Skip to content

Commit

Permalink
[EC-98] Adapt ms deployment pipeline to GitHub flow (#109)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Krusty93
Krusty93 authored Jan 23, 2024
1 parent 4a38a98 commit 9d4795f
Show file tree
Hide file tree
Showing 9 changed files with 244 additions and 217 deletions.
175 changes: 175 additions & 0 deletions .github/workflows/call_release_ms.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,175 @@
on:
workflow_call:
inputs:
environment:
type: string
required: true

env:
DIR: "./infra/container_apps/onboarding-ms"
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_USE_OIDC: true
ARM_USE_AZUREAD: true
ARM_STORAGE_USE_AZUREAD: true

jobs:

build:
name: 'Build Docker image'
runs-on: ubuntu-20.04
environment: ${{ inputs.environment }}-cd
permissions:
packages: write

steps:

- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
name: Checkout

- name: Setup Docker buildx
uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0

- name: Login to GitHub Container Registry
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Docker Meta
id: meta
uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0
with:
images: ghcr.io/${{ github.repository }}-ms
tags: |
type=raw,value=latest,enable={{is_default_branch}}
type=ref,event=branch
type=sha
labels:
org.opencontainers.image.title=${{ github.repository }}-ms
org.opencontainers.image.description=SelfCare onboarding microservice
org.opencontainers.image.authors=PagoPA
org.opencontainers.image.url=github.com/pagopa/${{ github.repository }}
org.opencontainers.image.source=https://github.com/${{ github.repository }}

- name: Build and Push Image
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
with:
context: .
file: ./apps/onboarding-ms/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=min

tf_plan:
name: 'Terraform Plan'
runs-on: ubuntu-20.04
environment: ${{ inputs.environment }}-ci
permissions:
id-token: write
contents: read
outputs:
terraform_version: ${{ steps.set-terraform-version.outputs.terraform_version}}
image_tag: ${{ steps.setsha.outputs.short_sha }}

steps:

- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
name: Checkout

- name: Set Short Git Commit SHA
id: setsha
run: |
calculatedSha=$(git rev-parse --short ${{ github.sha }})
echo "short_sha=sha-$calculatedSha" >> $GITHUB_OUTPUT
- name: Set Terraform Version
id: set-terraform-version
run: |
echo "terraform_version=$(cat .terraform-version)" >> $GITHUB_OUTPUT
- uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
name: Setup Terraform
with:
terraform_version: ${{ steps.set-terraform-version.outputs.terraform_version}}

- name: Terraform Plan
uses: pagopa/terraform-preapply-azure-action@54ded8cda3437c3f6a9f46baf69cb321ce82f5cd
with:
client_id: ${{ secrets.AZURE_CLIENT_ID_CI }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
dir: ${{ env.DIR }}
azure_environment: ${{ inputs.environment }}
env:
TF_VAR_image_tag: ${{ steps.setsha.outputs.short_sha }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: "Upload Terraform Plan as Artifact"
uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # v4.2.0
with:
name: tfplan
path: ${{ env.DIR }}/tfplan-${{ inputs.environment }}-${{ github.sha }}
if-no-files-found: error
retention-days: 14

release:
name: 'Release'
runs-on: ubuntu-latest
needs: [build, tf_plan]
environment: ${{ inputs.environment }}-cd
permissions:
id-token: write
contents: read
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_CD }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

steps:

- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
name: Checkout

- name: Azure Login
uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID_CD }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}

- name: Download Terraform Plan as Artifact
uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
with:
name: tfplan
path: ${{ env.DIR }}

- name: Retrieve Terraform Modules from Cache
id: cache-terraform-modules
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0
with:
path: ${{ env.DIR }}/.terraform
key: terraform-${{ env.DIR }}-${{ github.sha }}
restore-keys: |
terraform-${{ env.DIR }}
- uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
name: Setup Terraform
with:
terraform_version: ${{ needs.tf_plan.outputs.terraform_version }}

- name: Terraform Init
shell: bash
working-directory: ${{ env.DIR }}
run: |
bash ./terraform.sh init ${{ inputs.environment }}
- name: Terraform Apply
shell: bash
working-directory: ${{ env.DIR }}
run: |
terraform apply -lock-timeout=3000s -auto-approve -input=false tfplan-${{ inputs.environment }}-${{ github.sha }}
env:
TF_VAR_image_tag: ${{ needs.tf_plan.outputs.image_tag }}
187 changes: 0 additions & 187 deletions .github/workflows/deploy_onboarding_ms.yml
View file

This file was deleted.

Loading

0 comments on commit 9d4795f

Please sign in to comment.