Skip to content
Preprod deployment

Use Goreleaser, and publish arm64 #65

Sign in to view logs

Use Goreleaser, and publish arm64

Use Goreleaser, and publish arm64 #65

Workflow file for this run

.github/workflows/preprod-deployment.yml at 0efdafb
name: Preprod deployment
on: [push]
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
preprod-agent-deployment:
name: Build and upload agent
runs-on: ubuntu-latest
container: golang:1.20
permissions:
id-token: write
contents: read
deployments: write
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: Mark source directory as safe.
run: git config --global --add safe.directory $GITHUB_WORKSPACE
- uses: chrnorm/deployment-action@releases/v1
name: Create GitHub deployment
if: ${{ github.ref == 'refs/heads/main' }}
id: deployment
with:
token: "${{ github.token }}"
target_url: https://downloads.spacelift.dev/spacelift-vcs-agent
environment: preprod/vcs-agent
- name: parse short SHA
id: vars
run: |
echo ::set-output name=sha::$(git rev-parse --short=8 ${{ github.sha }})
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
with:
version: latest
args: release --snapshot=${{ github.ref != 'refs/heads/main' }}
env:
BUGSNAG_API_KEY: ${{ secrets.PREPROD_BUGSNAG_API_KEY }}
SHORT_SHA: ${{ steps.vars.outputs.sha }}
- name: Install dependencies
run: |
apt-get update -y
apt-get install -y awscli zip
- name: Import the PGP key
run: |
echo ${GPG_KEY_BASE64} | base64 -d > spacelift.gpg
gpg --import \
--passphrase=$GPG_PASSPHRASE \
--pinentry-mode=loopback \
spacelift.gpg
rm spacelift.gpg
env:
GPG_KEY_BASE64: ${{ secrets.GPG_KEY_BASE64 }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Sign Spacelift VCS Agent Binary
run: |
chmod 755 ./dist/vcs-agent_linux_amd64_v1/spacelift-vcs-agent
./scripts/sign.sh ./dist/vcs-agent_linux_amd64_v1 spacelift-vcs-agent
./scripts/verify.sh ./dist/vcs-agent_linux_amd64_v1 spacelift-vcs-agent
chmod 755 ./dist/vcs-agent_linux_arm64/spacelift-vcs-agent
./scripts/sign.sh ./dist/vcs-agent_linux_arm64 spacelift-vcs-agent
./scripts/verify.sh ./dist/vcs-agent_linux_arm64 spacelift-vcs-agent
env:
GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Update deployment status (failure)
uses: chrnorm/deployment-status@releases/v1
if: failure() && ${{ github.ref == 'refs/heads/main' }}
with:
token: "${{ github.token }}"
target_url: https://downloads.spacelift.dev/spacelift-vcs-agent
state: "failure"
deployment_id: ${{ steps.deployment.outputs.deployment_id }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
if: ${{ github.ref == 'refs/heads/main' }}
with:
aws-region: eu-west-1
role-to-assume: ${{ secrets.PREPROD_AWS_ROLE_TO_ASSUME }}
role-duration-seconds: 900
- name: Upload the VCS Agent binary to downloads.spacelift.dev
run: >-
######## AMD 64 old path ########
aws s3 sync
dist/vcs-agent_linux_amd64_v1/*
s3://${{ secrets.PREPROD_AWS_S3_BUCKET }}
--no-progress
${{ github.ref != 'refs/heads/main' && '--dryrun' || '' }}
######## AMD 64 new path ########
aws s3 sync
dist/vcs-agent_linux_amd64_v1/spacelift-vcs-agent
s3://${{ secrets.PREPROD_AWS_S3_BUCKET }}/spacelift-vcs-agent-amd64
--no-progress
${{ github.ref != 'refs/heads/main' && '--dryrun' || '' }}
aws s3 sync
dist/vcs-agent_linux_amd64_v1/spacelift-vcs-agent_SHA256SUMS
s3://${{ secrets.PREPROD_AWS_S3_BUCKET }}/spacelift-vcs-agent-amd64_SHA256SUMS
--no-progress
${{ github.ref != 'refs/heads/main' && '--dryrun' || '' }}
aws s3 sync
dist/vcs-agent_linux_amd64_v1/spacelift-vcs-agent_SHA256SUMS.sig
s3://${{ secrets.PREPROD_AWS_S3_BUCKET }}/spacelift-vcs-agent-amd64_SHA256SUMS.sig
--no-progress
${{ github.ref != 'refs/heads/main' && '--dryrun' || '' }}
######## ARM 64 new path ########
aws s3 sync
dist/vcs-agent_linux_arm64/spacelift-vcs-agent
s3://${{ secrets.PREPROD_AWS_S3_BUCKET }}/spacelift-vcs-agent-aarch64
--no-progress
${{ github.ref != 'refs/heads/main' && '--dryrun' || '' }}
aws s3 sync
dist/vcs-agent_linux_arm64/spacelift-vcs-agent_SHA256SUMS
s3://${{ secrets.PREPROD_AWS_S3_BUCKET }}/spacelift-vcs-agent-aarch64_SHA256SUMS
--no-progress
${{ github.ref != 'refs/heads/main' && '--dryrun' || '' }}
aws s3 sync
dist/vcs-agent_linux_arm64/spacelift-vcs-agent_SHA256SUMS.sig
s3://${{ secrets.PREPROD_AWS_S3_BUCKET }}/spacelift-vcs-agent-aarch64_SHA256SUMS.sig
--no-progress
${{ github.ref != 'refs/heads/main' && '--dryrun' || '' }}
- name: Invalidate downloads.spacelift.dev cache
if: ${{ github.ref == 'refs/heads/main' }}
run: >-
aws cloudfront create-invalidation
--distribution-id ${{ secrets.PREPROD_DISTRIBUTION }}
--paths "/*"
- name: Log in to Amazon public ECR
if: ${{ github.ref == 'refs/heads/main' }}
run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Build and push the image
uses: docker/build-push-action@v5
with:
platforms: linux/amd64,linux/arm64
push: ${{ github.ref == 'refs/heads/main' }}
tags: |
${{ secrets.PREPROD_PUBLIC_VCS_AGENT_ECR_REPOSITORY_URL }}:latest
- name: Update deployment status (success)
uses: chrnorm/deployment-status@releases/v1
if: success() && ${{ github.ref == 'refs/heads/main' }}
with:
token: "${{ github.token }}"
target_url: https://downloads.spacelift.dev/spacelift-vcs-agent
state: "success"
deployment_id: ${{ steps.deployment.outputs.deployment_id }}
- name: Update deployment status (failure)
uses: chrnorm/deployment-status@releases/v1
if: failure() && ${{ github.ref == 'refs/heads/main' }}
with:
token: "${{ github.token }}"
target_url: https://downloads.spacelift.dev/spacelift-vcs-agent
state: "failure"
deployment_id: ${{ steps.deployment.outputs.deployment_id }}