-
Notifications
You must be signed in to change notification settings - Fork 1.4k
112 lines (96 loc) · 4.1 KB
/
container-images-cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#
# Build and push PostHog and PostHog Cloud container images
#
# - posthog_build: build and push the PostHog container image to DockerHub
#
# - posthog_cloud_build: build the PostHog Cloud container image using
# as base image the container image from the previous step. The image is
# then pushed to AWS ECR.
#
name: Container Images CD
on:
push:
branches:
- master
workflow_dispatch:
concurrency: ${{ github.workflow }} # ensure only one of this runs at a time
jobs:
posthog_build:
name: Build and push PostHog
if: github.repository == 'PostHog/posthog'
runs-on: ubuntu-latest
permissions:
id-token: write # allow issuing OIDC tokens for this workflow run
contents: read # allow at least reading the repo contents, add other permissions if necessary
packages: write # allow push to ghcr.io
steps:
- name: Check out
uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Update git SHA
run: echo "GIT_SHA = '${GITHUB_SHA}'" > posthog/gitsha.py
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Depot CLI
uses: depot/setup-action@v1
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: aws-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build and push container image
id: build
uses: depot/build-push-action@v1
with:
buildx-fallback: false # the fallback is so slow it's better to just fail
push: true
tags: posthog/posthog:${{github.sha}},posthog/posthog:latest,${{ steps.aws-ecr.outputs.registry }}/posthog-cloud:master
platforms: linux/arm64,linux/amd64
- name: get deployer token
id: deployer
uses: getsentry/action-github-app-token@v2
with:
app_id: ${{ secrets.DEPLOYER_APP_ID }}
private_key: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
- name: Trigger PostHog Cloud deployment
# TODO: switch to https://github.com/marketplace/actions/repository-dispatch
# as this action is now deprecated.
uses: mvasigh/dispatch-action@main
with:
token: ${{ steps.deployer.outputs.token }}
repo: posthog-cloud-infra
owner: PostHog
event_type: posthog_cloud_build
message: |
{
"image_tag": "${{ steps.build.outputs.digest }}",
"context": ${{ toJson(github) }}
}
- name: Check for changes in plugins directory
id: check_changes_plugins
run: |
echo "::set-output name=changed::$(git diff --name-only HEAD^ HEAD | grep '^plugin-server/' || true)"
- name: Trigger Ingestion Cloud deployment
if: steps.check_changes_plugins.outputs.changed != ''
uses: mvasigh/dispatch-action@main
with:
token: ${{ steps.deployer.outputs.token }}
repo: charts
owner: PostHog
event_type: ingestion_deploy
message: |
{
"image_tag": "${{ steps.build.outputs.digest }}"
}