Bump github.com/jackc/pgx/v4 from 4.7.2 to 4.18.2 in /go #96
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 'Build and Deploy' | |
| on: | |
| push: | |
| paths: | |
| - 'helm/**' | |
| - 'go/**' | |
| - 'docker/**' | |
| - 'scripts/**' | |
| - '.github/**' | |
| branches: | |
| - master | |
| pull_request: | |
| paths: | |
| - 'helm/**' | |
| - 'go/**' | |
| - 'docker/**' | |
| - 'scripts/**' | |
| - '.github/**' | |
| env: | |
| GCP_REGION: europe-west2 | |
| GCP_CLUSTER: ocvab-cluster-model-adder | |
| jobs: | |
| build: | |
| name: 'Build' | |
| runs-on: ubuntu-latest | |
| outputs: | |
| git_ref: ${{ steps.git_ref.outputs.git_ref }} | |
| defaults: | |
| run: | |
| working-directory: go | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: '0' | |
| - name: Install yq | |
| run: | | |
| sudo wget -O /usr/local/bin/yq \ | |
| https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64 | |
| sudo chmod +x /usr/local/bin/yq | |
| - name: Bump version and push | |
| id: new_version | |
| uses: anothrNick/github-tag-action@1.22.0 | |
| if: github.ref == 'refs/heads/master' && github.event_name == 'push' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| WITH_V: false | |
| DEFAULT_BUMP: patch | |
| DRY_RUN: true | |
| - name: Copy spec for Docker build | |
| run: | | |
| mkdir .api | |
| cp ../api/* .api | |
| - name: Build Ledger Image | |
| uses: docker/build-push-action@v1 | |
| with: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| repository: opencredo/venafi-cloud-ab-poc/ledger | |
| registry: docker.pkg.github.com | |
| dockerfile: docker/ledger/Dockerfile | |
| path: go | |
| build_args: GIT_COMMIT_ID=${{ github.sha }} | |
| tag_with_ref: true | |
| tags: ${{ steps.new_version.outputs.new_tag }} | |
| tag_with_sha: false | |
| push: ${{ github.ref == 'refs/heads/master' && github.event_name == 'push' }} | |
| - name: Build Txnsim Image | |
| uses: docker/build-push-action@v1 | |
| with: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| repository: opencredo/venafi-cloud-ab-poc/txnsim | |
| registry: docker.pkg.github.com | |
| dockerfile: docker/txnsim/Dockerfile | |
| path: go | |
| build_args: GIT_COMMIT_ID=${{ github.sha }} | |
| tag_with_ref: true | |
| tags: ${{ steps.new_version.outputs.new_tag }} | |
| tag_with_sha: false | |
| push: ${{ github.ref == 'refs/heads/master' && github.event_name == 'push' }} | |
| - name: Build SecretFixer Image | |
| uses: docker/build-push-action@v1 | |
| with: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| repository: opencredo/venafi-cloud-ab-poc/secretfixer | |
| registry: docker.pkg.github.com | |
| dockerfile: docker/secretfixer/Dockerfile | |
| path: go | |
| build_args: GIT_COMMIT_ID=${{ github.sha }} | |
| tag_with_ref: true | |
| tags: ${{ steps.new_version.outputs.new_tag }} | |
| tag_with_sha: false | |
| push: ${{ github.ref == 'refs/heads/master' && github.event_name == 'push' }} | |
| - name: Update versions in charts | |
| if: github.ref == 'refs/heads/master' && github.event_name == 'push' | |
| working-directory: helm | |
| env: | |
| RELEASE_VERSION: ${{ steps.new_version.outputs.new_tag }} | |
| run: | | |
| git config --global user.email "noreply@opencredo.com" | |
| git config --global user.name "Robot Overlord" | |
| # Update main Chart versions | |
| yq write -i helmfile.yaml "releases.(labels.local==true).version" $RELEASE_VERSION | |
| git add helmfile.yaml | |
| # Update version in service specific charts | |
| for f in local/*; do | |
| yq write --inplace $f/Chart.yaml version $RELEASE_VERSION | |
| yq write --inplace $f/Chart.yaml appVersion $RELEASE_VERSION | |
| yq write --inplace $f/values.yaml image.tag $RELEASE_VERSION | |
| git add $f/Chart.yaml | |
| git add $f/values.yaml | |
| done | |
| git commit -m "Update Helm versions to $RELEASE_VERSION" | |
| git push | |
| - name: Bump version and push | |
| uses: anothrNick/github-tag-action@1.22.0 | |
| if: github.ref == 'refs/heads/master' && github.event_name == 'push' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| WITH_V: false | |
| DEFAULT_BUMP: patch | |
| - name: Set reference for Helm | |
| id: git_ref | |
| env: | |
| GH_REF: ${{ github.ref }} | |
| GH_EVENT: ${{ github.event_name }} | |
| GH_SHA: ${{ github.sha }} | |
| RELEASE_VERSION: ${{ steps.new_version.outputs.new_tag }} | |
| run: | | |
| if [[ "$GH_REF" == "refs/heads/master" && "$GH_EVENT" == "push" ]]; then | |
| echo "::set-output name=git_ref::$RELEASE_VERSION" | |
| else | |
| echo "::set-output name=git_ref::$GH_SHA" | |
| fi | |
| helm: | |
| name: 'helm' | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| ref: ${{ needs.build.outputs.git_ref }} | |
| - name: Install helmfile | |
| run: | | |
| sudo wget -O /usr/local/bin/helmfile \ | |
| https://github.com/roboll/helmfile/releases/download/v0.120.0/helmfile_linux_amd64 | |
| sudo chmod +x /usr/local/bin/helmfile | |
| - name: Setup Helm | |
| uses: azure/setup-helm@v1 | |
| - name: Install helm diff | |
| run: helm plugin install https://github.com/databus23/helm-diff --version e186caafe744378a6059f9b70084b49daf196ede | |
| - name: Setup gcloud | |
| uses: GoogleCloudPlatform/github-actions/setup-gcloud@master | |
| with: | |
| service_account_key: ${{ secrets.GCP_SERVICE_ACCOUNT }} | |
| project_id: ${{ secrets.GCP_PROJECT_ID }} | |
| - name: Get Kubeconfig | |
| run: gcloud container clusters get-credentials "$GCP_CLUSTER" --region "$GCP_REGION" | |
| - name: Helm Lint | |
| run: | | |
| for f in local/*; do | |
| helm lint $f | |
| done | |
| working-directory: helm | |
| - name: Install or upgrade Chart | |
| working-directory: helm | |
| run: | | |
| FLAG="" | |
| REDIRECT="/dev/stdout" | |
| APPLY="y" | |
| if [[ -z "$DRY_RUN" || "$DRY_RUN" == "true" ]]; then | |
| FLAG="-i" | |
| REDIRECT="/dev/null" | |
| APPLY=n | |
| fi | |
| echo "Upgrading charts: $FLAG" | |
| # Do not touch Linkerd in CI/CD pipeline. It autogenerates certs on | |
| # apply so always looks like it needs updating. | |
| echo $APPLY | helmfile $FLAG -l name!=linkerd apply --suppress-secrets > $REDIRECT | |
| env: | |
| USERS: ${{ secrets.USERS }} | |
| GIT_COMMIT_ID: ${{ github.sha }} | |
| DRY_RUN: ${{ github.ref != 'refs/heads/master' || github.event_name != 'push' }} | |
| VENAFI_API_KEY: ${{ secrets.VENAFI_API_KEY }} | |
| VENAFI_POLICY_ZONE: ${{ secrets.VENAFI_POLICY_ZONE }} | |
| LINKERD2_GLOBAL_IDENTITYTRUSTANCHORSPEM: ${{ secrets.LINKERD2_GLOBAL_IDENTITYTRUSTANCHORSPEM }} | |
| LINKERD2_IDENTITY_ISSUER_CRTEXPIRY: ${{ secrets.LINKERD2_IDENTITY_ISSUER_CRTEXPIRY }} | |
| LINKERD2_IDENTITY_ISSUER_TLS_CRTPEM: ${{ secrets.LINKERD2_IDENTITY_ISSUER_TLS_CRTPEM }} | |
| LINKERD2_IDENTITY_ISSUER_TLS_KEYPEM: ${{ secrets.LINKERD2_IDENTITY_ISSUER_TLS_KEYPEM }} |