Merge pull request #43 from humanitec-architecture/pocketidp #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy Backstage | |
on: | |
push: | |
branches: 'main' | |
concurrency: ${{ github.ref }} | |
env: | |
IMAGE: backstage | |
HUMCTL_VERSION: '*' | |
# CLOUD_PROVIDER: aws | |
AWS_REGION: ${{ vars.AWS_REGION }} | |
AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }} | |
# CLOUD_PROVIDER: azure | |
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }} | |
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }} | |
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }} | |
AZURE_ACR_NAME: ${{ vars.AZURE_ACR_NAME }} | |
# CLOUD_PROVIDER: gcp | |
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }} | |
GCP_GAR_HOST: ${{ vars.GCP_GAR_HOST }} | |
GCP_GAR_NAME: ${{ vars.GCP_GAR_NAME }} | |
jobs: | |
deploy: | |
name: Build & Notify Humanitec | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: write | |
env: | |
DOCKER_BUILDKIT: '1' | |
if: ${{ vars.CLOUD_PROVIDER }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Configure correct org after copying from template | |
run: | | |
# Ensure correct humanitec org | |
sed -i 's/humanitec-architecture/${{ vars.HUMANITEC_ORG_ID }}/g' catalog-info.yaml | |
- uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
file_pattern: 'catalog-info.yaml templates/*.yaml' | |
- if: ${{ vars.CLOUD_PROVIDER == 'aws' }} | |
name: configure aws credentials | |
uses: aws-actions/configure-aws-credentials@v3 | |
with: | |
role-to-assume: ${{ env.AWS_ROLE_ARN }} | |
aws-region: ${{ env.AWS_REGION }} | |
- if: ${{ vars.CLOUD_PROVIDER == 'aws' }} | |
name: login to aws ecr | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
mask-password: 'true' | |
- if: ${{ vars.CLOUD_PROVIDER == 'aws' }} | |
name: create repo if not existing | |
id: create-repo | |
uses: int128/create-ecr-repository-action@v1 | |
with: | |
repository: ${{ env.IMAGE }} | |
- if: ${{ vars.CLOUD_PROVIDER == 'aws' }} | |
name: set CONTAINER_REGISTRY env var | |
run: | | |
echo "CONTAINER_REGISTRY=$REGISTRY" >> "$GITHUB_ENV" | |
env: | |
REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
- if: ${{ vars.CLOUD_PROVIDER == 'azure' }} | |
name: configure azure credentials | |
uses: azure/login@v2 | |
with: | |
client-id: ${{ env.AZURE_CLIENT_ID }} | |
tenant-id: ${{ env.AZURE_TENANT_ID }} | |
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }} | |
- if: ${{ vars.CLOUD_PROVIDER == 'azure' }} | |
name: login to azure acr | |
run: | | |
az acr login -n ${{ env.AZURE_ACR_NAME }} | |
echo "CONTAINER_REGISTRY=${{ env.AZURE_ACR_NAME }}.azurecr.io" >> "$GITHUB_ENV" | |
- if: ${{ vars.CLOUD_PROVIDER == 'gcp' }} | |
name: configure gcp credentials | |
uses: google-github-actions/auth@v1 | |
with: | |
workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
service_account: ${{ env.GCP_SERVICE_ACCOUNT }} | |
- if: ${{ vars.CLOUD_PROVIDER == 'gcp' }} | |
name: login to gcp gar | |
run: | | |
gcloud auth configure-docker ${{ env.GCP_GAR_HOST }} --quiet | |
echo "CONTAINER_REGISTRY=${{ env.GCP_GAR_NAME }}" >> "$GITHUB_ENV" | |
- if: ${{ vars.CLOUD_PROVIDER == '5min' }} | |
name: define registry | |
run: | | |
echo "CONTAINER_REGISTRY=localhost:5001" >> "$GITHUB_ENV" | |
- name: Set Tag with SHA | |
run: echo "TAG=`echo $GITHUB_SHA | cut -c 1-7`" >> $GITHUB_ENV | |
- run: mkdir credentials && touch credentials/github-app-backstage-humanitec-credentials.yaml | |
- run: docker image build -t backstage . | |
- name: Push backstage image | |
run: | | |
docker tag backstage $CONTAINER_REGISTRY/$IMAGE:$TAG | |
docker push $CONTAINER_REGISTRY/$IMAGE:$TAG | |
- uses: humanitec/setup-cli-action@v1 | |
with: | |
version: ${{ env.HUMCTL_VERSION }} | |
- name: Inform Humanitec | |
run: |- | |
humctl create artefact-version \ | |
--token ${{ secrets.HUMANITEC_TOKEN }} \ | |
--org ${{ vars.HUMANITEC_ORG_ID }} \ | |
-t container \ | |
-n $CONTAINER_REGISTRY/$IMAGE \ | |
--version $TAG \ | |
--ref $GITHUB_REF \ | |
--commit $GITHUB_SHA | |
- name: Run Score | |
run: | | |
humctl score deploy \ | |
--token ${{ secrets.HUMANITEC_TOKEN }} \ | |
--org ${{ vars.HUMANITEC_ORG_ID }} \ | |
--app backstage \ | |
--env development \ | |
-f score.yaml \ | |
--extensions humanitec.score.yaml \ | |
--workload-source-url "https://github.com/${{ github.repository }}/blob/${{ github.ref_name }}/score.yaml" \ | |
--image $CONTAINER_REGISTRY/$IMAGE:$TAG \ | |
--message "${{ github.event.head_commit.message }}" |