From 9908f0fd7a8dafba686bee738d8c814a937997be Mon Sep 17 00:00:00 2001 From: Stefan Hattrell <29941279+digorgonzola@users.noreply.github.com> Date: Tue, 20 Feb 2024 11:37:12 +1100 Subject: [PATCH] github: interim staging workflow --- .github/workflows/build-staging.yml | 130 ++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 .github/workflows/build-staging.yml diff --git a/.github/workflows/build-staging.yml b/.github/workflows/build-staging.yml new file mode 100644 index 00000000..cebe46dc --- /dev/null +++ b/.github/workflows/build-staging.yml @@ -0,0 +1,130 @@ +name: Build Staging + +on: + pull_request: + push: + branches: + - main + paths-ignore: + - '**/*.md' + - '.github/environment/**' + +permissions: + id-token: write + contents: read + +env: + app_name: es-indexer + environment_name: staging + +jobs: + build_push: + runs-on: ubuntu-latest + environment: staging + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: '17' + cache: 'maven' + server-id: 'codeartifact' + server-password: 'CODEARTIFACT_AUTH_TOKEN' + + - name: Configure AWS Credentials + id: aws_auth + uses: aws-actions/configure-aws-credentials@v4 + with: + audience: sts.amazonaws.com + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + + - name: Get CodeArtifact Repository Authentication Token + run: | + TOKEN=$(aws codeartifact get-authorization-token \ + --domain ${{ vars.CODEARTIFACT_DOMAIN }} \ + --domain-owner ${{ steps.aws_auth.outputs.aws-account-id }} \ + --region ${{ vars.AWS_REGION }} \ + --query authorizationToken \ + --output text) + echo "CODEARTIFACT_AUTH_TOKEN=$TOKEN" >> "$GITHUB_ENV" + + - name: Get CodeArtifact Repository URL + run: | + REPO_URL=$(aws codeartifact get-repository-endpoint \ + --domain ${{ vars.CODEARTIFACT_DOMAIN }} \ + --repository ${{ vars.CODEARTIFACT_REPO }} \ + --format maven \ + --region ${{ vars.AWS_REGION }} \ + --output text) + echo "CODEARTIFACT_REPO_URL=$REPO_URL" >> "$GITHUB_ENV" + + - name: Build with Maven + run: mvn -B package --file pom.xml -DskipTests + + - name: Login to ECR + uses: docker/login-action@v3 + with: + registry: ${{ vars.ECR_REGISTRY }} + + - name: Build and Push Docker Image + id: build_and_push + uses: docker/build-push-action@v5 + with: + context: . + # Only building for AMD64 for now + # platforms: linux/amd64,linux/arm64 + push: true + tags: | + ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:${{ github.sha }} + ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:latest + + - name: Push Image Digest to SSM + run: | + aws ssm put-parameter \ + --name "/apps/${{ env.app_name }}/${{ env.environment_name }}/image_digest" \ + --type "String" \ + --value "$digest" \ + --overwrite + env: + digest: ${{ steps.build_and_push.outputs.digest }} + +# trigger_deploy: +# runs-on: ubuntu-latest +# needs: [build_push] +# steps: +# - name: Generate App Token +# uses: actions/create-github-app-token@v1 +# id: app-token +# with: +# app-id: ${{ vars.DEPLOY_APP_ID }} +# private-key: ${{ secrets.DEPLOY_APP_PRIVATE_KEY }} +# owner: ${{ github.repository_owner }} +# repositories: "appdeploy" +# +# - name: Trigger Deploy Workflow +# uses: actions/github-script@v7 +# with: +# github-token: ${{ steps.app-token.outputs.token }} +# retries: 3 +# retry-exempt-status-codes: 204 +# script: | +# github.rest.actions.createWorkflowDispatch({ +# owner: 'aodn', +# repo: 'appdeploy', +# workflow_id: 'deploy.yml', +# ref: 'main', +# inputs: { +# app_name: '${{ env.app_name }}', +# environment: '${{ env.environment_name }}' +# } +# })