-
Notifications
You must be signed in to change notification settings - Fork 8
130 lines (106 loc) · 4.06 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Deploy Backstage
on:
push:
branches: 'main'
concurrency: ${{ github.ref }}
env:
IMAGE: backstage
SCORE_HUMANITEC_VERSION: '0.9.1'
HUMCTL_VERSION: '0.13.0'
# CLOUD_PROVIDER: aws
AWS_REGION: ${{ vars.AWS_REGION }}
AWS_ROLE_ARN: ${{ vars.AWS_ROLE_ARN }}
# CLOUD_PROVIDER: gcp
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
GCP_SERVICE_ACCOUNT: ${{ vars.GCP_SERVICE_ACCOUNT }}
GCP_GAR_HOST: ${{ vars.GCP_GAR_HOST }}
GCP_GAR_NAME: ${{ vars.GCP_GAR_NAME }}
jobs:
deploy:
name: Build & Notify Humanitec
runs-on: ubuntu-latest
permissions:
id-token: write
contents: write
env:
DOCKER_BUILDKIT: "1"
if: ${{ vars.CLOUD_PROVIDER }}
steps:
- uses: actions/checkout@v3
- name: Configure correct org after copying from template
run: |
# Ensure correct github org
find ./templates -type f -name "*.yaml" -exec sed -i 's/humanitec-architecture/${{ github.repository_owner }}/g' {} +
# Ensure correct humanitec org
sed -i 's/humanitec-architecture/${{ vars.HUMANITEC_ORG_ID }}/g' catalog-info.yaml
- uses: stefanzweifel/git-auto-commit-action@v4
with:
file_pattern: 'catalog-info.yaml templates/*.yaml'
- if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: ${{ env.AWS_REGION }}
- if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
name: login to aws ecr
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
with:
mask-password: 'true'
- if: ${{ vars.CLOUD_PROVIDER == 'aws' }}
name: "set CONTAINER_REGISTRY env var"
run: |
echo "CONTAINER_REGISTRY=$REGISTRY" >> "$GITHUB_ENV"
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
- if: ${{ vars.CLOUD_PROVIDER == 'gcp' }}
name: configure gcp credentials
uses: google-github-actions/auth@v1
with:
workload_identity_provider: ${{ env.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ env.GCP_SERVICE_ACCOUNT }}
- if: ${{ vars.CLOUD_PROVIDER == 'gcp' }}
name: login to gcp gar
run: |
gcloud auth configure-docker ${{ env.GCP_GAR_HOST }} --quiet
echo "CONTAINER_REGISTRY=${{ env.GCP_GAR_NAME }}" >> "$GITHUB_ENV"
- name: Set Tag with SHA
run: echo "TAG=`echo $GITHUB_SHA | cut -c 1-7`" >> $GITHUB_ENV
- run: mkdir credentials && touch credentials/github-app-backstage-humanitec-credentials.yaml
- run: docker image build -t backstage .
- name: Push backstage image
run: |
docker tag backstage $CONTAINER_REGISTRY/$IMAGE:$TAG
docker push $CONTAINER_REGISTRY/$IMAGE:$TAG
- uses: humanitec/setup-cli-action@v1
with:
version: ${{ env.HUMCTL_VERSION }}
- name: Inform Humanitec
run: |-
humctl create artefact-version \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ vars.HUMANITEC_ORG_ID }} \
-t container \
-n $CONTAINER_REGISTRY/$IMAGE \
--version $TAG \
--ref $GITHUB_REF \
--commit $GITHUB_SHA
- uses: score-spec/setup-score@v2
with:
file: score-humanitec
version: ${{ env.SCORE_HUMANITEC_VERSION }}
- name: Run Score
run: |
score-humanitec delta \
--retry \
--deploy \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ vars.HUMANITEC_ORG_ID }} \
--app backstage \
--env development \
-f score.yaml \
--extensions humanitec.score.yaml \
--workload-source-url "https://github.com/${{ github.repository }}/blob/${{ github.ref_name }}/score.yaml" \
--property containers.backstage.image=$CONTAINER_REGISTRY/$IMAGE:$TAG \
--message "${{ github.event.head_commit.message }}"