-
Notifications
You must be signed in to change notification settings - Fork 18
161 lines (142 loc) ยท 6.16 KB
/
cicd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
name: CICD
env:
# ๐๏ธ EDIT your repository secrets to log into your OpenShift cluster and set up the context.
# See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values.
# To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions
OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }}
OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }}
# ๐๏ธ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace.
OPENSHIFT_NAMESPACE: exhort
# ๐๏ธ EDIT to set the deployemnt resource data for image update.
OPENSHIFT_DEPLOYMENT_NAME: exhort
OPENSHIFT_CONTAINER_NAME: exhort
# ๐๏ธ EDIT to change the image registry settings.
# Registries such as GHCR, Quay.io, and Docker Hub are supported.
IMAGE_REGISTRY: quay.io/ecosystem-appeng
IMAGE_NAME: exhort
IMAGE_REGISTRY_USER: ${{ secrets.IMAGE_REGISTRY_USER }}
IMAGE_REGISTRY_PASSWORD: ${{ secrets.IMAGE_REGISTRY_PASSWORD }}
REGISTRY_REDHAT_IO_USER: ${{ secrets.REGISTRY_REDHAT_IO_USER }}
REGISTRY_REDHAT_IO_PASSWORD: ${{ secrets.REGISTRY_REDHAT_IO_PASSWORD }}
# ๐๏ธ EDIT to change Dockerfile.
DOCKERFILE_PATH: ./src/main/docker/Dockerfile.jvm
on:
push:
branches:
- main
tags:
- '*'
workflow_dispatch:
jobs:
validate_workflow_requirements:
runs-on: ubuntu-latest
if: github.repository == 'RHEcosystemAppEng/exhort'
steps:
- name: Check For Required Secrets
uses: actions/github-script@v6
with:
script: |
const secrets = {
OPENSHIFT_SERVER: `${{ env.OPENSHIFT_SERVER }}`,
OPENSHIFT_TOKEN: `${{ env.OPENSHIFT_TOKEN }}`,
REGISTRY_REDHAT_IO_USER: `${{ env.REGISTRY_REDHAT_IO_USER }}`,
REGISTRY_REDHAT_IO_PASSWORD: `${{ env.REGISTRY_REDHAT_IO_PASSWORD }}`
};
// if image registry is ghcr.io - no registry credentials required, otherwise get registry credentials
if (!`${{ env.IMAGE_REGISTRY }}`.startsWith("ghcr.io")) {
secrets["IMAGE_REGISTRY_USER"] = `${{ env.IMAGE_REGISTRY_USER }}`;
secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ env.IMAGE_REGISTRY_PASSWORD }}`;
}
const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => {
if (value.length === 0) {
core.error(`Secret "${name}" is not set`);
return true;
}
core.info(`โ๏ธ Secret "${name}" is set`);
return false;
});
if (missingSecrets.length > 0) {
core.setFailed(`โ At least one required secret is not set in the repository. \n` +
"You can add it using:\n" +
"GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" +
"GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" +
"Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example");
}
else {
core.info(`โ
All the required secrets are set`);
}
build_and_push_image:
needs: validate_workflow_requirements
runs-on: ubuntu-latest
outputs:
digest: ${{ steps.push-to-registry.outputs.digest }}
tag: ${{ steps.extract_branch.outputs.tag }}
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Extract tag name
shell: bash
run: |
branch=${GITHUB_REF_NAME}
case ${branch} in
'main') tag='latest' ;;
*) tag=${branch} ;;
esac
echo "tag=${tag}" >> $GITHUB_OUTPUT
id: extract_branch
- name: Setup JDK
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '21'
cache: 'maven'
- name: Build Package with Maven
run: |
./mvnw -B verify
env:
GITHUB_ACTOR: ${{ secrets.GITHUB_ACTOR }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to Red Hat Registry
uses: redhat-actions/podman-login@v1
with:
registry: registry.redhat.io
username: ${{ env.REGISTRY_REDHAT_IO_USER }}
password: ${{ env.REGISTRY_REDHAT_IO_PASSWORD }}
- name: Build Image With buildah
id: build-image
uses: redhat-actions/buildah-build@v2
with:
image: ${{ env.IMAGE_NAME }}
tags: ${{ steps.extract_branch.outputs.tag }}
dockerfiles: |
${{ env.DOCKERFILE_PATH }}
- name: Push Image To Registry
id: push-to-registry
uses: redhat-actions/push-to-registry@v2
with:
image: ${{ steps.build-image.outputs.image }}
tags: ${{ steps.build-image.outputs.tags }}
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ env.IMAGE_REGISTRY_USER }}
password: ${{ env.IMAGE_REGISTRY_PASSWORD }}
deploy_to_openshift:
needs: build_and_push_image
runs-on: ubuntu-latest
steps:
- name: Install oc
uses: redhat-actions/openshift-tools-installer@v1
with:
oc: 4
- name: Log In To OpenShift
uses: redhat-actions/oc-login@v1
with:
openshift_server_url: ${{ env.OPENSHIFT_SERVER }}
openshift_token: ${{ env.OPENSHIFT_TOKEN }}
insecure_skip_tls_verify: true
namespace: ${{ env.OPENSHIFT_NAMESPACE }}
- name: Patch Image
run: |
DEPLOYMENT_PATCH=$(printf '{"spec": {"template": {"spec": {"containers": [{"name": "%s", "image": "%s/%s@%s"}]}}}}' ${{ env.OPENSHIFT_CONTAINER_NAME }} ${{ env.IMAGE_REGISTRY }} ${{ env.IMAGE_NAME }} ${{ needs.build_and_push_image.outputs.digest }})
oc patch deployment ${{ env.OPENSHIFT_DEPLOYMENT_NAME }}-${{ needs.build_and_push_image.outputs.tag }} -p "${DEPLOYMENT_PATCH}"
- name: Monitor Deployment Status
run: oc rollout status deployment/${{ env.OPENSHIFT_DEPLOYMENT_NAME }}-${{ needs.build_and_push_image.outputs.tag }}