BC-7240 - fix #250
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Push Workflow | |
on: [push, pull_request] | |
permissions: | |
contents: read | |
env: | |
tenants: "dbc" | |
jobs: | |
branch_meta: | |
runs-on: ubuntu-latest | |
outputs: | |
branch: ${{ steps.extract_branch_meta.outputs.branch }} | |
sha: ${{ steps.extract_branch_meta.outputs.sha }} | |
steps: | |
- name: Extract branch meta | |
shell: bash | |
id: extract_branch_meta | |
env: | |
PR_HEAD_REF: ${{ github.event.pull_request.head.ref }} | |
PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }} | |
BRANCH_REF_NAME: ${{ github.ref_name}} | |
BRANCH_SHA: ${{ github.sha }} | |
run: | | |
if [ "${{ github.event_name }}" == 'pull_request' ]; then | |
echo "branch=devops-$PR_HEAD_REF" >> $GITHUB_OUTPUT | |
echo "sha=$PR_HEAD_SHA" >> $GITHUB_OUTPUT | |
else | |
echo "branch=devops-$BRANCH_REF_NAME" >> $GITHUB_OUTPUT | |
echo "sha=$BRANCH_SHA" >> $GITHUB_OUTPUT | |
fi | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: temurin | |
cache: maven | |
- name: run Test | |
env: | |
SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }} | |
run: | | |
mvn verify sonar:sonar \ | |
-Dsonar.host.url=https://sonarcloud.io \ | |
-Dsonar.organization=schulcloud-verbund \ | |
-Dsonar.projectKey=hpi-schul-cloud_doido-mongo | |
- name: Upload Report | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: report | |
path: target/jacoco-report | |
build: | |
runs-on: ubuntu-latest | |
needs: | |
- branch_meta | |
permissions: | |
packages: write | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: 17 | |
distribution: temurin | |
cache: maven | |
- name: build | |
run: | | |
./mvnw install -Dnative -Dquarkus.native.container-build=true | |
ls -la | |
- name: Login to registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Docker meta Service Name | |
id: docker_meta_img | |
uses: docker/metadata-action@v5 | |
with: | |
images: ghcr.io/${{ github.repository }} | |
tags: | | |
type=ref,event=branch,enable=false,priority=600 | |
type=sha,enable=true,priority=600,prefix= | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: test image exists | |
run: | | |
echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV | |
- name: Build and push ${{ github.repository }} | |
if: ${{ env.IMAGE_EXISTS == 0 }} | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: ./src/main/docker/Dockerfile.native | |
platforms: linux/amd64 | |
push: true | |
pull: true | |
tags: ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }} | |
labels: ${{ steps.docker_meta_img.outputs.labels }} | |
create_branch_identifier: | |
needs: | |
- branch_meta | |
uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/branch-to-namespace.yml@main | |
with: | |
branch: ${{ needs.branch_meta.outputs.branch }} | |
create_artifacts_repos: | |
runs-on: ubuntu-latest | |
needs: | |
- branch_meta | |
strategy: | |
matrix: | |
repos: | |
- dof_app_deploy | |
- doido-mongo | |
steps: | |
- run: | | |
echo "git_ref_name=${{ needs.branch_meta.outputs.branch }}" >> $GITHUB_ENV | |
echo git_ref_name ${{ needs.branch_meta.outputs.branch }} | |
- uses: actions/checkout@v4 | |
with: | |
repository: hpi-schul-cloud/${{ matrix.repos }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
path: ${{ matrix.repos }} | |
fetch-depth: 0 | |
- working-directory: ${{github.workspace }}/${{ matrix.repos }} | |
shell: bash | |
run: | | |
git checkout ${{ env.git_ref_name }} || true | |
commit_id=$(git rev-parse HEAD) | |
mkdir -pv ansible/group_vars/all | |
ansible_varname=$(echo ${{ matrix.repos }} | tr [a-z] [A-Z] | tr - _ | tr \. _ | tr [:blank:] _ ) | |
filename=$(echo ${ansible_varname} | tr [A-Z] [a-z] ) | |
reponame=$(echo ${filename} | tr _ - ) | |
branch_varname=$(echo ${{ needs.branch_meta.outputs.branch }} | tr -d [:cntrl:] | tr / \. | tr [:blank:] _ ) | |
for i in ${{ env.tenants }}; do | |
mkdir -pv ansible/host_vars/${i}_host | |
echo "${ansible_varname}_IMAGE_TAG: $commit_id" >> ansible/host_vars/${i}_host/$filename.yml | |
echo "${ansible_varname}_BRANCH_NAME: ${branch_varname}" >> ansible/host_vars/${i}_host/$filename.yml | |
echo "${ansible_varname}_REPO_NAME: ${reponame}" >> ansible/host_vars/${i}_host/$filename.yml | |
done | |
- run: tar -cf ${{ matrix.repos }}.tar ansible | |
working-directory: ${{github.workspace }}/${{ matrix.repos }} | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.repos }} | |
path: ${{github.workspace }}/${{ matrix.repos }}/${{ matrix.repos }}.tar | |
create_artifacts_workspaces: | |
runs-on: ubuntu-latest | |
needs: | |
- create_branch_identifier | |
strategy: | |
matrix: | |
tenants: [ dbc ] | |
steps: | |
- shell: bash | |
run: | | |
mkdir -pv ansible/host_vars/${{ matrix.tenants }}_host | |
- shell: bash | |
working-directory: ${{github.workspace }}/ansible/host_vars/${{ matrix.tenants }}_host | |
run: | | |
echo "NAMESPACE: ${{ needs.create_branch_identifier.outputs.id_branch }}" > cfg_host.yml | |
echo "DOMAIN: ${{ needs.create_branch_identifier.outputs.id_branch }}.${{ matrix.tenants }}.dbildungscloud.dev" >> cfg_host.yml | |
- run: tar -cf ${{ matrix.tenants }}.tar ansible | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ matrix.tenants }} | |
path: ${{github.workspace }}/${{ matrix.tenants }}.tar | |
deploy: | |
runs-on: ubuntu-latest | |
name: deploy dbc | |
needs: | |
- create_artifacts_repos | |
- create_artifacts_workspaces | |
- build | |
steps: | |
- uses: actions/download-artifact@v4 | |
- run: ls -R | |
- run: mv */*.tar ./ | |
- run: find -name "*.tar" -exec tar -xf {} \; | |
- run: tar -cf dbc-ansible.tar ansible | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: debug-dbc-ansible | |
path: ${{github.workspace }}/dbc-ansible.tar | |
overwrite: true | |
- shell: bash | |
run: | | |
python3 -m pip install kubernetes 'urllib3>=1.26.16' | |
- name: TLS | |
working-directory: ${{github.workspace }}/ansible/group_vars | |
run: | | |
echo "TLS_ENABLED: \"true\"" >> develop/dof_deploy.yml | |
- name: 1Password | |
working-directory: ${{github.workspace }}/ansible/group_vars | |
run: | | |
echo "ONEPASSWORD_OPERATOR_VAULT: ${{ secrets.DEV_VAULT_DBC }}" >> develop/dof_deploy.yml | |
- run: ansible-galaxy install -r ansible/collections/requirements.yml | |
- working-directory: ${{github.workspace }}/ansible/roles/sys | |
run: | | |
mkdir files | |
echo "${{ secrets.DEV_KUBE_CONFIG_DBC }}" > files/config | |
# It's necessary for the ansible k8s module to define proxy options as environment vars | |
# (doesn't use the proxy defined in kubeconfig) | |
# https://github.com/kubernetes-client/python/issues/1862 | |
# https://docs.ansible.com/ansible/latest/collections/kubernetes/core/k8s_module.html#parameter-proxy | |
# Format in kubeconfig is <protocoll>://<user>:<password>@<domain>:<port> | |
# Set K8S_AUTH_PROXY=<protocoll>://<domain>:<port> | |
# Set K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH=<user>:<password> | |
# If proxy-url is not defined in the kubeconfig no variables are set | |
- name: Set proxy environment variable if included in the kubeconfig | |
working-directory: ${{github.workspace }}/ansible/roles/sys/files | |
run: | | |
yq ".clusters[0].cluster.proxy-url" config | sed -nr 's+(.*//).*@(.*)+K8S_AUTH_PROXY=\1\2+p' >> $GITHUB_ENV | |
yq ".clusters[0].cluster.proxy-url" config | sed -nr 's+.*//(.*)@.*+K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH=\1+p' >> $GITHUB_ENV | |
- run: ansible-playbook ./playbock-operator.yml --inventory-file hosts --limit "dbc_host" -e 'ansible_python_interpreter=/usr/bin/python3' | |
working-directory: ${{github.workspace }}/ansible | |
- working-directory: ${{github.workspace }}/ansible/roles/sys/files | |
run: | | |
rm -rf /config |