-
Notifications
You must be signed in to change notification settings - Fork 15
150 lines (137 loc) · 7.27 KB
/
deploy-artifact.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
# If this workflow is triggered by a push to main, it deploys a SNAPSHOT
# If this workflow is triggered manually, it deploys a SNAPSHOT
# If this workflow is triggered by publishing a Release, it
# deploys a RELEASE with the selected version
# updates the project version by incrementing the patch version
# commits the version update change to the repository's default branch (main).
name: Deploy artifacts
on:
push:
branches: [main]
release:
types: [published]
jobs:
test:
uses: ./.github/workflows/build-test.yml
deploy:
runs-on: ubuntu-latest
needs: [test]
env:
OWNER: "camunda"
IMAGE_NAME: "zeebe-process-test-engine"
TAG: "latest"
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Import Secrets
id: secrets
uses: hashicorp/[email protected]
with:
url: ${{ secrets.VAULT_ADDR }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
secret/data/products/zeebe/ci/zeebe-process-test REGISTRY_HUB_DOCKER_COM_USR;
secret/data/products/zeebe/ci/zeebe-process-test REGISTRY_HUB_DOCKER_COM_PSW;
secret/data/products/zeebe/ci/zeebe-process-test ARTIFACTS_USR;
secret/data/products/zeebe/ci/zeebe-process-test ARTIFACTS_PSW;
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_DEPLOYMENT_USR;
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_DEPLOYMENT_PSW;
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_GPG_SIGNING_KEY_PASSPHRASE;
secret/data/github.com/organizations/camunda MAVEN_CENTRAL_GPG_SIGNING_KEY_SEC;
- name: Set up Java environment
uses: actions/setup-java@v3
with:
distribution: temurin
java-version: 17
cache: maven
- name: Build jar
run: |
mvn clean package -DskipTests -P !localBuild -pl :zeebe-process-test-engine-agent -am
# We build a docker image with a specific tag. There are 2 possible scenarios here.
# 1. The workflow is triggered manually or by a change on the main branch. The tag should be 'latest'.
# 2. The workflow is triggered by a new release. The tag should be the version of the release.
- name: Build Docker image
run: |
if ! [ -z "${{ github.event.release.tag_name }}" ] && ! grep -q "$TAG" <<< "SNAPSHOT"; then
TAG="${{ github.event.release.tag_name }}"
fi
cd engine-agent
docker build . -t $IMAGE_NAME:$TAG
# We push the docker image to dockerhub
- name: Push Docker image
run: |
if ! [ -z "${{ github.event.release.tag_name }}" ] && ! grep -q "$TAG" <<< "SNAPSHOT"; then
TAG="${{ github.event.release.tag_name }}"
fi
echo '${{ steps.secrets.outputs.REGISTRY_HUB_DOCKER_COM_PSW }}' | docker login -u '${{ steps.secrets.outputs.REGISTRY_HUB_DOCKER_COM_USR }}' --password-stdin
echo $IMAGE_NAME
echo $TAG
IMAGE_ID=$OWNER/$IMAGE_NAME
echo $IMAGE_ID
docker tag $IMAGE_NAME:$TAG $IMAGE_ID:$TAG
docker push $IMAGE_ID:$TAG
# In extension-testcontainer we have a config file which contains the image tag. This is managed by maven and
# maven will set this to the project version upon packaging the application (e.g. 1.4.0, 1.4.0-alpha1, etc.).
# In the case this workflow is triggered by a change on the main branch we want this tag to be set to latest.
# Maven would set it to a SNAPSHOT version in this case. Therefore, we need to manually set this tag to latest
# in this step. This replaces the other value (${project.version}), so it doesn't get replaced by maven anymore.
- name: Update tag in config
if: github.ref == 'refs/head/main'
run: |
cd extension-testcontainer/src/main/resources
sed -i '/container.image.tag=/ s:=.*:='$TAG':' config.properties
cat config.properties
- name: Import GPG key
id: import_gpg
uses: crazy-max/ghaction-import-gpg@v5
with:
gpg_private_key: ${{ steps.secrets.outputs.MAVEN_CENTRAL_GPG_SIGNING_KEY_SEC }}
passphrase: ${{ steps.secrets.outputs.MAVEN_CENTRAL_GPG_SIGNING_KEY_PASSPHRASE }}
# We want the community-action-maven-release to update the versions on the correct branch. For
# this reason an extra step is introduced to decide what branch we should pass to this action.
# In the case of a push to the main branch, or an alpha release we should update the main branch.
# In other cases a stable/major.minor branch should be available. In this step we first find
# the major and minor versions of this tag. If we found them we will set the BRANCH env variable
# to stable/major.minor.
- name: Decide git branch
id: branch
run: |
if ! [ -z "${{ github.event.release.tag_name }}" ] && [[ "${{ github.event.release.tag_name }}" != *"alpha"* ]]; then
MAJOR_MINOR_VERSION=$(echo ${{ github.event.release.tag_name }} | sed -rn 's/^([0-9]+.[0-9]+).[0-9]+.*$/\1/p')
test -z "${MAJOR_MINOR_VERSION}" && echo "::error::Tag ${{ github.event.release.tag_name }} does not adhere to semantic versioning" && exit 1
echo "::set-output name=branch::stable/$MAJOR_MINOR_VERSION"
echo "Branch = stable/$MAJOR_MINOR_VERSION"
else
echo "::set-output name=branch::${{ github.event.repository.default_branch }}"
echo "Branch = ${{ github.event.repository.default_branch }}"
fi
# In extension-testcontainer we have a config file which contains the image tag. This is managed by maven and
# maven will set this to the project version in this step, unless the placeholder (${project.version}) has been
# overridden by the "Update tag in config" step. This happens when the workflow is triggered by a change on the
# main branch.
- name: Build and deploy to Maven
id: release
uses: camunda-community-hub/community-action-maven-release@v1
with:
release-version: ${{ github.event.release.tag_name }}
release-profile: community-action-maven-release
nexus-usr: ${{ steps.secrets.outputs.ARTIFACTS_USR }}
nexus-psw: ${{ steps.secrets.outputs.ARTIFACTS_PSW }}
maven-usr: ${{ steps.secrets.outputs.MAVEN_CENTRAL_DEPLOYMENT_USR }}
maven-psw: ${{ steps.secrets.outputs.MAVEN_CENTRAL_DEPLOYMENT_PSW }}
maven-gpg-passphrase: ${{ steps.secrets.outputs.MAVEN_CENTRAL_GPG_SIGNING_KEY_PASSPHRASE }}
maven-url: s01.oss.sonatype.org
github-token: ${{ secrets.GITHUB_TOKEN }}
branch: ${{ steps.branch.outputs.branch }}
- name: Attach artifacts to GitHub Release (Release only)
if: github.event.release
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: ${{ steps.release.outputs.artifacts_archive_path }}
asset_name: ${{ steps.release.outputs.artifacts_archive_path }}
asset_content_type: application/zip