Merge pull request #168 from aodn/features/6008-simplify-polygon #23
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release | |
on: | |
push: | |
tags: | |
- v*.*.* | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
build_push: | |
runs-on: ubuntu-latest | |
environment: central | |
outputs: | |
digest: ${{ steps.build_and_push.outputs.digest }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: '17' | |
cache: 'maven' | |
server-id: 'codeartifact' | |
server-password: 'CODEARTIFACT_AUTH_TOKEN' | |
- name: Configure AWS Credentials | |
id: aws_auth | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
audience: sts.amazonaws.com | |
aws-region: ${{ vars.AWS_REGION }} | |
role-to-assume: ${{ vars.AWS_ROLE_ARN }} | |
- name: Get CodeArtifact Repository Authentication Token | |
run: | | |
TOKEN=$(aws codeartifact get-authorization-token \ | |
--domain ${{ vars.CODEARTIFACT_DOMAIN }} \ | |
--domain-owner ${{ steps.aws_auth.outputs.aws-account-id }} \ | |
--region ${{ vars.AWS_REGION }} \ | |
--query authorizationToken \ | |
--output text) | |
echo "CODEARTIFACT_AUTH_TOKEN=$TOKEN" >> "$GITHUB_ENV" | |
- name: Get CodeArtifact Repository URL | |
run: | | |
REPO_URL=$(aws codeartifact get-repository-endpoint \ | |
--domain ${{ vars.CODEARTIFACT_DOMAIN }} \ | |
--repository ${{ vars.CODEARTIFACT_REPO }} \ | |
--format maven \ | |
--region ${{ vars.AWS_REGION }} \ | |
--output text) | |
echo "CODEARTIFACT_REPO_URL=$REPO_URL" >> "$GITHUB_ENV" | |
- name: Build with Maven & Publish to CodeArtifact | |
run: mvn -B clean deploy --file pom.xml | |
env: | |
CODEARTIFACT_AUTH_TOKEN: ${{ env.CODEARTIFACT_AUTH_TOKEN }} | |
CODEARTIFACT_REPO_URL: ${{ env.CODEARTIFACT_REPO_URL }} | |
- name: Login to ECR | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ vars.ECR_REGISTRY }} | |
- name: Build and Push Docker Image | |
id: build_and_push | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
# Only building for AMD64 for now | |
# platforms: linux/amd64,linux/arm64 | |
push: true | |
tags: ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:${{ github.ref_name }} | |
- name: Generate App Token | |
uses: actions/create-github-app-token@v1 | |
id: app-token | |
with: | |
app-id: ${{ vars.DEPLOY_APP_ID }} | |
private-key: ${{ secrets.DEPLOY_APP_PRIVATE_KEY }} | |
owner: ${{ github.repository_owner }} | |
- name: Upload Docker Metadata to Release | |
run: | | |
json='${{ steps.build_and_push.outputs.metadata }}' | |
echo "$json" > metadata.json | |
gh release upload ${{ github.ref_name }} metadata.json | |
env: | |
GH_TOKEN: ${{ steps.app-token.outputs.token }} | |
trigger_staging_deploy: | |
needs: [build_push] | |
uses: ./.github/workflows/trigger_deploy.yml | |
with: | |
app_name: es-indexer | |
environment: staging | |
digest: ${{ needs.build_push.outputs.digest }} | |
secrets: inherit | |
trigger_production_deploy: | |
needs: [build_push, trigger_staging_deploy] | |
uses: ./.github/workflows/trigger_deploy.yml | |
with: | |
app_name: es-indexer | |
environment: production | |
digest: ${{ needs.build_push.outputs.digest }} | |
secrets: inherit |