-
Notifications
You must be signed in to change notification settings - Fork 8
140 lines (116 loc) · 4.55 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: Deploy Backstage
on:
push:
branches: 'main'
concurrency: ${{ github.ref }}
env:
IMAGE: backstage
HUMCTL_VERSION: '0.21.0'
# CLOUD_PROVIDER: aws
AWS_REGION: ${{ vars.AWS_REGION }}
AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }}
# CLOUD_PROVIDER: azure
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
AZURE_ACR_NAME: ${{ vars.AZURE_ACR_NAME }}
# CLOUD_PROVIDER: gcp
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }}
GCP_GAR_HOST: ${{ vars.GCP_GAR_HOST }}
GCP_GAR_NAME: ${{ vars.GCP_GAR_NAME }}
jobs:
deploy:
name: Build & Notify Humanitec
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
env:
DOCKER_BUILDKIT: '1'
if: ${{ vars.CLOUD_PROVIDER }}
steps:
- uses: actions/checkout@v3
- name: Configure correct org after copying from template
run: |
# Ensure correct github org
find ./templates -type f -name "*.yaml" -exec sed -i 's/humanitec-architecture/${{ github.repository_owner }}/g' {} +
# Ensure correct humanitec org
sed -i 's/humanitec-architecture/${{ vars.HUMANITEC_ORG_ID }}/g' catalog-info.yaml
- uses: stefanzweifel/git-auto-commit-action@v4
with:
file_pattern: 'catalog-info.yaml templates/*.yaml'
- if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: ${{ env.AWS_REGION }}
- if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
name: login to aws ecr
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
with:
mask-password: 'true'
- if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
name: set CONTAINER_REGISTRY env var
run: |
echo "CONTAINER_REGISTRY=$REGISTRY" >> "$GITHUB_ENV"
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
- if: ${{ vars.CLOUD_PROVIDER == 'azure' }}
name: configure azure credentials
uses: azure/login@v1
with:
client-id: ${{ env.AZURE_CLIENT_ID }}
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}
- if: ${{ vars.CLOUD_PROVIDER == 'azure' }}
name: login to azure acr
run: |
az acr login -n ${{ env.AZURE_ACR_NAME }}
echo "CONTAINER_REGISTRY=${{ env.AZURE_ACR_NAME }}.azurecr.io" >> "$GITHUB_ENV"
- if: ${{ vars.CLOUD_PROVIDER == 'gcp' }}
name: configure gcp credentials
uses: google-github-actions/auth@v1
with:
workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GCP_SERVICE_ACCOUNT }}
- if: ${{ vars.CLOUD_PROVIDER == 'gcp' }}
name: login to gcp gar
run: |
gcloud auth configure-docker ${{ env.GCP_GAR_HOST }} --quiet
echo "CONTAINER_REGISTRY=${{ env.GCP_GAR_NAME }}" >> "$GITHUB_ENV"
- name: Set Tag with SHA
run: echo "TAG=`echo $GITHUB_SHA | cut -c 1-7`" >> $GITHUB_ENV
- run: mkdir credentials && touch credentials/github-app-backstage-humanitec-credentials.yaml
- run: docker image build -t backstage .
- name: Push backstage image
run: |
docker tag backstage $CONTAINER_REGISTRY/$IMAGE:$TAG
docker push $CONTAINER_REGISTRY/$IMAGE:$TAG
- uses: humanitec/setup-cli-action@v1
with:
version: ${{ env.HUMCTL_VERSION }}
- name: Inform Humanitec
run: |-
humctl create artefact-version \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ vars.HUMANITEC_ORG_ID }} \
-t container \
-n $CONTAINER_REGISTRY/$IMAGE \
--version $TAG \
--ref $GITHUB_REF \
--commit $GITHUB_SHA
- name: Run Score
run: |
humctl score deploy \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ vars.HUMANITEC_ORG_ID }} \
--app backstage \
--env development \
-f score.yaml \
--extensions humanitec.score.yaml \
--workload-source-url "https://github.com/${{ github.repository }}/blob/${{ github.ref_name }}/score.yaml" \
--image $CONTAINER_REGISTRY/$IMAGE:$TAG \
--message "${{ github.event.head_commit.message }}"