Skip to content

Merge pull request #2072 from vrk-kpa/AV-2055_cleanup_drupal_permissions #409

Merge pull request #2072 from vrk-kpa/AV-2055_cleanup_drupal_permissions

Merge pull request #2072 from vrk-kpa/AV-2055_cleanup_drupal_permissions #409

Workflow file for this run

name: Build and deploy containers
on:
push:
branches:
- master
workflow_dispatch:
jobs:
build-and-test-containers:
name: Build and test
uses: ./.github/workflows/test.yml
secrets: inherit
build-and-push:
name: Build and push containers
runs-on: ubuntu-latest
needs:
- build-and-test-containers
permissions:
id-token: write
contents: read
strategy:
fail-fast: false
matrix:
include:
- dockerfile: ./docker/solr/Dockerfile
context: ./docker/solr
submodules: ""
build-frontend: false
name: solr
build-container: ${{ needs.build-and-test-containers.outputs.solr == 'true' }}
- dockerfile: ./docker/datapusher-plus/Dockerfile
context: ./docker/datapusher-plus
submodules: ""
build-frontend: false
name: datapusher
build-container: ${{ needs.build-and-test-containers.outputs.datapusher == 'true' }}
- dockerfile: ./docker/nginx/Dockerfile
context: ./docker/nginx
submodules: ""
build-frontend: false
name: nginx
build-container: ${{ needs.build-and-test-containers.outputs.nginx == 'true' }}
- dockerfile: ./drupal/Dockerfile
context: ./drupal
submodules: ""
build-frontend: true
name: drupal
build-container: ${{ (needs.build-and-test-containers.outputs.drupal == 'true') || (needs.build-and-test-containers.outputs.assets == 'true') }}
- dockerfile: ./ckan/Dockerfile
context: ./ckan
submodules: recursive
build-frontend: true
name: ckan
build-container: ${{ (needs.build-and-test-containers.outputs.ckan == 'true') || (needs.build-and-test-containers.outputs.assets == 'true') }}
steps:
- name: checkout
uses: actions/checkout@v3
with:
submodules: ${{ matrix.submodules }}
- name: setup docker buildx
uses: docker/setup-buildx-action@v2
- name: configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1-node16
with:
role-to-assume: ${{ secrets.AWS_BUILD_ROLE }}
role-session-name: github-actions
aws-region: eu-west-1
- name: login to AWS ECR
id: login
uses: aws-actions/amazon-ecr-login@v1
- name: configure NPM credentials
if: ${{ matrix.build-frontend == true && matrix.build-container == true }}
run: |
cat <<EOT >> ./opendata-assets/.npmrc
@fortawesome:registry=https://npm.fontawesome.com/
//npm.fontawesome.com/:_authToken=$NPM_TOKEN
EOT
env:
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: install nodejs v16
if: ${{ matrix.build-frontend == true && matrix.build-container == true }}
uses: actions/setup-node@v3
with:
node-version: 16
cache: 'npm'
cache-dependency-path: opendata-assets/package-lock.json
- name: cache node_modules
if: ${{ matrix.build-frontend == true && matrix.build-container == true }}
uses: actions/cache@v3
id: cache-node_modules
with:
path: ./opendata-assets/node_modules
key: ${{ runner.os }}-build-node_v16-${{ hashFiles('opendata-assets/package-lock.json') }}
restore-keys: |
${{ runner.os }}-build-node_v16-
- name: install npm packages
if: ${{ matrix.build-frontend == true && matrix.build-container == true && steps.cache-node_modules.outputs.cache-hit != 'true'}}
run: npm ci
working-directory: ./opendata-assets
- name: build frontend with gulp
if: ${{ matrix.build-frontend == true && matrix.build-container == true }}
run: npx gulp
working-directory: ./opendata-assets
- name: build images
uses: docker/build-push-action@v4
if: ${{ matrix.build-container == true }}
with:
context: ${{ matrix.context }}
file: ${{ matrix.dockerfile }}
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
tags: |
${{ steps.login.outputs.registry }}/opendata/${{ matrix.name }}:${{ github.sha }}
${{ steps.login.outputs.registry }}/opendata/${{ matrix.name }}:latest
commit-new-images:
name: Commit new image tags
runs-on: ubuntu-latest
needs:
- build-and-test-containers
- build-and-push
permissions:
id-token: write
contents: write
outputs:
sha: ${{ steps.envtemplate.outputs.commit_sha || github.sha }}
steps:
- name: checkout
uses: actions/checkout@v3
with:
submodules: ${{ matrix.submodules }}
token: ${{ secrets.BOT_TOKEN }}
- name: Update .env.template to reference new ckan image
if: ${{ (needs.build-and-test-containers.outputs.ckan == 'true') || (needs.build-and-test-containers.outputs.assets == 'true')}}
run: |
sed -i.bak -E 's/^(CKAN_IMAGE_TAG[[:blank:]]*=[[:blank:]]*).*/\1\"'"${{ github.sha }}"'\"/' docker/.env.template
- name: Update .env.template to reference new drupal image
if: ${{ (needs.build-and-test-containers.outputs.drupal == 'true') || (needs.build-and-test-containers.outputs.assets == 'true')}}
run: |
sed -i.bak -E 's/^(DRUPAL_IMAGE_TAG[[:blank:]]*=[[:blank:]]*).*/\1\"'"${{ github.sha }}"'\"/' docker/.env.template
- name: Update .env.template to reference new solr image
if: ${{ (needs.build-and-test-containers.outputs.solr == 'true') }}
run: |
sed -i.bak -E 's/^(SOLR_IMAGE_TAG[[:blank:]]*=[[:blank:]]*).*/\1\"'"${{ github.sha }}"'\"/' docker/.env.template
- name: Update .env.template to reference new datapusher image
if: ${{ (needs.build-and-test-containers.outputs.datapusher == 'true') }}
run: |
sed -i.bak -E 's/^(DATAPUSHER_IMAGE_TAG[[:blank:]]*=[[:blank:]]*).*/\1\"'"${{ github.sha }}"'\"/' docker/.env.template
- name: Update .env.template to reference new nginx image
if: ${{ (needs.build-and-test-containers.outputs.nginx == 'true') }}
run: |
sed -i.bak -E 's/^(NGINX_IMAGE_TAG[[:blank:]]*=[[:blank:]]*).*/\1\"'"${{ github.sha }}"'\"/' docker/.env.template
- name: Commit updated .env.template
id: envtemplate
if: ${{ (needs.build-and-test-containers.outputs.ckan == 'true') ||
(needs.build-and-test-containers.outputs.assets == 'true') ||
(needs.build-and-test-containers.outputs.drupal == 'true' ) ||
(needs.build-and-test-containers.outputs.solr == 'true') ||
(needs.build-and-test-containers.outputs.nginx == 'true') ||
(needs.build-and-test-containers.outputs.datapusher == 'true') }}
run: |
git config user.name "YTP Bot"
git config user.email "[email protected]"
git add docker/.env.template
git commit -m "[skip ci] .env.template updated by new image tags"
git push
echo "commit_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
deploy-beta:
name: deploy-beta
runs-on: ubuntu-latest
timeout-minutes: 60
needs:
- build-and-test-containers
- build-and-push
- commit-new-images
concurrency:
group: ${{ github.ref }}/deploy-beta
permissions:
id-token: write
contents: read
steps:
- name: checkout
uses: actions/checkout@v3
with:
ref: ${{ needs.commit-new-images.outputs.sha }}
- name: install nodejs v16
uses: actions/setup-node@v3
with:
node-version: 16
- name: cache node_modules
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node_cdk_v16-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node_cdk_v16-
- name: install cdk npm packages and verify installation
working-directory: cdk
run: |
npm install
$(npm bin)/cdk doctor
- name: configure environment
shell: bash
run: |
# configure docker
cp -f docker/.env.template docker/.env
sed -i.bak -E 's/^(REGISTRY[[:blank:]]*=[[:blank:]]*).*/\1\"'"${REGISTRY}"'\"/' docker/.env
sed -i.bak -E 's/^(REPOSITORY[[:blank:]]*=[[:blank:]]*).*/\1\"'"${REPOSITORY}"'\"/' docker/.env
env:
REGISTRY: ${{ secrets.REGISTRY }}
REPOSITORY: ${{ secrets.REPOSITORY }}
- name: configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1-node16
with:
role-to-assume: ${{ secrets.AWS_BETA_DEPLOY_ROLE }}
role-session-name: github-actions
aws-region: eu-west-1
- name: build cdk project
working-directory: cdk
run: |
npm run build
- name: synthesize cdk stacks
working-directory: cdk
run: |
$(npm bin)/cdk synth WebStack-beta --quiet >/dev/null 2>&1
- name: deploy cdk stacks
working-directory: cdk
run: |
$(npm bin)/cdk deploy WebStack-beta --require-approval=never > /tmp/deploy.log 2>&1
- name: upload log artifacts
if: failure()
uses: actions/upload-artifact@v3
with:
name: deploy-logs
path: /tmp/deploy.log
- name: Notify Zulip
uses: zulip/github-actions-zulip/send-message@v1
with:
api-key: ${{ secrets.ZULIP_API_KEY }}
email: '[email protected]'
organization-url: 'https://turina.dvv.fi'
to: 'avoindata.fi'
type: 'stream'
topic: 'Beta Deployments'
content: 'Beta deployment succeeded! (${{ github.event.head_commit.message }})'