Skip to content

Workflow file for this run

name: Build and Deploy Image
on:
workflow_dispatch:
inputs:
service:
description: 'Service to build and deploy'
required: true
default: 'aries-endorser-agent'
git_repo_url:
description: 'Git repository URL'
required: true
default: 'hyperledger/aries-endorser-service'
git_ref:
description: 'Git reference (branch or tag)'
required: false
default: ''
docker_file_path:
description: 'Path to Dockerfile'
required: true
default: 'Dockerfile.acapy'
source_context_dir:
description: 'Source context directory for the build'
required: true
default: 'docker/acapy'
source_image_registry:
description: 'Source image registry'
required: false
default: ''
source_image_name:
description: 'Source image name'
required: false
default: ''
source_image_tag:
description: 'Source image tag'
required: false
default: ''
registry_username_secret_name:
description: 'Secret name for registry username'
required: false
default: 'ARTIFACTORY_USERNAME'
registry_password_secret_name:
description: 'Secret name for registry password'
required: false
default: 'ARTIFACTORY_PASSWORD'
push:
branches:
- enhancement
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
GITHUB_IMAGE_REPO: ghcr.io/bcgov/dts-endorser-service/
OPENSHIFT_IMAGE_REPO: image-registry.apps.silver.devops.gov.bc.ca/4a9599-tools/
APP_NAMES: aries-endorser-agent,aries-endorser-db,aries-endorser-backup,aries-endorser-proxy,aries-endorser-api
jobs:
build:
if: (github.repository == 'bcgov/dts-endorser-service') || (github.event_name == 'workflow_dispatch' && github.event.inputs.service)
name: Build Image
permissions:
packages: write
runs-on: ubuntu-latest
strategy:
matrix:
include:
- service: aries-endorser-agent
GIT_REPO_URL: hyperledger/aries-endorser-service
GIT_REF: ""
DOCKER_FILE_PATH: Dockerfile.acapy # The docker path, file, is the relative path to the docker file from the root of the repo.
SOURCE_CONTEXT_DIR: docker/acapy # The context dir, context, sets the context for the build. i.e. where the build will source files from
SOURCE_IMAGE_REGISTRY: ""
SOURCE_IMAGE_NAME: ""
SOURCE_IMAGE_TAG: ""
REGISTRY_USERNAME_SECRET_NAME: ""
REGISTRY_PASSWORD_SECRET_NAME: ""
- service: aries-endorser-db
GIT_REPO_URL: hyperledger/aries-endorser-service
GIT_REF: ""
SOURCE_CONTEXT_DIR: docker/wallet/config
SOURCE_IMAGE_REGISTRY: "quay.io/"
SOURCE_IMAGE_NAME: "fedora/postgresql-13"
SOURCE_IMAGE_TAG: "13"
- service: aries-endorser-backup
GIT_REPO_URL: BCDevOps/backup-container
GIT_REF: 2.5.1
DOCKER_FILE_PATH: Dockerfile # The docker path, file, is the relative path to the docker file from the root of the repo.
SOURCE_CONTEXT_DIR: docker # The context dir, context, sets the context for the build. i.e. where the build will source files from
SOURCE_IMAGE_REGISTRY: artifacts.developer.gov.bc.ca/docker-remote/
SOURCE_IMAGE_NAME: centos/postgresql-13-centos7
SOURCE_IMAGE_TAG: 20210722-70dc4d3
REGISTRY_USERNAME_SECRET_NAME: ARTIFACTORY_USERNAME
REGISTRY_PASSWORD_SECRET_NAME: ARTIFACTORY_PASSWORD
- service: aries-endorser-proxy
GIT_REF: ""
DOCKER_FILE_PATH: Dockerfile # The docker path, file, is the relative path to the docker file from the root of the repo.
SOURCE_CONTEXT_DIR: proxy # The context dir, context, sets the context for the build. i.e. where the build will source files from
SOURCE_IMAGE_REGISTRY: "artifacts.developer.gov.bc.ca/docker-remote/"
SOURCE_IMAGE_NAME: caddy
SOURCE_IMAGE_TAG: latest
REGISTRY_USERNAME_SECRET_NAME: ARTIFACTORY_USERNAME
REGISTRY_PASSWORD_SECRET_NAME: ARTIFACTORY_PASSWORD
- service: aries-endorser-api
GIT_REPO_URL: hyperledger/aries-endorser-service
GIT_REF: ""
DOCKER_FILE_PATH: Dockerfile.endorser # The docker path, file, is the relative path to the docker file from the root of the repo.
SOURCE_CONTEXT_DIR: endorser # The context dir, context, sets the context for the build. i.e. where the build will source files from
SOURCE_IMAGE_REGISTRY: artifacts.developer.gov.bc.ca/docker-remote/
SOURCE_IMAGE_NAME: python
SOURCE_IMAGE_TAG: 3.10-slim-buster
REGISTRY_USERNAME_SECRET_NAME: ARTIFACTORY_USERNAME
REGISTRY_PASSWORD_SECRET_NAME: ARTIFACTORY_PASSWORD
outputs:
aries-endorser-agent_digest: ${{ steps.digest.outputs.aries-endorser-agent_digest }}
aries-endorser-backup_digest: ${{ steps.digest.outputs.aries-endorser-backup_digest }}
aries-endorser-api_digest: ${{ steps.digest.outputs.aries-endorser-api_digest }}
aries-endorser-proxy_digest: ${{ steps.digest.outputs.aries-endorser-proxy_digest }}
aries-endorser-db_digest: ${{ steps.digests.outputs.aries-endorser-db_digest }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
repository: ${{ matrix.GIT_REPO_URL }}
ref: ${{ matrix.GIT_REF }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to image registry
if: matrix.REGISTRY_USERNAME_SECRET_NAME != ''&& matrix.SOURCE_IMAGE_REGISTRY != ''
uses: docker/login-action@v3
with:
registry: ${{ matrix.SOURCE_IMAGE_REGISTRY }}
username: ${{ secrets[matrix.REGISTRY_USERNAME_SECRET_NAME]}}
password: ${{ secrets[matrix.REGISTRY_PASSWORD_SECRET_NAME]}}
- name: Create Dockerfile for ${{ matrix.service }}
if: contains(fromJSON('["aries-endorser-proxy"]'), matrix.service)
run: |
BASE_IMAGE="${{ matrix.SOURCE_IMAGE_REGISTRY }}${{ matrix.SOURCE_IMAGE_NAME }}:${{ matrix.SOURCE_IMAGE_TAG }}"
echo "$BASE_IMAGE"
mkdir "${{ matrix.SOURCE_CONTEXT_DIR }}" && cd "${{ matrix.SOURCE_CONTEXT_DIR }}"
echo "FROM ${BASE_IMAGE}" > Dockerfile
echo "RUN chown 1001:root /usr/bin/caddy" >> Dockerfile
- name: Prepare docker tags for image
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.GITHUB_IMAGE_REPO }}${{ matrix.service }}
flavor: |
latest=true
tags: |
type=schedule
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha,value=latest
labels: |
ca.bc.gov.digitaltrust.build.source-location=${{ github.repositoryUrl }}
ca.bc.gov.digitaltrust.build.commit.id=${{ github.sha }}
- name: Update Docker base image
if: matrix.SOURCE_IMAGE_REGISTRY != '' && contains(fromJSON('["aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service)
run: |
BASE_IMAGE="${{ matrix.SOURCE_IMAGE_REGISTRY }}${{ matrix.SOURCE_IMAGE_NAME }}:${{ matrix.SOURCE_IMAGE_TAG }}"
sed -i -e "s;FROM .*;FROM ${BASE_IMAGE};g" "${{ matrix.SOURCE_CONTEXT_DIR }}/${{ matrix.DOCKER_FILE_PATH }}"
- name: Extract Tags
id: extract
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service)
run: echo "tags=$(echo '${{ steps.meta.outputs.tags }}' | grep -oE ':([^[:space:]]+)' | sed '/enhancement/d' | sed 's/://g' | tr '\n' ' ')" >> $GITHUB_OUTPUT
- name: Pull database image
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service)
run: |
docker pull ${{ matrix.SOURCE_IMAGE_REGISTRY }}${{ matrix.SOURCE_IMAGE_NAME }}:${{ matrix.SOURCE_IMAGE_TAG }}
# The docs for redhat-actions/s2i-build imply that the pull should not be needed, yet in practice the build fails if the pull is not done first to make the image local.
- name: Build database image
id: build_image
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service)
uses: redhat-actions/s2i-build@v2
with:
path_context: ${{ matrix.SOURCE_CONTEXT_DIR}}
builder_image: "${{ matrix.SOURCE_IMAGE_REGISTRY }}${{ matrix.SOURCE_IMAGE_NAME }}:${{ matrix.SOURCE_IMAGE_TAG }}"
image: ${{ matrix.service }}
tags: ${{ steps.extract.outputs.tags }}
# labels would have to be added to the image after the S2I build
- name: Apply Labels to Database Image
id: apply_labels
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service)
run: |
docker tag "${{ matrix.SOURCE_IMAGE_REGISTRY }}${{ matrix.SOURCE_IMAGE_NAME }}:${{ matrix.SOURCE_IMAGE_TAG }}" "${{ matrix.SERVICE }}:${{ steps.extract.outputs.tags }}"
docker push "${{ matrix.SERVICE }}:${{ steps.extract.outputs.tags }}"
- name: Push database image
id: push
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service)
uses: redhat-actions/push-to-registry@v2
with:
tags: ${{ steps.build_image.outputs.tags }}
image: ${{ steps.build_image.outputs.image }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: ${{ env.GITHUB_IMAGE_REPO }}
- name: Log in to the GHCR
if: contains(fromJSON('["aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service)
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push Docker image
id: docker_build
if: contains(fromJSON('["aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service)
uses: docker/build-push-action@v5
with:
context: ${{ matrix.SOURCE_CONTEXT_DIR }}
file: ${{ matrix.SOURCE_CONTEXT_DIR }}/${{ matrix.DOCKER_FILE_PATH }}
push: true
tags: ${{ steps.meta.outputs.tags }}
outputs: type=image,name=target
labels: |
ca.bc.gov.digitaltrust.build.source-location=${{ github.repositoryUrl }}
ca.bc.gov.digitaltrust.build.commit.id=${{ github.sha }}
- name: Display ${{ matrix.service }} image results
id: digests
if: contains(fromJSON('["aries-endorser-db"]'), matrix.service)
run: |
echo "registry_path=${{ steps.push.outputs.registry-paths }}"
digest=${{ steps.push.outputs.digest }}
echo "digest=${digest}"
echo "${{ matrix.service }}_digest=${digest}" >> $GITHUB_OUTPUT
- name: Display ${{ matrix.service}} image results
id: digest
if: contains(fromJSON('["aries-endorser-agent","aries-endorser-backup","aries-endorser-api","aries-endorser-proxy"]'), matrix.service)
run: |
echo 'imageid=${{ steps.docker_build.outputs.imageid }}'
digest=${{ steps.docker_build.outputs.digest }}
echo "digest=${digest}"
echo "${{ matrix.service }}_digest=${digest}" >> $GITHUB_OUTPUT
cat $GITHUB_OUTPUT
# deploy2dev:
# needs: build
# env:
# ENVIRONMENT: dev
# permissions:
# packages: write
# runs-on: ubuntu-latest
# environment: dev
# strategy:
# # Serialize the deployments
# max-parallel: 1
# matrix:
# include:
# - service: aries-endorser-db
# - service: aries-endorser-agent
# - service: aries-endorser-backup
# - service: aries-endorser-proxy
# - service: aries-endorser-api
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# - name: Deploy to ${{ env.ENVIRONMENT }}
# uses: ./.github/workflows/actions/deploy
# with:
# environment: ${{ env.ENVIRONMENT }}
# ghcr_token: ${{ secrets.GITHUB_TOKEN }}
# github_image_name: ${{ env.GITHUB_IMAGE_REPO }}${{ matrix.service }}
# image_digest: ${{ needs.build.outputs[format ('{0}_digest', matrix.service)] }}
# openshift_image_name: ${{ env.OPENSHIFT_IMAGE_REPO }}${{ matrix.service }}
# openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }}
# namespace: ${{ vars.NAMESPACE }}
# deployment_configuration: ${{ matrix.service }}
# openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
# rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }}
# deploy2test:
# needs: [build, deploy2dev]
# env:
# ENVIRONMENT: test
# permissions:
# packages: write
# runs-on: ubuntu-latest
# environment: test
# steps:
# - name: Checkout
# uses: actions/checkout@v3
# - name: deploy to ${{ env.ENVIRONMENT }}
# uses: ./.github/workflows/actions/deploy
# with:
# environment: ${{ env.ENVIRONMENT }}
# ghcr_token: ${{ secrets.GITHUB_TOKEN }}
# github_image_name: ${{ env.GITHUB_IMAGE_REPO }}${{ matrix.service }}
# image_digest: ${{ needs.build.outputs[format ('{0}_digest', matrix.service)] }}
# openshift_image_name: ${{ env.OPENSHIFT_IMAGE_REPO }}${{ matrix.service }}
# openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }}
# namespace: ${{ vars.NAMESPACE }}
# deployment_configuration: ${{ matrix.service }}
# openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
# rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }}
# # deploy2prod:
# # needs: [build, deploy2dev, deploy2test]
# # env:
# # ENVIRONMENT: prod
# # permissions:
# # packages: write
# # runs-on: ubuntu-latest
# # environment: prod
# # steps:
# # - name: Checkout
# # uses: actions/checkout@v3
# # - name: deploy to prod
# # uses: ./.github/workflows/actions/deploy
# # with:
# # environment: ${{ env.ENVIRONMENT }}
# # ghcr_token: ${{ secrets.GITHUB_TOKEN }}
# # github_image_name: ${{ env.GITHUB_IMAGE_REPO }}${{ env.APP_NAME }}
# # image_digest: ${{ needs.build.outputs.image_digest }}
# # openshift_image_name: ${{ env.OPENSHIFT_IMAGE_REPO }}${{ env.APP_NAME }}
# # openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }}
# # namespace: ${{ vars.NAMESPACE }}
# # deployment_configuration: ${{ env.APP_NAME }}
# # openshift_token: ${{ secrets.OPENSHIFT_TOKEN }}
# # rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }}``