generated from cognitedata/deploy-functions-oidc
-
Notifications
You must be signed in to change notification settings - Fork 0
105 lines (98 loc) · 4.53 KB
/
deploy-push-test.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: Deploy Functions to CDF project using OIDC
on:
push:
branches:
- test
jobs:
generate-matrix:
uses: "./.github/workflows/generate-matrix.yaml"
with:
deploy_folders: >-
(
"example_function1"
"example_function2"
)
trigger_deploy_all_folders: >-
(
"common"
)
deploy:
needs: generate-matrix
name: Deploy to Cognite Functions
runs-on: ubuntu-latest
strategy:
matrix:
function: ${{ fromJson(needs.generate-matrix.outputs.folders) }}
steps:
- uses: actions/checkout@v3.1.0
if: ${{ contains(needs.generate-matrix.outputs.deploy_folders, matrix.function) }}
- name: Extract service name
if: ${{ contains(needs.generate-matrix.outputs.deploy_folders, matrix.function) }}
shell: bash
run: |
name=$(echo ${GITHUB_REF#refs/heads/} | sed -e s/_/-/g)
under_name=$(echo ${GITHUB_REF#refs/heads/} | sed -e s/-/_/g)
echo "name=${name}" >> $GITHUB_OUTPUT
echo "under_name=${under_name}" >> $GITHUB_OUTPUT
id: extract_name
- name: Resolve secrets
if: ${{ contains(needs.generate-matrix.outputs.deploy_folders, matrix.function) }}
shell: bash
env:
BRANCH: ${{ steps.extract_name.outputs.under_name }}
# Secret names should contain branch name with hyphens (if applicable)
run: |
echo "deployment_secret=deploy_${BRANCH}" >> $GITHUB_OUTPUT
echo "schedules_secret=schedules_${BRANCH}" >> $GITHUB_OUTPUT
echo "extra_secret=secrets_${{ matrix.function }}_${BRANCH}" >> $GITHUB_OUTPUT
id: extract_secrets
- name: Install yq
if: ${{ contains(needs.generate-matrix.outputs.deploy_folders, matrix.function) }}
run: |
sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.27.5/yq_linux_amd64
sudo chmod +x /usr/local/bin/yq
- name: Extract config file parameters
if: ${{ contains(needs.generate-matrix.outputs.deploy_folders, matrix.function) }}
shell: bash
run: |
FILE="${{ matrix.function }}/function_config.yaml"
if [ ! -f $FILE ]; then
echo "Config: $FILE not supplied!"
else
ALLKEYS=$(yq -o=tsv "keys" $FILE)
for CONFIGURATION in $ALLKEYS
do
VALUE=$(yq -o=json -I=0 ".$CONFIGURATION" $FILE | sed -e 's/^"//' -e 's/"$//')
echo "${CONFIGURATION}=${VALUE}" >> $GITHUB_OUTPUT
done
fi
id: extract_params
- name: Deploy and schedule ${{ matrix.function }}
if: ${{ contains(needs.generate-matrix.outputs.deploy_folders, matrix.function) }}
uses: cognitedata/function-action-oidc@v1
with:
# Parameters you may likely hardcode here directly:
deployment_client_id: 5f18d04a-2d2a-41a2-aa15-bd62a149cd14
deployment_tenant_id: 0d75f6b8-c6b9-4e84-baca-503e08aa7e4a
cdf_project: az-forge-sandbox
cdf_cluster: bluefield # or api, westeurope-1, etc.
data_set_id: "7289494538225428"
runtime: py39
# Parameters we can read/extract automatically:
function_folder: ${{ matrix.function }}
function_external_id: ${{ matrix.function }}-${{ steps.extract_name.outputs.name }}
schedule_file: schedules/${{ steps.extract_name.outputs.name }}.yaml
# Parameters we get from Github secret storage:
deployment_client_secret: ${{ secrets[steps.extract_secrets.outputs.deployment_secret] }}
schedules_client_secret: ${{ secrets[steps.extract_secrets.outputs.schedules_secret] }}
function_secrets: ${{ secrets[steps.extract_secrets.outputs.extra_secret] }}
# Individual parameters per function we read from 'function_config.yaml':
common_folder: ${{ steps.extract_params.outputs.common_folder }}
function_deploy_timeout: ${{ steps.extract_params.outputs.function_deploy_timeout }}
post_deploy_cleanup: ${{ steps.extract_params.outputs.post_deploy_cleanup }}
schedules_client_id: ${{ steps.extract_params.outputs.schedules_client_id }}
schedules_tenant_id: ${{ steps.extract_params.outputs.schedules_tenant_id }}
description: ${{ steps.extract_params.outputs.description }}
owner: ${{ steps.extract_params.outputs.owner }}
env_vars: ${{ steps.extract_params.outputs.env_vars }}
metadata: ${{ steps.extract_params.outputs.metadata }}