remove extra - #618
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Push Remote Dev | ||
| on: | ||
| push: | ||
| branches: | ||
| - "rdev-*" | ||
| env: | ||
| # Force using BuildKit instead of normal Docker, required so that metadata | ||
| # is written/read to allow us to use layers of previous builds as cache. | ||
| DOCKER_BUILDKIT: 1 | ||
| COMPOSE_DOCKER_CLI_BUILD: 1 | ||
| DOCKER_REPO: ${{ secrets.ECR_REPO }}/ | ||
| # https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services | ||
| permissions: | ||
| id-token: write | ||
| contents: write | ||
| jobs: | ||
| build-push-images: | ||
| runs-on: ubuntu-20.04 | ||
| strategy: | ||
| matrix: | ||
| image: | ||
| - dockerfile: src/backend/Dockerfile.gisaid | ||
| context: ./src/backend/ | ||
| name: genepi-gisaid | ||
| - dockerfile: src/backend/Dockerfile.nextstrain | ||
| context: ./src/backend/ | ||
| name: genepi-nextstrain | ||
| - dockerfile: src/backend/Dockerfile.pangolin | ||
| context: ./src/backend/ | ||
| name: genepi-pangolin | ||
| - dockerfile: src/backend/Dockerfile.lineage_qc | ||
| context: ./src/backend/ | ||
| name: genepi-lineage-qc | ||
| - dockerfile: src/backend/Dockerfile | ||
| context: ./src/backend/ | ||
| name: genepi-backend | ||
| - dockerfile: src/frontend/Dockerfile | ||
| context: ./src/frontend/ | ||
| name: genepi-frontend | ||
| steps: | ||
| - name: Configure AWS Credentials | ||
| uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| aws-region: us-west-2 | ||
| aws-access-key-id: ${{ secrets.THEIAGEN_AWS_ACCESS_KEY_ID }} | ||
| aws-secret-access-key: ${{ secrets.THEIAGEN_AWS_SECRET_ACCESS_KEY }} | ||
| - name: Build And Push | ||
| id: build_outputs | ||
| uses: chanzuckerberg/github-actions/.github/actions/docker-build-push@docker-build-push-v1.3.1 | ||
| with: | ||
| dockerfile: ${{ matrix.image.dockerfile }} | ||
| context: ${{ matrix.image.context }} | ||
| name: ${{ matrix.image.name }} | ||
| registry: 654654542669.dkr.ecr.us-west-2.amazonaws.com | ||
| # checkout the latest changes | ||
| - name: echo the tags to github output | ||
| run: | | ||
| echo 'IMAGE_SHA<<EOF' >> $GITHUB_ENV | ||
| echo '${{ steps.build_outputs.outputs.tags }}' >> $GITHUB_ENV | ||
| echo 'EOF' >> $GITHUB_ENV | ||
| - name: use python parse the output | ||
| shell: python | ||
| run: | | ||
| import os | ||
| image_lines = os.environ["IMAGE_SHA"] | ||
| vars = {"locals": {}} | ||
| for image in image_lines.split("\n"): | ||
| tag = image.split(":")[-1] # colons are illegal in branch names | ||
| if tag[:4] == "sha-" and len(tag) <= 11: | ||
| vars["locals"]["image_tag"] = tag | ||
| print(f"tag is {tag}") | ||
| # next: try to write to the .happy/terraform/envs/dev/locals.tf.json | ||
| import json | ||
| with open('.happy/terraform/envs/dev/locals.tf.json', 'w') as fp: | ||
| json.dump(vars, fp, indent = 4) | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| # TODO: figure out whether {{ secrets.GITHUB_TOKEN }} is enough for this step: | ||
| - name: Update the file | ||
| uses: EndBug/add-and-commit@v9 | ||
| with: | ||
| add: -A | ||
| message: 'chore: Updated locals.tf.json file with new image tag' | ||
| create-update-rdev: | ||
| runs-on: ubuntu-20.04 | ||
| needs: | ||
| - build-push-images | ||
| steps: | ||
| - name: Configure AWS Credentials | ||
| uses: aws-actions/configure-aws-credentials@v2 | ||
| with: | ||
| role-session-name: CreateUpdateRdev | ||
| aws-region: us-west-2 | ||
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | ||
| role-duration-seconds: 900 | ||
| - name: Calculate Branch and Base Names | ||
| id: refs | ||
| uses: chanzuckerberg/github-actions/.github/actions/get-github-ref-names@get-github-ref-names-v1.4.0 | ||
| - name: Get Stack Name | ||
| id: stack-name | ||
| uses: actions/github-script@v6 | ||
| with: | ||
| script: | | ||
| const prefix = "rdev-"; | ||
| const ref = "${{ steps.refs.outputs.headRef }}"; | ||
| if (!ref.startsWith(prefix)) { | ||
| core.setFailed(`ref ${ref} did not start with ${prefix}`) | ||
| return | ||
| } | ||
| // Must be compatible with DNS charset, replace chars not allowed with '-' | ||
| const stackName = ref.slice(prefix.length).replaceAll(/[^a-zA-Z0-9/-]+/g, "-") | ||
| console.log(`stackName: ${stackName}`) | ||
| core.setOutput('stack-name', stackName) | ||
| - name: Create or update rdev | ||
| uses: chanzuckerberg/github-actions/.github/actions/deploy-happy-stack@deploy-happy-stack-v1.7.0 | ||
| with: | ||
| tfe-token: ${{ secrets.TFE_TOKEN }} | ||
| stack-name: ${{ steps.stack-name.outputs.stack-name }} | ||
| happy_version: "0.41.3" | ||
