From 116616f530f0a035441725e04f7b042bd10e60d6 Mon Sep 17 00:00:00 2001 From: Eric Maydeck Date: Fri, 6 Sep 2024 14:28:48 -0600 Subject: [PATCH 1/2] chore: clean up old GHA and docker hub deployments workflows --- .circleci/config.yml | 116 +++++---------------- .github/workflows/build-and-push-image.yml | 88 ---------------- .github/workflows/docker.yml | 65 ------------ 3 files changed, 25 insertions(+), 244 deletions(-) delete mode 100644 .github/workflows/build-and-push-image.yml delete mode 100644 .github/workflows/docker.yml diff --git a/.circleci/config.yml b/.circleci/config.yml index 9d2722da4..449e5c688 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -355,65 +355,6 @@ jobs: - autopush-locust.tar deploy: - docker: - - image: docker:18.03.0-ce - auth: - username: $DOCKER_USER - password: $DOCKER_PASS - parameters: - image: - type: string - repo: - type: string - steps: - - setup_remote_docker - - docker_login - - attach_workspace: - at: /cache - - run: - name: Restore Docker image cache - command: docker load -i /cache/docker.tar - - run: - name: Deploy to Dockerhub - command: | - if [ "${CIRCLE_BRANCH}" == "master" ]; then - # deploy master - docker login -u $DOCKER_USER -p $DOCKER_PASS - docker tag <> <>:latest - docker push <>:latest - elif [ ! -z "${CIRCLE_TAG}" ]; then - # deploy a release tag - docker login -u $DOCKER_USER -p $DOCKER_PASS - echo "<>:${CIRCLE_TAG}" - docker tag <> "<>:${CIRCLE_TAG}" - docker images - docker push "<>:${CIRCLE_TAG}" - fi - - deploy-load-test: - docker: - - image: cimg/base:2024.06 - steps: - - checkout - - attach_workspace: - at: /tmp/workspace - - setup_remote_docker - - run: - name: Load Docker Image From Workspace - command: docker load -i /tmp/workspace/autopush-locust.tar - - docker_login: - load: True - - run: - name: Push to Docker Hub - command: | - echo ${DOCKERHUB_LOAD_TEST_REPO}:${CIRCLE_SHA1} - docker tag autopush-locust ${DOCKERHUB_LOAD_TEST_REPO}:${CIRCLE_SHA1} - docker tag autopush-locust ${DOCKERHUB_LOAD_TEST_REPO}:latest - docker images - docker push "${DOCKERHUB_LOAD_TEST_REPO}:${CIRCLE_SHA1}" - docker push "${DOCKERHUB_LOAD_TEST_REPO}:latest" - - deploy-to-gar: executor: gcp-gcr/default parameters: build_tag: @@ -461,6 +402,29 @@ jobs: registry-url: <> tag: $GAR_TAG,latest + deploy-load-test: + docker: + - image: cimg/base:2024.06 + steps: + - checkout + - attach_workspace: + at: /tmp/workspace + - setup_remote_docker + - run: + name: Load Docker Image From Workspace + command: docker load -i /tmp/workspace/autopush-locust.tar + - docker_login: + load: True + - run: + name: Push to Docker Hub + command: | + echo ${DOCKERHUB_LOAD_TEST_REPO}:${CIRCLE_SHA1} + docker tag autopush-locust ${DOCKERHUB_LOAD_TEST_REPO}:${CIRCLE_SHA1} + docker tag autopush-locust ${DOCKERHUB_LOAD_TEST_REPO}:latest + docker images + docker push "${DOCKERHUB_LOAD_TEST_REPO}:${CIRCLE_SHA1}" + docker push "${DOCKERHUB_LOAD_TEST_REPO}:latest" + workflows: build-test-deploy: jobs: @@ -511,38 +475,8 @@ workflows: tags: only: /.*/ - # Comment out the following four sections for local CircleCI testing. - - deploy: - name: deploy-autoconnect - image: autoconnect:build - repo: ${DOCKERHUB_CONNECT_REPO} - requires: - - build-autoconnect - - Integration Tests - - Rust Unit Tests - - Rust Formatting Check - filters: - tags: - only: /.*/ - branches: - only: master - + # Comment out the following two sections for local CircleCI testing. - deploy: - name: deploy-autoendpoint - image: autoendpoint:build - repo: ${DOCKERHUB_ENDPOINT_REPO} - requires: - - build-autoendpoint - - Integration Tests - - Rust Unit Tests - - Rust Formatting Check - filters: - tags: - only: /.*/ - branches: - only: master - - - deploy-to-gar: name: deploy-autoconnect-gar image: autoconnect requires: @@ -556,7 +490,7 @@ workflows: branches: only: master - - deploy-to-gar: + - deploy: name: deploy-autoendpoint-gar image: autoendpoint requires: diff --git a/.github/workflows/build-and-push-image.yml b/.github/workflows/build-and-push-image.yml deleted file mode 100644 index 39fe3a916..000000000 --- a/.github/workflows/build-and-push-image.yml +++ /dev/null @@ -1,88 +0,0 @@ -name: Reusable build-and-push workflow - -run-name: Build and push image "${{ inputs.image }}:${{ inputs.tag }}" to GAR - -on: - workflow_call: - inputs: - binary: - required: true - type: string - crate: - required: true - type: string - # `gar_location`, `gar_repository`, and `gcp_project_id` have all been - # set as optional because default value has been supplied. As this - # workflow is only callable by other workflows, GitHub Actions will throw - # an error if we set "required: true" regardless of any defaults defined. - gar_location: - required: false - type: string - default: us - gar_repository: - required: false - type: string - default: autopush-prod - gcp_project_id: - required: false - type: string - default: moz-fx-autopush-prod - image: - required: true - type: string - tag: - required: true - type: string - -jobs: - build-and-push: - runs-on: ubuntu-latest - environment: build - permissions: - contents: read - id-token: write - env: - BINARY: ${{ inputs.binary }} - CRATE: ${{ inputs.crate }} - GAR_LOCATION: ${{ inputs.gar_location }} - GAR_REPOSITORY: ${{ inputs.gar_repository }} - GCP_PROJECT_ID: ${{ inputs.gcp_project_id }} - IMAGE: ${{ inputs.image }} - TAG: ${{ inputs.tag }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ env.TAG }} - - run: | - printf '{"commit":"%s","version":"%s","source":"https://github.com/%s","build":"%s/%s/actions/runs/%s"}\n' \ - "${GITHUB_SHA}" \ - "${GITHUB_REF_NAME}" \ - "${GITHUB_REPOSITORY}" \ - "${GITHUB_SERVER_URL}" \ - "${GITHUB_REPOSITORY}" \ - "${GITHUB_RUN_ID}" > version.json - - uses: docker/setup-buildx-action@v3 - - id: gcp-auth - uses: google-github-actions/auth@v2 - with: - token_format: 'access_token' - service_account: artifact-writer@${{ env.GCP_PROJECT_ID }}.iam.gserviceaccount.com - workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }} - - uses: docker/login-action@v3 - with: - registry: ${{ env.GAR_LOCATION }}-docker.pkg.dev - username: oauth2accesstoken - password: ${{ steps.gcp-auth.outputs.access_token }} - - id: build-and-push - uses: docker/build-push-action@v6 - with: - context: . - file: Dockerfile - # This is using both "latest" and app version tags. - tags: ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPOSITORY }}/${{ env.IMAGE }}:latest,${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPOSITORY }}/${{ env.IMAGE }}:${{ env.TAG }} - push: true - cache-from: type=gha - cache-to: type=gha,mode=max - build-args: | - CRATE=${{ env.CRATE }} - BINARY=${{ env.BINARY }} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml deleted file mode 100644 index 460feb5cc..000000000 --- a/.github/workflows/docker.yml +++ /dev/null @@ -1,65 +0,0 @@ -name: Build and deploy Docker images to GAR -on: - check_run: - types: [completed] - workflow_dispatch: - inputs: - git_tag: - type: string - required: true - -jobs: - determine-tag: - name: Determine tag to build - if: | - github.event_name == 'workflow_dispatch' || - (github.event_name == 'check_run' && - github.event.check_run.name == 'build-test-deploy' && - github.event.check_run.conclusion == 'success' && - github.ref_type == 'tag') - runs-on: ubuntu-latest - permissions: {} - outputs: - TAG: ${{ steps.determine.outputs.tag }} - steps: - - id: determine - run: | - # workflow_dispatch - if [[ "${{ github.event.inputs.git_tag }}" != "" ]]; then - echo "tag=${{ github.event.inputs.git_tag }}" >> $GITHUB_OUTPUT - # successful check_run from tag - elif [[ "${{ github.ref }}" != "" ]] && \ - [[ "${{ github.ref_type }}" == "tag" ]]; then - echo "tag=$(cut -d \/ -f3 <(echo '${{ github.ref }}'))" >> $GITHUB_OUTPUT - else - echo "Cannot determine tag" - exit 1 - fi - - autoconnect: - name: "Autoconnect: Build and push to GAR" - needs: [determine-tag] - permissions: - contents: read - id-token: write - uses: ./.github/workflows/build-and-push-image.yml - secrets: inherit - with: - binary: autoconnect - crate: autoconnect - image: autoconnect - tag: ${{ needs.determine-tag.outputs.TAG }} - - autoendpoint: - name: "Autoendpoint: Build and push to GAR" - needs: [determine-tag] - permissions: - contents: read - id-token: write - uses: ./.github/workflows/build-and-push-image.yml - secrets: inherit - with: - binary: autoendpoint - crate: autoendpoint - image: autoendpoint - tag: ${{ needs.determine-tag.outputs.TAG }} From e2aa96891e53eb9bba034e6cb194a71d8eba6b51 Mon Sep 17 00:00:00 2001 From: Eric Maydeck Date: Fri, 6 Sep 2024 14:55:01 -0600 Subject: [PATCH 2/2] chore: removed -gar from workflow name --- .circleci/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 449e5c688..57fbf81bc 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -477,7 +477,7 @@ workflows: # Comment out the following two sections for local CircleCI testing. - deploy: - name: deploy-autoconnect-gar + name: deploy-autoconnect image: autoconnect requires: - build-autoconnect @@ -491,7 +491,7 @@ workflows: only: master - deploy: - name: deploy-autoendpoint-gar + name: deploy-autoendpoint image: autoendpoint requires: - build-autoendpoint