-
Notifications
You must be signed in to change notification settings - Fork 0
122 lines (112 loc) · 5.77 KB
/
build-node.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: Node CI
on:
push:
branches: ["develop", "feature/*", "hotfix/*"]
workflow_dispatch:
permissions:
id-token: write
contents: read
jobs:
build:
runs-on: ubuntu-latest
environment: develop # for azure oidc
env:
IMAGE_TAG: ${{ github.sha }}
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Checkout manifest repo
uses: actions/checkout@v3
with:
repository: nautible/nautible-app-examples-manifest
path: nautible-app-examples-manifest
token: ${{ secrets.PAT }}
# AWS
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/nautible-dev-githubactions-ecr-access-role
aws-region: ap-northeast-1
- name: Login to Amazon public ECR
id: login-ecr
run: |
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/nautible
- name: examples node Build, tag, and push image to Amazon ECR
id: build-image-service-ecr
env:
DOCKER_BUILDKIT: 1
ECR_REGISTRY: public.ecr.aws/nautible
ECR_REPOSITORY: nautible-app-examples-node
run: |
cd $GITHUB_WORKSPACE/nautible-app-examples-node
docker build --cache-from=$ECR_REGISTRY/$ECR_REPOSITORY:latest --build-arg BUILDKIT_INLINE_CACHE=1 -t $ECR_REGISTRY/$ECR_REPOSITORY:latest -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f ./docker/Dockerfile .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
# Azure
- name: Login via Azure CLI
id: login-acr
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Login Azure Acr
id: login-azure-acr
run: |
az acr login -n nautibledevacr
- name: examples node Build, tag, and push image to Azure ACR
id: build-image-service-acr
env:
DOCKER_BUILDKIT: 1
ACR_REGISTRY: nautibledevacr.azurecr.io
ACR_REPOSITORY: nautible-app-examples-node
run: |
cd $GITHUB_WORKSPACE/nautible-app-examples-node
docker build --cache-from=$ACR_REGISTRY/$ACR_REPOSITORY:latest --build-arg BUILDKIT_INLINE_CACHE=1 -t $ACR_REGISTRY/$ACR_REPOSITORY:latest -t $ACR_REGISTRY/$ACR_REPOSITORY:$IMAGE_TAG -f ./docker/Dockerfile .
docker push $ACR_REGISTRY/$ACR_REPOSITORY:latest
docker push $ACR_REGISTRY/$ACR_REPOSITORY:$IMAGE_TAG
- name: update feature branch image tag
id: update-feature-branch-image-tag
if: startsWith(github.ref_name, 'feature/')
env:
TOKEN: ${{ secrets.PAT }}
BRANCH: ${{ github.ref_name }}
APP_NAME: examples
ACR_REGISTRY: nautibledevacr.azurecr.io
run: |
cd $GITHUB_WORKSPACE/nautible-app-$APP_NAME-manifest
HTTP_STATUS=$(curl -H "Accept: application/vnd.github+json" -H "Authorization: token $TOKEN" https://api.github.com/repos/nautible/nautible-app-$APP_NAME-manifest/branches/$BRANCH -o /dev/null -w '%{http_code}\n' -s)
if [ "$HTTP_STATUS" != '200' ]; then
echo 'couldnt find remote branch. skip update manifest.'
exit 0
fi
git fetch origin $BRANCH && git checkout $BRANCH
sed -i 's/image: public.ecr.aws\/nautible\/nautible-app-'$APP_NAME'-node:\(.*\)/image: public.ecr.aws\/nautible\/nautible-app-'$APP_NAME'-node:'$IMAGE_TAG'/' ./nautible-app-$APP_NAME-manifest-node/overlays/aws/dev/$APP_NAME-deployment.yaml
sed -i 's/image: '$ACR_REGISTRY'\/nautible-app-'$APP_NAME'-node:\(.*\)/image: '$ACR_REGISTRY'\/nautible-app-'$APP_NAME'-node:'$IMAGE_TAG'/' ./nautible-app-$APP_NAME-manifest-node/overlays/azure/dev/$APP_NAME-deployment.yaml
git config user.name github-actions
git config user.email [email protected]
git add .
git commit -m "update manifest"
git push
# - name: pull request
# id: pull-request
# if: github.ref_name == 'develop' || startsWith(github.ref_name, 'hotfix/')
# env:
# TOKEN: ${{ secrets.PAT }}
# BRANCH: ${{ github.ref_name }}
# TAG: update-image-feature-${{ github.sha }}
# APP_NAME: examples
# ACR_REGISTRY: nautibledevacr.azurecr.io
# run: |
# cd $GITHUB_WORKSPACE/nautible-app-$APP_NAME-manifest
# git fetch origin $BRANCH && git checkout $BRANCH
# git checkout -b $TAG $BRANCH
# sed -i 's/image: public.ecr.aws\/nautible\/nautible-app-'$APP_NAME'-node:\(.*\)/image: public.ecr.aws\/nautible\/nautible-app-'$APP_NAME'-node:'$IMAGE_TAG'/' ./nautible-app-$APP_NAME-manifest-node/overlays/aws/dev/$APP_NAME-deployment.yaml
# sed -i 's/image: '$ACR_REGISTRY'\/nautible-app-'$APP_NAME'-node:\(.*\)/image: '$ACR_REGISTRY'\/nautible-app-'$APP_NAME'-node:'$IMAGE_TAG'/' ./nautible-app-$APP_NAME-manifest-node/overlays/azure/dev/$APP_NAME-deployment.yaml
# git config user.name github-actions
# git config user.email [email protected]
# git add .
# git commit -m "update manifest"
# git push --set-upstream origin $TAG
# curl -X POST -H "Accept: application/vnd.github.v3+json" -H "Authorization: token $TOKEN" "https://api.github.com/repos/nautible/nautible-app-$APP_NAME-manifest/pulls" -d '{"title": "new image deploy request", "head": "nautible:'$TAG'", "base": "'$BRANCH'"}' -o /dev/null -w 'httpstatus:%{http_code}\n' -s