Skip to content

Merge pull request #43 from humanitec-architecture/pocketidp #46

Merge pull request #43 from humanitec-architecture/pocketidp

Merge pull request #43 from humanitec-architecture/pocketidp #46

Workflow file for this run

name: Deploy Backstage
on:
push:
branches: 'main'
concurrency: ${{ github.ref }}
env:
IMAGE: backstage
HUMCTL_VERSION: '*'
# CLOUD_PROVIDER: aws
AWS_REGION: ${{ vars.AWS_REGION }}
AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }}
# CLOUD_PROVIDER: azure
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
AZURE_ACR_NAME: ${{ vars.AZURE_ACR_NAME }}
# CLOUD_PROVIDER: gcp
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }}
GCP_GAR_HOST: ${{ vars.GCP_GAR_HOST }}
GCP_GAR_NAME: ${{ vars.GCP_GAR_NAME }}
jobs:
deploy:
name: Build & Notify Humanitec
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
env:
DOCKER_BUILDKIT: '1'
if: ${{ vars.CLOUD_PROVIDER }}
steps:
- uses: actions/checkout@v4
- name: Configure correct org after copying from template
run: |
# Ensure correct humanitec org
sed -i 's/humanitec-architecture/${{ vars.HUMANITEC_ORG_ID }}/g' catalog-info.yaml
- uses: stefanzweifel/git-auto-commit-action@v5
with:
file_pattern: 'catalog-info.yaml templates/*.yaml'
- if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: ${{ env.AWS_REGION }}
- if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
name: login to aws ecr
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
with:
mask-password: 'true'
- if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
name: create repo if not existing
id: create-repo
uses: int128/create-ecr-repository-action@v1
with:
repository: ${{ env.IMAGE }}
- if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
name: set CONTAINER_REGISTRY env var
run: |
echo "CONTAINER_REGISTRY=$REGISTRY" >> "$GITHUB_ENV"
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
- if: ${{ vars.CLOUD_PROVIDER == 'azure' }}
name: configure azure credentials
uses: azure/login@v2
with:
client-id: ${{ env.AZURE_CLIENT_ID }}
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}
- if: ${{ vars.CLOUD_PROVIDER == 'azure' }}
name: login to azure acr
run: |
az acr login -n ${{ env.AZURE_ACR_NAME }}
echo "CONTAINER_REGISTRY=${{ env.AZURE_ACR_NAME }}.azurecr.io" >> "$GITHUB_ENV"
- if: ${{ vars.CLOUD_PROVIDER == 'gcp' }}
name: configure gcp credentials
uses: google-github-actions/auth@v1
with:
workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GCP_SERVICE_ACCOUNT }}
- if: ${{ vars.CLOUD_PROVIDER == 'gcp' }}
name: login to gcp gar
run: |
gcloud auth configure-docker ${{ env.GCP_GAR_HOST }} --quiet
echo "CONTAINER_REGISTRY=${{ env.GCP_GAR_NAME }}" >> "$GITHUB_ENV"
- if: ${{ vars.CLOUD_PROVIDER == '5min' }}
name: define registry
run: |
echo "CONTAINER_REGISTRY=localhost:5001" >> "$GITHUB_ENV"
- name: Set Tag with SHA
run: echo "TAG=`echo $GITHUB_SHA | cut -c 1-7`" >> $GITHUB_ENV
- run: mkdir credentials && touch credentials/github-app-backstage-humanitec-credentials.yaml
- run: docker image build -t backstage .
- name: Push backstage image
run: |
docker tag backstage $CONTAINER_REGISTRY/$IMAGE:$TAG
docker push $CONTAINER_REGISTRY/$IMAGE:$TAG
- uses: humanitec/setup-cli-action@v1
with:
version: ${{ env.HUMCTL_VERSION }}
- name: Inform Humanitec
run: |-
humctl create artefact-version \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ vars.HUMANITEC_ORG_ID }} \
-t container \
-n $CONTAINER_REGISTRY/$IMAGE \
--version $TAG \
--ref $GITHUB_REF \
--commit $GITHUB_SHA
- name: Run Score
run: |
humctl score deploy \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ vars.HUMANITEC_ORG_ID }} \
--app backstage \
--env development \
-f score.yaml \
--extensions humanitec.score.yaml \
--workload-source-url "https://github.com/${{ github.repository }}/blob/${{ github.ref_name }}/score.yaml" \
--image $CONTAINER_REGISTRY/$IMAGE:$TAG \
--message "${{ github.event.head_commit.message }}"