Build and Deploy Audit Image #202
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy Audit Image | |
| # ToDo: | |
| # - Limit workflow runs to the main repo so it does not try to run on someone else's fork. | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| if: github.repository == 'bcgov/von-bc-regestries-audit' || github.event_name == 'workflow_dispatch' | |
| name: Build Image | |
| permissions: | |
| packages: write | |
| runs-on: ubuntu-latest | |
| outputs: | |
| image_digest: ${{steps.docker_build.outputs.digest}} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Log in to the GHCR | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # - name: Define image tags | |
| # shell: bash | |
| # id: lowercase | |
| # run: | | |
| # TAGS=$( echo "ghcr.io/${{ github.repository }}/audit:latest" | tr '[:upper:]' '[:lower:]' ) | |
| # echo "tags=${TAGS}" >> $GITHUB_OUTPUT | |
| # ToDo: | |
| # - Add the Docker meta step back in for defining the tags and labels | |
| # - Add additional tags. `latest` for example. | |
| # This is here as a starter, not as the actual implementation | |
| # - name: Extract metadata (tags, labels) for Docker | |
| # id: meta | |
| # uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 | |
| # with: | |
| # images: ghcr.io/bcgov/von-bc-registries-audit/audit | |
| # tags: | | |
| # <to be defined> | |
| # define as latest, SHA, dev . It should not be hard coded. | |
| - name: Prepare docker tags for image | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ghcr.io/bcgov/von-bc-registries-audit/audit | |
| tags: | | |
| tag-custom: latest | |
| type=schedule | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=sha,value=latest | |
| - name: Build and push Docker image | |
| id: docker_build | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: . | |
| file: docker/Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} # add additional tags | |
| labels: ${{ steps.meta.outputs.labels }} # add Docker meta step back in | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Display image results | |
| id: lowercase | |
| run: | | |
| echo 'imageid=${{ steps.docker_build.outputs.imageid }}' | |
| echo 'digest=${{ steps.docker_build.outputs.digest }}' | |
| # ToDo: | |
| # - Define these jobs as a reusable workflow, since the steps are identical. | |
| deploy2dev: | |
| needs: build | |
| permissions: | |
| packages: write | |
| runs-on: ubuntu-latest | |
| environment: dev | |
| # ToDo: | |
| # - Define the 'environment' using an environment variable so it can also be used to define the tags. | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: deploy to dev | |
| uses: ./.github/workflows/actions/deploy | |
| with: | |
| secrets: inherit | |
| environment: dev | |
| openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }} | |
| openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} | |
| image_digest: ${{ needs.build.outputs.image_digest }} | |
| namespace: ca7f8f-dev | |
| rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }} | |
| rocketchat_token: ${{ inputs.rocketchat_token }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| github_image_name: ghcr.io/bcgov/von-bc-registries-audit/audit | |
| openshift_image_name: image-registry.apps.silver.devops.gov.bc.ca/ca7f8f-tools/audit | |
| deploy2test: | |
| needs: [build, deploy2dev] | |
| permissions: | |
| packages: write | |
| runs-on: ubuntu-latest | |
| environment: test | |
| # ToDo: | |
| # - Define the 'environment' using an environment variable so it can also be used to define the tags. | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: deploy to test | |
| uses: ./.github/workflows/actions/deploy | |
| with: | |
| environment: test | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }} | |
| openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} | |
| image_digest: ${{ needs.build.outputs.image_digest }} | |
| namespace: ca7f8f-test | |
| rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| github_image_name: ghcr.io/bcgov/von-bc-registries-audit/audit | |
| openshift_image_name: image-registry.apps.silver.devops.gov.bc.ca/ca7f8f-tools/audit | |
| deploy2prod: | |
| needs: [build, deploy2dev, deploy2test] | |
| permissions: | |
| packages: write | |
| runs-on: ubuntu-latest | |
| environment: prod | |
| # ToDo: | |
| # - Define the 'environment' using an environment variable so it can also be used to define the tags. | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: deploy to prod | |
| uses: ./.github/workflows/actions/deploy | |
| with: | |
| environment: prod | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| openshift_server_url: ${{ vars.OPENSHIFT_SERVER_URL }} | |
| openshift_token: ${{ secrets.OPENSHIFT_TOKEN }} | |
| image_digest: ${{ needs.build.outputs.image_digest }} | |
| namespace: ca7f8f-prod | |
| rocketchat_webhook: ${{ secrets.ROCKETCHAT_WEBHOOK }} | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| github_image_name: ghcr.io/bcgov/von-bc-registries-audit/audit | |
| openshift_image_name: image-registry.apps.silver.devops.gov.bc.ca/ca7f8f-tools/audit | |