Skip to content

Update to deploy specific versions instead of descriptive label #177

Update to deploy specific versions instead of descriptive label

Update to deploy specific versions instead of descriptive label #177

Workflow file for this run

name: Build 'n Deploy
on:
push:
branches:
- main
- develop
- 'release/**'
- 'feature/**'
- 'issue/**'
- 'issues/**'
- 'dependabot/**'
tags-ignore:
- '*'
paths-ignore:
- 'build.gradle'
- 'bumpver.toml'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
venue:
type: choice
description: Venue to deploy to
options:
- SIT
- UAT
- OPS
commit:
type: string
description: Custom commit hash
jobs:
build:
name: build, lint, and test API
runs-on: ubuntu-latest
outputs:
deploy_env: ${{ steps.set-env.outputs.deploy_env }}
github_sha: ${{ steps.update-sha.outputs.github_sha }}
steps:
# -- Setup --
- uses: getsentry/action-github-app-token@v3
name: my-app-install token
id: podaac-cicd
with:
app_id: ${{ secrets.CICD_APP_ID }}
private_key: ${{ secrets.CICD_APP_PRIVATE_KEY }}
- name: Initial checkout ${{ github.ref }}
if: github.event.inputs.commit == ''
uses: actions/checkout@v4
with:
token: ${{ steps.podaac-cicd.outputs.token }}
- name: Adjust to proper commit hash ${{ github.event.inputs.commit }}
if: github.event.inputs.commit != ''
uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.commit }}
token: ${{ steps.podaac-cicd.outputs.token }}
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '17'
cache: 'gradle'
- uses: actions/setup-python@v5
with:
python-version: '3.10'
- name: Install bumpver
run: pip3 install bumpver
- name: Setup git user
run: |
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config user.name "github-actions[bot]"
# -- Version Bumping --
- name: Manual execution means no version bump
# If triggered by workflow dispatch, no version bump
if: ${{ github.event_name == 'workflow_dispatch' }}
run: |
echo "TARGET_ENV=${{ github.event.inputs.venue }}" >> $GITHUB_ENV
TARGET_ENV=${{ github.event.inputs.venue }}
- name: Bump alpha version
if: github.ref == 'refs/heads/develop' && github.event_name != 'workflow_dispatch'
run: |
TAG=$(bumpver show -e | awk -F= '$1 == "TAG" {print $2};')
if [ $TAG == 'final' ]; then
# Bump patch version first then append tag
bumpver update --patch --tag alpha --tag-num
else
bumpver update --tag alpha --tag-num
fi
echo "TARGET_ENV=SIT" >> $GITHUB_ENV
- name: Bump rc version
if: startsWith(github.ref, 'refs/heads/release/') && github.event_name != 'workflow_dispatch'
run: |
bumpver update -f -n --tag rc --tag-num
echo "TARGET_ENV=UAT" >> $GITHUB_ENV
- name: Release version
if: github.ref == 'refs/heads/main' && github.event_name != 'workflow_dispatch'
run: |
bumpver update -f -n --tag final
echo "TARGET_ENV=OPS" >> $GITHUB_ENV
- name: Set the target environment to ${{ env.TARGET_ENV }}
id: set-env
run: |
echo "deploy_env=${{ env.TARGET_ENV }}" >> $GITHUB_OUTPUT
# -- Building --
- name: Build with Gradle
id: gradle-build
run: |
gradle build
- name: Build & push container images
# Only push container images for releases, rcs, and alphas
if: >
github.ref == 'refs/heads/main' ||
github.ref == 'refs/heads/develop' ||
startsWith(github.ref, 'refs/heads/release/')
run: |
# gradle jib
# Push one tag at a time; fix for multi-tag push issue in ghcr (but fixed in gitlab)
# https://gitlab.com/gitlab-org/container-registry/-/issues/640
gradle jibDockerBuild
for TAG in $(docker image ls -f "dangling=false" --format "{{.Tag}}" ghcr.io/podaac/swodlr-api); do
docker image push ghcr.io/podaac/swodlr-api:$TAG
done
- name: Upload compiled .jars
uses: actions/upload-artifact@v4
with:
name: build-libs
path: build/libs/*.jar
- name: Upload test reports
if: always()
uses: actions/upload-artifact@v4
with:
name: reports
path: build/reports
- name: Set github SHA for deployment
id: update-sha
run: |
SHA=$(git rev-parse HEAD)
echo "github_sha=${SHA}" >> $GITHUB_OUTPUT
deploy:
name: Deploy
needs: build
# The type of runner that the job will run on
runs-on: ubuntu-latest
environment:
name: ${{ needs.build.outputs.deploy_env }}
if: |
github.ref == 'refs/heads/develop' ||
github.ref == 'refs/heads/main' ||
startsWith(github.ref, 'refs/heads/release') ||
github.event_name == 'workflow_dispatch'
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-west-2
role-session-name: GitHubActions
aws-access-key-id: ${{ secrets[vars.AWS_ACCESS_KEY_ID_SECRET_NAME] }}
aws-secret-access-key: ${{ secrets[vars.AWS_SECRET_ACCESS_KEY_SECRET_NAME] }}
mask-aws-account-id: true
- name: Checkout repository for Deployment ${{ needs.build.outputs.github_sha }}
uses: actions/checkout@v4
with:
ref: ${{ needs.build.outputs.github_sha }}
- name: Retrieve version number
run: |
VERSION=$(cat bumpver.toml|grep current_version |grep -v {version} |sed -E "s/current_version = //"|sed -E "s/\"//g")
echo "SUBMODULE_VERSION=$VERSION">>$GITHUB_ENV
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
terraform_wrapper: false
- name: Deploy to ${{ needs.build.outputs.deploy_env }}
id: terraform-deploy
working-directory: terraform/
env:
AWS_DEFAULT_REGION: us-west-2
TF_VAR_edl_base_url: ${{ secrets.EDL_BASE_URL }}
TF_VAR_edl_client_id: ${{ secrets.EDL_CLIENT_ID }}
TF_VAR_edl_client_secret: ${{ secrets.EDL_CLIENT_SECRET }}
TF_VAR_session_encryption_key: ${{ secrets.SESSION_ENCRYPTION_KEY }}
TF_VAR_ingest_aws_account: ${{ secrets.INGEST_AWS_ACCOUNT }}
TF_VAR_ingest_aws_role: ${{ secrets.INGEST_AWS_ROLE }}
TF_VAR_container_image_tag: ${{ env.SUBMODULE_VERSION }}
run: |
source bin/config.sh ${{ vars.TF_VENUE }}
terraform apply -auto-approve
- name: Send notifications to slack
uses: slackapi/[email protected]
env:
SLACK_WEBHOOK_URL: ${{ secrets.NOTIFICATION_WEBHOOK_SWODLR }}
with:
payload: |
{
"message": "${{ github.repository }} [version ${{ env.SUBMODULE_VERSION }}] has been deployed to the ${{ needs.build.outputs.deploy_env }} environment"
}
- name: Send failure notifications to slack
if: failure()
uses: slackapi/[email protected]
env:
SLACK_WEBHOOK_URL: ${{ secrets.NOTIFICATION_WEBHOOK_SWODLR }}
with:
payload: |
{
"message": "ERROR: ${{ github.repository }} [version ${{ env.SUBMODULE_VERSION }}] has encountered an error while trying to deploy to the ${{ needs.build.outputs.deploy_env }} environment"
}