-
Notifications
You must be signed in to change notification settings - Fork 0
215 lines (208 loc) · 7.82 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
name: Build 'n Deploy
on:
push:
branches:
- main
- develop
- 'release/**'
- 'feature/**'
- 'issue/**'
- 'issues/**'
- 'dependabot/**'
tags-ignore:
- '*'
paths-ignore:
- 'build.gradle'
- 'bumpver.toml'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
venue:
type: choice
description: Venue to deploy to
options:
- SIT
- UAT
- OPS
commit:
type: string
description: Custom commit hash
jobs:
build:
name: build, lint, and test API
runs-on: ubuntu-latest
outputs:
deploy_env: ${{ steps.set-env.outputs.deploy_env }}
github_sha: ${{ steps.update-sha.outputs.github_sha }}
steps:
# -- Setup --
- uses: getsentry/action-github-app-token@v3
name: my-app-install token
id: podaac-cicd
with:
app_id: ${{ secrets.CICD_APP_ID }}
private_key: ${{ secrets.CICD_APP_PRIVATE_KEY }}
- name: Initial checkout ${{ github.ref }}
if: github.event.inputs.commit == ''
uses: actions/checkout@v4
with:
token: ${{ steps.podaac-cicd.outputs.token }}
- name: Adjust to proper commit hash ${{ github.event.inputs.commit }}
if: github.event.inputs.commit != ''
uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.commit }}
token: ${{ steps.podaac-cicd.outputs.token }}
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '17'
cache: 'gradle'
- uses: actions/setup-python@v5
with:
python-version: '3.10'
- name: Install bumpver
run: pip3 install bumpver
- name: Setup git user
run: |
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config user.name "github-actions[bot]"
# -- Version Bumping --
- name: Manual execution means no version bump
# If triggered by workflow dispatch, no version bump
if: ${{ github.event_name == 'workflow_dispatch' }}
run: |
echo "TARGET_ENV=${{ github.event.inputs.venue }}" >> $GITHUB_ENV
TARGET_ENV=${{ github.event.inputs.venue }}
- name: Bump alpha version
if: github.ref == 'refs/heads/develop' && github.event_name != 'workflow_dispatch'
run: |
TAG=$(bumpver show -e | awk -F= '$1 == "TAG" {print $2};')
if [ $TAG == 'final' ]; then
# Bump patch version first then append tag
bumpver update --patch --tag alpha --tag-num
else
bumpver update --tag alpha --tag-num
fi
echo "TARGET_ENV=SIT" >> $GITHUB_ENV
- name: Bump rc version
if: startsWith(github.ref, 'refs/heads/release/') && github.event_name != 'workflow_dispatch'
run: |
bumpver update -f --tag rc --tag-num
echo "TARGET_ENV=UAT" >> $GITHUB_ENV
- name: Release version
if: github.ref == 'refs/heads/main' && github.event_name != 'workflow_dispatch'
run: |
bumpver update --tag final
echo "TARGET_ENV=OPS" >> $GITHUB_ENV
- name: Set the target environment to ${{ env.TARGET_ENV }}
id: set-env
run: |
echo "deploy_env=${{ env.TARGET_ENV }}" >> $GITHUB_OUTPUT
# -- Building --
- name: Build with Gradle
id: gradle-build
run: |
gradle build
- name: Build & push container images
# Only push container images for releases, rcs, and alphas
if: >
github.ref == 'refs/heads/main' ||
github.ref == 'refs/heads/develop' ||
startsWith(github.ref, 'refs/heads/release/')
run: |
# gradle jib
# Push one tag at a time; fix for multi-tag push issue in ghcr (but fixed in gitlab)
# https://gitlab.com/gitlab-org/container-registry/-/issues/640
gradle jibDockerBuild
for TAG in $(docker image ls -f "dangling=false" --format "{{.Tag}}" ghcr.io/podaac/swodlr-api); do
docker image push ghcr.io/podaac/swodlr-api:$TAG
done
- name: Upload compiled .jars
uses: actions/upload-artifact@v4
with:
name: build-libs
path: build/libs/*.jar
- name: Upload test reports
if: always()
uses: actions/upload-artifact@v4
with:
name: reports
path: build/reports
- name: Set github SHA for deployment
id: update-sha
run: |
SHA=$(git rev-parse HEAD)
echo "github_sha=${SHA}" >> $GITHUB_OUTPUT
deploy:
name: Deploy
needs: build
# The type of runner that the job will run on
runs-on: ubuntu-latest
environment:
name: ${{ needs.build.outputs.deploy_env }}
url: https://swodlr.podaac.${{ needs.build.outputs.deploy_env }}.earthdatacloud.nasa.gov/api/about
if: |
github.ref == 'refs/heads/develop' ||
github.ref == 'refs/heads/main' ||
startsWith(github.ref, 'refs/heads/release') ||
github.event_name == 'workflow_dispatch'
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-west-2
role-session-name: GitHubActions
aws-access-key-id: ${{ secrets[vars.AWS_ACCESS_KEY_ID_SECRET_NAME] }}
aws-secret-access-key: ${{ secrets[vars.AWS_SECRET_ACCESS_KEY_SECRET_NAME] }}
mask-aws-account-id: true
- name: Checkout repository for Deployment ${{ needs.build.outputs.github_sha }}
uses: actions/checkout@v4
with:
ref: ${{ needs.build.outputs.github_sha }}
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
terraform_wrapper: false
- name: Deploy to ${{ needs.build.outputs.deploy_env }}
id: terraform-deploy
working-directory: terraform/
env:
AWS_DEFAULT_REGION: us-west-2
TF_VAR_edl_base_url: ${{ secrets.EDL_BASE_URL }}
TF_VAR_edl_client_id: ${{ secrets.EDL_CLIENT_ID }}
TF_VAR_edl_client_secret: ${{ secrets.EDL_CLIENT_SECRET }}
TF_VAR_session_encryption_key: ${{ secrets.SESSION_ENCRYPTION_KEY }}
TF_VAR_ingest_aws_account: ${{ secrets.INGEST_AWS_ACCOUNT }}
TF_VAR_ingest_aws_role: ${{ secrets.INGEST_AWS_ROLE }}
run: |
source bin/config.sh ${{ vars.TF_VENUE }}
terraform apply -auto-approve
- name: Retrieve version number for notifications
run: |
VERSION=$(cat bumpver.toml|grep current_version |grep -v {version} |sed -E "s/current_version = //"|sed -E "s/\"//g")
echo "SUBMODULE_VERSION=$VERSION">>$GITHUB_ENV
- name: Send notifications to slack
uses: slackapi/[email protected]
env:
SLACK_WEBHOOK_URL: ${{ secrets.NOTIFICATION_WEBHOOK_SWODLR }}
with:
payload: |
{
"message": "${{ github.repository }} [version ${{ env.SUBMODULE_VERSION }}] has been deployed to the ${{ needs.build.outputs.deploy_env }} environment"
}
- name: Send failure notifications to slack
if: failure()
uses: slackapi/[email protected]
env:
SLACK_WEBHOOK_URL: ${{ secrets.NOTIFICATION_WEBHOOK_SWODLR }}
with:
payload: |
{
"message": "ERROR: ${{ github.repository }} [version ${{ env.SUBMODULE_VERSION }}] has encountered an error while trying to deploy to the ${{ needs.build.outputs.deploy_env }} environment"
}