i ${{ env.image_sha256 }}