-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
update actions, add dockefile for multistage that doesn't work with d…
…epchek and mil-common, update action deleteing steps of updating in container app and managing to have just one build jar and image
- Loading branch information
1 parent
fe45656
commit bb06d96
Showing
4 changed files
with
72 additions
and
159 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -31,9 +31,9 @@ jobs: | |
| fetch-depth: 0 | ||
|
|
||
| # | ||
| # Calculate of the new version (dry-run). | ||
| # Calculation of the new version (again) with tagging + releasing + etc. | ||
| # | ||
| - name: Calculate of the new version (dry-run) | ||
| - name: Calculation of the new version (w/o dry_run) and put tag | ||
| uses: cycjimmy/semantic-release-action@8e58d20d0f6c8773181f43eb74d6a05e3099571d | ||
| id: semantic | ||
| env: | ||
|
|
@@ -44,7 +44,7 @@ jobs: | |
| extra_plugins: | | ||
| @semantic-release/[email protected] | ||
| @semantic-release/[email protected] | ||
| dry_run: true | ||
| dry_run: false | ||
|
|
||
| # | ||
| # Cache JDK. | ||
|
|
@@ -114,124 +114,6 @@ jobs: | |
| tar -xvf ${{ runner.temp }}/maven_setup.tar.gz -C ${{ runner.temp }}/maven --strip-components=1 | ||
| echo "<settings><servers><server><id>github</id><username>${{ secrets.GIT_USER }}</username><password>${{ secrets.GIT_PAT }}</password></server></servers></settings>" >> ${{ runner.temp }}/settings.xml | ||
| # | ||
| # RELEASE CANDIDATE - Update of pom.xml with the new version. | ||
| # | ||
| - name: RELEASE CANDIDATE - Update of pom.xml with the new version | ||
| if: steps.semantic.outputs.new_release_published == 'true' | ||
| run: ${{ runner.temp }}/maven/bin/mvn versions:set -DnewVersion=${{ steps.semantic.outputs.new_release_version }}-RC -s ${{ runner.temp }}/settings.xml --no-transfer-progress | ||
|
|
||
| # | ||
| # RELEASE CANDIDATE - Execute unit-test + Calculate test coverage + SCA with Sonar. | ||
| # | ||
| - name: RELEASE CANDIDATE - Execute unit-test + Calculate test coverage + SCA with Sonar | ||
| if: steps.semantic.outputs.new_release_published == 'true' | ||
| env: | ||
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | ||
| run: ${{ runner.temp }}/maven/bin/mvn verify -Pvalidate -s ${{ runner.temp }}/settings.xml --no-transfer-progress | ||
|
|
||
| # | ||
| # RELEASE CANDIDATE - Build native executable. | ||
| # | ||
| - name: RELEASE CANDIDATE - Build native executable | ||
| if: steps.semantic.outputs.new_release_published == 'true' | ||
| run: ${{ runner.temp }}/maven/bin/mvn clean package -Pnative -Dmaven.test.skip=true -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image@sha256:ce70e1a8016471ff0fc9c8f048cd9e37afddacd3de37ed0bca74201d102e45f5 -s ${{ runner.temp }}/settings.xml --no-transfer-progress | ||
|
|
||
| # | ||
| # RELEASE CANDIDATE - Build Docker image. | ||
| # | ||
| - name: RELEASE CANDIDATE - Build Docker image | ||
| if: steps.semantic.outputs.new_release_published == 'true' | ||
| run: | | ||
| docker build \ | ||
| -f src/main/docker/Dockerfile.native-micro \ | ||
| -t ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }}-RC \ | ||
| . | ||
| # | ||
| # RELEASE CANDIDATE - Push Docker image. | ||
| # | ||
| - name: RELEASE CANDIDATE - Push Docker image | ||
| if: steps.semantic.outputs.new_release_published == 'true' | ||
| run: | | ||
| echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | ||
| docker push -a ghcr.io/${{ github.repository }} | ||
| # | ||
| # RELEASE CANDICATE - Get Docker image with sha256. | ||
| # | ||
| - name: RELEASE CANDIDATE - Get Docker image with sha256 | ||
| if: steps.semantic.outputs.new_release_published == 'true' | ||
| run: echo "image_sha256_rc=$(docker image inspect -f '{{index .RepoDigests 0}}' ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }}-RC)" >> "$GITHUB_ENV" | ||
|
|
||
| # | ||
| # Login to Azure. | ||
| # | ||
| - name: Login to Azure | ||
| uses: azure/login@8c334a195cbb38e46038007b304988d888bf676a #v2.0.0 | ||
| with: | ||
| client-id: ${{ secrets.AZURE_CD_IDENTITY_CLIENT_ID }} | ||
| tenant-id: ${{ secrets.AZURE_CD_IDENTITY_TENANT_ID }} | ||
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
|
|
||
| # | ||
| # RELEASE CANDIDATE - Update Container App + OpenAPI descriptor on APIM | ||
| # | ||
| - name: RELEASE CANDIDATE - Update Container App + OpenAPI descriptor on APIM | ||
| if: steps.semantic.outputs.new_release_published == 'true' | ||
| uses: azure/CLI@fa0f960f00db49b95fdb54328a767aee31e80105 | ||
| with: | ||
| inlineScript: | | ||
| az config set extension.use_dynamic_install=yes_without_prompt | ||
| az containerapp update \ | ||
| -n ${{ secrets.AZURE_CONTAINER_APP_NAME }} \ | ||
| -g ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} \ | ||
| --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} \ | ||
| -i ${{ env.image_sha256_rc }} | ||
| API_DATA=$(az apim api show --resource-group ${{ secrets.AZURE_APIM_RESOURCE_GROUP }} --service-name ${{ secrets.AZURE_APIM_NAME }} --api-id ${{ secrets.AZURE_APIM_API_ID }} --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} --query "{path:path, serviceUrl:serviceUrl}") | ||
| API_PATH=$(echo $API_DATA | jq -r '.path') | ||
| API_SERVICE_URL=$(echo $API_DATA | jq -r '.serviceUrl') | ||
| az apim api import \ | ||
| --resource-group ${{ secrets.AZURE_APIM_RESOURCE_GROUP }} \ | ||
| --service-name ${{ secrets.AZURE_APIM_NAME }} \ | ||
| --api-id ${{ secrets.AZURE_APIM_API_ID }} \ | ||
| --specification-format OpenApi \ | ||
| --specification-path src/main/resources/META-INF/openapi.yaml \ | ||
| --path $API_PATH \ | ||
| --service-url $API_SERVICE_URL \ | ||
| --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} | ||
| # | ||
| # Install Node. | ||
| # | ||
| - name: Install Node | ||
| if: steps.semantic.outputs.new_release_published == 'true' | ||
| uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c | ||
| with: | ||
| node-version: "18.16.0" | ||
|
|
||
| # | ||
| # Install Newman. | ||
| # | ||
| - name: Install Newman | ||
| if: steps.semantic.outputs.new_release_published == 'true' | ||
| run: npm install -g newman | ||
|
|
||
| # | ||
| # Run Postman collection. | ||
| # | ||
| - name: Run Postman collection | ||
| if: steps.semantic.outputs.new_release_published == 'true' | ||
| run: | | ||
| newman run src/test/postman/mil-papos.postman_collection.json \ | ||
| -e src/test/postman/dev.postman_environment.json \ | ||
| --env-var "clientIdPsp=${{ secrets.NEWMAN_IT__PSP_TOKEN_CLIENT_ID }}" \ | ||
| --env-var "clientSecretPsp=${{ secrets.NEWMAN_IT_PSP_TOKEN_CLIENT_SECRET }}" \ | ||
| --env-var "clientIdPa=${{ secrets.NEWMAN_IT__PA_TOKEN_CLIENT_ID }}" \ | ||
| --env-var "clientSecretPa=${{ secrets.NEWMAN_IT_PA_TOKEN_CLIENT_SECRET }}" \ | ||
| --env-var "clientIdAdm=${{ secrets.NEWMAN_IT__PAPOS_ADMIN_TOKEN_CLIENT_ID }}" \ | ||
| --env-var "clientSecretAdm=${{ secrets.NEWMAN_IT_PAPOS_ADMIN_TOKEN_CLIENT_SECRET }}" | ||
| # | ||
| # STABLE - Update of pom.xml with the new version. | ||
| # | ||
|
|
@@ -245,21 +127,17 @@ jobs: | |
| git commit -m "pom.xml updated with new version ${{ steps.semantic.outputs.new_release_version }}" | ||
| git push origin main | ||
|
|
||
| # | ||
| # Calculation of the new version (again) with tagging + releasing + etc. | ||
| # RELEASE CANDIDATE - Execute unit-test + Calculate test coverage + SCA with Sonar. | ||
| # | ||
| - name: Calculation of the new version (w/o dry_run) and put tag | ||
| - name: RELEASE CANDIDATE - Execute unit-test + Calculate test coverage + SCA with Sonar | ||
| if: steps.semantic.outputs.new_release_published == 'true' | ||
| uses: cycjimmy/semantic-release-action@8e58d20d0f6c8773181f43eb74d6a05e3099571d | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| with: | ||
| semantic_version: 19 | ||
| branch: main | ||
| extra_plugins: | | ||
| @semantic-release/[email protected] | ||
| @semantic-release/[email protected] | ||
| dry_run: false | ||
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | ||
| run: ${{ runner.temp }}/maven/bin/mvn verify -Pvalidate -s ${{ runner.temp }}/settings.xml --no-transfer-progress | ||
|
|
||
|
|
||
|
|
||
| # | ||
| # STABLE - Build native executable. | ||
|
|
@@ -303,17 +181,3 @@ jobs: | |
| if: steps.semantic.outputs.new_release_published == 'true' | ||
| run: echo "image_sha256=$(docker image inspect -f '{{index .RepoDigests 0}}' ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }})" >> "$GITHUB_ENV" | ||
|
|
||
| # | ||
| # STABLE - Update Container App. | ||
| # | ||
| - name: STABLE - Update Container App | ||
| if: steps.semantic.outputs.new_release_published == 'true' | ||
| uses: azure/CLI@fa0f960f00db49b95fdb54328a767aee31e80105 | ||
| with: | ||
| inlineScript: | | ||
| az config set extension.use_dynamic_install=yes_without_prompt | ||
| az containerapp update \ | ||
| -n ${{ secrets.AZURE_CONTAINER_APP_NAME }} \ | ||
| -g ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} \ | ||
| --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} \ | ||
| -i ${{ env.image_sha256 }} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| name: Postman test | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| skip-unit-test: | ||
| type: boolean | ||
| required: true | ||
| description: Skip unit-test | ||
|
|
||
| jobs: | ||
| postman-test: | ||
|
|
||
| runs-on: ubuntu-latest | ||
|
|
||
| environment: dev-cd | ||
|
|
||
| permissions: | ||
| id-token: write | ||
| packages: write | ||
| contents: write | ||
|
|
||
| steps: | ||
|
|
||
| # | ||
| # Install Node. | ||
| # | ||
| - name: Install Node | ||
| uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c | ||
| with: | ||
| node-version: "18.16.0" | ||
|
|
||
| # | ||
| # Install Newman. | ||
| # | ||
| - name: Install Newman | ||
| run: npm install -g newman | ||
|
|
||
| # | ||
| # Run Postman collection. | ||
| # | ||
| - name: Run Postman collection | ||
| run: | | ||
| newman run src/test/postman/mil-papos.postman_collection.json \ | ||
| -e src/test/postman/dev.postman_environment.json \ | ||
| --env-var "clientIdPsp=${{ secrets.NEWMAN_IT__PSP_TOKEN_CLIENT_ID }}" \ | ||
| --env-var "clientSecretPsp=${{ secrets.NEWMAN_IT_PSP_TOKEN_CLIENT_SECRET }}" \ | ||
| --env-var "clientIdPa=${{ secrets.NEWMAN_IT__PA_TOKEN_CLIENT_ID }}" \ | ||
| --env-var "clientSecretPa=${{ secrets.NEWMAN_IT_PA_TOKEN_CLIENT_SECRET }}" \ | ||
| --env-var "clientIdAdm=${{ secrets.NEWMAN_IT__PAPOS_ADMIN_TOKEN_CLIENT_ID }}" \ | ||
| --env-var "clientSecretAdm=${{ secrets.NEWMAN_IT_PAPOS_ADMIN_TOKEN_CLIENT_SECRET }}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters