Add SHA as custom ENV variable to the .dep package #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| version: | ||
| type: string | ||
| required: false | ||
| description: | | ||
| Artifacts version to publish and for tests. | ||
| If not specified, then `ref_name`, `head_ref` or `latest` will be used based on event. | ||
| force-publish: | ||
| type: boolean | ||
| required: false | ||
| default: false | ||
| description: | | ||
| Force publish artifacts. | ||
| If false, artifacts will be published only on `release` or on `push` to `develop/master`. | ||
| tests: | ||
| type: boolean | ||
| required: false | ||
| default: true | ||
| description: Run tests. | ||
| mvn-verify-opts: | ||
| type: string | ||
| required: false | ||
| default: "['']" | ||
| secrets: | ||
| ORGANIZATION_TOKEN: | ||
| required: true | ||
| HELM_REGISTRY_URL: | ||
| required: true | ||
| HELM_REGISTRY_USER: | ||
| required: true | ||
| HELM_REGISTRY_PASSWORD: | ||
| required: true | ||
| GCP_DEB_REGISTRY_CREDENTIALS: | ||
| required: true | ||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.ref }} | ||
| cancel-in-progress: true | ||
| env: | ||
| VERSION: > | ||
| ${{ | ||
| inputs.version && inputs.version | ||
| || (github.event_name == 'push' || github.event_name == 'release') && github.ref_name | ||
| || (github.event_name == 'pull_request') && github.head_ref | ||
| || 'latest' | ||
| }} | ||
| jobs: | ||
| build: | ||
| name: Build (${{ matrix.arch }}) and mvn verify ${{ matrix.mvn-verify-opts }} | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| arch: [ 'linux/amd64' ] | ||
| mvn-verify-opts: ${{ fromJson(inputs.mvn-verify-opts) }} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| fetch-tags: true | ||
| - name: Set up JDK | ||
| uses: actions/setup-java@v3 | ||
| with: | ||
| java-version: '17' | ||
| distribution: 'zulu' | ||
| cache: 'maven' | ||
| - name: Set up Maven | ||
| run: cp build.settings.xml ~/.m2/settings.xml | ||
| - name: Maven Build | ||
| run: mvn clean install -DskipTests=true -Dmaven.javadoc.skip=true -Ddockerfile.skip=true -Dgithub.event.release.prerelease="${{ github.event.release.prerelease }}" -B -V -U | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.ORGANIZATION_TOKEN }} | ||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v3 | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| - name: Login to Docker | ||
| run: docker login ghcr.io -u ${GITHUB_ACTOR} --password ${{ secrets.ORGANIZATION_TOKEN }} | ||
| - name: Prepare TEST_IMAGE_TAG env | ||
| run: | | ||
| echo TEST_IMAGE_TAG=$(echo ${VERSION} | sed 's/\//-/g') >> $GITHUB_ENV | ||
| - name: Build Docker images | ||
| run: | | ||
| for directory in `find * -maxdepth 10 -mindepth 0 -type f -name 'Dockerfile' | xargs dirname` | ||
| do | ||
| echo Run docker buildx build for $directory | ||
| if [[ $directory == '.' ]]; then | ||
| image=${{ github.event.repository.name }} | ||
| else | ||
| image=$directory | ||
| fi | ||
| docker buildx build --load --platform ${{ matrix.arch }} \ | ||
| -t ghcr.io/${GITHUB_REPOSITORY}/$image:${{ env.TEST_IMAGE_TAG }} \ | ||
| $directory | ||
| done | ||
| - name: Show Docker images | ||
| run: docker images | grep ${GITHUB_REPOSITORY} || (echo Docker images not found && exit 1) | ||
| - name: Maven Verify | ||
| if: inputs.tests == true && github.event_name != 'release' | ||
| run: | | ||
| sudo echo "172.17.0.1 host.docker.internal" | sudo tee -a /etc/hosts | ||
| sudo echo "127.0.0.1 $(eval hostname)" | sudo tee -a /etc/hosts | ||
| mvn verify ${{ matrix.mvn-verify-opts }} -Dgithub.event.release.prerelease="${{ github.event.release.prerelease }}" -B | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.ORGANIZATION_TOKEN }} | ||
| - name: Upload test containers logs | ||
| if: always() && inputs.tests == true | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: logs-${{ github.run_id }}-${{ github.run_number }}-${{ runner.name }} | ||
| path: target/logs/ | ||
| overwrite: true | ||
| push: | ||
| if: > | ||
| inputs.force-publish == true | ||
| || (github.event_name == 'push' && (github.ref_name == 'develop' || github.ref_name == 'master')) | ||
| || github.event_name == 'release' | ||
| name: Push artifacts | ||
| needs: build | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Overwrite VERSION env | ||
| run: | | ||
| echo VERSION=$(echo ${VERSION} | sed 's/\//-/g') >> $GITHUB_ENV | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| fetch-tags: true | ||
| - name: Set up JDK | ||
| uses: actions/setup-java@v3 | ||
| with: | ||
| java-version: '17' | ||
| distribution: 'zulu' | ||
| cache: 'maven' | ||
| - name: Set up Maven | ||
| run: cp build.settings.xml ~/.m2/settings.xml | ||
| - name: Maven Build | ||
| run: mvn clean install -DskipTests=true -Dmaven.javadoc.skip=true -Ddockerfile.skip=true -Dgithub.event.release.prerelease="${{ github.event.release.prerelease }}" -B -V -U | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.ORGANIZATION_TOKEN }} | ||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v1 | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| - name: Login to Docker | ||
| run: docker login ghcr.io -u ${GITHUB_ACTOR} --password ${{ secrets.ORGANIZATION_TOKEN }} | ||
| - name: Push Docker images | ||
| run: | | ||
| for directory in `find * -maxdepth 10 -mindepth 0 -type f -name 'Dockerfile' | xargs dirname` | ||
| do | ||
| echo Run docker build for $directory | ||
| if [[ $directory == '.' ]]; then | ||
| image=${{ github.event.repository.name }} | ||
| else | ||
| image=$directory | ||
| fi | ||
| docker buildx build --push --platform linux/amd64,linux/arm64 \ | ||
| -t ghcr.io/${GITHUB_REPOSITORY}/$image:${{ env.VERSION }} \ | ||
| -t ghcr.io/${GITHUB_REPOSITORY}/$image:latest \ | ||
| $directory | ||
| done | ||
| - name: Package and publish to helm registry | ||
| run: | | ||
| for directory in `find ./charts -type d -maxdepth 1 -mindepth 1` | ||
| do | ||
| echo helm package for $directory | ||
| name=$(cat $directory/Chart.yaml | grep ^name: | cut -d: -f2 | cut -c 2- | tr -d '"') | ||
| chart_version=$(cat $directory/Chart.yaml | grep ^version: | cut -d: -f2 | cut -c 2- | tr -d '"') | ||
| release_version=$chart_version-${{ env.VERSION }} | ||
| echo Release chart version $release_version | ||
| # change helm chart version in Chart.yaml | ||
| sed -i.bak 's/version:.*/version: '$release_version'/g' $directory/Chart.yaml | ||
| # change helm chart SHA in values.yaml | ||
| sed -i.bak 's/SHA:.*/SHA: '${{ github.sha }}'/g' $directory/values.yaml | ||
| helm lint --strict $directory || exit 42 | ||
| helm template --debug $directory | ||
| helm package --debug $directory | ||
| pkg=$name-$release_version.tgz | ||
| echo push to GitHub Helm Registry oci://ghcr.io/${{ vars.GH_ORGANIZATION }}/${{ vars.GH_HELM_REGISTRY_REPO }} | ||
| helm push $pkg oci://ghcr.io/${{ vars.GH_ORGANIZATION }}/${{ vars.GH_HELM_REGISTRY_REPO }} | ||
| # revert changes of helm chart version and remove bak files | ||
| rm $directory/Chart.yaml | ||
| mv $directory/Chart.yaml.bak $directory/Chart.yaml | ||
| # revert changes of helm SHA value and remove bak files | ||
| rm $directory/values.yaml | ||
| mv $directory/values.yaml.bak $directory/values.yaml | ||
| done | ||
| - name: Authenticate to Google Cloud | ||
| uses: 'google-github-actions/auth@v2' | ||
| with: | ||
| project_id: '${{ vars.GCP_DEB_REGISTRY_PROJECT }}' | ||
| credentials_json: '${{ secrets.GCP_DEB_REGISTRY_CREDENTIALS}}' | ||
| - name: 'Set up Cloud SDK' | ||
| uses: 'google-github-actions/setup-gcloud@v2' | ||
| with: | ||
| version: '>= 363.0.0' | ||
| - name: Build .deb packages and Push to Google Artifactory DEB Registry | ||
| run: | | ||
| for directory in `find * -maxdepth 10 -mindepth 0 -type f -name 'Dockerfile' | xargs dirname` | ||
| do | ||
| echo Run package build for $directory | ||
| if [[ $directory == '.' ]]; then | ||
| package=${{ github.event.repository.name }} | ||
| else | ||
| package=$directory | ||
| fi | ||
| export DIRECTORY=$directory | ||
| echo "DIRECTORY<<EOF" >> ${GITHUB_ENV} | ||
| echo "${DIRECTORY}" >> ${GITHUB_ENV} | ||
| echo "EOF" >> ${GITHUB_ENV} | ||
| if [[ "${{ env.VERSION }}" == *develop* || "${{ env.VERSION }}" == *master* || "${{ env.VERSION }}" != [0-9]* ]]; then | ||
| export VERSION=1.0-$(git rev-parse --abbrev-ref HEAD)-$(git describe --tags --abbrev=1 2>/dev/null)-${GITHUB_RUN_ATTEMPT} | ||
| else | ||
| export VERSION=${{ env.VERSION }}-${GITHUB_RUN_ATTEMPT} | ||
| fi | ||
| echo "VERSION<<EOF" >> ${GITHUB_ENV} | ||
| echo "${VERSION}" >> ${GITHUB_ENV} | ||
| echo "EOF" >> ${GITHUB_ENV} | ||
| echo Release package version $VERSION | ||
| if [ -f $directory/src/deb/build-deb.sh ]; then | ||
| Add cd $directory | ||
| # change the DEB SHA ENV value in default-env file & make backup | ||
| sed -i.bak 's/SHA=.*/SHA='${{ github.sha }}'/g' ./src/deb/templates/default-env | ||
| source ./src/deb/build-deb.sh | ||
| PACKAGE_NAME=./target/${SERVICE_NAME}-${VERSION}.deb | ||
| echo push to Google Artifactory Debian Registry $DEB_REGISTRY | ||
| gcloud artifacts apt upload $DEB_REGISTRY --location=$REGISTRY_LOCATION --source=$PACKAGE_NAME | ||
| # revert changes of the DEB SHA ENV value & remove backup file | ||
| rm ./src/deb/templates/default-env | ||
| mv ./src/deb/templates/default-env.bak ./src/deb/templates/default-env | ||
| cd .. | ||
| else | ||
| echo "The file $directory/src/deb/build-deb.sh does not exist in $directory. Skip it." | ||
| fi | ||
| done | ||
| env: | ||
| DEB_REGISTRY: ${{ vars.GCP_DEB_REGISTRY }} | ||
| REGISTRY_LOCATION: ${{ vars.GCP_REGISTRY_LOCATION }} | ||
| DIRECTORY: ${{ env.DIRECTORY }} | ||
| - name: Rollback release | ||
| if: failure() && github.event_name == 'release' | ||
| run: | | ||
| echo Remove git tag | ||
| git push origin :refs/tags/${{ github.event.release.tag_name }} | ||
