-
Notifications
You must be signed in to change notification settings - Fork 1
127 lines (106 loc) · 4.41 KB
/
deploy.yml
File metadata and controls
127 lines (106 loc) · 4.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
name: Build and Deploy
on:
pull_request:
types: [ closed ]
branches: main
jobs:
publish:
name: Publish packages
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- uses: actions/checkout@v2.4.0
- name: Set up JDK 15
uses: actions/setup-java@v2.5.0
with:
java-version: 15.0.1
distribution: 'zulu'
- name: Configure git
run: |
git config --local user.email "release@foreignlanguagereader.com"
git config --local user.name "Release"
- name: Wait for previous deployments to complete
uses: softprops/turnstyle@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Cache sbt packages
if: steps.changed_files.outputs.dependencies == 'true' || steps.changed_files.outputs.base == 'true'
uses: actions/cache@v2
with:
key: sbt_cache
path: ~/.cache/coursier/v1/
- name: Publish to github packages
run: sbt "release with-defaults"
- name: Get release tag
id: version
uses: WyriHaximus/github-action-get-previous-tag@v1.1
# This is different than the release tag. A tag has v, like v1.1.0, but a version does not, like 1.1.0
- name: Get release version
run: echo "RELEASE_VERSION=$(echo "${{ steps.version.outputs.tag }}" | grep -Eo "[0-9\.]+")" >> $GITHUB_ENV
- name: Create Release
id: create_release
uses: actions/create-release@v1.1.4
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ steps.version.outputs.tag }}
release_name: "${{ env.RELEASE_VERSION }}: ${{ github.event.pull_request.title }}"
body: ${{ github.event.pull_request.body }}
- name: Login to Docker Hub
uses: docker/login-action@v1.12.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- uses: dorny/paths-filter@v2.10.2
name: Check which docker images to rebuild
id: changed_files
with:
filters: |
base:
- 'Dockerfile_base'
dependencies:
- 'Dockerfile_base'
- 'project/Dependencies.scala'
- name: Rebuild base image
if: steps.changed_files.outputs.base == 'true'
run: |
docker build . -f Dockerfile_base -t lkjaero/foreign-language-reader-api:base
docker push lkjaero/foreign-language-reader-api:base
# Why do we download dependencies here instead of in the docker image?
# It's because github package repository needs auth
# And we DO NOT want that auth inside the docker image
# Nice bonus is that we already grabbed them above.
- name: Rebuild dependencies image
if: steps.changed_files.outputs.dependencies == 'true'
run: |
cp -r ~/.cache/coursier/v1/ ./coursier_cache
docker build . -f Dockerfile_builder -t lkjaero/foreign-language-reader-api:builder
docker push lkjaero/foreign-language-reader-api:builder
- name: Build production docker image
run: docker build . -t lkjaero/foreign-language-reader-api:LATEST
- name: Enforce security rules
id: scan
uses: anchore/scan-action@v3
with:
image: "lkjaero/foreign-language-reader-api:LATEST"
acs-report-enable: true
- name: Push production docker image
run: |
docker tag lkjaero/foreign-language-reader-api:LATEST lkjaero/foreign-language-reader-api:${{ env.RELEASE_VERSION}}
docker push lkjaero/foreign-language-reader-api:${{ env.RELEASE_VERSION}}
docker push lkjaero/foreign-language-reader-api:LATEST
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-2
- name: Save kubeconfig
run: aws eks --region us-west-2 update-kubeconfig --name fluentlabsprod
- name: Update image in K8s
run: |
kubectl set image deployment/api api=lkjaero/foreign-language-reader-api:${{ env.RELEASE_VERSION}} --record
- name: Wait for deployment to finish
run: |
kubectl rollout status deployment/api