Skip to content
Build 'n Deploy

Build 'n Deploy #90

Sign in to view logs

Build 'n Deploy

Build 'n Deploy #90

Workflow file for this run

.github/workflows/build.yml at 9d35714
name: Build 'n Deploy
on:
push:
branches:
- '*'
tags-ignore:
- '*'
paths-ignore:
- 'build.gradle'
- 'bumpver.toml'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
venue:
type: choice
description: Venue to deploy to
options:
- SIT
- UAT
jobs:
build:
name: build, lint, and test API
runs-on: ubuntu-latest
outputs:
deploy_env: ${{ steps.gradle-build.outputs.deploy_env }}
deploy_env_lower: ${{ steps.gradle-build.outputs.deploy_env_lower }}
version: ${{ steps.gradle-build.outputs.the_version }}
steps:
- name: No version bump
# If triggered by workflow dispatch, no version bump
if: ${{ github.event_name == 'workflow_dispatch' }}
run: |
echo "TARGET_ENV_UPPERCASE=${{ github.event.inputs.venue }}" >> $GITHUB_ENV
TARGET_ENV_UPPERCASE=${{ github.event.inputs.venue }}
if [ "$TARGET_ENV_UPPERCASE" == "SIT" ]; then
echo "THE_ENV=sit" >> $GITHUB_ENV
elif [ "$TARGET_ENV_UPPERCASE" == "UAT" ]; then
echo "THE_ENV=uat" >> $GITHUB_ENV
fi
# -- Setup --
- uses: getsentry/action-github-app-token@v2
name: my-app-install token
id: podaac-cicd
with:
app_id: ${{ secrets.CICD_APP_ID }}
private_key: ${{ secrets.CICD_APP_PRIVATE_KEY }}
- uses: actions/checkout@v3
with:
repository: ${{ github.repository }}
token: ${{ steps.podaac-cicd.outputs.token }}
- uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'
cache: 'gradle'
- uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Install bumpver
run: pip3 install bumpver
- name: Setup git user
run: |
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config user.name "github-actions[bot]"
# -- Version Bumping --
- name: Bump alpha version
if: github.ref == 'refs/heads/develop'
run: |
TAG=$(bumpver show -e | awk -F= '$1 == "TAG" {print $2};')
if [ $TAG == 'final' ]; then
# Bump patch version first then append tag
bumpver update --patch --tag alpha --tag-num
else
bumpver update --tag alpha --tag-num
fi
- name: Bump rc version
if: startsWith(github.ref, 'refs/heads/release/')
run: bumpver --tag rc --tag-num
- name: Release version
if: github.ref == 'refs/heads/main'
run: bumpver --tag final
# -- Building --
- name: Build with Gradle
id: gradle-build
run: |
gradle build
gradle_version=alpha
echo "deploy_env=${{ env.TARGET_ENV_UPPERCASE }}" >> $GITHUB_OUTPUT
echo "deploy_env_lower=${{ env.THE_ENV }}" >> $GITHUB_OUTPUT
echo "the_version=$gradle_version" >> $GITHUB_OUTPUT
- name: Build & push container images
# Only push container images for releases, rcs, and alphas
if: >
github.ref == 'refs/heads/main' ||
github.ref == 'refs/heads/develop' ||
startsWith(github.ref, 'refs/heads/release/')
run: |
# gradle jib
# Push one tag at a time; fix for multi-tag push issue in ghcr (but fixed in gitlab)
# https://gitlab.com/gitlab-org/container-registry/-/issues/640
gradle jibDockerBuild
for TAG in $(docker image ls -f "dangling=false" --format "{{.Tag}}" ghcr.io/podaac/swodlr-api); do
docker image push ghcr.io/podaac/swodlr-api:$TAG
done
- name: Upload compiled .jars
uses: actions/upload-artifact@v3
with:
name: build-libs
path: build/libs/*.jar
- name: Upload test reports
if: always()
uses: actions/upload-artifact@v3
with:
name: reports
path: build/reports
deploy:
name: Deploy
needs: build
# The type of runner that the job will run on
runs-on: ubuntu-latest
environment: ${{ needs.build.outputs.deploy_env }}
env:
THE_ENV: ${{ needs.build.outputs.deploy_env_lower }}
TARGET_ENV_UPPERCASE: ${{ needs.build.outputs.deploy_env }}
THE_VERSION: ${{ needs.build.outputs.version }}
if: |
github.ref == 'refs/heads/develop' ||
github.ref == 'refs/heads/main' ||
startsWith(github.ref, 'refs/heads/release') ||
github.event_name == 'workflow_dispatch'
steps:
- name: debug output
run: |
echo "deploy env ${{ env.THE_ENV }}"
echo "access key id name ${{ vars.AWS_ACCESS_KEY_ID_SECRET_NAME }}"
echo "secret access key name ${{ vars.AWS_SECRET_ACCESS_KEY_SECRET_NAME }}"
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-west-2
role-session-name: GitHubActions
aws-access-key-id: ${{ secrets[vars.AWS_ACCESS_KEY_ID_SECRET_NAME] }}
aws-secret-access-key: ${{ secrets[vars.AWS_SECRET_ACCESS_KEY_SECRET_NAME] }}
mask-aws-account-id: true
- uses: actions/checkout@v3
with:
repository: ${{ github.repository }}
- uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
terraform_wrapper: false
- name: Deploy to venue
id: terraform-deploy
working-directory: terraform/
env:
AWS_DEFAULT_REGION: us-west-2
run: |
export TF_VAR_edl_base_url=${{ secrets.EDL_BASE_URL }}
export TF_VAR_edl_client_id=${{ secrets.EDL_CLIENT_IT }}
export TF_VAR_edl_client_secret=${{ secrets.EDL_CLIENT_SECRET }}
export TF_VAR_session_encryption_key=${{ secrets.SESSION_ENCRYPTION_KEY }}
export TF_VAR_ingest_aws_account=${{ secrets.INGEST_AWS_ACCOUNT }}
export TF_VAR_ingest_aws_role=${{ secrets.INGEST_AWS_ROLE }}
./bin/deploy.sh ${{ vars.TF_VENUE }}