From 4f44977537988627f47302c3c739d965a03e8c2f Mon Sep 17 00:00:00 2001 From: pikachu0310 Date: Wed, 24 Jul 2024 11:14:35 +0900 Subject: [PATCH 1/4] =?UTF-8?q?:sparkles:=20staging=E3=83=96=E3=83=A9?= =?UTF-8?q?=E3=83=B3=E3=83=81=E3=82=92=E8=A8=AD=E5=AE=9A=E3=81=99=E3=82=8B?= =?UTF-8?q?=E4=BA=8B=E3=81=A7staging=E7=92=B0=E5=A2=83=E3=81=A7=E3=83=87?= =?UTF-8?q?=E3=83=97=E3=83=AD=E3=82=A4=E3=81=95=E3=82=8C=E3=82=8B=E3=82=88?= =?UTF-8?q?=E3=81=86=E3=81=AB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy-staging.yml | 72 ++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 .github/workflows/deploy-staging.yml diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml new file mode 100644 index 000000000..d85886120 --- /dev/null +++ b/.github/workflows/deploy-staging.yml @@ -0,0 +1,72 @@ +name: Deploy to Staging + +on: + push: + branches: + - 'staging' + +env: + IMAGE_NAME: traq + IMAGE_TAG: staging + +jobs: + image: + name: Build Docker Image + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set TRAQ_VERSION env + run: echo "TRAQ_VERSION=staging-SNAPSHOT" >> $GITHUB_ENV + - name: Set TRAQ_REVISION env + run: echo "TRAQ_REVISION=$(git rev-parse --short HEAD)" >> $GITHUB_ENV + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: all + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + - name: Show available platforms + run: echo ${{ steps.buildx.outputs.platforms }} + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: traptitech + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build and push + uses: docker/build-push-action@v6 + with: + context: . + push: true + platforms: linux/amd64,linux/arm64 + build-args: | + TRAQ_VERSION=${{ env.TRAQ_VERSION }} + TRAQ_REVISION=${{ env.TRAQ_REVISION }} + tags: | + ghcr.io/traptitech/${{ env.IMAGE_NAME }}:staging + scan: + name: Scan Image Vulnerability + runs-on: ubuntu-latest + needs: [image] + steps: + - uses: actions/checkout@v4 + - name: Pull docker image + run: docker pull ghcr.io/traptitech/${IMAGE_NAME}:${IMAGE_TAG} + - name: Container image scan + uses: crazy-max/ghaction-container-scan@v3 + with: + image: ghcr.io/traptitech/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} + annotations: true + deploy-staging: + name: Deploy staging + runs-on: ubuntu-latest + needs: [image] + steps: + - name: Install SSH key + uses: shimataro/ssh-key-action@v2 + with: + key: ${{ secrets.STAGING_SSH_KEY }} + known_hosts: ${{ secrets.STAGING_KNOWN_HOSTS }} + - name: Deploy + run: ssh -o LogLevel=QUIET -t ${{ secrets.STAGING_DEPLOY_USER }}@${{ secrets.STAGING_DEPLOY_HOST }} "sudo sh /srv/traq/deploy.sh traq-backend" From 0ece60a804a2bb9215432e34e3094c7620b4a6ca Mon Sep 17 00:00:00 2001 From: pikachu0310 Date: Wed, 24 Jul 2024 11:24:29 +0900 Subject: [PATCH 2/4] =?UTF-8?q?:art:=20master.yml=E3=81=AB=E7=B5=B1?= =?UTF-8?q?=E4=B8=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy-staging.yml | 72 ---------------------------- .github/workflows/master.yml | 1 + 2 files changed, 1 insertion(+), 72 deletions(-) delete mode 100644 .github/workflows/deploy-staging.yml diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml deleted file mode 100644 index d85886120..000000000 --- a/.github/workflows/deploy-staging.yml +++ /dev/null @@ -1,72 +0,0 @@ -name: Deploy to Staging - -on: - push: - branches: - - 'staging' - -env: - IMAGE_NAME: traq - IMAGE_TAG: staging - -jobs: - image: - name: Build Docker Image - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Set TRAQ_VERSION env - run: echo "TRAQ_VERSION=staging-SNAPSHOT" >> $GITHUB_ENV - - name: Set TRAQ_REVISION env - run: echo "TRAQ_REVISION=$(git rev-parse --short HEAD)" >> $GITHUB_ENV - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - with: - platforms: all - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v3 - - name: Show available platforms - run: echo ${{ steps.buildx.outputs.platforms }} - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: traptitech - password: ${{ secrets.GITHUB_TOKEN }} - - name: Build and push - uses: docker/build-push-action@v6 - with: - context: . - push: true - platforms: linux/amd64,linux/arm64 - build-args: | - TRAQ_VERSION=${{ env.TRAQ_VERSION }} - TRAQ_REVISION=${{ env.TRAQ_REVISION }} - tags: | - ghcr.io/traptitech/${{ env.IMAGE_NAME }}:staging - scan: - name: Scan Image Vulnerability - runs-on: ubuntu-latest - needs: [image] - steps: - - uses: actions/checkout@v4 - - name: Pull docker image - run: docker pull ghcr.io/traptitech/${IMAGE_NAME}:${IMAGE_TAG} - - name: Container image scan - uses: crazy-max/ghaction-container-scan@v3 - with: - image: ghcr.io/traptitech/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} - annotations: true - deploy-staging: - name: Deploy staging - runs-on: ubuntu-latest - needs: [image] - steps: - - name: Install SSH key - uses: shimataro/ssh-key-action@v2 - with: - key: ${{ secrets.STAGING_SSH_KEY }} - known_hosts: ${{ secrets.STAGING_KNOWN_HOSTS }} - - name: Deploy - run: ssh -o LogLevel=QUIET -t ${{ secrets.STAGING_DEPLOY_USER }}@${{ secrets.STAGING_DEPLOY_HOST }} "sudo sh /srv/traq/deploy.sh traq-backend" diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 6648f776d..816676eb8 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -4,6 +4,7 @@ on: push: branches: - master + - staging env: IMAGE_NAME: traq From d019c8aaf078f777dec9414f4aeee911c9e0f953 Mon Sep 17 00:00:00 2001 From: pikachu0310 Date: Wed, 24 Jul 2024 11:31:22 +0900 Subject: [PATCH 3/4] =?UTF-8?q?:sparkles:=20manual=20dispatch=20=E3=81=A7?= =?UTF-8?q?=E3=82=B3=E3=83=9F=E3=83=83=E3=83=88/=E3=83=96=E3=83=A9?= =?UTF-8?q?=E3=83=B3=E3=83=81=E3=82=92=E6=8C=87=E5=AE=9A=E3=81=97=E3=81=A6?= =?UTF-8?q?=E6=89=8B=E5=8B=95=E3=81=A7staging=E7=92=B0=E5=A2=83=E3=82=92?= =?UTF-8?q?=E7=AB=8B=E3=81=A1=E4=B8=8A=E3=81=92=E3=82=8C=E3=82=8B=E3=82=88?= =?UTF-8?q?=E3=81=86=E3=81=AB=E5=A4=89=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/master.yml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index 816676eb8..e0be25d6c 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -4,7 +4,15 @@ on: push: branches: - master - - staging + workflow_dispatch: + inputs: + branch: + description: 'Branch to deploy' + required: true + default: 'master' + commit: + description: 'Specific commit to deploy' + required: false env: IMAGE_NAME: traq @@ -16,9 +24,15 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + with: + ref: ${{ github.event.inputs.branch || github.ref }} - name: Set TRAQ_VERSION env run: echo "TRAQ_VERSION=master-SNAPSHOT" >> $GITHUB_ENV - name: Set TRAQ_REVISION env + if: ${{ github.event.inputs.commit != '' }} + run: echo "TRAQ_REVISION=${{ github.event.inputs.commit }}" >> $GITHUB_ENV + - name: Set TRAQ_REVISION env (fallback) + if: ${{ github.event.inputs.commit == '' }} run: echo "TRAQ_REVISION=$(git rev-parse --short HEAD)" >> $GITHUB_ENV - name: Set up QEMU uses: docker/setup-qemu-action@v3 From d23a6c0c0f26d2fc7f7e1e0e41061f69475a1367 Mon Sep 17 00:00:00 2001 From: pikachu0310 Date: Wed, 24 Jul 2024 11:49:04 +0900 Subject: [PATCH 4/4] =?UTF-8?q?:art:=20=E3=83=96=E3=83=A9=E3=83=B3?= =?UTF-8?q?=E3=83=81=E5=90=8D=E3=81=AE=E3=81=BF=E6=8C=87=E5=AE=9A=E5=8F=AF?= =?UTF-8?q?=E8=83=BD=E3=81=AB=E5=A4=89=E6=9B=B4=E3=80=81=E3=82=A4=E3=83=A1?= =?UTF-8?q?=E3=83=BC=E3=82=B8=E3=82=BF=E3=82=B0=E3=81=AA=E3=81=A9=E3=82=92?= =?UTF-8?q?=E9=81=A9=E5=88=87=E3=81=AA=E5=90=8D=E5=89=8D=E3=81=AB=E8=87=AA?= =?UTF-8?q?=E5=8B=95=E3=81=A7=E5=A4=89=E6=9B=B4=E3=81=99=E3=82=8B=E3=82=88?= =?UTF-8?q?=E3=81=86=E3=81=AB?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/master.yml | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index e0be25d6c..a9649f25d 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -10,13 +10,10 @@ on: description: 'Branch to deploy' required: true default: 'master' - commit: - description: 'Specific commit to deploy' - required: false env: IMAGE_NAME: traq - IMAGE_TAG: master + IMAGE_TAG: ${{ github.event.inputs.branch || 'master' }} jobs: image: @@ -25,14 +22,10 @@ jobs: steps: - uses: actions/checkout@v4 with: - ref: ${{ github.event.inputs.branch || github.ref }} + ref: ${{ github.event.inputs.branch || 'master' }} - name: Set TRAQ_VERSION env - run: echo "TRAQ_VERSION=master-SNAPSHOT" >> $GITHUB_ENV + run: echo "TRAQ_VERSION=${{ github.event.inputs.branch || 'master' }}-SNAPSHOT" >> $GITHUB_ENV - name: Set TRAQ_REVISION env - if: ${{ github.event.inputs.commit != '' }} - run: echo "TRAQ_REVISION=${{ github.event.inputs.commit }}" >> $GITHUB_ENV - - name: Set TRAQ_REVISION env (fallback) - if: ${{ github.event.inputs.commit == '' }} run: echo "TRAQ_REVISION=$(git rev-parse --short HEAD)" >> $GITHUB_ENV - name: Set up QEMU uses: docker/setup-qemu-action@v3 @@ -59,13 +52,16 @@ jobs: TRAQ_VERSION=${{ env.TRAQ_VERSION }} TRAQ_REVISION=${{ env.TRAQ_REVISION }} tags: | - ghcr.io/traptitech/${{ env.IMAGE_NAME }}:master + ghcr.io/traptitech/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} + scan: name: Scan Image Vulnerability runs-on: ubuntu-latest needs: [image] steps: - uses: actions/checkout@v4 + with: + ref: ${{ github.event.inputs.branch || 'master' }} - name: Pull docker image run: docker pull ghcr.io/traptitech/${IMAGE_NAME}:${IMAGE_TAG} - name: Container image scan