diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 595e029..11fb514 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -63,55 +63,28 @@ jobs: name: codecov-integration - name: Build Docker image run: make docker_build - env: - IMAGE_TAG: latest - name: Upload image artifact uses: neuro-inc/upload-image-action@v21.9.2 with: image: platformserviceaccountsapi token: ${{ secrets.GITHUB_TOKEN }} - deploy_dev: - name: Deploy to dev - environment: dev - runs-on: ubuntu-latest + + release: + name: Create release needs: test - concurrency: deploy_dev - if: github.event_name == 'push' && github.ref == 'refs/heads/master' - env: - AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} - AWS_REGION: us-east-1 - CLUSTER_NAME: aws-dev - HELM_ENV: dev - IMAGE_REGISTRY: aws - IMAGE_TAG: ${{ github.sha }} - steps: - - name: Checkout commit - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Install python - uses: actions/setup-python@v2 - with: - python-version: 3.9.9 - - name: Install Helm - uses: azure/setup-helm@v2.0 - with: - version: v3.7.0 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ env.AWS_REGION }} - - name: Login to AWS ECR - uses: aws-actions/amazon-ecr-login@v1 - - name: Build image - run: make docker_build - - name: Push image to registry - run: | - make docker_push - IMAGE_TAG=latest make docker_push - - name: Update kube config - run: aws eks --region $AWS_REGION update-kubeconfig --name $CLUSTER_NAME - - name: Deploy to kubernetes - run: make helm_deploy + if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') + uses: neuro-inc/reuse/.github/workflows/release-service.yaml@v0.0.27 + with: + image: platformserviceaccountsapi + helm_charts: platform-service-accounts + + deploy_dev: + name: Deploy on dev + needs: release + uses: neuro-inc/reuse/.github/workflows/deploy-dev.yaml@v0.0.27 + with: + helm_charts: platform-service-accounts + version: ${{ needs.release.outputs.version }} + secrets: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 7743665..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,105 +0,0 @@ -name: Release - -on: - workflow_run: - workflows: - - CI - types: - - completed - -permissions: - contents: read - packages: write - -jobs: - publish_image: - name: Publish Image - runs-on: ubuntu-latest - env: - AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} - AWS_REGION: us-east-1 - concurrency: release_image - outputs: - tag: ${{ steps.release.outputs.tag }} - version: ${{ steps.release.outputs.version }} - skip: ${{ steps.release.outputs.skip }} - steps: - - name: Purge old artifacts - uses: kolpav/purge-artifacts-action@v1 - with: - token: ${{ secrets.GH_TOKEN }} - expire-in: 30mins - - name: Push image to Github - id: release - uses: neuro-inc/release-image-action@v21.9.36 - with: - image: platformserviceaccountsapi - token: ${{ secrets.GH_TOKEN }} - - name: Checkout commit - uses: actions/checkout@v2 - with: - ref: ${{ github.event.workflow_run.head_sha }} - fetch-depth: 0 - - name: Github Release - if: ${{ ! steps.release.outputs.skip }} - run: | - if [[ -n $PRERELEASE ]]; then - gh release create "$TAG" --prerelease --notes "docker pull ghcr.io/neuro-inc/platformserviceaccountsapi:$VERSION" - else - gh release create "$TAG" --notes "docker pull ghcr.io/neuro-inc/platformserviceaccountsapi:$VERSION" - fi - shell: bash - env: - TAG: ${{ steps.release.outputs.tag }} - VERSION: ${{ steps.release.outputs.version }} - GH_TOKEN: ${{ secrets.GH_TOKEN }} - PRERELEASE: ${{ steps.release.outputs.prerelease }} - - name: Configure AWS credentials - if: ${{ ! steps.release.outputs.skip }} - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ${{ env.AWS_REGION }} - - name: Login to AWS ECR - if: ${{ ! steps.release.outputs.skip }} - uses: aws-actions/amazon-ecr-login@v1 - - name: Push image to AWS ECR - if: ${{ ! steps.release.outputs.skip }} - run: make docker_push - env: - IMAGE_TAG: ${{ steps.release.outputs.version }} - publish_chart: - name: Publish Helm chart - runs-on: ubuntu-latest - needs: publish_image - if: ${{ ! needs.publish_image.outputs.skip }} - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - ref: ${{ github.event.workflow_run.head_sha }} - fetch-depth: 0 - - name: Install Helm - uses: azure/setup-helm@v2.0 - with: - version: v3.7.0 - - name: Create chart - run: make helm_create_chart - env: - IMAGE_REGISTRY: github - IMAGE_TAG: ${{ needs.publish_image.outputs.version }} - GITHUB_OWNER: ${{ github.repository_owner }} - HELM_CHART: platform-service-accounts - HELM_CHART_VERSION: ${{ needs.publish_image.outputs.version }} - HELM_APP_VERSION: ${{ needs.publish_image.outputs.version }} - - name: Release chart - env: - HELM_EXPERIMENTAL_OCI: 1 - HELM_REPO: ghcr.io/${{ github.repository_owner }}/helm-charts - HELM_CHART_VERSION: ${{ needs.publish_image.outputs.version }} - CR_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - echo $CR_TOKEN | helm registry login ghcr.io -u x-access-token --password-stdin - helm package charts/platform-service-accounts -u - helm push platform-service-accounts-$HELM_CHART_VERSION.tgz oci://$HELM_REPO diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 4d01d6d..355aae9 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -50,22 +50,24 @@ repos: files: | docs/spelling_wordlist.txt| .gitignore -- repo: https://github.com/rhysd/actionlint - rev: v1.6.8 - hooks: - - id: actionlint-docker - args: - - -ignore - - 'SC2155:' - - -ignore - - 'SC2086:' - - -ignore - - 'SC1004:' +# - repo: https://github.com/rhysd/actionlint +# rev: v1.6.8 +# hooks: +# - id: actionlint-docker +# args: +# - -ignore +# - 'SC2155:' +# - -ignore +# - 'SC2086:' +# - -ignore +# - 'SC1004:' - repo: https://github.com/sirosen/check-jsonschema rev: 0.10.2 hooks: - id: check-github-actions + - id: check-github-workflows ci: skip: - - actionlint-docker +# - actionlint-docker - check-github-actions + - check-github-workflows diff --git a/Makefile b/Makefile index c804abf..dfce95f 100644 --- a/Makefile +++ b/Makefile @@ -1,26 +1,5 @@ -AWS_REGION ?= us-east-1 - -GITHUB_OWNER ?= neuro-inc - -IMAGE_TAG ?= latest - -IMAGE_REPO_aws = $(AWS_ACCOUNT_ID).dkr.ecr.$(AWS_REGION).amazonaws.com -IMAGE_REPO_github = ghcr.io/$(GITHUB_OWNER) - -IMAGE_REGISTRY ?= aws - -IMAGE_NAME = platformserviceaccountsapi -IMAGE_REPO_BASE = $(IMAGE_REPO_$(IMAGE_REGISTRY)) -IMAGE_REPO = $(IMAGE_REPO_BASE)/$(IMAGE_NAME) - -HELM_ENV ?= dev -HELM_CHART = platform-service-accounts -HELM_CHART_VERSION ?= 1.0.0 -HELM_APP_VERSION ?= 1.0.0 - PYTEST_FLAGS= - setup: pip install -U pip pip install -r requirements/test.txt @@ -30,7 +9,7 @@ lint: format mypy platform_service_accounts_api tests --show-error-codes format: -ifdef CI_LINT_RUN +ifdef CI pre-commit run --all-files --show-diff-on-failure else pre-commit run --all-files @@ -45,24 +24,4 @@ test_integration: docker_build: pip install build python -m build - docker build -t $(IMAGE_NAME):latest . - -docker_push: - docker tag $(IMAGE_NAME):latest $(IMAGE_REPO):$(IMAGE_TAG) - docker push $(IMAGE_REPO):$(IMAGE_TAG) - -helm_create_chart: - export IMAGE_REPO=$(IMAGE_REPO); \ - export IMAGE_TAG=$(IMAGE_TAG); \ - export CHART_VERSION=$(HELM_CHART_VERSION); \ - export APP_VERSION=$(HELM_APP_VERSION); \ - VALUES=$$(cat charts/$(HELM_CHART)/values.yaml | envsubst); \ - echo "$$VALUES" > charts/$(HELM_CHART)/values.yaml; \ - CHART=$$(cat charts/$(HELM_CHART)/Chart.yaml | envsubst); \ - echo "$$CHART" > charts/$(HELM_CHART)/Chart.yaml - -helm_deploy: helm_create_chart - helm dependency update charts/$(HELM_CHART) - helm upgrade $(HELM_CHART) charts/$(HELM_CHART) \ - -f charts/$(HELM_CHART)/values-$(HELM_ENV).yaml \ - --namespace platform --install --wait --timeout 600s + docker build -t platformserviceaccountsapi:latest .