fix dockerfileArm #368
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| - main | |
| - 'release/**' | |
| - 'feature/**' | |
| - 'issue/**' | |
| - 'issues/**' | |
| - 'dependabot/**' | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| PYTHON_VERSION: '3.10' | |
| POETRY_VERSION: '1.8.5' | |
| TERRAFORM_VERSION: '1.5.3' | |
| jobs: | |
| build: | |
| name: Build, Test, and Publish | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # Needed for proper versioning | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: 'pip' | |
| - name: Setup Poetry | |
| uses: abatilo/actions-poetry@v3 | |
| with: | |
| poetry-version: ${{ env.POETRY_VERSION }} | |
| - name: Configure Poetry | |
| run: | | |
| poetry config virtualenvs.in-project true | |
| - name: Cache Poetry dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: .venv | |
| key: poetry-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.5.3 | |
| - name: Version Management | |
| id: versioning | |
| run: | | |
| current_version=$(poetry version -s) | |
| base_version=$(echo "$current_version" | grep -oE '^[0-9]+\.[0-9]+\.[0-9]+') | |
| # Version calculation based on branch | |
| if [[ "${{ github.ref }}" =~ ^refs/heads/(issue|feature|dependabot)/ ]]; then | |
| new_version="${base_version%%-*}+$(git rev-parse --short HEAD)" | |
| echo "TARGET_ENV_UPPERCASE=SIT" >> $GITHUB_ENV | |
| elif [[ "${{ github.ref }}" == "refs/heads/develop" ]]; then | |
| echo "TARGET_ENV_UPPERCASE=SIT" >> $GITHUB_ENV | |
| new_version=$(poetry version prerelease -s) | |
| elif [[ "${{ github.ref }}" =~ ^refs/heads/release/ ]]; then | |
| echo "TARGET_ENV_UPPERCASE=UAT" >> $GITHUB_ENV | |
| if [[ ${current_version} =~ rc ]]; then | |
| new_version=$(poetry version prerelease -s) | |
| else | |
| new_version="${GITHUB_REF#refs/heads/release/}rc1" | |
| fi | |
| elif [[ "${{ github.ref }}" == "refs/heads/main" ]]; then | |
| echo "TARGET_ENV_UPPERCASE=OPS" >> $GITHUB_ENV | |
| new_version=${base_version} | |
| fi | |
| echo "new_version=${new_version}" >> $GITHUB_ENV | |
| poetry version ${new_version} | |
| - name: Run Snyk as a blocking step | |
| uses: snyk/actions/python@master | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| command: test | |
| args: > | |
| --org=${{ secrets.SNYK_ORG_ID }} | |
| --project-name=${{ github.repository }} | |
| --severity-threshold=high | |
| --fail-on=all | |
| - name: Run Snyk on Python | |
| uses: snyk/actions/python@master | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| with: | |
| command: monitor | |
| args: > | |
| --org=${{ secrets.SNYK_ORG_ID }} | |
| --project-name=${{ github.repository }} | |
| - name: Run Poetry | |
| run: | | |
| poetry build | |
| poetry install | |
| poetry run pylint podaac | |
| poetry run flake8 podaac | |
| poetry run pytest --junitxml=build/reports/pytest.xml --cov=podaac/ --cov-report=html -m "not aws and not integration" tests/ | |
| - name: Quick check for changes | |
| id: check_changes | |
| if: | | |
| github.ref == 'refs/heads/develop' || | |
| github.ref == 'refs/heads/main' || | |
| startsWith(github.ref, 'refs/heads/release') | |
| run: | | |
| if [ -n "$(git status --porcelain)" ]; then | |
| echo "changes=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "changes=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Commit Version Bump | |
| # If building develop, a release branch, or main then we commit the version bump back to the repo | |
| if: steps.check_changes.outputs.changes == 'true' | |
| run: | | |
| git config user.name "${GITHUB_ACTOR}" | |
| git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" | |
| git commit -am "/version ${{ env.new_version }}" | |
| git push | |
| - name: Push Tag | |
| env: | |
| VERSION: ${{ env.new_version }} | |
| if: | | |
| github.ref == 'refs/heads/develop' || | |
| github.ref == 'refs/heads/main' || | |
| startsWith(github.ref, 'refs/heads/release') | |
| run: | | |
| git config user.name "${GITHUB_ACTOR}" | |
| git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" | |
| git tag -a "${VERSION}" -m "Version ${VERSION}" | |
| git push origin "${VERSION}" | |
| - name: Create Zip release | |
| run: | | |
| cd terraform | |
| zip -r ../tig-terraform-${{ env.new_version }}.zip * | |
| - name: Upload Release Artifacts | |
| if: | | |
| github.ref == 'refs/heads/develop' || | |
| github.ref == 'refs/heads/main' || | |
| startsWith(github.ref, 'refs/heads/release') || | |
| github.event.head_commit.message == '/deploy sit' || | |
| github.event.head_commit.message == '/deploy uat' | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| tag: ${{ env.new_version }} | |
| artifacts: "*.zip" | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| body: "Version ${{ env.new_version }}" | |
| makeLatest: "${{ github.ref == 'refs/heads/main' }}" | |
| prerelease: "${{ github.ref != 'refs/heads/main' }}" | |
| - name: Publish to PyPI | |
| if: | | |
| github.ref == 'refs/heads/develop' || | |
| github.ref == 'refs/heads/main' || | |
| startsWith(github.ref, 'refs/heads/release/') | |
| env: | |
| POETRY_PYPI_TOKEN_PYPI: ${{ secrets.PYPI_API_TOKEN }} | |
| POETRY_PYPI_TOKEN_TESTPYPI: ${{ secrets.TEST_PYPI_API_TOKEN }} | |
| POETRY_REQUESTS_TIMEOUT: 60 | |
| run: | | |
| if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then | |
| poetry publish --skip-existing | |
| else | |
| poetry config repositories.testpypi https://test.pypi.org/legacy/ | |
| poetry publish -r testpypi | |
| fi | |
| - name: Wait for package | |
| if: | | |
| steps.pypi-test-publish.conclusion == 'success' || | |
| steps.pypi-publish.conclusion == 'success' | |
| run: | | |
| pip install tenacity logging | |
| python3 ${GITHUB_WORKSPACE}/.github/workflows/wait-for-pypi.py ${{env.pyproject_name}}[harmony]==${{ env.new_version }} | |
| - name: Log in to the Container registry | |
| if: | | |
| steps.pypi-test-publish.conclusion == 'success' || | |
| steps.pypi-publish.conclusion == 'success'|| | |
| github.event.head_commit.message == '/deploy sit' || | |
| github.event.head_commit.message == '/deploy uat' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Deploy Env Override | |
| if: | | |
| github.event.head_commit.message == '/deploy sit' || | |
| github.event.head_commit.message == '/deploy uat' | |
| run: | | |
| message="${{ github.event.head_commit.message }}" | |
| trimmed_message=${message:1} # Remove leading slash | |
| override_env=$(echo "$trimmed_message" | grep -oE '[^[:space:]]+$') | |
| override_env_upper=$(echo "$trimmed_message" | awk '{print toupper($NF)}') | |
| echo "THE_ENV=${override_env}" >> $GITHUB_ENV | |
| echo "TARGET_ENV_UPPERCASE=${override_env_upper}" >> $GITHUB_ENV | |
| - name: Lower Case Target Env | |
| run: | | |
| original_env_value="${TARGET_ENV_UPPERCASE}" | |
| lowercase_value=$(echo "${original_env_value}" | tr '[:upper:]' '[:lower:]') | |
| echo "TARGET_ENV_LOWERCASE=${lowercase_value}" >> $GITHUB_ENV | |
| - name: Extract metadata (tags, labels) for Docker | |
| if: | | |
| github.ref == 'refs/heads/develop' || | |
| github.ref == 'refs/heads/main' || | |
| startsWith(github.ref, 'refs/heads/release') || | |
| github.event.head_commit.message == '/deploy sit' || | |
| github.event.head_commit.message == '/deploy uat' | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| flavor: | | |
| latest=${{ github.ref == 'refs/heads/main' }} | |
| tags: | | |
| type=semver,pattern={{raw}},value=${{ env.new_version }} | |
| type=raw,value=${{ env.TARGET_ENV_LOWERCASE }} | |
| - name: Set Build Source | |
| id: set-source | |
| run: | | |
| # Default build source for standard branches | |
| echo "SOURCE=${{ env.pyproject_name }}==${{ env.new_version }}" >> $GITHUB_ENV | |
| if [[ "${{ contains(github.event.head_commit.message, '/deploy sit') || | |
| contains(github.event.head_commit.message, '/deploy uat') }}" == "true" ]]; then | |
| local_tig=$(find dist -type f -name "*.whl") | |
| echo "SOURCE=${local_tig}" >> $GITHUB_ENV | |
| echo "DIST_PATH=dist/" >> $GITHUB_ENV | |
| fi | |
| - name: Build and Push Docker Image | |
| if: | | |
| github.ref == 'refs/heads/develop' || | |
| github.ref == 'refs/heads/main' || | |
| startsWith(github.ref, 'refs/heads/release') || | |
| github.event.head_commit.message == '/deploy sit' || | |
| github.event.head_commit.message == '/deploy uat' | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: ./docker/lambdaDockerfileArm | |
| push: true | |
| pull: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/arm64 | |
| build-args: | | |
| SOURCE=${{ env.SOURCE }} | |
| DIST_PATH=${{ env.DIST_PATH || '' }} | |
| cache-from: type=registry,ref=ghcr.io/${{ github.repository }}/cache:tig-cache | |
| cache-to: type=registry,ref=ghcr.io/${{ github.repository }}/cache:tig-cache,mode=max | |
| - name: Deploy Terraform | |
| if: | | |
| github.ref == 'refs/heads/develop' || | |
| github.ref == 'refs/heads/main' || | |
| startsWith(github.ref, 'refs/heads/release') || | |
| github.event.head_commit.message == '/deploy sit' || | |
| github.event.head_commit.message == '/deploy uat' | |
| working-directory: terraform_deploy/ | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| AWS_ACCOUNT_ID: ${{ secrets[format('AWS_ACCOUNT_ID_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| AWS_DEFAULT_REGION: us-west-2 | |
| TF_VAR_tig_docker_image: "ghcr.io/podaac/tig:${{ env.DOCKER_METADATA_OUTPUT_VERSION }}" | |
| TF_VAR_EARTH_DATA_LOGIN_CLIENT_ID: ${{ secrets[format('EARTH_DATA_LOGIN_CLIENT_ID_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| TF_VAR_EARTH_DATA_LOGIN_PASSWORD: ${{ secrets[format('EARTH_DATA_LOGIN_PASSWORD_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| run: | | |
| ls -al | |
| ls -al bin/ | |
| which python3 | |
| python3 --version | |
| python3 override.py https://github.com/podaac/tig/releases/download/${{ env.new_version }}/tig-terraform-${{ env.new_version }}.zip "ghcr.io/podaac/tig:${{ env.DOCKER_METADATA_OUTPUT_VERSION }}" | |
| ls -al | |
| echo "Show override contents" | |
| cat override.tf.json | |
| echo "End show override contents" | |
| terraform --version | |
| source bin/config.sh ${{ env.TARGET_ENV_LOWERCASE }} | |
| terraform plan -var-file=tfvars/"${{ env.TARGET_ENV_LOWERCASE }}".tfvars -var="app_version=${{ env.new_version }}" -out="tfplan" | |
| terraform apply -auto-approve tfplan > /dev/null |