Bump encrypted_credentials in /components/services #1412
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: push | |
name: Switch | |
env: | |
CI: true | |
APP_REPOSITORY_NAME: switch-app | |
WEBSERVER_REPOSITORY_NAME: switch-webserver | |
FREESWITCH_REPOSITORY_NAME: freeswitch | |
FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME: freeswitch-events | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.set-deployment-matrix.outputs.matrix }} | |
matrixLength: ${{ steps.set-deployment-matrix.outputs.matrixLength }} | |
deployMatrix: ${{ steps.set-deployment-matrix.outputs.deployMatrix }} | |
packageMatrix: ${{ steps.set-deployment-matrix.outputs.packageMatrix }} | |
defaults: | |
run: | |
working-directory: components/app | |
env: | |
AHN_ENV: test | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
working-directory: components/app | |
bundler-cache: true | |
- name: Run Specs | |
run: | | |
bundle exec rspec | |
- name: Run FreeSWITCH tests | |
working-directory: components/freeswitch | |
run: | | |
./tests/tests.sh | |
- name: Setup Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.22.x" | |
- name: Run tests | |
working-directory: components/freeswitch_event_logger | |
run: | | |
go get . | |
go test | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
- name: Set Deployment Matrix | |
id: set-deployment-matrix | |
run: | | |
branchName=$(echo '${{ github.ref }}' | sed 's,refs/heads/,,g') | |
matrixSource=$(cat << EOF | |
[ | |
{ | |
"identifier": "switch-staging", | |
"environment": "staging", | |
"branch": "develop", | |
"friendly_image_tag": "beta", | |
"image_tag": "stag-${{ github.sha }}", | |
"ecs_service": "switch-staging", | |
"ecs_cluster": "somleng-switch-staging" | |
}, | |
{ | |
"identifier": "switch", | |
"environment": "production", | |
"branch": "master", | |
"friendly_image_tag": "latest", | |
"image_tag": "prod-${{ github.sha }}", | |
"ecs_service": "switch", | |
"ecs_cluster": "somleng-switch" | |
} | |
] | |
EOF | |
) | |
matrix=$(echo $matrixSource | jq --arg branchName "$branchName" 'map(. | select((.branch==$branchName)) )') | |
echo "matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT | |
echo "matrixLength=$(echo $matrix | jq length)" >> $GITHUB_OUTPUT | |
echo "deployMatrix={\"region\":[\"ap-southeast-1\",\"us-east-1\"],\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT | |
echo "packageMatrix={\"platform\":[\"amd64\",\"arm64\"],\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT | |
build-packages: | |
name: Build Packages | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
if: needs.build.outputs.matrixLength > 0 | |
strategy: | |
matrix: ${{fromJSON(needs.build.outputs.packageMatrix)}} | |
fail-fast: false | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Ruby | |
uses: ruby/setup-ruby@v1 | |
- name: Configure AWS credentials | |
id: aws-login | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
role-skip-session-tagging: true | |
role-duration-seconds: 3600 | |
aws-region: ap-southeast-1 | |
- name: Build images | |
uses: aws-actions/aws-codebuild-run-build@v1 | |
with: | |
project-name: somleng-switch-${{ matrix.platform }} | |
buildspec-override: | | |
version: 0.2 | |
phases: | |
build: | |
steps: | |
- name: Build | |
run: | | |
aws ecr get-login-password --region ap-southeast-1 | docker login --username AWS --password-stdin ${{ secrets.ECR_REGISTRY }} | |
export DOCKER_BUILDKIT=1 | |
docker buildx build --cache-from ${{ secrets.ECR_REGISTRY }}/${{ env.APP_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --tag ${{ secrets.ECR_REGISTRY }}/${{ env.APP_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --push components/app | |
docker buildx build --cache-from ${{ secrets.ECR_REGISTRY }}/${{ env.WEBSERVER_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --tag ${{ secrets.ECR_REGISTRY }}/${{ env.WEBSERVER_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --push components/nginx | |
docker buildx build --cache-from ${{ secrets.ECR_REGISTRY }}/${{ env.FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --tag ${{ secrets.ECR_REGISTRY }}/${{ env.FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --push components/freeswitch_event_logger | |
if [ "${{ matrix.platform }}" = "amd64" ]; then | |
components/freeswitch/bin/export_tts_voices > components/freeswitch/conf/autoload_configs/tts_voices.xml | |
docker buildx build --build-arg signalwire_token=${{ secrets.SIGNALWIRE_TOKEN }} --cache-from ${{ secrets.ECR_REGISTRY }}/${{ env.FREESWITCH_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --tag ${{ secrets.ECR_REGISTRY }}/${{ env.FREESWITCH_REPOSITORY_NAME }}:${{ matrix.friendly_image_tag }}-${{ matrix.platform }} --push components/freeswitch | |
fi | |
build-manifest: | |
name: Build Manifest | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
- build-packages | |
strategy: | |
matrix: ${{fromJSON(needs.build.outputs.matrix)}} | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
role-skip-session-tagging: true | |
role-duration-seconds: 3600 | |
aws-region: ap-southeast-1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to ECR | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ secrets.ECR_REGISTRY }} | |
- name: Build Manifest | |
run: | | |
declare -a platforms=("amd64" "arm64") | |
declare -a components=("${{ env.APP_REPOSITORY_NAME }}" "${{ env.WEBSERVER_REPOSITORY_NAME }}" "${{ env.FREESWITCH_REPOSITORY_NAME }}" "${{ env.FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME }}") | |
for component in "${components[@]}" | |
do | |
if [ "$component" = "${{ env.FREESWITCH_REPOSITORY_NAME }}" ]; then | |
docker buildx imagetools create -t ${{ secrets.ECR_REGISTRY }}/$component:${{ matrix.friendly_image_tag }} -t ${{ secrets.ECR_REGISTRY }}/$component:${{ matrix.image_tag }} ${{ secrets.ECR_REGISTRY }}/$component:${{ matrix.friendly_image_tag }}-amd64 | |
else | |
source_images=$(printf "${{ secrets.ECR_REGISTRY }}/$component:${{ matrix.friendly_image_tag }}-%s " "${platforms[@]}") | |
docker buildx imagetools create -t ${{ secrets.ECR_REGISTRY }}/$component:${{ matrix.friendly_image_tag }} -t ${{ secrets.ECR_REGISTRY }}/$component:${{ matrix.image_tag }} $source_images | |
fi | |
done | |
publish_images: | |
name: Publish Images | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: ${{fromJSON(needs.build.outputs.matrix)}} | |
needs: | |
- build | |
- build-packages | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
role-skip-session-tagging: true | |
role-duration-seconds: 3600 | |
aws-region: ap-southeast-1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Login to ECR | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ secrets.ECR_REGISTRY }} | |
- name: Publish Images | |
run: | | |
declare -a platforms=("amd64" "arm64") | |
declare -a components=("${{ env.APP_REPOSITORY_NAME }}" "${{ env.WEBSERVER_REPOSITORY_NAME }}" "${{ env.FREESWITCH_REPOSITORY_NAME }}" "${{ env.FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME }}") | |
for platform in "${platforms[@]}" | |
do | |
for component in "${components[@]}" | |
do | |
[ "$component" = "${{ env.FREESWITCH_REPOSITORY_NAME }}" ] && [ $platform = "arm64" ] && continue | |
docker image pull ${{ secrets.ECR_REGISTRY }}/$component:${{ matrix.friendly_image_tag }}-$platform | |
docker tag ${{ secrets.ECR_REGISTRY }}/$component:${{ matrix.friendly_image_tag }}-$platform ${{ secrets.GHCR_REGISTRY }}/$component:${{ matrix.friendly_image_tag }}-$platform | |
docker push ${{ secrets.GHCR_REGISTRY }}/$component:${{ matrix.friendly_image_tag }}-$platform | |
done | |
done | |
for component in "${components[@]}" | |
do | |
if [ "$component" = "${{ env.FREESWITCH_REPOSITORY_NAME }}" ]; then | |
docker buildx imagetools create -t ${{ secrets.GHCR_REGISTRY }}/$component:${{ matrix.friendly_image_tag }} ${{ secrets.GHCR_REGISTRY }}/$component:${{ matrix.friendly_image_tag }}-amd64 | |
else | |
source_images=$(printf "${{ secrets.GHCR_REGISTRY }}/$component:${{ matrix.friendly_image_tag }}-%s " "${platforms[@]}") | |
docker buildx imagetools create -t ${{ secrets.GHCR_REGISTRY }}/$component:${{ matrix.friendly_image_tag }} $source_images | |
fi | |
done | |
deploy: | |
name: Deploy | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
- build-manifest | |
strategy: | |
matrix: ${{fromJSON(needs.build.outputs.deployMatrix)}} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Configure AWS credentials | |
id: aws-login | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
role-skip-session-tagging: true | |
role-duration-seconds: 3600 | |
aws-region: ${{ matrix.region }} | |
- name: Get current task definition | |
run: | | |
aws ecs describe-task-definition --task-definition "${{ matrix.identifier }}" --query 'taskDefinition' > task-definition.json | |
- name: Prepare Webserver task definition | |
id: render-nginx-task-def | |
uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
with: | |
task-definition: task-definition.json | |
container-name: nginx | |
image: ${{ secrets.ECR_REGISTRY }}/${{ env.WEBSERVER_REPOSITORY_NAME }}:${{ matrix.image_tag }} | |
- name: Prepare FreeSWITCH task definition | |
id: render-freeswitch-task-def | |
uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
with: | |
task-definition: ${{ steps.render-nginx-task-def.outputs.task-definition }} | |
container-name: freeswitch | |
image: ${{ secrets.ECR_REGISTRY }}/${{ env.FREESWITCH_REPOSITORY_NAME }}:${{ matrix.image_tag }} | |
- name: Prepare FreeSWITCH event logger task definition | |
id: render-freeswitch-event-logger-task-def | |
uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
with: | |
task-definition: ${{ steps.render-freeswitch-task-def.outputs.task-definition }} | |
container-name: freeswitch-event-logger | |
image: ${{ secrets.ECR_REGISTRY }}/${{ env.FREESWITCH_EVENT_LOGGER_REPOSITORY_NAME }}:${{ matrix.image_tag }} | |
- name: Prepare App task definition | |
id: render-app-task-def | |
uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
with: | |
task-definition: ${{ steps.render-freeswitch-event-logger-task-def.outputs.task-definition }} | |
container-name: app | |
image: ${{ secrets.ECR_REGISTRY }}/${{ env.APP_REPOSITORY_NAME }}:${{ matrix.image_tag }} | |
- name: Deploy Switch | |
uses: aws-actions/amazon-ecs-deploy-task-definition@v2 | |
with: | |
task-definition: ${{ steps.render-app-task-def.outputs.task-definition }} | |
service: ${{ matrix.ecs_service }} | |
cluster: ${{ matrix.ecs_cluster }} | |
wait-for-service-stability: true | |
release: | |
name: Release | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
- deploy | |
strategy: | |
matrix: ${{fromJson(needs.build.outputs.deployMatrix)}} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Create Sentry release | |
uses: getsentry/action-release@v1 | |
env: | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
SENTRY_ORG: somleng | |
SENTRY_PROJECT: somleng-switch | |
with: | |
environment: ${{ matrix.environment }} |