fix: Tag is included in the image to deploy. #95

Summary
Jobs
- post_merge
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/post-merge.yml at 9fea159

	name: Post-merge workflow

	on:
	pull_request:
	types:
	- closed
	branches:
	- main

	jobs:
	post_merge:
	if: github.event.pull_request.merged == true

	runs-on: ubuntu-latest

	environment: dev-cd

	permissions:
	id-token: write
	packages: write
	contents: write

	steps:
	#
	# Checkout the source code.
	#
	- name: Checkout the source code
	uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
	with:
	token: ${{ secrets.GIT_PAT }}
	fetch-depth: 0

	#
	# Calculate of the new version (dry-run).
	#
	- name: Calculate of the new version (dry-run)
	uses: cycjimmy/semantic-release-action@8e58d20d0f6c8773181f43eb74d6a05e3099571d
	id: semantic
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	semantic_version: 19
	branch: main
	extra_plugins: \|
	@semantic-release/release-notes-generator@10.0.3
	@semantic-release/git@10.0.1
	dry_run: true

	#
	# Cache JDK.
	#
	- name: Cache JDK
	if: steps.semantic.outputs.new_release_published == 'true'
	uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
	id: cache-jdk
	with:
	key: OpenJDK21U-jdk_x64_linux_hotspot_21.0.2_13.tar.gz
	path: \|
	${{ runner.temp }}/jdk_setup.tar.gz
	${{ runner.temp }}/jdk_setup.sha256

	#
	# Download JDK and verify its hash.
	#
	- name: Download JDK and verify its hash
	if: steps.semantic.outputs.new_release_published == 'true' && steps.cache-jdk.outputs.cache-hit != 'true'
	run: \|
	echo "454bebb2c9fe48d981341461ffb6bf1017c7b7c6e15c6b0c29b959194ba3aaa5 ${{ runner.temp }}/jdk_setup.tar.gz" >> ${{ runner.temp }}/jdk_setup.sha256
	curl -L "https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.2%2B13/OpenJDK21U-jdk_x64_linux_hotspot_21.0.2_13.tar.gz" -o "${{ runner.temp }}/jdk_setup.tar.gz"
	sha256sum --check --status "${{ runner.temp }}/jdk_setup.sha256"

	#
	# Setup JDK.
	#
	- name: Setup JDK
	if: steps.semantic.outputs.new_release_published == 'true'
	uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2
	with:
	distribution: "jdkfile"
	jdkFile: "${{ runner.temp }}/jdk_setup.tar.gz"
	java-version: "21"
	cache: maven

	#
	# Cache Maven.
	#
	- name: Cache Maven
	if: steps.semantic.outputs.new_release_published == 'true'
	uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
	id: cache-maven
	with:
	key: apache-maven-3.9.6-bin.tar.gz
	path: \|
	${{ runner.temp }}/maven_setup.tar.gz
	${{ runner.temp }}/maven_setup.sha256

	#
	# Download Maven and verify its hash.
	#
	- name: Download Maven and verify its hash
	if: steps.semantic.outputs.new_release_published == 'true' && steps.cache-maven.outputs.cache-hit != 'true'
	run: \|
	echo "6eedd2cae3626d6ad3a5c9ee324bd265853d64297f07f033430755bd0e0c3a4b ${{ runner.temp }}/maven_setup.tar.gz" >> ${{ runner.temp }}/maven_setup.sha256
	curl -L "https://archive.apache.org/dist/maven/maven-3/3.9.6/binaries/apache-maven-3.9.6-bin.tar.gz" -o "${{ runner.temp }}/maven_setup.tar.gz"
	sha256sum --check --status "${{ runner.temp }}/maven_setup.sha256"

	#
	# Setup Maven.
	#
	- name: Setup Maven
	if: steps.semantic.outputs.new_release_published == 'true'
	run: \|
	mkdir ${{ runner.temp }}/maven
	tar -xvf ${{ runner.temp }}/maven_setup.tar.gz -C ${{ runner.temp }}/maven --strip-components=1
	echo "<settings><servers><server><id>github</id><username>${{ secrets.GIT_USER }}</username><password>${{ secrets.GIT_PAT }}</password></server></servers></settings>" >> ${{ runner.temp }}/settings.xml

	#
	# RELEASE CANDIDATE - Update of pom.xml with the new version.
	#
	- name: RELEASE CANDIDATE - Update of pom.xml with the new version
	if: steps.semantic.outputs.new_release_published == 'true'
	run: ${{ runner.temp }}/maven/bin/mvn versions:set -DnewVersion=${{ steps.semantic.outputs.new_release_version }}-RC -s ${{ runner.temp }}/settings.xml --no-transfer-progress

	#
	# RELEASE CANDIDATE - Update of openapi.yaml with the new version.
	#
	- name: RELEASE CANDIDATE - Update of openapi.yaml with the new version.
	if: steps.semantic.outputs.new_release_published == 'true'
	run: yq -i ".info.version = \"${{ steps.semantic.outputs.new_release_version }}-RC\"" "src/main/resources/META-INF/openapi.yaml"

	#
	# RELEASE CANDIDATE - Execute unit-test + Calculate test coverage + SCA with Sonar.
	#
	- name: RELEASE CANDIDATE - Execute unit-test + Calculate test coverage + SCA with Sonar
	if: steps.semantic.outputs.new_release_published == 'true'
	env:
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	run: ${{ runner.temp }}/maven/bin/mvn verify -Pvalidate -s ${{ runner.temp }}/settings.xml --no-transfer-progress

	#
	# RELEASE CANDIDATE - Build native executable.
	#
	- name: RELEASE CANDIDATE - Build native executable
	if: steps.semantic.outputs.new_release_published == 'true'
	run: ${{ runner.temp }}/maven/bin/mvn clean package -Pnative -Dmaven.test.skip=true -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image@sha256:ce70e1a8016471ff0fc9c8f048cd9e37afddacd3de37ed0bca74201d102e45f5 -s ${{ runner.temp }}/settings.xml --no-transfer-progress

	#
	# RELEASE CANDIDATE - Build Docker image.
	#
	- name: RELEASE CANDIDATE - Build Docker image
	if: steps.semantic.outputs.new_release_published == 'true'
	run: docker build -f src/main/docker/Dockerfile.native-micro -t ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }}-RC .

	#
	# RELEASE CANDIDATE - Push Docker image.
	#
	- name: RELEASE CANDIDATE - Push Docker image
	if: steps.semantic.outputs.new_release_published == 'true'
	run: \|
	echo "${{ secrets.GITHUB_TOKEN }}" \| docker login ghcr.io -u ${{ github.actor }} --password-stdin
	docker push -a ghcr.io/${{ github.repository }}

	#
	# RELEASE CANDICATE - Get Docker image with sha256.
	#
	- name: RELEASE CANDIDATE - Get Docker image with sha256
	if: steps.semantic.outputs.new_release_published == 'true'
	run: \|
	image_sha256_rc_temp=$(docker image inspect -f '{{index .RepoDigests 0}}' ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }}-RC)
	echo "image_sha256_rc=${image_sha256_rc_temp/@/:${{ steps.semantic.outputs.new_release_version }}-RC@}" >> "$GITHUB_ENV"

	#
	# Setup Terraform
	#
	- name: Setup Terraform
	if: steps.semantic.outputs.new_release_published == 'true'
	uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
	with:
	terraform_version: 1.9.7

	#
	# RELEASE CANDIDATE - Update Container App.
	#
	- name: RELEASE CANDIDATE - Update Container App
	if: steps.semantic.outputs.new_release_published == 'true'
	shell: bash
	working-directory: src/main/terraform
	env:
	ARM_CLIENT_ID: "${{ secrets.AZURE_CLIENT_ID }}"
	ARM_SUBSCRIPTION_ID: "${{ secrets.AZURE_SUBSCRIPTION_ID }}"
	ARM_TENANT_ID: "${{ secrets.AZURE_TENANT_ID }}"
	run: \|
	terraform init -backend-config="env/dev-cd/backend.tfvars" -reconfigure
	terraform apply -var-file="env/dev-cd/terraform.tfvars" -var="mil_auth_image=${{ env.image_sha256_rc }}" -auto-approve -lock-timeout=300s

	#
	# Install Node.
	#
	- name: Install Node
	if: steps.semantic.outputs.new_release_published == 'true'
	uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c
	with:
	node-version: "18.16.0"

	#
	# Install Newman.
	#
	- name: Install Newman
	if: steps.semantic.outputs.new_release_published == 'true'
	run: npm install -g newman

	#
	# Run Postman collection.
	#
	- name: Run Postman collection
	if: steps.semantic.outputs.new_release_published == 'true'
	run: \|
	newman run src/test/postman/mil-auth.postman_collection.json \
	-e src/test/postman/dev.postman_environment.json \
	--env-var "correctPassword=${{ secrets.NEWMAN_IT__CORRECTPASSWORD }}" \
	--env-var "correctClientSecret=${{ secrets.NEWMAN_IT__CORRECTCLIENTSECRET }}" \
	--env-var "correctClientSecretForVasLayer=${{ secrets.NEWMAN_IT__CORRECTCLIENTSECRETFORVASLAYER }}" \
	--env-var "clientSecretForMilDebtPosition=${{ secrets.NEWMAN_IT__CLIENTSECRETFORMILDEBTPOSITION }}"

	#
	# STABLE - Update of pom.xml and openapi.yaml with the new version.
	#
	- name: STABLE - Update of pom.xml and openapi.yaml with the new version
	if: steps.semantic.outputs.new_release_published == 'true'
	run: \|
	${{ runner.temp }}/maven/bin/mvn versions:set -DnewVersion=${{ steps.semantic.outputs.new_release_version }} -s ${{ runner.temp }}/settings.xml --no-transfer-progress
	yq -i ".info.version = \"${{ steps.semantic.outputs.new_release_version }}\"" "src/main/resources/META-INF/openapi.yaml"
	git config user.name "GitHub Workflow"
	git config user.email "<>"
	git add pom.xml
	git add src/main/resources/META-INF/openapi.yaml
	git commit -m "Updated with new version ${{ steps.semantic.outputs.new_release_version }}"
	git push origin main

	#
	# Calculation of the new version (again) with tagging + releasing + etc.
	#
	- name: Calculation of the new version (w/o dry_run) and put tag
	if: steps.semantic.outputs.new_release_published == 'true'
	uses: cycjimmy/semantic-release-action@8e58d20d0f6c8773181f43eb74d6a05e3099571d
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	semantic_version: 19
	branch: main
	extra_plugins: \|
	@semantic-release/release-notes-generator@10.0.3
	@semantic-release/git@10.0.1
	dry_run: false

	#
	# STABLE - Build native executable.
	#
	- name: STABLE - Build native executable
	if: steps.semantic.outputs.new_release_published == 'true'
	run: ${{ runner.temp }}/maven/bin/mvn clean package -Pnative -Dmaven.test.skip=true -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image@sha256:ce70e1a8016471ff0fc9c8f048cd9e37afddacd3de37ed0bca74201d102e45f5 -s ${{ runner.temp }}/settings.xml --no-transfer-progress

	#
	# STABLE - Build Docker image.
	#
	- name: STABLE - Build Docker image
	if: steps.semantic.outputs.new_release_published == 'true'
	run: docker build -f src/main/docker/Dockerfile.native-micro -t ghcr.io/${{ github.repository }}:latest -t ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }} .

	#
	# STABLE - Push Docker image.
	#
	- name: STABLE - Push Docker image
	if: steps.semantic.outputs.new_release_published == 'true'
	run: \|
	echo "${{ secrets.GITHUB_TOKEN }}" \| docker login ghcr.io -u ${{ github.actor }} --password-stdin
	docker push -a ghcr.io/${{ github.repository }}

	#
	# STABLE - Get Docker image with sha256.
	#
	- name: STABLE - Get Docker image with sha256
	if: steps.semantic.outputs.new_release_published == 'true'
	run: \|
	image_sha256_temp=$(docker image inspect -f '{{index .RepoDigests 0}}' ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }})
	echo "image_sha256=${image_sha256_temp/@/:${{ steps.semantic.outputs.new_release_version }}@}" >> "$GITHUB_ENV"

	#
	# STABLE - Update Container App.
	#
	- name: STABLE - Update Container App
	if: steps.semantic.outputs.new_release_published == 'true'
	shell: bash
	working-directory: src/main/terraform
	env:
	ARM_CLIENT_ID: "${{ secrets.AZURE_CLIENT_ID }}"
	ARM_SUBSCRIPTION_ID: "${{ secrets.AZURE_SUBSCRIPTION_ID }}"
	ARM_TENANT_ID: "${{ secrets.AZURE_TENANT_ID }}"
	run: \|
	terraform init -backend-config="env/dev-cd/backend.tfvars" -reconfigure
	terraform apply -var-file="env/dev-cd/terraform.tfvars" -var="mil_auth_image=${{ env.image_sha256 }}" -auto-approve -lock-timeout=300s

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: Tag is included in the image to deploy. #95

Workflow file

fix: Tag is included in the image to deploy. #95

Jobs

Run details

Workflow file for this run