-
Notifications
You must be signed in to change notification settings - Fork 1
154 lines (154 loc) · 6.13 KB
/
alpha-build-and-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
name: Alpha branch Build and Deployment
on:
pull_request:
types: [closed]
branches:
- alpha
jobs:
build-and-push-docker-image:
if: github.event.pull_request.merged == true && !contains(github.event.pull_request.labels.*.name, 'no-deploy')
permissions:
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions
runs-on: ubuntu-20.04
steps:
- name: Check out repository code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Store release tag in env
shell: bash
run: |
echo "tagname=$(git describe --tags)" >> $GITHUB_ENV
# This step will configure environment variables to be used by all steps
# involving AWS interaction further down
- name: AWS credentials configuration
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}}
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-build-image
aws-region: us-east-1
- name: Amazon ECR login
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build, tag, and push image to Amazon ECR
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: agr_curation
IMAGE_TAG: ${{ env.tagname }}
run: |
docker build --build-arg OVERWRITE_VERSION=${IMAGE_TAG} -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:${GITHUB_REF#refs/heads/}
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY:${GITHUB_REF#refs/heads/}
build-deploy-maven-central-package:
runs-on: ubuntu-20.04
steps:
- name: Check out repository code
uses: actions/checkout@v3
- name: Set up Maven Central Repository
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'temurin'
server-id: ossrh
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
- name: Set Proper version
run: mvn versions:set -ntp -DnewVersion=0.0.0-SNAPSHOT
- id: install-secret-key
name: Install gpg secret key
run: |
cat <(echo -e "${{ secrets.OSSRH_GPG_SECRET_KEY }}") | gpg --batch --import
gpg --list-secret-keys --keyid-format LONG
- name: Publish package
run: mvn --batch-mode -ntp -Dmaven.test.skip=true -Dquarkus.hibernate-search-orm.elasticsearch.version=1.2.4 deploy
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
deploy-to-alpha:
if: github.event.pull_request.merged == true && !contains(github.event.pull_request.labels.*.name, 'no-deploy')
permissions:
id-token: write # This is required for requesting the JWT for gaining permissions to assume the IAM role to perform AWS actions
needs: [build-and-push-docker-image]
runs-on: ubuntu-20.04
steps:
- name: Slack Notification
uses: tokorom/action-slack-incoming-webhook@main
env:
INCOMING_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
text: "Auto Deployment to alpha initiated"
attachments: |
[
{
"color": "good",
"author_name": "${{ github.actor }}",
"author_icon": "${{ github.event.sender.avatar_url }}",
"fields": [
{
"title": "GitHub Actions URL",
"value": "${{ github.event.repository.html_url }}/actions/runs/${{ github.run_id }}"
}
]
}
]
- name: Check out repository code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Store release tag in env
shell: bash
run: |
echo "tagname=$(git describe --tags)" >> $GITHUB_ENV
- name: Save curation app version to be deployed in EB env variables through config file
run: |
sed -i 's/\(AGR_CURATION_RELEASE: \).\+/\1${{ env.tagname }}/' .ebextensions/version.config
echo "Stored version config:"
echo "----------------------"
cat .ebextensions/version.config
- name: Generate deployment package
run: zip -r ${{ env.tagname }}.zip docker-compose.yml .ebextensions/
- name: AWS credentials configuration
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{secrets.GH_ACTIONS_AWS_ROLE}}
role-session-name: gh-actions-${{github.run_id}}.${{github.run_number}}.${{github.run_attempt}}-eb-deploy
aws-region: us-east-1
- name: Deploy to EB
uses: einaregilsson/beanstalk-deploy@v21
with:
aws_access_key: ${{ env.AWS_ACCESS_KEY_ID }}
aws_secret_key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws_session_token: ${{env.AWS_SESSION_TOKEN}}
application_name: curation-app
environment_name: curation-alpha
version_label: ${{ env.tagname }}
deployment_package: ${{ env.tagname }}.zip
use_existing_version_if_available: true
region: us-east-1
- name: Set COMMIT_MESSAGE
run: echo "COMMIT_MESSAGE=$(git show -s --format=%s ${{github.event.pull_request.head.sha}})" >> $GITHUB_ENV
- name: Slack Notification
uses: tokorom/action-slack-incoming-webhook@main
env:
INCOMING_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
with:
text: "Deployment of release ${{ env.tagname }} to alpha completed! :tada:"
attachments: |
[
{
"color": "good",
"author_name": "${{ github.actor }}",
"author_icon": "${{ github.event.sender.avatar_url }}",
"fields": [
{
"title": "Commit Message",
"value": "${{ env.COMMIT_MESSAGE }}"
},
{
"title": "Deployment URL",
"value": "https://alpha-curation.alliancegenome.org"
}
]
}
]