Promote #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update images in Harbor | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- 'teleservices/**' | |
workflow_dispatch: | |
env: | |
IMAGE_NAME: teleservices/bookworm | |
DEBIAN_VERSION: bookworm | |
jobs: | |
staging: | |
environment: | |
name: staging | |
runs-on: | |
group: self-hosted | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Install curl and jq | |
run: sudo apt-get update && sudo apt-get install -y curl jq | |
- name: Login to Harbor registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ secrets.HARBOR_URL }} | |
username: ${{ secrets.TELESERVICES_HARBOR_USERNAME }} | |
password: ${{ secrets.TELESERVICES_HARBOR_PASSWORD }} | |
- name: Build push image to registry | |
uses: docker/[email protected] | |
with: | |
context: teleservices | |
file: teleservices/Dockerfile | |
tags: | | |
${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}:staging | |
${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}:staging-${{ github.run_number }} | |
platforms: linux/amd64 | |
pull: true | |
push: true | |
target: prod-image | |
build-args: | | |
DEBIAN_VERSION=${{ env.DEBIAN_VERSION }} | |
- name: Build push test image to registry | |
uses: docker/[email protected] | |
with: | |
context: teleservices | |
file: teleservices/Dockerfile | |
tags: | | |
${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}-test:staging | |
${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}-test:staging-${{ github.run_number }} | |
platforms: linux/amd64 | |
pull: true | |
push: true | |
target: dev-image | |
build-args: | | |
DEBIAN_VERSION=${{ env.DEBIAN_VERSION }} | |
- name: Restart staging instances | |
run: | | |
curl -k --fail --show-error --header "X-Rundeck-Auth-Token:${{ secrets.TELESERVICES_RUNDECK_TOKEN }}" -d "filter=name ts001.staging.imio.be" ${{ secrets.RUNDECK_URL }}/api/18/job/5dca225b-ff0d-4251-8052-2a89a05aa314/run/ | |
- name: Test staging instance | |
timeout-minutes: 5 | |
run: | | |
echo 'Sleeping 30 seconds to let the staging instance start' | |
sleep 30 | |
until curl -m 2 --output /dev/null --silent --fail '${{ secrets.STAGING_HEALTH_API_URL }}'; | |
do | |
sleep 5 | |
echo 'Waiting until guichet-citoyen staging instance has started' | |
done | |
echo 'guichet-citoyen staging instance is up and running' | |
until curl -m 2 --output /dev/null --silent --fail '${{ secrets.STAGING_HEALTH_API_URL }}' | jq ' | |
.data.passerelle.is_running | |
and .data.portal.is_running | |
and ".data.portal-agent.is_running" | |
and .data.idp.is_running | |
and .data.eservices.is_running | |
and .data.agenda.is_running | |
and .data.statistics.is_running' | |
do | |
sleep 3 | |
echo 'Waiting until services are running on guichet-citoyen staging instance' | |
done | |
echo 'services are running on guichet-citoyen staging instance' | |
- name : Send notification on Mattermost | |
run: | | |
JOB_URL="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" | |
MESSAGE="docker staging image $IMAGE_NAME has been updated on registry and the staging instances have been restarted. [Click here to see job on GitHub]($JOB_URL)" | |
curl -i -X POST -H 'Content-Type: application/json' -d "{\"text\": \"$MESSAGE\"}" ${{ secrets.TELESERVICES_MATTERMOST_WEBHOOK_URL }} | |
- name : Send failure notification on Mattermost | |
if: failure() | |
run: | | |
JOB_URL="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" | |
MESSAGE="Error : docker staging image $IMAGE_NAME has not been updated on registry. [Click here to see job on GitHub]($JOB_URL)" | |
curl -i -X POST -H 'Content-Type: application/json' -d "{\"text\": \"$MESSAGE\"}" ${{ secrets.TELESERVICES_MATTERMOST_WEBHOOK_URL }} | |
production: | |
needs: [staging] | |
environment: | |
name: production | |
timeout-minutes: 2880 | |
runs-on: | |
group: self-hosted | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Install curl | |
run: sudo apt-get update && sudo apt-get install -y curl | |
- name: Login to Harbor registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ secrets.HARBOR_URL }} | |
username: ${{ secrets.TELESERVICES_HARBOR_USERNAME }} | |
password: ${{ secrets.TELESERVICES_HARBOR_PASSWORD }} | |
- name : Pull staging images | |
run: | | |
docker pull ${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}:staging-${{ github.run_number }} | |
docker pull ${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}-test:staging-${{ github.run_number }} | |
- name: Tag prod images | |
run: | | |
docker tag ${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}:staging-${{ github.run_number }} ${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}:latest | |
docker tag ${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}:latest ${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}:latest-${{ github.run_number }} | |
docker tag ${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}-test:staging-${{ github.run_number }} ${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}-test:latest | |
docker tag ${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}-test:latest ${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}-test:latest-${{ github.run_number }} | |
- name: Push images to registry | |
run: | | |
docker push ${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}:latest | |
docker push ${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}:latest-${{ github.run_number }} | |
docker push ${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}-test:latest | |
docker push ${{ secrets.HARBOR_URL }}/${{ env.IMAGE_NAME }}-test:latest-${{ github.run_number }} | |
- name: Schedule restart of all prod instances | |
run: | | |
curl -k --fail -XPOST --show-error --header "X-Rundeck-Auth-Token:${{ secrets.TELESERVICES_RUNDECK_TOKEN }}" ${{ secrets.RUNDECK_URL }}/api/18/job/311af116-fedc-4e33-b2a7-99c8651f8e9b/run/ | |
- name : Send notification on Mattermost | |
run: | | |
JOB_URL="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" | |
MESSAGE="docker prod image $IMAGE_NAME has been updated on registry. [Click here to see job on GitHub]($JOB_URL) A reboot of all production instances has been scheduled for tomorrow at 1am. " | |
curl -i -X POST -H 'Content-Type: application/json' -d "{\"text\": \"$MESSAGE\"}" ${{ secrets.TELESERVICES_MATTERMOST_WEBHOOK_URL }} | |
- name : Send failure notification on Mattermost | |
if: failure() | |
run: | | |
JOB_URL="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" | |
MESSAGE="Error : docker prod image $IMAGE_NAME has not been updated on registry. [Click here to see job on GitHub]($JOB_URL)" | |
curl -i -X POST -H 'Content-Type: application/json' -d "{\"text\": \"$MESSAGE\"}" ${{ secrets.TELESERVICES_MATTERMOST_WEBHOOK_URL }} |