Build 'n Deploy #166
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build 'n Deploy | |
on: | |
push: | |
branches: | |
- main | |
- develop | |
- 'release/**' | |
- 'feature/**' | |
- 'issue/**' | |
- 'issues/**' | |
- 'dependabot/**' | |
tags-ignore: | |
- '*' | |
paths-ignore: | |
- 'build.gradle' | |
- 'bumpver.toml' | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
inputs: | |
venue: | |
type: choice | |
description: Venue to deploy to | |
options: | |
- SIT | |
- UAT | |
- OPS | |
commit: | |
type: string | |
description: Custom commit hash | |
jobs: | |
build: | |
name: build, lint, and test API | |
runs-on: ubuntu-latest | |
outputs: | |
deploy_env: ${{ steps.set-env.outputs.deploy_env }} | |
github_sha: ${{ steps.update-sha.outputs.github_sha }} | |
steps: | |
# -- Setup -- | |
- uses: getsentry/action-github-app-token@v3 | |
name: my-app-install token | |
id: podaac-cicd | |
with: | |
app_id: ${{ secrets.CICD_APP_ID }} | |
private_key: ${{ secrets.CICD_APP_PRIVATE_KEY }} | |
- name: Initial checkout ${{ github.ref }} | |
if: github.event.inputs.commit == '' | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ steps.podaac-cicd.outputs.token }} | |
- name: Adjust to proper commit hash ${{ github.event.inputs.commit }} | |
if: github.event.inputs.commit != '' | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.inputs.commit }} | |
token: ${{ steps.podaac-cicd.outputs.token }} | |
- uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: '17' | |
cache: 'gradle' | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
- name: Install bumpver | |
run: pip3 install bumpver | |
- name: Setup git user | |
run: | | |
git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
git config user.name "github-actions[bot]" | |
# -- Version Bumping -- | |
- name: Manual execution means no version bump | |
# If triggered by workflow dispatch, no version bump | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
run: | | |
echo "TARGET_ENV=${{ github.event.inputs.venue }}" >> $GITHUB_ENV | |
TARGET_ENV=${{ github.event.inputs.venue }} | |
- name: Bump alpha version | |
if: github.ref == 'refs/heads/develop' && github.event_name != 'workflow_dispatch' | |
run: | | |
TAG=$(bumpver show -e | awk -F= '$1 == "TAG" {print $2};') | |
if [ $TAG == 'final' ]; then | |
# Bump patch version first then append tag | |
bumpver update --patch --tag alpha --tag-num | |
else | |
bumpver update --tag alpha --tag-num | |
fi | |
echo "TARGET_ENV=SIT" >> $GITHUB_ENV | |
- name: Bump rc version | |
if: startsWith(github.ref, 'refs/heads/release/') && github.event_name != 'workflow_dispatch' | |
run: | | |
bumpver update -f --tag rc --tag-num | |
echo "TARGET_ENV=UAT" >> $GITHUB_ENV | |
- name: Release version | |
if: github.ref == 'refs/heads/main' && github.event_name != 'workflow_dispatch' | |
run: | | |
bumpver update --tag final | |
echo "TARGET_ENV=OPS" >> $GITHUB_ENV | |
- name: Set the target environment to ${{ env.TARGET_ENV }} | |
id: set-env | |
run: | | |
echo "deploy_env=${{ env.TARGET_ENV }}" >> $GITHUB_OUTPUT | |
# -- Building -- | |
- name: Build with Gradle | |
id: gradle-build | |
run: | | |
gradle build | |
- name: Build & push container images | |
# Only push container images for releases, rcs, and alphas | |
if: > | |
github.ref == 'refs/heads/main' || | |
github.ref == 'refs/heads/develop' || | |
startsWith(github.ref, 'refs/heads/release/') | |
run: | | |
# gradle jib | |
# Push one tag at a time; fix for multi-tag push issue in ghcr (but fixed in gitlab) | |
# https://gitlab.com/gitlab-org/container-registry/-/issues/640 | |
gradle jibDockerBuild | |
for TAG in $(docker image ls -f "dangling=false" --format "{{.Tag}}" ghcr.io/podaac/swodlr-api); do | |
docker image push ghcr.io/podaac/swodlr-api:$TAG | |
done | |
- name: Upload compiled .jars | |
uses: actions/upload-artifact@v4 | |
with: | |
name: build-libs | |
path: build/libs/*.jar | |
- name: Upload test reports | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: reports | |
path: build/reports | |
- name: Set github SHA for deployment | |
id: update-sha | |
run: | | |
SHA=$(git rev-parse HEAD) | |
echo "github_sha=${SHA}" >> $GITHUB_OUTPUT | |
deploy: | |
name: Deploy | |
needs: build | |
# The type of runner that the job will run on | |
runs-on: ubuntu-latest | |
environment: | |
name: ${{ needs.build.outputs.deploy_env }} | |
url: https://swodlr.podaac.${{ needs.build.outputs.deploy_env }}.earthdatacloud.nasa.gov/api/about | |
if: | | |
github.ref == 'refs/heads/develop' || | |
github.ref == 'refs/heads/main' || | |
startsWith(github.ref, 'refs/heads/release') || | |
github.event_name == 'workflow_dispatch' | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: us-west-2 | |
role-session-name: GitHubActions | |
aws-access-key-id: ${{ secrets[vars.AWS_ACCESS_KEY_ID_SECRET_NAME] }} | |
aws-secret-access-key: ${{ secrets[vars.AWS_SECRET_ACCESS_KEY_SECRET_NAME] }} | |
mask-aws-account-id: true | |
- name: Checkout repository for Deployment ${{ needs.build.outputs.github_sha }} | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ needs.build.outputs.github_sha }} | |
- uses: hashicorp/setup-terraform@v3 | |
with: | |
terraform_version: ${{ env.TERRAFORM_VERSION }} | |
terraform_wrapper: false | |
- name: Deploy to ${{ needs.build.outputs.deploy_env }} | |
id: terraform-deploy | |
working-directory: terraform/ | |
env: | |
AWS_DEFAULT_REGION: us-west-2 | |
TF_VAR_edl_base_url: ${{ secrets.EDL_BASE_URL }} | |
TF_VAR_edl_client_id: ${{ secrets.EDL_CLIENT_ID }} | |
TF_VAR_edl_client_secret: ${{ secrets.EDL_CLIENT_SECRET }} | |
TF_VAR_session_encryption_key: ${{ secrets.SESSION_ENCRYPTION_KEY }} | |
TF_VAR_ingest_aws_account: ${{ secrets.INGEST_AWS_ACCOUNT }} | |
TF_VAR_ingest_aws_role: ${{ secrets.INGEST_AWS_ROLE }} | |
run: | | |
source bin/config.sh ${{ vars.TF_VENUE }} | |
terraform apply -auto-approve | |
- name: Retrieve version number for notifications | |
run: | | |
VERSION=$(cat bumpver.toml|grep current_version |grep -v {version} |sed -E "s/current_version = //"|sed -E "s/\"//g") | |
echo "SUBMODULE_VERSION=$VERSION">>$GITHUB_ENV | |
- name: Send notifications to slack | |
uses: slackapi/[email protected] | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.NOTIFICATION_WEBHOOK_SWODLR }} | |
with: | |
payload: | | |
{ | |
"message": "${{ github.repository }} [version ${{ env.SUBMODULE_VERSION }}] has been deployed to the ${{ needs.build.outputs.deploy_env }} environment" | |
} | |
- name: Send failure notifications to slack | |
if: failure() | |
uses: slackapi/[email protected] | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.NOTIFICATION_WEBHOOK_SWODLR }} | |
with: | |
payload: | | |
{ | |
"message": "ERROR: ${{ github.repository }} [version ${{ env.SUBMODULE_VERSION }}] has encountered an error while trying to deploy to the ${{ needs.build.outputs.deploy_env }} environment" | |
} |