AWS,Azureともログイン成功時のみ処理する #88

Summary
Jobs
- build
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/build-payment.yml at 7716e9a

	name: Go CI Payment and Credit Application

	on:
	push:
	branches: ['develop', 'feature/', 'hotfix/']
	paths:
	- 'cmd/**'
	- 'pkg/**'
	- 'package/**'
	- '.github/**'
	workflow_dispatch:

	permissions:
	id-token: write
	contents: read

	jobs:
	build:
	runs-on: ubuntu-latest

	environment: develop # for azure oidc

	env:
	IMAGE_TAG: ${{ github.sha }}

	steps:
	- name: Checkout repo
	uses: actions/checkout@v3
	- name: Checkout manifest repo
	uses: actions/checkout@v3
	with:
	repository: nautible/nautible-app-ms-payment-manifest
	path: nautible-app-ms-payment-manifest
	token: ${{ secrets.PAT }}

	# AWS
	- name: Configure AWS credentials
	id: login-aws
	uses: aws-actions/configure-aws-credentials@v1
	with:
	role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/nautible-dev-githubactions-ecr-access-role
	aws-region: ap-northeast-1
	continue-on-error: true

	- name: login-aws when command failure
	run: echo "result - aws login failure"
	if: steps.login-aws.outcome == 'failure'

	- name: Login to Amazon public ECR
	id: login-ecr
	run: \|
	aws ecr-public get-login-password --region us-east-1 \| docker login --username AWS --password-stdin public.ecr.aws/nautible
	if: steps.login-aws.outcome == 'success'

	- name: PaymentApp Build, tag, and push image to Amazon ECR
	id: build-payment-image-service-ecr
	env:
	DOCKER_BUILDKIT: 1
	ECR_REGISTRY: public.ecr.aws/nautible
	ECR_REPOSITORY: nautible-app-ms-payment
	run: \|
	cd $GITHUB_WORKSPACE
	docker build --cache-from=$ECR_REGISTRY/$ECR_REPOSITORY:latest --build-arg CLOUD=aws --build-arg BUILDKIT_INLINE_CACHE=1 -t $ECR_REGISTRY/$ECR_REPOSITORY:latest -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f ./package/payment/Dockerfile .
	docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
	docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
	if: steps.login-aws.outcome == 'success'

	- name: CreditApp Build, tag, and push image to Amazon ECR
	id: build-credit-image-service-ecr
	env:
	DOCKER_BUILDKIT: 1
	ECR_REGISTRY: public.ecr.aws/nautible
	ECR_REPOSITORY: nautible-app-ms-payment-credit
	run: \|
	cd $GITHUB_WORKSPACE
	docker build --cache-from=$ECR_REGISTRY/$ECR_REPOSITORY:latest --build-arg CLOUD=aws --build-arg BUILDKIT_INLINE_CACHE=1 -t $ECR_REGISTRY/$ECR_REPOSITORY:latest -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f ./package/credit/Dockerfile .
	docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
	docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
	if: steps.login-aws.outcome == 'success'

	# Azure
	- name: Login via Azure CLI
	id: login-azure
	uses: azure/login@v1
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
	continue-on-error: true

	- name: login-azure when command failure
	run: echo "result - azure login failure"
	if: steps.login-azure.outcome == 'failure'

	- name: Login Azure Acr
	id: login-azure-acr
	run: \|
	az acr login -n nautibledevacr
	if: steps.login-azure.outcome == 'success'

	- name: PaymentApp Build, tag, and push image to Azure ACR
	id: build-payment-image-service-acr
	env:
	DOCKER_BUILDKIT: 1
	ACR_REGISTRY: nautibledevacr.azurecr.io
	ACR_REPOSITORY: nautible-app-ms-payment
	run: \|
	cd $GITHUB_WORKSPACE
	docker build --cache-from=$ACR_REGISTRY/$ACR_REPOSITORY:latest --build-arg CLOUD=azure --build-arg BUILDKIT_INLINE_CACHE=1 -t $ACR_REGISTRY/$ACR_REPOSITORY:latest -t $ACR_REGISTRY/$ACR_REPOSITORY:$IMAGE_TAG -f ./package/payment/Dockerfile .
	docker push $ACR_REGISTRY/$ACR_REPOSITORY:latest
	docker push $ACR_REGISTRY/$ACR_REPOSITORY:$IMAGE_TAG
	if: steps.login-azure.outcome == 'success'

	- name: CreditApp Build, tag, and push image to Azure ACR
	id: build-credit-image-service-acr
	env:
	DOCKER_BUILDKIT: 1
	ACR_REGISTRY: nautibledevacr.azurecr.io
	ACR_REPOSITORY: nautible-app-ms-credit
	run: \|
	cd $GITHUB_WORKSPACE
	docker build --cache-from=$ACR_REGISTRY/$ACR_REPOSITORY:latest --build-arg CLOUD=azure --build-arg BUILDKIT_INLINE_CACHE=1 -t $ACR_REGISTRY/$ACR_REPOSITORY:latest -t $ACR_REGISTRY/$ACR_REPOSITORY:$IMAGE_TAG -f ./package/credit/Dockerfile .
	docker push $ACR_REGISTRY/$ACR_REPOSITORY:latest
	docker push $ACR_REGISTRY/$ACR_REPOSITORY:$IMAGE_TAG
	if: steps.login-azure.outcome == 'success'

	# pullrequest
	- name: update feature branch image tag
	id: update-feature-branch-image-tag
	if: startsWith(github.ref_name, 'feature/')
	env:
	TOKEN: ${{ secrets.PAT }}
	BRANCH: ${{ github.ref_name }}
	APP_NAME: payment
	ACR_REGISTRY: nautibledevacr.azurecr.io
	run: \|
	cd $GITHUB_WORKSPACE/nautible-app-ms-$APP_NAME-manifest
	HTTP_STATUS=$(curl -H "Accept: application/vnd.github+json" -H "Authorization: token $TOKEN" https://api.github.com/repos/nautible/nautible-app-ms-$APP_NAME-manifest/branches/$BRANCH -o /dev/null -w '%{http_code}\n' -s)
	if [ "$HTTP_STATUS" != '200' ]; then
	echo 'couldnt find remote branch. skip update manifest.'
	exit 0
	fi
	git fetch origin $BRANCH && git checkout $BRANCH
	sed -i 's/image: public.ecr.aws\/nautible\/nautible-app-ms-'$APP_NAME':$.*$/image: public.ecr.aws\/nautible\/nautible-app-ms-'$APP_NAME':'$IMAGE_TAG'/' ./base/$APP_NAME-deploy.yaml
	sed -i 's/image: public.ecr.aws\/nautible\/nautible-app-ms-'$APP_NAME'-credit:$.*$/image: public.ecr.aws\/nautible\/nautible-app-ms-'$APP_NAME'-credit:'$IMAGE_TAG'/' ./base/$APP_NAME-credit-deploy.yaml
	sed -i 's/image: ${{ secrets.AZURE_REGISTRY_LOGIN_SERVER }}\/nautible-app-ms-'$APP_NAME':$.*$/image: ${{ secrets.AZURE_REGISTRY_LOGIN_SERVER }}\/nautible-app-ms-'$APP_NAME':'$IMAGE_TAG'/' ./overlays/azure/dev/$APP_NAME-deploy.yaml
	sed -i 's/image: ${{ secrets.AZURE_REGISTRY_LOGIN_SERVER }}\/nautible-app-ms-credit:$.*$/image: ${{ secrets.AZURE_REGISTRY_LOGIN_SERVER }}\/nautible-app-ms-credit:'$IMAGE_TAG'/' ./overlays/azure/dev/$APP_NAME-credit-deploy.yaml
	git config user.name github-actions[bot]
	git config user.email github-actions[bot]@users.noreply.github.com
	git add .
	git commit -m "update manifest"
	git push

	- name: pull request
	id: pull-request
	if: github.ref_name == 'develop' \|\| startsWith(github.ref_name, 'hotfix/')
	env:
	TOKEN: ${{ secrets.PAT }}
	BRANCH: ${{ github.ref_name }}
	TAG: update-image-feature-${{ github.sha }}
	APP_NAME: payment
	ACR_REGISTRY: nautibledevacr.azurecr.io
	run: \|
	cd $GITHUB_WORKSPACE/nautible-app-ms-$APP_NAME-manifest
	git fetch origin $BRANCH && git checkout $BRANCH
	git checkout -b $TAG $BRANCH
	sed -i 's/image: public.ecr.aws\/nautible\/nautible-app-ms-'$APP_NAME':$.*$/image: public.ecr.aws\/nautible\/nautible-app-ms-'$APP_NAME':'$IMAGE_TAG'/' ./base/$APP_NAME-deploy.yaml
	sed -i 's/image: public.ecr.aws\/nautible\/nautible-app-ms-'$APP_NAME'-credit:$.*$/image: public.ecr.aws\/nautible\/nautible-app-ms-'$APP_NAME'-credit:'$IMAGE_TAG'/' ./base/$APP_NAME-credit-deploy.yaml
	sed -i 's/image: ${{ secrets.AZURE_REGISTRY_LOGIN_SERVER }}\/nautible-app-ms-'$APP_NAME':$.*$/image: ${{ secrets.AZURE_REGISTRY_LOGIN_SERVER }}\/nautible-app-ms-'$APP_NAME':'$IMAGE_TAG'/' ./overlays/azure/dev/$APP_NAME-deploy.yaml
	sed -i 's/image: ${{ secrets.AZURE_REGISTRY_LOGIN_SERVER }}\/nautible-app-ms-credit:$.*$/image: ${{ secrets.AZURE_REGISTRY_LOGIN_SERVER }}\/nautible-app-ms-credit:'$IMAGE_TAG'/' ./overlays/azure/dev/$APP_NAME-credit-deploy.yaml
	git config user.name github-actions[bot]
	git config user.email github-actions[bot]@users.noreply.github.com
	git add .
	git commit -m "update manifest"
	git push --set-upstream origin $TAG
	curl -X POST -H "Accept: application/vnd.github.v3+json" -H "Authorization: token $TOKEN" "https://api.github.com/repos/nautible/nautible-app-ms-$APP_NAME-manifest/pulls" -d '{"title": "new image deploy request", "head": "nautible:'$TAG'", "base": "'$BRANCH'"}' -o /dev/null -w 'httpstatus:%{http_code}\n' -s

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

AWS,Azureともログイン成功時のみ処理する #88

Workflow file

AWS,Azureともログイン成功時のみ処理する #88

Jobs

Run details

Workflow file for this run