V next #232
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: build | |
| on: | |
| pull_request: | |
| types: [opened, synchronize] | |
| branches: | |
| - main | |
| paths: | |
| - app-src/** | |
| - cdk/** | |
| - .github/workflows/** | |
| permissions: {} | |
| jobs: | |
| build: | |
| permissions: | |
| contents: read | |
| #runs-on: codebuild-AwsLabsMultiAZWorkshopArm64GithubRunner-${{ github.run_id }}-${{ github.run_attempt }} | |
| runs-on: ubuntu-24.04-arm | |
| env: | |
| CDK_LOCATION: "cdk" | |
| PROJECT_NAME: ${{ github.event.repository.name }} | |
| DOTNET_SYSTEM_GLOBALIZATION_INVARIANT: 0 | |
| BUILD_APP: false | |
| USE_CODEBUILD: false | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| - name: Install dotnet | |
| uses: actions/setup-dotnet@v4 | |
| with: | |
| dotnet-version: '9.0' | |
| - name: Dotnet version update | |
| if: env.USE_CODEBUILD == true | |
| run: | | |
| cat /codebuild/global.json | |
| dotnet --info | |
| jq '.sdk.version = "9.0.0"' /codebuild/global.json > temp.json && mv temp.json /codebuild/global.json | |
| cat /codebuild/global.json | |
| - name: Install cdk | |
| run: | | |
| npm install aws-cdk -g | |
| cdk --version | |
| - name: Create tmp | |
| run: mkdir -p ${{ github.workspace }}/tmp | |
| - name: Create assets | |
| run: mkdir -p ${{ github.workspace }}/assets | |
| - name: Set versions | |
| run: | | |
| # Read the JSON file and iterate over each key-value pair | |
| for key in $(jq -r 'keys[]' ${{ github.workspace }}/build/versions.json); do | |
| value=$(jq -r ".\"$key\"" ${{ github.workspace }}/build/versions.json) | |
| echo "Setting environment variable for $key with value $value" | |
| # Set the environment variable | |
| echo "$key=$value" >> $GITHUB_ENV | |
| done | |
| - name: Create helm lambda layer | |
| run: | | |
| file=helm-v$HELM-linux-arm64.tar.gz | |
| curl --location https://get.helm.sh/$file --output /tmp/$file | |
| tar -zxvf /tmp/$file --directory /tmp | |
| mkdir -p ${{ github.workspace }}/$CDK_LOCATION/layer/helm | |
| cp /tmp/linux-arm64/helm ${{ github.workspace }}/$CDK_LOCATION/layer/helm/ | |
| chmod 0755 ${{ github.workspace }}/$CDK_LOCATION/layer/helm/helm | |
| cd ${{ github.workspace }}/$CDK_LOCATION/layer | |
| zip -r ${{ github.workspace }}/$CDK_LOCATION/helm-layer.zip . | |
| - name: Copy destination rule | |
| run: | | |
| file=destination-rule.yaml | |
| cp ${{ github.workspace }}/$CDK_LOCATION/Configs/$file ${{ github.workspace }}/assets/$file | |
| - name: Get kubectl | |
| run: | | |
| file=kubectl | |
| curl --location https://dl.k8s.io/release/v$KUBECTL/bin/linux/arm64/$file --output ${{ github.workspace }}/assets/$file | |
| - name: Get istio helm charts | |
| run: | | |
| BASE=https://istio-release.storage.googleapis.com/charts | |
| istio_deps=("base-$ISTIO.tgz" "istiod-$ISTIO.tgz" "gateway-$ISTIO.tgz" "cni-$ISTIO.tgz") | |
| for file in ${istio_deps[@]}; do | |
| curl --location $BASE/$file --output ${{ github.workspace }}/assets/$file | |
| done | |
| - name: Get AWS load balancer controller helm chart | |
| run: | | |
| file=aws-load-balancer-controller-$LB_CONTROLLER_HELM.tgz | |
| curl --location https://aws.github.io/eks-charts/$file --output ${{ github.workspace }}/assets/$file | |
| - name: Pull istio containers | |
| run: | | |
| MAX_RETRIES=10 | |
| SLEEP_INTERVAL=2 | |
| IMAGES=(install-cni proxyv2 pilot) | |
| if [[ "$USE_CODEBUILD" == "true" ]]; then | |
| ACCOUNT_ID=$(echo "$CODEBUILD_BUILD_ARN" | cut -d':' -f5) | |
| BASE=$ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/docker-hub | |
| SEARCH_BASE=$ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com/docker-hub/ | |
| aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com | |
| else | |
| BASE=docker.io | |
| SEARCH_BASE="" | |
| fi | |
| for image in "${IMAGES[@]}"; do | |
| SOURCE=$BASE/istio/$image:$ISTIO | |
| SEARCH=${SEARCH_BASE}istio/$image:$ISTIO | |
| docker pull $SOURCE | |
| retries=0 | |
| while ! docker images --format "{{.Repository}}:{{.Tag}}" | grep -q "^$SEARCH$"; do | |
| if [ "$retries" -ge "$MAX_RETRIES" ]; then | |
| echo "Image $SEARCH did not appear in 'docker images' after $((MAX_RETRIES * SLEEP_INTERVAL)) seconds. Exiting." | |
| exit 1 | |
| fi | |
| echo "Retry $((retries+1))/$MAX_RETRIES - Image not found yet. Retrying in $SLEEP_INTERVAL seconds..." | |
| sleep "$SLEEP_INTERVAL" | |
| retries=$((retries+1)) | |
| done | |
| if [ "$SEARCH" != "istio/$image:$ISTIO" ]; then | |
| docker tag $SEARCH istio/$image:$ISTIO | |
| fi | |
| docker save istio/$image:$ISTIO | gzip > ${{ github.workspace }}/assets/$image.tar.gz | |
| done | |
| - name: Pull load balancer controller container image | |
| run: | | |
| BASE=public.ecr.aws | |
| file="eks/aws-load-balancer-controller:$LB_CONTROLLER_CONTAINER-linux_arm64" | |
| docker pull $BASE/$file | |
| name=$(echo $file | cut -d '/' -f2 | cut -d ':' -f1) | |
| docker save $BASE/$file | gzip > ${{ github.workspace }}/assets/$name.tar.gz | |
| - name: Pull cloudwatch agent container image | |
| run: | | |
| BASE=public.ecr.aws | |
| file="cloudwatch-agent/cloudwatch-agent:latest" | |
| docker pull $BASE/$file | |
| docker tag $BASE/$file $file | |
| name=$(echo $file | cut -d '/' -f2 | cut -d ':' -f1) | |
| docker save $file | gzip > ${{ github.workspace }}/assets/$name.tar.gz | |
| - name: Pull docker compose | |
| run: curl -SL https://github.com/docker/compose/releases/download/v2.32.4/docker-compose-linux-aarch64 -o ${{ github.workspace }}/assets/docker-compose | |
| - name: Build arm64 web app | |
| if: env.BUILD_APP == true | |
| run: | | |
| rm -rf ${{ github.workspace }}/app-src/output | |
| mkdir -p ${{ github.workspace }}/app-src/output | |
| mkdir -p ${{ github.workspace }}/app-src/output/src | |
| cd ${{ github.workspace }}/app-src | |
| dotnet restore | |
| dotnet publish --configuration Release --runtime linux-arm64 --output ${{ github.workspace }}/app-src/output/src -p:PublishReadyToRun=true -p:PublishReadyToRunShowWarnings=true --self-contained | |
| cd ${{ github.workspace }}/app-src/output | |
| zip -r ${{ github.workspace }}/assets/app_arm64.zip src/ | |
| cd ${{ github.workspace }}/app-src | |
| zip -r ${{ github.workspace }}/assets/app_arm64.zip scripts/ appspec.yml | |
| rm -rf ${{ github.workspace }}/app-src/output | |
| - name: Build failing arm64 web app | |
| if: env.BUILD_APP == true | |
| run: | | |
| rm -rf ${{ github.workspace }}/app-src/output | |
| mkdir -p ${{ github.workspace }}/app-src/output | |
| mkdir -p ${{ github.workspace }}/app-src/output/src | |
| cd ${{ github.workspace }}/app-src | |
| dotnet publish --configuration Release --runtime linux-arm64 --output ${{ github.workspace }}/app-src/output/src -p:DefineConstants="FAIL" -p:PublishReadyToRun=true -p:PublishReadyToRunShowWarnings=true --self-contained | |
| cd ${{ github.workspace }}/app-src/output | |
| zip -r ${{ github.workspace }}/assets/app_arm64_fail.zip src/ | |
| cd ${{ github.workspace }}/app-src | |
| zip -r ${{ github.workspace }}/assets/app_arm64_fail.zip scripts/ appspec.yml | |
| rm -rf ${{ github.workspace }}/app-src/output | |
| #- name: Set up docker buildx | |
| # uses: docker/setup-buildx-action@v3 | |
| - name: Build arm64 container | |
| run: | | |
| rm -rf ${{ github.workspace }}/app-src/output | |
| mkdir -p ${{ github.workspace }}/app-src/output | |
| mkdir -p ${{ github.workspace }}/app-src/output/src | |
| cd ${{ github.workspace }}/app-src | |
| dotnet publish --configuration Release --runtime linux-musl-arm64 --output ${{ github.workspace }}/app-src/output/src -p:PublishReadyToRun=true -p:PublishReadyToRunShowWarnings=true --self-contained | |
| cd ${{ github.workspace }}/app-src/output | |
| docker build --tag $PROJECT_NAME:latest --platform linux/arm64 --build-arg SRC=src --file ${{ github.workspace }}/build/dockerfile . | |
| docker save $PROJECT_NAME:latest | gzip > ${{ github.workspace }}/assets/container.tar.gz | |
| zip -j ${{ github.workspace }}/assets/app_deploy.zip ${{ github.workspace }}/assets/container.tar.gz | |
| zip -j ${{ github.workspace }}/assets/app_deploy.zip ${{ github.workspace }}/assets/cloudwatch-agent.tar.gz | |
| cd ${{ github.workspace }}/app-src | |
| zip -r ${{ github.workspace }}/assets/app_deploy.zip docker/ | |
| cd ${{ github.workspace }}/app-src/docker | |
| zip ${{ github.workspace }}/assets/app_deploy.zip appspec.yml | |
| rm -rf ${{ github.workspace }}/app-src/output | |
| - name: Build failing arm64 container | |
| run: | | |
| rm -rf ${{ github.workspace }}/app-src/output | |
| mkdir -p ${{ github.workspace }}/app-src/output | |
| mkdir -p ${{ github.workspace }}/app-src/output/src | |
| cd ${{ github.workspace }}/app-src | |
| dotnet publish --configuration Release --runtime linux-musl-arm64 --output ${{ github.workspace }}/app-src/output/src -p:DefineConstants="FAIL" -p:PublishReadyToRun=true -p:PublishReadyToRunShowWarnings=true --self-contained | |
| cd ${{ github.workspace }}/app-src/output | |
| docker build --tag $PROJECT_NAME:latest --platform linux/arm64 --build-arg SRC=src --file ${{ github.workspace }}/build/dockerfile . | |
| docker save $PROJECT_NAME:latest | gzip > /tmp/container.tar.gz | |
| zip -j ${{ github.workspace }}/assets/app_deploy_fail.zip /tmp/container.tar.gz | |
| zip -j ${{ github.workspace }}/assets/app_deploy_fail.zip ${{ github.workspace }}/assets/cloudwatch-agent.tar.gz | |
| cd ${{ github.workspace }}/app-src | |
| zip -r ${{ github.workspace }}/assets/app_deploy_fail.zip docker/ | |
| cd ${{ github.workspace }}/app-src/docker | |
| zip ${{ github.workspace }}/assets/app_deploy_fail.zip appspec.yml | |
| rm -f /tmp/container.tar.gz | |
| rm -rf ${{ github.workspace }}/app-src/output | |
| - name: Build assets | |
| run: | | |
| cd ${{ github.workspace }}/$CDK_LOCATION | |
| cdk synth --quiet | |
| chmod +x ${{ github.workspace }}/build/package.py | |
| ${{ github.workspace }}/build/package.py $PROJECT_NAME ${{ github.workspace }} $CDK_LOCATION | |
| cd ${{ github.workspace }}/assets | |
| zip -r ${{ github.workspace }}/content.zip . | |
| cp ${{ github.workspace }}/static/$PROJECT_NAME.json ${{ github.workspace }}/$PROJECT_NAME.template | |
| cd ${{ github.workspace }} | |
| zip ${{ github.workspace }}/content.zip $PROJECT_NAME.template | |
| cp ${{ github.workspace }}/content.zip ${{ github.workspace }}/assets | |
| - name: Upload workshop artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: WorkshopArtifact | |
| path: | | |
| ${{ github.workspace }}/static | |
| ${{ github.workspace }}/content | |
| ${{ github.workspace }}/contentspec.yaml | |
| - name: Upload assets artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: AssetsArtifact | |
| path: ${{ github.workspace }}/assets/**/* | |
| - name: Upload content artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ContentArtifact | |
| path: ${{ github.workspace }}/content.zip | |
| - name: Save PR Number | |
| run: echo "${{ github.event.pull_request.number }}" > pr_number.txt | |
| - name: Upload PR Number Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: PullRequestNumber | |
| path: pr_number.txt |