fix: add GITHUB_TOKEN as input secret #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker release image | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| GLOBAL_REPO_NAME: | ||
| required: true | ||
| type: string | ||
| PATH_TO_DOCKERFILE: | ||
| required: true | ||
| type: string | ||
| GLOBAL_IMAGE_NAME: | ||
| required: true | ||
| type: string | ||
| GLOBAL_FRAMEWORK: | ||
| required: true | ||
| type: string | ||
| secrets: | ||
| VAULT_ADDR: | ||
| required: true | ||
| CI_SECRET_READER_PERIODIC_TOKEN: | ||
| required: true | ||
| VAULTCA: | ||
| required: true | ||
| SLACK_WEBHOOK_URL: | ||
| required: true | ||
| GITHUB_TOKEN: | ||
| required: false | ||
| jobs: | ||
| build-context: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: danubetech/github-action-log-build-context@v0.1.0 | ||
| set-framework: | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| framework: ${{ steps.set_framework.outputs.framework }} | ||
| steps: | ||
| - name: Set framework to output variable | ||
| id: set_framework | ||
| run: echo "::set-output name=framework::${{ inputs.GLOBAL_FRAMEWORK }}" | ||
| node-preparation: | ||
| needs: set-framework | ||
| if: ${{ needs.set-framework.outputs.framework }} == 'node' | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@master | ||
| - name: Update package.json | ||
| uses: danubetech/github-action-nodejs-release@main | ||
| with: | ||
| github-token: ${{ secrets.GITHUB_TOKEN }} | ||
| release-type: ${{ github.event.inputs.version-core }} | ||
| set-version: | ||
| needs: node-preparation | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| releaseVersion: ${{ steps.read_and_set_version.outputs.releaseVersion }} | ||
| devVersion: ${{ steps.read_and_set_version.outputs.devVersion }} | ||
| steps: | ||
| - uses: actions/checkout@master | ||
| - name: Read and set version | ||
| id: read_and_set_version | ||
| uses: danubetech/github-action-read-version@main | ||
| with: | ||
| framework: ${{ inputs.GLOBAL_FRAMEWORK }} | ||
| version-core: ${{ github.event.inputs.version-core }} | ||
| create-tag: | ||
| needs: set-version | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| RELEASE_VERSION: ${{ needs.set-version.outputs.releaseVersion }} | ||
| steps: | ||
| - uses: actions/checkout@master | ||
| - name: Set user data | ||
| run: | | ||
| git config --global user.email "admin@danubetech.com" | ||
| git config --global user.name "Github Workflow" | ||
| - name: Create tag | ||
| run: git tag -a "${{ env.RELEASE_VERSION }}" -m "[skip ci] Release tag ${{ env.RELEASE_VERSION }}" | ||
| - name: Push tag | ||
| run: git push origin "${{ env.RELEASE_VERSION }}" | ||
| - name: Slack notification | ||
| if: failure() | ||
| uses: 8398a7/action-slack@v3 | ||
| with: | ||
| status: ${{ job.status }} | ||
| fields: repo,commit,action,eventName,ref,workflow | ||
| env: | ||
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | ||
| validate-pom: | ||
| needs: [create-tag, set-version, set-framework] | ||
| if: ${{ needs.set-framework.outputs.framework }} == 'maven' | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| RELEASE_VERSION: ${{ needs.set-version.outputs.releaseVersion }} | ||
| steps: | ||
| - name: Import Secrets | ||
| uses: hashicorp/vault-action@v3 | ||
| with: | ||
| url: ${{ secrets.VAULT_ADDR }} | ||
| token: ${{ secrets.CI_SECRET_READER_PERIODIC_TOKEN }} | ||
| caCertificate: ${{ secrets.VAULTCA }} | ||
| secrets: | | ||
| ci/data/gh-workflows/maven-danubetech-nexus username | MAVEN_USERNAME ; | ||
| ci/data/gh-workflows/maven-danubetech-nexus password | MAVEN_PASSWORD | ||
| - name: Prepare multi server settings file | ||
| uses: danubetech/github-action-prepare-maven-settings-xml@master | ||
| with: | ||
| server_ids: danubetech-maven-releases,danubetech-maven-internal | ||
| - uses: actions/checkout@master | ||
| with: | ||
| ref: ${{ env.RELEASE_VERSION }} | ||
| - name: Validate pom.xml | ||
| run: | | ||
| echo "$SETTINGS_FILE" > ./multi-server-template.xml | ||
| envsubst < ./multi-server-template.xml > ./settings.xml | ||
| mvn validate -P ci --settings ./settings.xml | ||
| - name: Slack notification | ||
| if: failure() | ||
| uses: 8398a7/action-slack@v3 | ||
| with: | ||
| status: ${{ job.status }} | ||
| fields: repo,commit,action,eventName,ref,workflow | ||
| env: | ||
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | ||
| - name: Remove release tag | ||
| if: failure() | ||
| run: | | ||
| git tag -d "${{ env.RELEASE_VERSION }}" | ||
| git push --delete origin "${{ env.RELEASE_VERSION }}" | ||
| publish-image: | ||
| needs: [validate-pom, set-version, create-tag] | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| RELEASE_VERSION: ${{ needs.set-version.outputs.releaseVersion }} | ||
| steps: | ||
| - name: Import Secrets | ||
| uses: hashicorp/vault-action@v3 | ||
| with: | ||
| url: ${{ secrets.VAULT_ADDR }} | ||
| token: ${{ secrets.CI_SECRET_READER_PERIODIC_TOKEN }} | ||
| caCertificate: ${{ secrets.VAULTCA }} | ||
| secrets: | | ||
| ci/data/gh-workflows/${{ inputs.GLOBAL_REPO_NAME }} username | DOCKER_USERNAME ; | ||
| ci/data/gh-workflows/${{ inputs.GLOBAL_REPO_NAME }} password | DOCKER_PASSWORD ; | ||
| ci/data/gh-workflows/maven-danubetech-nexus username | MAVEN_USERNAME ; | ||
| ci/data/gh-workflows/maven-danubetech-nexus password | MAVEN_PASSWORD | ||
| - uses: actions/checkout@master | ||
| with: | ||
| ref: ${{ env.RELEASE_VERSION }} | ||
| - name: Set SHORT_SHA env variable | ||
| id: short_sha | ||
| run: echo "::set-output name=SHORT_SHA::$(git rev-parse --short HEAD)" | ||
| - name: Build image | ||
| run: | | ||
| docker build . -f "${{ inputs.PATH_TO_DOCKERFILE }}" -t "${{ inputs.GLOBAL_REPO_NAME }}/${{ inputs.GLOBAL_IMAGE_NAME }}:${{ env.RELEASE_VERSION }}-${{ steps.short_sha.outputs.SHORT_SHA }}" \ | ||
| --build-arg DANUBETECH_MAVEN_INTERNAL_USERNAME=${{ env.MAVEN_USERNAME }} \ | ||
| --build-arg DANUBETECH_MAVEN_INTERNAL_PASSWORD=${{ env.MAVEN_PASSWORD }} | ||
| - name: Login user to repo | ||
| run: echo "${{ env.DOCKER_PASSWORD }}" | docker login "${{ inputs.GLOBAL_REPO_NAME }}" -u "${{ env.DOCKER_USERNAME }}" --password-stdin | ||
| - name: Push image | ||
| run: docker push "${{ inputs.GLOBAL_REPO_NAME }}/${{ inputs.GLOBAL_IMAGE_NAME }}:${{ env.RELEASE_VERSION }}-${{ steps.short_sha.outputs.SHORT_SHA }}" | ||
| - name: Slack notification | ||
| if: failure() | ||
| uses: 8398a7/action-slack@v3 | ||
| with: | ||
| status: ${{ job.status }} | ||
| fields: repo,commit,action,eventName,ref,workflow | ||
| env: | ||
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | ||
| - name: Remove release tag | ||
| if: failure() | ||
| run: | | ||
| git tag -d "${{ env.RELEASE_VERSION }}" | ||
| git push --delete origin "${{ env.RELEASE_VERSION }}" | ||
| increase-to-next-snapshop: | ||
| needs: [publish-image, set-version] | ||
| runs-on: ubuntu-latest | ||
| env: | ||
| DEV_VERSION: ${{ needs.set-version.outputs.devVersion }} | ||
| steps: | ||
| - name: Import Secrets | ||
| uses: hashicorp/vault-action@v3 | ||
| with: | ||
| url: ${{ secrets.VAULT_ADDR }} | ||
| token: ${{ secrets.CI_SECRET_READER_PERIODIC_TOKEN }} | ||
| caCertificate: ${{ secrets.VAULTCA }} | ||
| secrets: | | ||
| ci/data/gh-workflows/deployment-status slack-webhook-url | SLACK_WEBHOOK_URL | ||
| - uses: actions/checkout@master | ||
| - name: Set user data | ||
| run: | | ||
| git config --global user.email "admin@danubetech.com" | ||
| git config --global user.name "Github Workflow" | ||
| - name: Set next development version to pom | ||
| run: mvn build-helper:parse-version versions:set -DnewVersion=${{ env.DEV_VERSION }} versions:commit | ||
| - name: Commit and push pom to repo | ||
| run: | | ||
| git add pom.xml | ||
| git commit -m "[ci] Set ${{ env.DEV_VERSION }} as development version" | ||
| git push | ||
| - name: Slack notification | ||
| if: failure() | ||
| uses: 8398a7/action-slack@v3 | ||
| with: | ||
| status: ${{ job.status }} | ||
| fields: repo,commit,action,eventName,ref,workflow | ||
| env: | ||
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | ||
