Change SoM showcase image to SVG (#15767) #44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and push a Docker image | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - stage | |
| - run-integration-test | |
| tags: | |
| - '*' | |
| workflow_dispatch: | |
| inputs: | |
| ref: | |
| description: 'ref to be deployed (e.g. "refs/heads/main", "v1.0.0", "2c0472cf")' | |
| type: string | |
| required: true | |
| default: refs/heads/main | |
| env: | |
| APP: bedrock | |
| APPLICATION_REPOSITORY: mozilla/bedrock | |
| IMAGE: bedrock | |
| GAR_LOCATION: us | |
| GCP_PROJECT_ID: moz-fx-bedrock-prod | |
| GAR_REPOSITORY: bedrock-prod | |
| REF_ID: ${{ github.ref }} | |
| jobs: | |
| build_and_publish_public_images: | |
| name: Build public Bedrock images and push to Docker hub | |
| runs-on: ubuntu-latest | |
| outputs: | |
| long_sha: ${{ steps.long-sha.outputs.LONG_SHA }} | |
| steps: | |
| - uses: docker/setup-buildx-action@v3 | |
| with: | |
| buildkitd-flags: "cache-from: type=gha cache-to: type=gha,mode=max" | |
| - id: checkout-bedrock-repo | |
| name: checkout-bedrock-repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 10 # get enough so we have a Git history, but not everything | |
| fetch-tags: true | |
| ref: ${{ env.REF_ID }} | |
| - id: long-sha | |
| run: |- | |
| echo "LONG_SHA=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| - id: docker-login | |
| name: Docker login | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - id: build_and_push_docker_hub_images | |
| name: Build and push public images to Docker hub | |
| run: |- | |
| ./bin/build-release-image.sh --push | |
| env: | |
| GIT_COMMIT: ${{ steps.long-sha.outputs.LONG_SHA }} | |
| push_image_to_gar: | |
| name: Push Image to GAR | |
| needs: build_and_publish_public_images | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| outputs: | |
| deployment_env: ${{ env.DEPLOYMENT_ENV }} | |
| deployment_realm: ${{ env.DEPLOYMENT_REALM }} | |
| image_tag: ${{ env.TAG }} | |
| steps: | |
| - id: checkout-application-repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| ref: ${{ env.REF_ID }} | |
| - id: dev_image_tag | |
| name: Set Docker dev image tag for updates of the main branch | |
| if: github.ref == 'refs/heads/main' | |
| run: | | |
| echo TAG="dev-$(git rev-parse HEAD)" >> "$GITHUB_ENV" | |
| # Updates to the main branch are deployed to dev. | |
| echo DEPLOYMENT_ENV=dev >> "$GITHUB_ENV" | |
| echo DEPLOYMENT_REALM=nonprod >> "$GITHUB_ENV" | |
| - id: test_image_tag | |
| name: Set Docker test image tag for updates of the run-integration-test branch | |
| if: github.ref == 'refs/heads/run-integration-tests' | |
| run: | | |
| echo TAG="test-$(git rev-parse HEAD)" >> "$GITHUB_ENV" | |
| # Updates to the run-integration-test branch are deployed to test. | |
| echo DEPLOYMENT_ENV=test >> "$GITHUB_ENV" | |
| echo DEPLOYMENT_REALM=nonprod >> "$GITHUB_ENV" | |
| - id: stage_image_tag | |
| name: Set Docker stage image tag for updates of the stage branch | |
| if: github.ref == 'refs/heads/stage' | |
| run: | | |
| echo TAG="stage-$(git rev-parse HEAD)" >> "$GITHUB_ENV" | |
| # Updates to the main branch are deployed to stage. | |
| echo DEPLOYMENT_ENV=stage >> "$GITHUB_ENV" | |
| echo DEPLOYMENT_REALM=nonprod >> "$GITHUB_ENV" | |
| - id: prod_image_tag | |
| name: Set Docker image tag to the git tag for tagged builds | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: | | |
| echo TAG="$(git describe --tags --abbrev=7)" >> "$GITHUB_ENV" | |
| # Version tags are deployed to prod. | |
| echo DEPLOYMENT_ENV=prod >> "$GITHUB_ENV" | |
| echo DEPLOYMENT_REALM=prod >> "$GITHUB_ENV" | |
| - uses: docker/setup-buildx-action@v3 | |
| - id: gcp_auth | |
| name: GCP authentication | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: access_token | |
| service_account: artifact-writer@${{ env.GCP_PROJECT_ID }}.iam.gserviceaccount.com | |
| workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }} | |
| - id: docker_login | |
| uses: docker/login-action@v3 | |
| name: Docker login | |
| with: | |
| registry: ${{ env.GAR_LOCATION }}-docker.pkg.dev | |
| username: oauth2accesstoken | |
| password: ${{ steps.gcp_auth.outputs.access_token }} | |
| - id: push-existing-image-to-gar | |
| name: Push existing stage image to GAR | |
| run: |- | |
| docker pull mozmeao/bedrock:${{ needs.build_and_publish_public_images.outputs.long_sha }} | |
| docker tag mozmeao/bedrock:${{ needs.build_and_publish_public_images.outputs.long_sha }} ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPOSITORY}}/${{ env.IMAGE }}:${{ env.TAG }} | |
| docker push ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPOSITORY}}/${{ env.IMAGE }}:${{ env.TAG }} | |
| upload_static_assets: | |
| name: Upload static assets | |
| runs-on: ubuntu-latest | |
| environment: build | |
| needs: [build_and_publish_public_images, push_image_to_gar] | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - id: gcp_auth | |
| name: gcp auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: access_token | |
| service_account: artifact-writer@${{ env.GCP_PROJECT_ID }}.iam.gserviceaccount.com | |
| workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }} | |
| - id: docker_login | |
| name: docker login | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.GAR_LOCATION }}-docker.pkg.dev | |
| username: oauth2accesstoken | |
| password: ${{ steps.gcp_auth.outputs.access_token }} | |
| - id: setup-gcloud | |
| uses: google-github-actions/setup-gcloud@v2 | |
| with: | |
| version: 413.0.0 | |
| - id: upload-assets | |
| name: upload static assets | |
| run: |- | |
| TMP_DIR=static-upload | |
| TMP_DIR_HASHED=static-upload-hashed | |
| docker run -d --name assets-tmp $GAR_LOCATION-docker.pkg.dev/$GCP_PROJECT_ID/$GAR_REPOSITORY/$IMAGE:${{ needs.push_image_to_gar.outputs.image_tag }} | |
| mkdir -p ./$TMP_DIR ./$TMP_DIR_HASHED | |
| docker exec assets-tmp docker/bin/build_staticfiles.sh --nolink | |
| docker exec assets-tmp mkdir -p /app/static-upload-hashed | |
| docker exec assets-tmp bin/move_hashed_staticfiles.py /app/static /app/static-upload-hashed | |
| docker cp assets-tmp:app/static/ ./$TMP_DIR/ | |
| docker cp assets-tmp:app/static-upload-hashed ./$TMP_DIR_HASHED/ | |
| gsutil -m rsync -r ./$TMP_DIR_HASHED/* gs://$APP-${{ needs.push_image_to_gar.outputs.deployment_realm }}-${{ needs.push_image_to_gar.outputs.deployment_env }}-media/media/ | |
| gsutil -m rsync -r ./$TMP_DIR/* gs://$APP-${{ needs.push_image_to_gar.outputs.deployment_realm }}-${{ needs.push_image_to_gar.outputs.deployment_env }}-media/media/ | |
| rm -rf ./$TMP_DIR/ ./$TMP_DIR_HASHED/ | |
| docker kill assets-tmp | |
| docker rm assets-tmp | |