securityContext for app_service volumes #467
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deployment workflow | |
on: | |
pull_request: {} | |
push: | |
branches: | |
- 'main' | |
jobs: | |
find_directories: | |
name: Find directories with Dockerfiles | |
runs-on: ubuntu-20.04 | |
outputs: | |
build_images: ${{ steps.find_directories.outputs.build_matrix }} | |
short_sha: ${{ steps.versions.outputs.SHORT_SHA }} | |
branch_name: ${{ steps.versions.outputs.BRANCH_NAME }} | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v3 | |
- name: Set version strings | |
id: versions | |
run: | | |
echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
echo "BRANCH_NAME=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_OUTPUT | |
- name: Find directories with Dockerfiles that changed | |
id: find_directories | |
uses: ./.github/actions/find-changed-directories | |
with: | |
contains_the_file: Dockerfile | |
# If the branch does not exist, then it will not | |
# filter any directories containing the file. | |
# This allows for filtering out unchanged directories | |
# in a pull request, and using all directories on the release | |
# or main branches. | |
changed_relative_to_ref: origin/${{ github.base_ref || 'not-a-branch' }} | |
ignore_dirs: ".coredb examples tembo-cli/tests" | |
build_and_push_images: | |
name: Build and push images | |
runs-on: | |
- self-hosted | |
- dind | |
- large-8x8 | |
needs: | |
- find_directories | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJson(needs.find_directories.outputs.build_images) }} | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v3 | |
- name: Check out the coredb repo to reuse some actions | |
uses: actions/checkout@v3 | |
with: | |
repository: tembo-io/tembo | |
path: ./.tembo | |
ref: 3714d336a0efdfc82234db7ccb708ecf80346e84 | |
- name: Determine which tags to publish | |
id: tags | |
run: | | |
BRANCH_NAME="${{ needs.find_directories.outputs.branch_name }}" | |
if [ "${BRANCH_NAME}" == "main" ]; then | |
echo "tag_latest=true" >> $GITHUB_OUTPUT | |
echo "tag_cargo=true" >> $GITHUB_OUTPUT | |
else | |
echo "tag_latest=false" >> $GITHUB_OUTPUT | |
echo "tag_cargo=false" >> $GITHUB_OUTPUT | |
fi | |
- name: Build and upload image | |
uses: ./.tembo/.github/actions/build-and-push-to-quay | |
with: | |
image_name: ${{ matrix.name }} | |
docker_directory: ${{ matrix.path }} | |
# Tag with version in Cargo.toml | |
# if that file is present | |
# and if the branch is 'main' or starts with 'release/' | |
tag_cargo_version_if_present: ${{ steps.tags.outputs.tag_cargo }} | |
# Tag with 'latest' | |
# if the branch is 'main' | |
publish_latest: ${{ steps.tags.outputs.tag_latest }} | |
# If we are publishing latest, also tag it with calver | |
publish_calver: ${{ steps.tags_outputs.tag_latest }} | |
registry: "quay.io/tembo" | |
quay_user: ${{ secrets.QUAY_USER_TEMBO }} | |
quay_password: ${{ secrets.QUAY_PASSWORD_TEMBO }} | |
argocd_update: | |
name: ArgoCD update automation | |
if: ${{ github.ref == 'refs/heads/main' }} | |
runs-on: ubuntu-latest | |
strategy: | |
# fail-fast means to cancel all jobs if one fails | |
fail-fast: false | |
matrix: | |
include: | |
- repository: tembo-io/app-deploy-dev | |
subdirectory: dev | |
branch: main | |
- repository: tembo-io/app-deploy | |
subdirectory: staging | |
branch: staging-updates | |
- repository: tembo-io/app-deploy | |
subdirectory: prod | |
branch: prod-updates | |
needs: | |
- find_directories | |
- build_and_push_images | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v3 | |
- name: Check out the repo | |
uses: ./.github/actions/argocd-update | |
with: | |
repository: ${{ matrix.repository }} | |
ssh_key: ${{ secrets.SERVICE_USER_GITHUB_SSH_KEY }} | |
branch: ${{ matrix.branch }} | |
version: ${{ needs.find_directories.outputs.short_sha }} | |
subdirectory: ${{ matrix.subdirectory }} |