-
Notifications
You must be signed in to change notification settings - Fork 2
157 lines (153 loc) · 5.01 KB
/
cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: Common CD reusable workflow
on:
workflow_call:
inputs:
environment:
description: 'environment name'
required: false
default: sandbox
type: string
use_ruby:
description: 'whether use ruby or not'
required: false
default: false
type: boolean
ruby_version:
description: 'ruby version'
required: false
type: string
use_node:
description: 'whether use node or not'
required: false
default: false
type: boolean
node_version:
description: 'node version'
required: false
type: string
node_package_manager:
description: 'node package manager name'
required: false
type: string
use_go:
description: 'whether use go or not'
required: false
default: false
type: boolean
go_version:
description: 'go version'
required: false
type: string
dockerfile_path:
description: 'Dockerfile path'
required: false
default: Dockerfile
type: string
secrets:
github_pat:
description: 'Personal Access Token of bot user'
required: false
aws_region:
description: 'AWS region name'
required: true
aws_iam_role:
description: 'AWS IAM role arn'
required: true
aws_ecr_repository:
description: 'AWS ECR repository name'
required: true
jobs:
dependency-resolution:
name: resolve dependencies
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: pinnacles/common-cicd-actions/.github/actions/setup-lang@v0.1.0
with:
use_ruby: ${{ inputs.use_ruby }}
ruby_version: ${{ inputs.ruby_version }}
use_node: ${{ inputs.use_node }}
node_version: ${{ inputs.node_version }}
node_package_manager: ${{ inputs.node_package_manager }}
use_go: ${{ inputs.use_go }}
go_version: ${{ inputs.go_version }}
build-and-push:
name: execute `make build & docker build & docker push`
needs: dependency-resolution
runs-on: ubuntu-latest
outputs:
image_tag: ${{ steps.meta.outputs.version }}
permissions:
contents: write
id-token: write
steps:
- uses: actions/checkout@v2
- uses: docker/setup-buildx-action@v1
- uses: pinnacles/common-cicd-actions/.github/actions/setup-lang@v0.1.0
with:
use_ruby: ${{ inputs.use_ruby }}
ruby_version: ${{ inputs.ruby_version }}
use_node: ${{ inputs.use_node }}
node_version: ${{ inputs.node_version }}
node_package_manager: ${{ inputs.node_package_manager }}
use_go: ${{ inputs.use_go }}
go_version: ${{ inputs.go_version }}
- name: Configure AWS Credentials
uses: pinnacles/common-cicd-actions/.github/actions/aws-oidc-auth@v0.7.1
with:
aws-region: ${{ secrets.aws_region }}
role-to-assume: ${{ secrets.aws_iam_role }}
role-session-name: session-name-${{ github.job }}-${{ github.run_id }}-${{ github.run_attempt }}
- uses: aws-actions/amazon-ecr-login@v1
id: login-ecr
- run: |
make build
env:
ACTION_TYPE: CD
ENVIRONMENT: ${{ inputs.environment }}
RUBY_VERSION: ${{ inputs.ruby_version }}
NODE_VERSION: ${{ inputs.node_version }}
GO_VERSION: ${{ inputs.go_version }}
GITHUB_TOKEN: ${{ secrets.github_pat }}
- uses: docker/metadata-action@v3
id: meta
with:
images: ${{ steps.login-ecr.outputs.registry }}/${{ secrets.aws_ecr_repository }}
tags: |
type=sha,prefix=
- uses: docker/build-push-action@v2
with:
context: .
file: ${{ inputs.dockerfile_path }}
push: true
tags: ${{ steps.meta.outputs.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
post-process:
name: execute `make post-process`
needs: [build-and-push]
runs-on: ubuntu-latest
permissions:
contents: write
id-token: write
steps:
- name: Extract branch name
shell: bash
run: echo "::set-output name=branch::${GITHUB_REF#refs/heads/}"
id: extract_branch
- uses: actions/checkout@v2
with:
fetch-depth: 2
- name: Configure AWS Credentials
uses: pinnacles/common-cicd-actions/.github/actions/aws-oidc-auth@v0.7.1
with:
aws-region: ${{ secrets.aws_region }}
role-to-assume: ${{ secrets.aws_iam_role }}
role-session-name: session-name-${{ github.job }}-${{ github.run_id }}-${{ github.run_attempt }}
- run: make post-process
env:
ACTION_TYPE: CD
ENVIRONMENT: ${{ inputs.environment }}
IMAGE_TAG: ${{ needs.build-and-push.outputs.image_tag }}
GITHUB_TOKEN: ${{ secrets.github_pat }}
BRANCH_NAME: ${{ steps.extract_branch.outputs.branch }}