-
Notifications
You must be signed in to change notification settings - Fork 198
175 lines (157 loc) · 6.82 KB
/
build-preview-environment.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
# Deploys a temporary environment for testing a version of the code when a pull request is created / updated with a 'deploy-pr' label
name: Deploy PR Environment
concurrency:
group: "deploy-${{ github.event.pull_request.head.ref }}"
cancel-in-progress: false
on:
workflow_dispatch:
pull_request:
types: [ labeled, synchronize ]
permissions:
id-token: write
contents: write
pull-requests: write
packages: write
env:
REF: ${{ github.event_name == 'workflow_dispatch' && github.ref_name || github.event_name == 'pull_request' && github.event.pull_request.head.ref }}
jobs:
deploy-dev-pr-environment:
if: contains(github.event.pull_request.labels.*.name, 'deploy-pr') || github.event_name == 'workflow_dispatch'
runs-on: ubuntu-latest
outputs:
env_name: ${{ steps.env-name.outputs.PR_ENV_NAME }}
ref: ${{ steps.clean-ref.outputs.ref }}
steps:
- name: Clean Ref
id: clean-ref
shell: bash
run: |
BRANCH_NAME=${{ env.REF }}
CLEAN_BRANCH_NAME=${BRANCH_NAME#refs/heads/}
echo "ref=$CLEAN_BRANCH_NAME" >> $GITHUB_OUTPUT
- name: Checkout the Tool and actions
uses: actions/checkout@v4
with:
ref: ${{ steps.clean-ref.outputs.ref }}
fetch-depth: 1
- name: "Sanitize ENV name"
id: sanitize_env
shell: bash
run: |
SANITIZED_BRANCH_NAME=$(echo -n "${{ steps.clean-ref.outputs.ref }}" | tr "/" "-")
echo "Sanitized branch name: $SANITIZED_BRANCH_NAME"
TRIMMED_BRANCH_NAME=$(echo -n "$SANITIZED_BRANCH_NAME" | cut -c 1-7)
echo "sanitized_env_name=$SANITIZED_BRANCH_NAME" >> $GITHUB_OUTPUT;
echo "trimmed_env_name=$TRIMMED_BRANCH_NAME" >> $GITHUB_OUTPUT;
- name: Environment deployment
id: env-name
run: |
echo "deploying environment"
echo "PR_ENV_NAME=${{ steps.sanitize_env.outputs.trimmed_env_name }}" >> $GITHUB_ENV
echo "PR_ENV_NAME=${{ steps.sanitize_env.outputs.trimmed_env_name }}" >> $GITHUB_OUTPUT
build-wf-service:
needs: deploy-dev-pr-environment
uses: ./.github/workflows/build-push-docker-images.yml
with:
registry: ghcr.io/${{ github.repository_owner }}
context: services/workflows-service
image_name: workflows-service
ref: ${{ needs.deploy-dev-pr-environment.outputs.ref }}
tag: ${{ needs.deploy-dev-pr-environment.outputs.env_name }}
file: 'services/workflows-service/Dockerfile'
build-wf-service-ee:
needs: [deploy-dev-pr-environment,build-wf-service]
uses: ./.github/workflows/build-push-docker-images.yml
with:
registry: ghcr.io/${{ github.repository_owner }}
context: services/workflows-service
image_name: workflows-service-ee
ref: ${{ needs.deploy-dev-pr-environment.outputs.ref }}
tag: ${{ needs.deploy-dev-pr-environment.outputs.env_name }}
file: 'services/workflows-service/Dockerfile.ee'
build-backoffice:
needs: [deploy-dev-pr-environment]
uses: ./.github/workflows/build-push-docker-images.yml
with:
registry: ghcr.io/${{ github.repository_owner }}
context: apps/backoffice-v2
image_name: backoffice
ref: ${{ needs.deploy-dev-pr-environment.outputs.ref }}
tag: ${{ needs.deploy-dev-pr-environment.outputs.env_name }}
file: 'apps/backoffice-v2/Dockerfile.preview'
build-kyb:
needs: [deploy-dev-pr-environment]
uses: ./.github/workflows/build-push-docker-images.yml
with:
registry: ghcr.io/${{ github.repository_owner }}
context: apps/kyb-app
image_name: kyb-app
ref: ${{ needs.deploy-dev-pr-environment.outputs.ref }}
tag: ${{ needs.deploy-dev-pr-environment.outputs.env_name }}
file: 'apps/kyb-app/Dockerfile.preview'
build-dashboard:
needs: [deploy-dev-pr-environment]
uses: ./.github/workflows/build-push-docker-images.yml
with:
registry: ghcr.io/${{ github.repository_owner }}
context: apps/workflows-dashboard
image_name: workflows-dashboard
ref: ${{ needs.deploy-dev-pr-environment.outputs.ref }}
tag: ${{ needs.deploy-dev-pr-environment.outputs.env_name }}
file: 'apps/workflows-dashboard/Dockerfile.preview'
build-unified-api:
runs-on: ubuntu-latest
needs: [deploy-dev-pr-environment]
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
with:
platforms: 'arm64,arm'
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ vars.PREVIEW_OIDC_ROLE }}
aws-region: ${{ vars.PREVIEW_AWS_REGION }}
# Access the secret
- name: Retrieve secret from Secrets Manager
id: get-secret
run: |
secret_value=$(aws secretsmanager get-secret-value --secret-id ${{ vars.PREVIEW_SECRET }} --query 'SecretString' --output text | jq -r '.SUBMODULE_SECRET')
echo "SUBMODULE_SECRET=$secret_value" >> $GITHUB_ENV
echo "SUBMODULE_SECRET=$secret_value" >> $GITHUB_OUTPUT
- name: Log in to the container registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io/${{ github.repository_owner }}
username: ${{ github.actor }}
password: ${{ steps.get-secret.outputs.SUBMODULE_SECRET }}
- name: Checkout repository
run: |
docker pull ghcr.io/${{ github.repository_owner }}/${{ vars.UNIFIED_IMAGE_NAME }}:latest
docker tag ghcr.io/${{ github.repository_owner }}/${{ vars.UNIFIED_IMAGE_NAME }}:latest ghcr.io/${{ github.repository_owner }}/${{ vars.UNIFIED_IMAGE_NAME }}:${{ needs.deploy-dev-pr-environment.outputs.env_name }}
docker push ghcr.io/${{ github.repository_owner }}/${{ vars.UNIFIED_IMAGE_NAME }}:${{ needs.deploy-dev-pr-environment.outputs.env_name }}
deploy-preview:
needs: [deploy-dev-pr-environment,build-wf-service,build-wf-service-ee,build-backoffice,build-kyb,build-dashboard,build-unified-api]
runs-on: ubuntu-latest
steps:
- name: Trigger workflow in another repo
uses: actions/github-script@v7
with:
github-token: ${{ secrets.GIT_TOKEN }}
script: |
try {
await github.rest.repos.createDispatchEvent({
owner: 'ballerine-io',
repo: 'cloud-infra-config',
event_type: 'deploy-preview',
client_payload: {
'ref': '${{ needs.deploy-dev-pr-environment.outputs.env_name }}'
}
});
console.log('Successfully triggered deploy-preview event');
} catch (error) {
console.error('Failed to trigger deploy-preview event:', error);
throw error;
}