Skip to content

securityContext for app_service volumes #467

securityContext for app_service volumes

securityContext for app_service volumes #467

Workflow file for this run

name: Deployment workflow
on:
pull_request: {}
push:
branches:
- 'main'
jobs:
find_directories:
name: Find directories with Dockerfiles
runs-on: ubuntu-20.04
outputs:
build_images: ${{ steps.find_directories.outputs.build_matrix }}
short_sha: ${{ steps.versions.outputs.SHORT_SHA }}
branch_name: ${{ steps.versions.outputs.BRANCH_NAME }}
steps:
- name: Check out the repo
uses: actions/checkout@v3
- name: Set version strings
id: versions
run: |
echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
echo "BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_OUTPUT
- name: Find directories with Dockerfiles that changed
id: find_directories
uses: ./.github/actions/find-changed-directories
with:
contains_the_file: Dockerfile
# If the branch does not exist, then it will not
# filter any directories containing the file.
# This allows for filtering out unchanged directories
# in a pull request, and using all directories on the release
# or main branches.
changed_relative_to_ref: origin/${{ github.base_ref || 'not-a-branch' }}
ignore_dirs: ".coredb examples tembo-cli/tests"
build_and_push_images:
name: Build and push images
runs-on:
- self-hosted
- dind
- large-8x8
needs:
- find_directories
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.find_directories.outputs.build_images) }}
steps:
- name: Check out the repo
uses: actions/checkout@v3
- name: Check out the coredb repo to reuse some actions
uses: actions/checkout@v3
with:
repository: tembo-io/tembo
path: ./.tembo
ref: 3714d336a0efdfc82234db7ccb708ecf80346e84
- name: Determine which tags to publish
id: tags
run: |
BRANCH_NAME="${{ needs.find_directories.outputs.branch_name }}"
if [ "${BRANCH_NAME}" == "main" ]; then
echo "tag_latest=true" >> $GITHUB_OUTPUT
echo "tag_cargo=true" >> $GITHUB_OUTPUT
else
echo "tag_latest=false" >> $GITHUB_OUTPUT
echo "tag_cargo=false" >> $GITHUB_OUTPUT
fi
- name: Build and upload image
uses: ./.tembo/.github/actions/build-and-push-to-quay
with:
image_name: ${{ matrix.name }}
docker_directory: ${{ matrix.path }}
# Tag with version in Cargo.toml
# if that file is present
# and if the branch is 'main' or starts with 'release/'
tag_cargo_version_if_present: ${{ steps.tags.outputs.tag_cargo }}
# Tag with 'latest'
# if the branch is 'main'
publish_latest: ${{ steps.tags.outputs.tag_latest }}
# If we are publishing latest, also tag it with calver
publish_calver: ${{ steps.tags_outputs.tag_latest }}
registry: "quay.io/tembo"
quay_user: ${{ secrets.QUAY_USER_TEMBO }}
quay_password: ${{ secrets.QUAY_PASSWORD_TEMBO }}
argocd_update:
name: ArgoCD update automation
if: ${{ github.ref == 'refs/heads/main' }}
runs-on: ubuntu-latest
strategy:
# fail-fast means to cancel all jobs if one fails
fail-fast: false
matrix:
include:
- repository: tembo-io/app-deploy-dev
subdirectory: dev
branch: main
- repository: tembo-io/app-deploy
subdirectory: staging
branch: staging-updates
- repository: tembo-io/app-deploy
subdirectory: prod
branch: prod-updates
needs:
- find_directories
- build_and_push_images
steps:
- name: Check out the repo
uses: actions/checkout@v3
- name: Check out the repo
uses: ./.github/actions/argocd-update
with:
repository: ${{ matrix.repository }}
ssh_key: ${{ secrets.SERVICE_USER_GITHUB_SSH_KEY }}
branch: ${{ matrix.branch }}
version: ${{ needs.find_directories.outputs.short_sha }}
subdirectory: ${{ matrix.subdirectory }}