Merge pull request #21 from nautible/feature/githubactions #93
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Go CI Payment and Credit Application | |
| on: | |
| push: | |
| branches: ['develop', 'feature/*', 'hotfix/*'] | |
| paths: | |
| - 'cmd/**' | |
| - 'pkg/**' | |
| - 'package/**' | |
| - '.github/**' | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| environment: develop # for azure oidc | |
| env: | |
| IMAGE_TAG: ${{ github.sha }} | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Checkout manifest repo | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: nautible/nautible-app-ms-payment-manifest | |
| path: nautible-app-ms-payment-manifest | |
| # AWS | |
| - name: Configure AWS credentials | |
| id: login-aws | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/nautible-dev-githubactions-ecr-access-role | |
| aws-region: ap-northeast-1 | |
| continue-on-error: true | |
| - name: login-aws when command failure | |
| run: echo "result - aws login failure" | |
| if: steps.login-aws.outcome == 'failure' | |
| - name: Login to Amazon public ECR | |
| id: login-ecr | |
| run: | | |
| aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/nautible | |
| if: steps.login-aws.outcome == 'success' | |
| - name: PaymentApp Build, tag, and push image to Amazon ECR | |
| id: build-payment-image-service-ecr | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| ECR_REGISTRY: public.ecr.aws/nautible | |
| ECR_REPOSITORY: nautible-app-ms-payment | |
| run: | | |
| cd $GITHUB_WORKSPACE | |
| docker build --cache-from=$ECR_REGISTRY/$ECR_REPOSITORY:latest --build-arg CLOUD=aws --build-arg BUILDKIT_INLINE_CACHE=1 -t $ECR_REGISTRY/$ECR_REPOSITORY:latest -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f ./package/payment/Dockerfile . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| if: steps.login-aws.outcome == 'success' | |
| - name: CreditApp Build, tag, and push image to Amazon ECR | |
| id: build-credit-image-service-ecr | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| ECR_REGISTRY: public.ecr.aws/nautible | |
| ECR_REPOSITORY: nautible-app-ms-payment-credit | |
| run: | | |
| cd $GITHUB_WORKSPACE | |
| docker build --cache-from=$ECR_REGISTRY/$ECR_REPOSITORY:latest --build-arg CLOUD=aws --build-arg BUILDKIT_INLINE_CACHE=1 -t $ECR_REGISTRY/$ECR_REPOSITORY:latest -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f ./package/credit/Dockerfile . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| if: steps.login-aws.outcome == 'success' | |
| # Azure | |
| - name: Login via Azure CLI | |
| id: login-azure | |
| uses: azure/login@v1 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| continue-on-error: true | |
| - name: login-azure when command failure | |
| run: echo "result - azure login failure" | |
| if: steps.login-azure.outcome == 'failure' | |
| - name: Login Azure Acr | |
| id: login-azure-acr | |
| run: | | |
| az acr login -n nautibledevacr | |
| if: steps.login-azure.outcome == 'success' | |
| - name: PaymentApp Build, tag, and push image to Azure ACR | |
| id: build-payment-image-service-acr | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| ACR_REGISTRY: nautibledevacr.azurecr.io | |
| ACR_REPOSITORY: nautible-app-ms-payment | |
| run: | | |
| cd $GITHUB_WORKSPACE | |
| docker build --cache-from=$ACR_REGISTRY/$ACR_REPOSITORY:latest --build-arg CLOUD=azure --build-arg BUILDKIT_INLINE_CACHE=1 -t $ACR_REGISTRY/$ACR_REPOSITORY:latest -t $ACR_REGISTRY/$ACR_REPOSITORY:$IMAGE_TAG -f ./package/payment/Dockerfile . | |
| docker push $ACR_REGISTRY/$ACR_REPOSITORY:latest | |
| docker push $ACR_REGISTRY/$ACR_REPOSITORY:$IMAGE_TAG | |
| if: steps.login-azure.outcome == 'success' | |
| - name: CreditApp Build, tag, and push image to Azure ACR | |
| id: build-credit-image-service-acr | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| ACR_REGISTRY: nautibledevacr.azurecr.io | |
| ACR_REPOSITORY: nautible-app-ms-credit | |
| run: | | |
| cd $GITHUB_WORKSPACE | |
| docker build --cache-from=$ACR_REGISTRY/$ACR_REPOSITORY:latest --build-arg CLOUD=azure --build-arg BUILDKIT_INLINE_CACHE=1 -t $ACR_REGISTRY/$ACR_REPOSITORY:latest -t $ACR_REGISTRY/$ACR_REPOSITORY:$IMAGE_TAG -f ./package/credit/Dockerfile . | |
| docker push $ACR_REGISTRY/$ACR_REPOSITORY:latest | |
| docker push $ACR_REGISTRY/$ACR_REPOSITORY:$IMAGE_TAG | |
| if: steps.login-azure.outcome == 'success' | |
| # pullrequest | |
| - name: update feature branch image tag | |
| id: update-feature-branch-image-tag | |
| if: startsWith(github.ref_name, 'feature/') | |
| env: | |
| TOKEN: ${{ secrets.PAT }} | |
| BRANCH: ${{ github.ref_name }} | |
| APP_NAME: payment | |
| ACR_REGISTRY: nautibledevacr.azurecr.io | |
| run: | | |
| cd $GITHUB_WORKSPACE/nautible-app-ms-$APP_NAME-manifest | |
| HTTP_STATUS=$(curl -H "Accept: application/vnd.github+json" -H "Authorization: token $TOKEN" https://api.github.com/repos/nautible/nautible-app-ms-$APP_NAME-manifest/branches/$BRANCH -o /dev/null -w '%{http_code}\n' -s) | |
| if [ "$HTTP_STATUS" != '200' ]; then | |
| echo 'couldnt find remote branch. skip update manifest.' | |
| exit 0 | |
| fi | |
| git fetch origin $BRANCH && git checkout $BRANCH | |
| sed -i 's/image: public.ecr.aws\/nautible\/nautible-app-ms-'$APP_NAME':\(.*\)/image: public.ecr.aws\/nautible\/nautible-app-ms-'$APP_NAME':'$IMAGE_TAG'/' ./base/$APP_NAME-deploy.yaml | |
| sed -i 's/image: public.ecr.aws\/nautible\/nautible-app-ms-'$APP_NAME'-credit:\(.*\)/image: public.ecr.aws\/nautible\/nautible-app-ms-'$APP_NAME'-credit:'$IMAGE_TAG'/' ./base/$APP_NAME-credit-deploy.yaml | |
| sed -i 's/image: ${{ secrets.AZURE_REGISTRY_LOGIN_SERVER }}\/nautible-app-ms-'$APP_NAME':\(.*\)/image: ${{ secrets.AZURE_REGISTRY_LOGIN_SERVER }}\/nautible-app-ms-'$APP_NAME':'$IMAGE_TAG'/' ./overlays/azure/dev/$APP_NAME-deploy.yaml | |
| sed -i 's/image: ${{ secrets.AZURE_REGISTRY_LOGIN_SERVER }}\/nautible-app-ms-credit:\(.*\)/image: ${{ secrets.AZURE_REGISTRY_LOGIN_SERVER }}\/nautible-app-ms-credit:'$IMAGE_TAG'/' ./overlays/azure/dev/$APP_NAME-credit-deploy.yaml | |
| git config user.name github-actions[bot] | |
| git config user.email github-actions[bot]@users.noreply.github.com | |
| git add . | |
| git commit -m "update manifest" | |
| git push | |
| - name: pull request | |
| id: pull-request | |
| if: github.ref_name == 'develop' || startsWith(github.ref_name, 'hotfix/') | |
| env: | |
| TOKEN: ${{ secrets.PAT }} | |
| BRANCH: ${{ github.ref_name }} | |
| TAG: update-image-feature-${{ github.sha }} | |
| APP_NAME: payment | |
| ACR_REGISTRY: nautibledevacr.azurecr.io | |
| run: | | |
| cd $GITHUB_WORKSPACE/nautible-app-ms-$APP_NAME-manifest | |
| git fetch origin $BRANCH && git checkout $BRANCH | |
| git checkout -b $TAG $BRANCH | |
| sed -i 's/image: public.ecr.aws\/nautible\/nautible-app-ms-'$APP_NAME':\(.*\)/image: public.ecr.aws\/nautible\/nautible-app-ms-'$APP_NAME':'$IMAGE_TAG'/' ./base/$APP_NAME-deploy.yaml | |
| sed -i 's/image: public.ecr.aws\/nautible\/nautible-app-ms-'$APP_NAME'-credit:\(.*\)/image: public.ecr.aws\/nautible\/nautible-app-ms-'$APP_NAME'-credit:'$IMAGE_TAG'/' ./base/$APP_NAME-credit-deploy.yaml | |
| sed -i 's/image: ${{ secrets.AZURE_REGISTRY_LOGIN_SERVER }}\/nautible-app-ms-'$APP_NAME':\(.*\)/image: ${{ secrets.AZURE_REGISTRY_LOGIN_SERVER }}\/nautible-app-ms-'$APP_NAME':'$IMAGE_TAG'/' ./overlays/azure/dev/$APP_NAME-deploy.yaml | |
| sed -i 's/image: ${{ secrets.AZURE_REGISTRY_LOGIN_SERVER }}\/nautible-app-ms-credit:\(.*\)/image: ${{ secrets.AZURE_REGISTRY_LOGIN_SERVER }}\/nautible-app-ms-credit:'$IMAGE_TAG'/' ./overlays/azure/dev/$APP_NAME-credit-deploy.yaml | |
| git config user.name github-actions[bot] | |
| git config user.email github-actions[bot]@users.noreply.github.com | |
| git add . | |
| git commit -m "update manifest" | |
| git push --set-upstream origin $TAG | |
| curl -X POST -H "Accept: application/vnd.github.v3+json" -H "Authorization: token $TOKEN" "https://api.github.com/repos/nautible/nautible-app-ms-$APP_NAME-manifest/pulls" -d '{"title": "new image deploy request", "head": "nautible:'$TAG'", "base": "'$BRANCH'"}' -o /dev/null -w 'httpstatus:%{http_code}\n' -s |