Merge pull request #137 from ruromero/dep-tree #59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CICD | |
env: | |
# ๐๏ธ EDIT your repository secrets to log into your OpenShift cluster and set up the context. | |
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. | |
# To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions | |
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} | |
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} | |
# ๐๏ธ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. | |
OPENSHIFT_NAMESPACE: exhort | |
# ๐๏ธ EDIT to set the deployemnt resource data for image update. | |
OPENSHIFT_DEPLOYMENT_NAME: exhort | |
OPENSHIFT_CONTAINER_NAME: exhort | |
# ๐๏ธ EDIT to change the image registry settings. | |
# Registries such as GHCR, Quay.io, and Docker Hub are supported. | |
IMAGE_REGISTRY: quay.io/ecosystem-appeng | |
IMAGE_NAME: exhort | |
IMAGE_REGISTRY_USER: ${{ secrets.IMAGE_REGISTRY_USER }} | |
IMAGE_REGISTRY_PASSWORD: ${{ secrets.IMAGE_REGISTRY_PASSWORD }} | |
# ๐๏ธ EDIT to change Dockerfile. | |
DOCKERFILE_PATH: ./src/main/docker/Dockerfile.native-micro | |
on: | |
push: | |
branches: | |
- main | |
- stable | |
tags: | |
- '*' | |
workflow_dispatch: | |
jobs: | |
validate_workflow_requirements: | |
runs-on: ubuntu-latest | |
if: github.repository == 'RHEcosystemAppEng/exhort' | |
steps: | |
- name: Check For Required Secrets | |
uses: actions/github-script@v6 | |
with: | |
script: | | |
const secrets = { | |
OPENSHIFT_SERVER: `${{ env.OPENSHIFT_SERVER }}`, | |
OPENSHIFT_TOKEN: `${{ env.OPENSHIFT_TOKEN }}`, | |
}; | |
// if image registry is ghcr.io - no registry credentials required, otherwise get registry credentials | |
if (!`${{ env.IMAGE_REGISTRY }}`.startsWith("ghcr.io")) { | |
secrets["IMAGE_REGISTRY_USER"] = `${{ env.IMAGE_REGISTRY_USER }}`; | |
secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ env.IMAGE_REGISTRY_PASSWORD }}`; | |
} | |
const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => { | |
if (value.length === 0) { | |
core.error(`Secret "${name}" is not set`); | |
return true; | |
} | |
core.info(`โ๏ธ Secret "${name}" is set`); | |
return false; | |
}); | |
if (missingSecrets.length > 0) { | |
core.setFailed(`โ At least one required secret is not set in the repository. \n` + | |
"You can add it using:\n" + | |
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + | |
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + | |
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); | |
} | |
else { | |
core.info(`โ All the required secrets are set`); | |
} | |
build_and_push_image: | |
needs: validate_workflow_requirements | |
runs-on: ubuntu-latest | |
outputs: | |
digest: ${{ steps.push-to-registry.outputs.digest }} | |
tag: ${{ steps.extract_branch.outputs.tag }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v3 | |
- name: Extract tag name | |
shell: bash | |
run: | | |
branch=${GITHUB_REF_NAME} | |
case ${branch} in | |
'main') tag='latest' ;; | |
'stable') tag='alpha' ;; | |
*) tag=${branch} ;; | |
esac | |
echo "tag=${tag}" >> $GITHUB_OUTPUT | |
id: extract_branch | |
- name: Setup JDK | |
uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: '17' | |
cache: 'maven' | |
- name: Build Package with Maven | |
run: mvn verify -Pnative | |
- name: Build Image With buildah | |
id: build-image | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
image: ${{ env.IMAGE_NAME }} | |
tags: ${{ steps.extract_branch.outputs.tag }} | |
dockerfiles: | | |
${{ env.DOCKERFILE_PATH }} | |
- name: Push Image To Registry | |
id: push-to-registry | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build-image.outputs.image }} | |
tags: ${{ steps.build-image.outputs.tags }} | |
registry: ${{ env.IMAGE_REGISTRY }} | |
username: ${{ env.IMAGE_REGISTRY_USER }} | |
password: ${{ env.IMAGE_REGISTRY_PASSWORD }} | |
deploy_to_openshift: | |
needs: build_and_push_image | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install oc | |
uses: redhat-actions/openshift-tools-installer@v1 | |
with: | |
oc: 4 | |
- name: Log In To OpenShift | |
uses: redhat-actions/oc-login@v1 | |
with: | |
openshift_server_url: ${{ env.OPENSHIFT_SERVER }} | |
openshift_token: ${{ env.OPENSHIFT_TOKEN }} | |
insecure_skip_tls_verify: true | |
namespace: ${{ env.OPENSHIFT_NAMESPACE }} | |
- name: Patch Image | |
run: | | |
DEPLOYMENT_PATCH=$(printf '{"spec": {"template": {"spec": {"containers": [{"name": "%s", "image": "%s/%s@%s"}]}}}}' ${{ env.OPENSHIFT_CONTAINER_NAME }} ${{ env.IMAGE_REGISTRY }} ${{ env.IMAGE_NAME }} ${{ needs.build_and_push_image.outputs.digest }}) | |
oc patch deployment ${{ env.OPENSHIFT_DEPLOYMENT_NAME }}-${{ needs.build_and_push_image.outputs.tag }} -p "${DEPLOYMENT_PATCH}" | |
- name: Monitor Deployment Status | |
run: oc rollout status deployment/${{ env.OPENSHIFT_DEPLOYMENT_NAME }}-${{ needs.build_and_push_image.outputs.tag }} |