-
Notifications
You must be signed in to change notification settings - Fork 45
241 lines (218 loc) · 8.21 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
name: Build and Release
run-name: ${{ github.event.inputs.publish == 'true' && '[Prod]' || '[Dev]' }} Build ${{ github.run_number }} of branch ${{ github.ref_name }} by @${{ github.actor }}
on:
workflow_dispatch:
inputs:
publish:
description: 'Create Production Release'
default: false
required: true
type: boolean
sandbox:
description: 'Deploy to Sandbox'
default: true
required: true
type: boolean
deploy:
description: 'Deploy to K8S'
default: 'Skip'
required: true
type: choice
options:
- Skip
- Staging Only
- Staging + Prod
deployApp:
description: 'App to Deploy'
default: 'ietfwww'
required: true
type: choice
options:
- iabwww
- ietfwww
jobs:
# -----------------------------------------------------------------
# BUILD / RELEASE
# -----------------------------------------------------------------
build:
name: Build
runs-on: ubuntu-latest
outputs:
pkg_version: ${{ steps.buildvars.outputs.pkg_version }}
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Get Next Version
if: ${{ github.event.inputs.publish == 'true' }}
id: semver
uses: ietf-tools/semver-action@v1
with:
token: ${{ github.token }}
branch: main
patchList: fix, bugfix, perf, refactor, test, tests, chore, ci, build
skipInvalidTags: true
- name: Create Draft Release
uses: ncipollo/release-action@v1.12.0
if: ${{ github.event.inputs.publish == 'true' }}
with:
prerelease: true
draft: false
commit: ${{ github.sha }}
tag: ${{ steps.semver.outputs.nextStrict }}
name: ${{ steps.semver.outputs.nextStrict }}
body: '*pending*'
token: ${{ secrets.GITHUB_TOKEN }}
- name: Set Build Variables
id: buildvars
run: |
if [[ $nextStrict ]]; then
echo "Using AUTO SEMVER mode: $nextStrict"
echo "pkg_version=$nextStrict" >> $GITHUB_OUTPUT
echo "image_tags=ghcr.io/${{ github.repository }}:$nextStrict,ghcr.io/${{ github.repository }}:latest" >> $GITHUB_OUTPUT
echo "::notice::Release $nextStrict created using branch $GITHUB_REF_NAME"
else
PKG_VERSION=v1.0.0-dev.$GITHUB_RUN_NUMBER
echo "Using TEST mode: $PKG_VERSION"
echo "pkg_version=$PKG_VERSION" >> $GITHUB_OUTPUT
echo "image_tags=ghcr.io/${{ github.repository }}:$PKG_VERSION" >> $GITHUB_OUTPUT
echo "::notice::Non-production build $PKG_VERSION created using branch $GITHUB_REF_NAME"
fi
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker Build & Push
uses: docker/build-push-action@v3
with:
context: .
file: docker/Dockerfile
target: app-sandbox
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.buildvars.outputs.image_tags }}
- name: Update CHANGELOG
id: changelog
uses: Requarks/changelog-action@v1
if: ${{ github.event.inputs.publish == 'true' }}
with:
token: ${{ github.token }}
fromTag: ${{ steps.semver.outputs.nextStrict }}
toTag: ${{ steps.semver.outputs.current }}
writeToFile: false
- name: Create Release
uses: ncipollo/release-action@v1.12.0
if: ${{ github.event.inputs.publish == 'true' }}
with:
makeLatest: true
allowUpdates: true
draft: false
tag: ${{ steps.semver.outputs.nextStrict }}
name: ${{ steps.semver.outputs.nextStrict }}
body: ${{ steps.changelog.outputs.changes }}
token: ${{ secrets.GITHUB_TOKEN }}
- name: Notify on Slack
if: ${{ always() }}
uses: slackapi/slack-github-action@v1.23.0
with:
channel-id: ${{ secrets.SLACK_GH_BUILDS_CHANNEL_ID }}
payload: |
{
"text": "www - Build <https://github.com/ietf-tools/www/actions/runs/${{ github.run_id }}|${{ steps.buildvars.outputs.pkg_version }}> by ${{ github.triggering_actor }} completed"
}
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_GH_BOT }}
# -----------------------------------------------------------------
# SANDBOX
# -----------------------------------------------------------------
sandbox:
name: Deploy to Sandbox
if: ${{ github.event.inputs.sandbox == 'true' && github.event.inputs.publish == 'false' }}
needs: [build]
runs-on: [self-hosted, dev-server]
env:
PKG_VERSION: ${{needs.build.outputs.pkg_version}}
steps:
- name: Clear workspace folder from previous runs
# Fix because of bug in Checkout action:
# https://github.com/actions/checkout/issues/677
run: |
rm -rf $GITHUB_WORKSPACE/.git
- uses: actions/checkout@v3
- name: Download latest DB / media dump
env:
DEBIAN_FRONTEND: noninteractive
AWS_ACCESS_KEY_ID: ${{ secrets.DO_SPACES_DEV_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.DO_SPACES_DEV_ACCESS_KEY }}
run: |
aws s3 cp --quiet --endpoint-url=${{ secrets.DO_SPACES_DEV_ENDPOINT }} s3://wagtail/ietfwww.dump ./docker/database/ietfwww.dump
aws s3 cp --quiet --endpoint-url=${{ secrets.DO_SPACES_DEV_ENDPOINT }} s3://wagtail/media.tgz media.tgz
- name: Deploy to containers
env:
DEBIAN_FRONTEND: noninteractive
run: |
echo "Install Deploy to Container CLI dependencies..."
cd dev/deploy-to-container
npm ci
cd ../..
echo "Start Deploy..."
node ./dev/deploy-to-container/cli.js --branch ${{ github.ref_name }} --domain dev.ietf.org --appversion ${{ env.PKG_VERSION }} --commit ${{ github.sha }} --ghrunid ${{ github.run_id }}
- name: Cleanup old docker resources
env:
DEBIAN_FRONTEND: noninteractive
run: |
docker image prune -a -f
# -----------------------------------------------------------------
# STAGING
# -----------------------------------------------------------------
staging:
name: Deploy to Staging
if: ${{ !failure() && !cancelled() && (github.event.inputs.deploy != 'Skip') }}
needs: [build]
runs-on: ubuntu-latest
environment:
name: staging
env:
PKG_VERSION: ${{needs.prepare.outputs.pkg_version}}
steps:
- name: Deploy to staging
uses: the-actions-org/workflow-dispatch@v4
with:
workflow: deploy.yml
repo: ietf-tools/infra-k8s
ref: main
token: ${{ secrets.GH_INFRA_K8S_TOKEN }}
inputs: '{ "environment":"${{ secrets.GHA_K8S_CLUSTER }}", "app":"${{ github.event.inputs.deployApp }}", "appVersion":"${{ env.PKG_VERSION }}", "remoteRef":"${{ github.sha }}" }'
wait-for-completion: true
wait-for-completion-timeout: 10m
display-workflow-run-url: false
# -----------------------------------------------------------------
# PROD
# -----------------------------------------------------------------
prod:
name: Deploy to Production
if: ${{ !failure() && !cancelled() && github.event.inputs.deploy == 'Staging + Prod' }}
needs: [staging]
runs-on: ubuntu-latest
environment:
name: production
env:
PKG_VERSION: ${{needs.publish.outputs.pkg_version}}
steps:
- name: Deploy to production
uses: the-actions-org/workflow-dispatch@v4
with:
workflow: deploy.yml
repo: ietf-tools/infra-k8s
ref: main
token: ${{ secrets.GH_INFRA_K8S_TOKEN }}
inputs: '{ "environment":"${{ secrets.GHA_K8S_CLUSTER }}", "app":"${{ github.event.inputs.deployApp }}", "appVersion":"${{ env.PKG_VERSION }}", "remoteRef":"${{ github.sha }}" }'
wait-for-completion: true
wait-for-completion-timeout: 10m
display-workflow-run-url: false