-
Notifications
You must be signed in to change notification settings - Fork 8
155 lines (130 loc) · 5.08 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
name: Deploy Backstage
on:
push:
branches: 'main'
concurrency: ${{ github.ref }}
env:
IMAGE: backstage
HUMCTL_VERSION: '*'
HUMANITEC_APP_ID: backstage
SCORE_FILE: score.yaml
DEPLOYMENT_ENV: development
# CLOUD_PROVIDER: aws
AWS_REGION: ${{ vars.AWS_REGION }}
AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }}
# CLOUD_PROVIDER: azure
AZURE_CLIENT_ID: ${{ vars.AZURE_CLIENT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ vars.AZURE_SUBSCRIPTION_ID }}
AZURE_TENANT_ID: ${{ vars.AZURE_TENANT_ID }}
AZURE_ACR_NAME: ${{ vars.AZURE_ACR_NAME }}
# CLOUD_PROVIDER: gcp
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }}
GCP_GAR_HOST: ${{ vars.GCP_GAR_HOST }}
GCP_GAR_NAME: ${{ vars.GCP_GAR_NAME }}
jobs:
deploy:
name: Build & Notify Humanitec
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
env:
DOCKER_BUILDKIT: '1'
if: ${{ vars.CLOUD_PROVIDER }}
steps:
- uses: actions/checkout@v4
- name: Configure correct org after copying from template
run: |
# Ensure correct humanitec org
sed -i 's/humanitec-architecture/${{ vars.HUMANITEC_ORG_ID }}/g' catalog-info.yaml
- uses: stefanzweifel/git-auto-commit-action@v5
with:
file_pattern: 'catalog-info.yaml templates/*.yaml'
- if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: ${{ env.AWS_REGION }}
- if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
name: login to aws ecr
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
with:
mask-password: 'true'
- if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
name: create repo if not existing
id: create-repo
uses: int128/create-ecr-repository-action@v1
with:
repository: ${{ env.IMAGE }}
- if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
name: set CONTAINER_REGISTRY env var
run: |
echo "CONTAINER_REGISTRY=$REGISTRY" >> "$GITHUB_ENV"
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
- if: ${{ vars.CLOUD_PROVIDER == 'azure' }}
name: configure azure credentials
uses: azure/login@v2
with:
client-id: ${{ env.AZURE_CLIENT_ID }}
tenant-id: ${{ env.AZURE_TENANT_ID }}
subscription-id: ${{ env.AZURE_SUBSCRIPTION_ID }}
- if: ${{ vars.CLOUD_PROVIDER == 'azure' }}
name: login to azure acr
run: |
az acr login -n ${{ env.AZURE_ACR_NAME }}
echo "CONTAINER_REGISTRY=${{ env.AZURE_ACR_NAME }}.azurecr.io" >> "$GITHUB_ENV"
- if: ${{ vars.CLOUD_PROVIDER == 'gcp' }}
name: configure gcp credentials
uses: google-github-actions/auth@v1
with:
workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GCP_SERVICE_ACCOUNT }}
- if: ${{ vars.CLOUD_PROVIDER == 'gcp' }}
name: login to gcp gar
run: |
gcloud auth configure-docker ${{ env.GCP_GAR_HOST }} --quiet
echo "CONTAINER_REGISTRY=${{ env.GCP_GAR_NAME }}" >> "$GITHUB_ENV"
- if: ${{ vars.CLOUD_PROVIDER == '5min' }}
name: define registry
run: |
echo "CONTAINER_REGISTRY=localhost:5001" >> "$GITHUB_ENV"
echo "HUMANITEC_APP_ID=${{ vars.HUMANITEC_APP_ID }}" >> "$GITHUB_ENV"
echo "SCORE_FILE=score.5min.yaml" >> "$GITHUB_ENV"
echo "DEPLOYMENT_ENV=5min-local" >> "$GITHUB_ENV"
- name: Set Tag with SHA
run: echo "TAG=`echo $GITHUB_SHA | cut -c 1-7`" >> $GITHUB_ENV
- run: mkdir credentials && touch credentials/github-app-backstage-humanitec-credentials.yaml
- run: docker image build -t backstage .
- name: Push backstage image
run: |
docker tag backstage $CONTAINER_REGISTRY/$IMAGE:$TAG
docker push $CONTAINER_REGISTRY/$IMAGE:$TAG
- uses: humanitec/setup-cli-action@v1
with:
version: ${{ env.HUMCTL_VERSION }}
- name: Inform Humanitec
run: |-
humctl create artefact-version \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ vars.HUMANITEC_ORG_ID }} \
-t container \
-n $CONTAINER_REGISTRY/$IMAGE \
--version $TAG \
--ref $GITHUB_REF \
--commit $GITHUB_SHA
- name: Run Score
run: |
humctl score deploy \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ vars.HUMANITEC_ORG_ID }} \
--app ${{ env.HUMANITEC_APP_ID }} \
--env ${{ env.DEPLOYMENT_ENV }} \
-f ${{ env.SCORE_FILE }} \
--extensions humanitec.score.yaml \
--workload-source-url "https://github.com/${{ github.repository }}/blob/${{ github.ref_name }}/score.yaml" \
--image $CONTAINER_REGISTRY/$IMAGE:$TAG \
--message "${{ github.event.head_commit.message }}"