StefanVanDyck is releasing a new version #646
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release new version of the portal | |
run-name: ${{ github.actor }} is releasing a new version | |
on: | |
push: | |
branches: | |
- 'main' | |
# Only allow one workflow to run at a time | |
concurrency: | |
group: ${{ github.workflow }} | |
cancel-in-progress: false | |
permissions: | |
contents: write | |
jobs: | |
get-versions: | |
runs-on: [ self-hosted ] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Get all component versions | |
id: versions | |
env: | |
CONFIG_COMPONENTS: "alerts apikey bie-hub bie-index biocache-hub biocache-service collectory doi-service grafana image-service logger namematching-service regions solr sensitive-data-service spatial-hub spatial-service species-list userdetails" | |
DOCKER_COMPONENTS: "alerts apikey bie-hub bie-index biocache-hub biocache-service collectory doi-service image-service pipelines logger namematching-service regions sensitive-data-service spatial-hub spatial-service species-list userdetails" | |
run: | | |
# Branding | |
ALL_VERSIONS='{}' | |
export COMPONENT=branding | |
export PATHS="./branding/**" | |
export $(bash <(curl -fsS "https://raw.githubusercontent.com/StefanVanDyck/git-semantic-version/refs/heads/main/version.sh") | xargs) | |
if [ "${number_of_changes_since_last_tag}" != "0" ]; then | |
echo "Setting new version for branding ${component} to ${new_version} with ${number_of_changes_since_last_tag} changes" | |
echo "branding_version=${new_version}" >> "$GITHUB_OUTPUT" | |
ALL_VERSIONS="{\"branding\": \"${new_version}\"}" | |
else | |
ALL_VERSIONS="{\"branding\": \"${previous_version}\"}" | |
fi | |
# Configs | |
CONFIG_VERSIONS="{}" | |
for component in ${CONFIG_COMPONENTS}; do | |
export COMPONENT=config-${component} | |
export PATHS="./config/common/** ./config/${component}/**" | |
export $(bash <(curl -fsS "https://raw.githubusercontent.com/StefanVanDyck/git-semantic-version/refs/heads/main/version.sh") | xargs) | |
if [ "${number_of_changes_since_last_tag}" != "0" ]; then | |
echo "Setting new version for config ${component} to ${new_version} with ${number_of_changes_since_last_tag} changes" | |
CONFIG_VERSIONS=$(jq -c ". += {\"${component}\": \"${new_version}\"}" <<< ${CONFIG_VERSIONS}) | |
ALL_VERSIONS=$(jq -c ".config += {\"${component}\": \"${new_version}\"}" <<< ${ALL_VERSIONS}) | |
else | |
ALL_VERSIONS=$(jq -c ".config += {\"${component}\": \"${previous_version}\"}" <<< ${ALL_VERSIONS}) | |
fi | |
done | |
echo "config_versions=${CONFIG_VERSIONS}" >> "$GITHUB_OUTPUT" | |
# Docker images | |
DOCKER_VERSIONS="{}" | |
for component in ${DOCKER_COMPONENTS}; do | |
export COMPONENT=docker-${component} | |
export PATHS="./docker/docker-bake.hcl ./docker/tomcat/** ./docker/${component}/**" | |
export $(bash <(curl -fsS "https://raw.githubusercontent.com/StefanVanDyck/git-semantic-version/refs/heads/main/version.sh") | xargs) | |
if [ "${number_of_changes_since_last_tag}" != "0" ]; then | |
echo "Setting new version for docker ${component} to ${new_version} with ${number_of_changes_since_last_tag} changes" | |
DOCKER_VERSIONS=$(jq -c ". += {\"${component}\": \"${new_version}\"}" <<< ${DOCKER_VERSIONS}) | |
ALL_VERSIONS=$(jq -c ".docker += {\"${component}\": \"${new_version}\"}" <<< ${ALL_VERSIONS}) | |
else | |
ALL_VERSIONS=$(jq -c ".docker += {\"${component}\": \"${previous_version}\"}" <<< ${ALL_VERSIONS}) | |
fi | |
done | |
echo "docker_versions=${DOCKER_VERSIONS}" >> "$GITHUB_OUTPUT" | |
echo "all_versions=${ALL_VERSIONS}" >> "$GITHUB_OUTPUT" | |
outputs: | |
branding_version: ${{ steps.versions.outputs.branding_version }} | |
config_versions: ${{ toJSON(steps.versions.outputs.config_versions) }} | |
docker_versions: ${{ toJSON(steps.versions.outputs.docker_versions) }} | |
all_versions: ${{ toJSON(steps.versions.outputs.all_versions) }} | |
build-and-release-branding: | |
runs-on: [ self-hosted ] | |
needs: get-versions | |
if: needs.get-versions.outputs.branding_version != '' | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: 'npm' | |
cache-dependency-path: branding/package-lock.json | |
- name: Build branding website S3 | |
working-directory: ./branding | |
run: | | |
set -e -x -o pipefail | |
git submodule update --init --recursive | |
cd commonui-bs3-2019 | |
git submodule foreach --recursive 'git checkout commonui-bs3-2019' | |
npm install | |
npx gulp build | |
cd .. | |
npm install | |
npm run build:prod | |
tar -cvzf branding-${{ needs.get-versions.outputs.branding_version }}.tar.gz -C "$(pwd)/public" ./ | |
- name: Create release | |
uses: ncipollo/release-action@v1 | |
with: | |
commit: ${{ github.sha }} | |
tag: branding-v${{ needs.get-versions.outputs.branding_version }} | |
artifacts: "branding/branding-${{ needs.get-versions.outputs.branding_version }}.tar.gz" | |
version-config-files: | |
runs-on: [ self-hosted ] | |
needs: get-versions | |
if: fromJSON(needs.get-versions.outputs.config_versions) != '{}' | |
permissions: | |
contents: write | |
steps: | |
- name: Create tags | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const versions = ${{ fromJSON(needs.get-versions.outputs.config_versions) }}; | |
console.log(versions); | |
for (const [component, version] of Object.entries(versions)) { | |
github.rest.git.createRef({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
ref: `refs/tags/config-${component}-v${version}`, | |
sha: context.sha | |
}) | |
} | |
build-and-push-docker-images: | |
runs-on: [ self-hosted ] | |
needs: get-versions | |
if: fromJSON(needs.get-versions.outputs.docker_versions) != '{}' | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Login to AWS | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
role-to-assume: ${{ secrets.DEV_DEPLOYMENT_ROLE_ARN }} | |
- name: Docker login to Amazon ECR | |
env: | |
AWS_REGION: ${{ secrets.AWS_REGION }} | |
run: | | |
aws ecr get-login-password --region ${{ secrets.AWS_REGION }} \ | |
| docker login --username AWS --password-stdin 632683202044.dkr.ecr.eu-west-1.amazonaws.com | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
buildkitd-config-inline: | | |
[registry."docker.io"] | |
mirrors = ["632683202044.dkr.ecr.eu-west-1.amazonaws.com/docker-hub"] | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Cache | |
uses: actions/cache@v4 | |
id: cache | |
with: | |
path: | | |
var-cache-apt | |
var-lib-apt | |
gradle-cache | |
maven-cache | |
key: cache-docker-${{ hashFiles('./docker/**/Dockerfile') }} | |
restore-keys: | | |
cache-docker- | |
- name: inject cache into docker | |
uses: reproducible-containers/buildkit-cache-dance@v3.1.0 | |
with: | |
cache-map: | | |
{ | |
"var-cache-apt": "/var/cache/apt", | |
"var-lib-apt": "/var/lib/apt", | |
"gradle-cache": "/gradle-cache", | |
"maven-cache": "/root/.m2/repository" | |
} | |
skip-extraction: ${{ steps.cache.outputs.cache-hit }} | |
- name: Build and push docker images | |
working-directory: ./docker | |
env: | |
SOURCE_DATE_EPOCH: 0 | |
run: | | |
set -e -o pipefail | |
arch=$(uname -m) | |
if [ "${arch}" == "aarch64" ]; then | |
echo "Building for arm64" | |
export BUILDPLATFORM="linux/arm64" | |
elif [ "${arch}" == "x86_64" ]; then | |
echo "Building for amd64" | |
export BUILDPLATFORM="linux/amd64" | |
else | |
echo "Cannot build for unknown architecture: ${arch}" | |
exit 1 | |
fi | |
for component_version in $(jq -c '. | to_entries | .[]' <<< ${{ needs.get-versions.outputs.docker_versions }}); do | |
docker_name=$(jq -r '.key' <<< "${component_version}") | |
version=$(jq -r '.value' <<< "${component_version}") | |
echo " Releasing ${docker_name} version ${version}" | |
export TAG=${version} | |
export CACHE_TAG="cache-github" | |
export GIT_TAG="docker-${docker_name}-v${version}" | |
# Build and push a single image | |
docker buildx bake --push \ | |
${docker_name} \ | |
--set="*.args.BUILDPLATFORM=${BUILDPLATFORM}" \ | |
--set="${docker_name}.platform=linux/amd64,linux/arm64" \ | |
--set="${docker_name}.labels.maintainer=support.natuurdata@inbo.be" \ | |
--set="${docker_name}.labels.build_date=$(date +'%Y-%m-%dT%H:%M:%S')" \ | |
--set="${docker_name}.labels.build_url=${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \ | |
--set="${docker_name}.labels.git_tag=${GIT_TAG}" \ | |
--set="${docker_name}.labels.git_hash=${{ github.sha }}" \ | |
--set="custom-gradle.cache-to=type=registry,ref=632683202044.dkr.ecr.eu-west-1.amazonaws.com/custom-gradle:${CACHE_TAG},oci-mediatypes=true,image-manifest=true,mode=max" \ | |
--set="custom-maven.cache-to=type=registry,ref=632683202044.dkr.ecr.eu-west-1.amazonaws.com/custom-maven:${CACHE_TAG},oci-mediatypes=true,image-manifest=true,mode=max" \ | |
--set="tomcat-base.cache-to=type=registry,ref=632683202044.dkr.ecr.eu-west-1.amazonaws.com/tomcat-base:${CACHE_TAG},oci-mediatypes=true,image-manifest=true,mode=max" \ | |
--set="${docker_name}.cache-to=type=registry,ref=632683202044.dkr.ecr.eu-west-1.amazonaws.com/${docker_name}:${CACHE_TAG},oci-mediatypes=true,image-manifest=true,mode=max" \ | |
# Create Git Tag | |
echo "Creating Git Tag: ${GIT_TAG}" | |
git tag "${GIT_TAG}" | |
git push origin "${GIT_TAG}" | |
done | |
deploy: | |
needs: | |
- get-versions | |
- build-and-release-branding | |
- version-config-files | |
- build-and-push-docker-images | |
# Only run if no failures or cancellations and at least one was not skipped | |
if: | | |
always() | |
&& !contains(needs.*.result, 'failure') | |
&& !contains(needs.*.result, 'cancelled') | |
&& contains(needs.*.result, 'success') | |
runs-on: [ self-hosted ] | |
permissions: | |
contents: write | |
pull-requests: write | |
steps: | |
- name: Checkout terraform repository | |
uses: actions/checkout@v4 | |
with: | |
repository: 'inbo/inbo-aws-biodiversiteitsportaal-terraform' | |
token: ${{ secrets.GIT_PAT_TOKEN }} | |
fetch-depth: 0 | |
- name: Update versions in dev deployment | |
id: update-versions | |
run: | | |
set -e -o pipefail | |
git checkout automated-version-update || git checkout -b automated-version-update | |
git config --global user.email "support.natuurdata@inbo.be" | |
git config --global user.name "Github Actions" | |
jq <<< '${{ fromJSON(needs.get-versions.outputs.all_versions) }}' > ./region/inbo-dev/eu-west-1/versions.json | |
if [ -n "$(git status --porcelain)" ]; then | |
git add region/inbo-dev/eu-west-1/versions.json | |
git commit -m "Github actions: automated update of versions" | |
git push --set-upstream origin automated-version-update | |
echo "changes=true" >> "$GITHUB_OUTPUT" | |
else | |
echo "no changes"; | |
echo "changes=false" >> "$GITHUB_OUTPUT" | |
fi | |
- name: Create Pull Request | |
uses: actions/github-script@v7 | |
if: steps.update-versions.outputs.changes == 'true' | |
with: | |
github-token: ${{ secrets.GIT_PAT_TOKEN }} | |
script: | | |
const openPrs = await github.rest.pulls.list({ | |
owner: 'inbo', | |
repo: 'inbo-aws-biodiversiteitsportaal-terraform', | |
state: 'open', | |
head: 'inbo:automated-version-update' | |
}); | |
if (openPrs.data.length === 1) { | |
console.log(`PR already exists: ${openPrs.data[0].html_url}`); | |
return; | |
} | |
const result = await github.rest.pulls.create({ | |
title: 'Automated version update', | |
owner: 'inbo', | |
repo: 'inbo-aws-biodiversiteitsportaal-terraform', | |
head: 'automated-version-update', | |
base: 'master', | |
body: 'This PR is auto-generated by [a github action](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) in [inbo/vlaams-biodiversiteitsportaal](https://github.com/inbo/vlaams-biodiversiteitsportaal).' | |
}); | |
github.rest.issues.addLabels({ | |
owner: 'inbo', | |
repo: 'inbo-aws-biodiversiteitsportaal-terraform', | |
issue_number: result.data.number, | |
labels: ['versions', 'automated pr'] | |
}); |