Skip to content

StefanVanDyck is releasing a new version #627

StefanVanDyck is releasing a new version

StefanVanDyck is releasing a new version #627

Workflow file for this run

name: Release new version of the portal
run-name: ${{ github.actor }} is releasing a new version
on:
push:
branches:
- 'main'
# Only allow one workflow to run at a time
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: false
permissions:
contents: write
jobs:
get-versions:
runs-on: [ self-hosted ]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get all component versions
id: versions
env:
CONFIG_COMPONENTS: "alerts apikey bie-hub bie-index biocache-hub biocache-service collectory doi-service grafana image-service logger namematching-service regions solr sensitive-data-service spatial-hub spatial-service species-list userdetails"
DOCKER_COMPONENTS: "alerts apikey bie-hub bie-index biocache-hub biocache-service collectory doi-service image-service pipelines logger namematching-service regions sensitive-data-service spatial-hub spatial-service species-list userdetails"
run: |
# Branding
ALL_VERSIONS='{}'
export COMPONENT=branding
export PATHS="./branding/**"
export $(bash <(curl -fsS "https://raw.githubusercontent.com/StefanVanDyck/git-semantic-version/refs/heads/main/version.sh") | xargs)
if [ "${number_of_changes_since_last_tag}" != "0" ]; then
echo "Setting new version for branding ${component} to ${new_version} with ${number_of_changes_since_last_tag} changes"
echo "branding_version=${new_version}" >> "$GITHUB_OUTPUT"
ALL_VERSIONS="{\"branding\": \"${new_version}\"}"
else
ALL_VERSIONS="{\"branding\": \"${previous_version}\"}"
fi
# Configs
CONFIG_VERSIONS="{}"
for component in ${CONFIG_COMPONENTS}; do
export COMPONENT=config-${component}
export PATHS="./config/common/** ./config/${component}/**"
export $(bash <(curl -fsS "https://raw.githubusercontent.com/StefanVanDyck/git-semantic-version/refs/heads/main/version.sh") | xargs)
if [ "${number_of_changes_since_last_tag}" != "0" ]; then
echo "Setting new version for config ${component} to ${new_version} with ${number_of_changes_since_last_tag} changes"
CONFIG_VERSIONS=$(jq -c ". += {\"${component}\": \"${new_version}\"}" <<< ${CONFIG_VERSIONS})
ALL_VERSIONS=$(jq -c ".config += {\"${component}\": \"${new_version}\"}" <<< ${ALL_VERSIONS})
else
ALL_VERSIONS=$(jq -c ".config += {\"${component}\": \"${previous_version}\"}" <<< ${ALL_VERSIONS})
fi
done
echo "config_versions=${CONFIG_VERSIONS}" >> "$GITHUB_OUTPUT"
# Docker images
DOCKER_VERSIONS="{}"
for component in ${DOCKER_COMPONENTS}; do
export COMPONENT=docker-${component}
export PATHS="./docker/docker-bake.hcl ./docker/tomcat/** ./docker/${component}/**"
export $(bash <(curl -fsS "https://raw.githubusercontent.com/StefanVanDyck/git-semantic-version/refs/heads/main/version.sh") | xargs)
if [ "${number_of_changes_since_last_tag}" != "0" ]; then
echo "Setting new version for docker ${component} to ${new_version} with ${number_of_changes_since_last_tag} changes"
DOCKER_VERSIONS=$(jq -c ". += {\"${component}\": \"${new_version}\"}" <<< ${DOCKER_VERSIONS})
ALL_VERSIONS=$(jq -c ".docker += {\"${component}\": \"${new_version}\"}" <<< ${ALL_VERSIONS})
else
ALL_VERSIONS=$(jq -c ".docker += {\"${component}\": \"${previous_version}\"}" <<< ${ALL_VERSIONS})
fi
done
echo "docker_versions=${DOCKER_VERSIONS}" >> "$GITHUB_OUTPUT"
echo "all_versions=${ALL_VERSIONS}" >> "$GITHUB_OUTPUT"
outputs:
branding_version: ${{ steps.versions.outputs.branding_version }}
config_versions: ${{ toJSON(steps.versions.outputs.config_versions) }}
docker_versions: ${{ toJSON(steps.versions.outputs.docker_versions) }}
all_versions: ${{ toJSON(steps.versions.outputs.all_versions) }}
build-and-release-branding:
runs-on: [ self-hosted ]
needs: get-versions
if: needs.get-versions.outputs.branding_version != ''
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 20
cache: 'npm'
cache-dependency-path: branding/package-lock.json
- name: Build branding website S3
working-directory: ./branding
run: |
set -e -x -o pipefail
git submodule update --init --recursive
cd commonui-bs3-2019
git submodule foreach --recursive 'git checkout commonui-bs3-2019'
npm install
npx gulp build
cd ..
npm install
npm run build:prod
tar -cvzf branding-${{ needs.get-versions.outputs.branding_version }}.tar.gz -C "$(pwd)/public" ./
- name: Create release
uses: ncipollo/release-action@v1
with:
commit: ${{ github.sha }}
tag: branding-v${{ needs.get-versions.outputs.branding_version }}
artifacts: "branding/branding-${{ needs.get-versions.outputs.branding_version }}.tar.gz"
version-config-files:
runs-on: [ self-hosted ]
needs: get-versions
if: fromJSON(needs.get-versions.outputs.config_versions) != '{}'
permissions:
contents: write
steps:
- name: Create tags
uses: actions/github-script@v7
with:
script: |
const versions = ${{ fromJSON(needs.get-versions.outputs.config_versions) }};
console.log(versions);
for (const [component, version] of Object.entries(versions)) {
github.rest.git.createRef({
owner: context.repo.owner,
repo: context.repo.repo,
ref: `refs/tags/config-${component}-v${version}`,
sha: context.sha
})
}
build-and-push-docker-images:
runs-on: [ self-hosted ]
needs: get-versions
if: fromJSON(needs.get-versions.outputs.docker_versions) != '{}'
permissions:
contents: write
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Login to AWS
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: ${{ secrets.DEV_DEPLOYMENT_ROLE_ARN }}
- name: Docker login to Amazon ECR
env:
AWS_REGION: ${{ secrets.AWS_REGION }}
run: |
aws ecr get-login-password --region ${{ secrets.AWS_REGION }} \
| docker login --username AWS --password-stdin 632683202044.dkr.ecr.eu-west-1.amazonaws.com
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
buildkitd-config-inline: |
[registry."docker.io"]
mirrors = ["632683202044.dkr.ecr.eu-west-1.amazonaws.com/docker-hub"]
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Cache
uses: actions/cache@v4
id: cache
with:
path: |
var-cache-apt
var-lib-apt
gradle-cache
maven-cache
key: cache-docker-${{ hashFiles('./docker/**/Dockerfile') }}
restore-keys: |
cache-docker-
- name: inject cache into docker
uses: reproducible-containers/buildkit-cache-dance@v3.1.0
with:
cache-map: |
{
"var-cache-apt": "/var/cache/apt",
"var-lib-apt": "/var/lib/apt",
"gradle-cache": "/gradle-cache",
"maven-cache": "/root/.m2/repository"
}
skip-extraction: ${{ steps.cache.outputs.cache-hit }}
- name: Build and push docker images
working-directory: ./docker
env:
SOURCE_DATE_EPOCH: 0
run: |
set -e -o pipefail
arch=$(uname -m)
if [ "${arch}" == "aarch64" ]; then
echo "Building for arm64"
export BUILDPLATFORM="linux/arm64"
elif [ "${arch}" == "x86_64" ]; then
echo "Building for amd64"
export BUILDPLATFORM="linux/amd64"
else
echo "Cannot build for unknown architecture: ${arch}"
exit 1
fi
for component_version in $(jq -c '. | to_entries | .[]' <<< ${{ needs.get-versions.outputs.docker_versions }}); do
docker_name=$(jq -r '.key' <<< "${component_version}")
version=$(jq -r '.value' <<< "${component_version}")
echo " Releasing ${docker_name} version ${version}"
export TAG=${version}
export CACHE_TAG="cache-github"
export GIT_TAG="docker-${docker_name}-v${version}"
# Build and push a single image
docker buildx bake --push \
${docker_name} \
--set="*.args.BUILDPLATFORM=${BUILDPLATFORM}" \
--set="${docker_name}.platform=linux/amd64,linux/arm64" \
--set="${docker_name}.labels.maintainer=support.natuurdata@inbo.be" \
--set="${docker_name}.labels.build_date=$(date +'%Y-%m-%dT%H:%M:%S')" \
--set="${docker_name}.labels.build_url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
--set="${docker_name}.labels.git_tag=${GIT_TAG}" \
--set="${docker_name}.labels.git_hash=${{ github.sha }}" \
--set="custom-gradle.cache-to=type=registry,ref=632683202044.dkr.ecr.eu-west-1.amazonaws.com/custom-gradle:${CACHE_TAG},oci-mediatypes=true,image-manifest=true,mode=max" \
--set="custom-maven.cache-to=type=registry,ref=632683202044.dkr.ecr.eu-west-1.amazonaws.com/custom-maven:${CACHE_TAG},oci-mediatypes=true,image-manifest=true,mode=max" \
--set="tomcat-base.cache-to=type=registry,ref=632683202044.dkr.ecr.eu-west-1.amazonaws.com/tomcat-base:${CACHE_TAG},oci-mediatypes=true,image-manifest=true,mode=max" \
--set="${docker_name}.cache-to=type=registry,ref=632683202044.dkr.ecr.eu-west-1.amazonaws.com/${docker_name}:${CACHE_TAG},oci-mediatypes=true,image-manifest=true,mode=max" \
# Create Git Tag
echo "Creating Git Tag: ${GIT_TAG}"
git tag "${GIT_TAG}"
git push origin "${GIT_TAG}"
done
deploy:
needs:
- get-versions
- build-and-release-branding
- version-config-files
- build-and-push-docker-images
# Only run if no failures or cancellations and at least one was not skipped
if: |
always()
&& !contains(needs.*.result, 'failure')
&& !contains(needs.*.result, 'cancelled')
&& contains(needs.*.result, 'success')
runs-on: [ self-hosted ]
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout terraform repository
uses: actions/checkout@v4
with:
repository: 'inbo/inbo-aws-biodiversiteitsportaal-terraform'
token: ${{ secrets.GIT_PAT_TOKEN }}
fetch-depth: 0
- name: Update versions in dev deployment
id: update-versions
run: |
set -e -o pipefail
git checkout automated-version-update || git checkout -b automated-version-update
git config --global user.email "support.natuurdata@inbo.be"
git config --global user.name "Github Actions"
jq <<< '${{ fromJSON(needs.get-versions.outputs.all_versions) }}' > ./region/inbo-dev/eu-west-1/versions.json
if [ -n "$(git status --porcelain)" ]; then
git add region/inbo-dev/eu-west-1/versions.json
git commit -m "Github actions: automated update of versions"
git push --set-upstream origin automated-version-update
echo "changes=true" >> "$GITHUB_OUTPUT"
else
echo "no changes";
echo "changes=false" >> "$GITHUB_OUTPUT"
fi
- name: Create Pull Request
uses: actions/github-script@v7
if: steps.update-versions.outputs.changes == 'true'
with:
github-token: ${{ secrets.GIT_PAT_TOKEN }}
script: |
const openPrs = await github.rest.pulls.list({
owner: 'inbo',
repo: 'inbo-aws-biodiversiteitsportaal-terraform',
state: 'open',
head: 'inbo:automated-version-update'
});
if (openPrs.data.length === 1) {
console.log(`PR already exists: ${openPrs.data[0].html_url}`);
return;
}
const result = await github.rest.pulls.create({
title: 'Automated version update',
owner: 'inbo',
repo: 'inbo-aws-biodiversiteitsportaal-terraform',
head: 'automated-version-update',
base: 'master',
body: 'This PR is auto-generated by [a github action](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) in [inbo/vlaams-biodiversiteitsportaal](https://github.com/inbo/vlaams-biodiversiteitsportaal).'
});
github.rest.issues.addLabels({
owner: 'inbo',
repo: 'inbo-aws-biodiversiteitsportaal-terraform',
issue_number: result.data.number,
labels: ['versions', 'automated pr']
});