Skip to content

Merge pull request #496 from espoon-voltti/dependabot/npm_and_yarn/fr… #1518

Merge pull request #496 from espoon-voltti/dependabot/npm_and_yarn/fr…

Merge pull request #496 from espoon-voltti/dependabot/npm_and_yarn/fr… #1518

Workflow file for this run

# SPDX-FileCopyrightText: 2023-2024 City of Espoo
#
# SPDX-License-Identifier: LGPL-2.1-or-later
name: Build
on:
- push
env:
AWS_REGION: eu-north-1
ECR_REGISTRY: 767398123997.dkr.ecr.eu-north-1.amazonaws.com
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
id-token: write
contents: read
jobs:
lint-shell:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: espoon-voltti/voltti-actions/shellcheck@master
check-licenses:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Reuse Compliance Check
uses: fsfe/reuse-action@v5
dockerize:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: luontotieto/service
path: service
- name: luontotieto/frontend
path: frontend
- name: luontotieto/api-gateway
path: api-gateway
- name: luontotieto/geoserver
path: geoserver
steps:
- uses: actions/checkout@v4
- name: Build image
uses: espoon-voltti/voltti-actions/docker-build-push@master
id: build
with:
path: ${{ matrix.path }}
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE }}
AWS_REGION: ${{ env.AWS_REGION }}
registry: ${{ env.ECR_REGISTRY }}
name: ${{ matrix.name }}
build-args: |
build=${{ github.run_number }}
commit=${{ github.sha }}
service-builder:
runs-on: ubuntu-latest
env:
name: luontotieto/service
path: service
builder: builder
steps:
- uses: actions/checkout@v4
- name: Build builder
uses: espoon-voltti/voltti-actions/docker-build-push@master
id: builder
with:
path: ${{ env.path }}
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE }}
AWS_REGION: ${{ env.AWS_REGION }}
registry: ${{ env.ECR_REGISTRY }}
name: ${{ env.name }}-${{ env.builder }}
build-args: |
build=${{ github.run_number }}
commit=${{ github.sha }}
target: ${{ env.builder }}
test:
runs-on: ubuntu-latest
needs: service-builder
env:
BUILD: "false"
TAG: "${{ github.event.pull_request.head.sha || github.sha }}"
defaults:
run:
working-directory: compose
steps:
- uses: actions/checkout@v4
- name: Configure AWS credentials
if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }}
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
role-duration-seconds: 1200
- name: Login to Amazon ECR
if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }}
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Pull images
if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }}
run: |
./test-compose pull
- name: Build images
if: ${{ github.actor == 'dependabot[bot]' || github.event.pull_request.head.repo.fork }}
run: |
./test-compose build --parallel
- name: Run tests
run: |
set -o pipefail
./test-compose run service-tests | tee tests.log
- name: Get logs
if: always()
run: |
./test-compose logs > tests-all.log
- name: Store logs
if: always()
uses: actions/upload-artifact@v4
with:
name: integration-test-results
path: |
compose/tests.log
compose/tests-all.log
retention-days: 2
deploy:
# if: ${{ github.ref == 'refs/heads/master' }}
runs-on: ubuntu-latest
needs:
- dockerize
strategy:
fail-fast: false
matrix:
environment:
- staging
- prod
environment:
name: ${{ matrix.environment }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
role-duration-seconds: 1200
- name: Retag
run: |
for repository in service frontend api-gateway geoserver; do
if [ "$(aws ecr describe-images --repository-name "luontotieto/$repository" --image-ids imageTag="${{ github.event.pull_request.head.sha || github.sha }}" | jq -r '.imageDetails[].imageTags | index("env-${{ matrix.environment }}")')" = "null" ]; then
MANIFEST=$(aws ecr batch-get-image --repository-name "luontotieto/$repository" --image-ids imageTag="${{ github.event.pull_request.head.sha || github.sha }}" --output json | jq --raw-output --join-output '.images[0].imageManifest')
aws ecr put-image --repository-name "luontotieto/$repository" --image-tag "env-${{ matrix.environment }}" --image-manifest "$MANIFEST"
else
echo "env-tag on image already exists on luontotieto/$repository"
fi
done
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE_ENVIRONMENT }}
role-duration-seconds: 1200
unset-current-credentials: true
- name: Deploy
run: |
aws ecs update-service \
--cluster "luontotieto-${{ matrix.environment }}" \
--service "luontotieto-${{ matrix.environment }}" \
--force-new-deployment
aws ecs update-service \
--cluster "luontotieto-${{ matrix.environment }}" \
--service "geoserver-${{ matrix.environment }}" \
--force-new-deployment
aws ecs wait services-stable \
--cluster "luontotieto-${{ matrix.environment }}" \
--services "luontotieto-${{ matrix.environment }}" "geoserver-${{ matrix.environment }}"