1.18.5 #21

Workflow file for this run

	name: Release Pipeline

	on:
	release:
	types: [published]

	env:
	DOCKER_IMAGE: wire-bot/roman
	SERVICE_NAME: roman

	jobs:
	deploy:
	name: Build and deploy service
	runs-on: ubuntu-20.04
	steps:
	- uses: actions/checkout@v2

	- name: Set Release Version
	# use latest tag as release version
	run: echo "RELEASE_VERSION=${GITHUB_REF:10}" >> $GITHUB_ENV

	# extract metadata for labels https://github.com/crazy-max/ghaction-docker-meta
	- name: Docker meta
	id: docker_meta
	uses: crazy-max/ghaction-docker-meta@v1
	with:
	images: eu.gcr.io/${{ env.DOCKER_IMAGE }}

	# setup docker actions https://github.com/docker/build-push-action
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v1
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1
	# login to GCR repo
	- name: Login to GCR
	uses: docker/login-action@v1
	with:
	registry: eu.gcr.io
	username: _json_key
	password: ${{ secrets.GCR_ACCESS_JSON }}

	- name: Build and push
	id: docker_build
	uses: docker/build-push-action@v2
	with:
	platforms: linux/amd64
	tags: ${{ steps.docker_meta.outputs.tags }}
	labels: ${{ steps.docker_meta.outputs.labels }}
	# push only if this is indeed a taged release
	push: ${{ startsWith(github.ref, 'refs/tags/') }}
	build-args: \|
	release_version=${{ env.RELEASE_VERSION }}

	# Checkout our Kubernetes configuration
	- name: Checkout Rubicon
	uses: actions/checkout@v2
	with:
	repository: zinfra/rubicon
	# currently main branch is develop
	ref: develop
	path: rubicon
	# private repo so use different git token
	token: ${{ secrets.RUBICON_GIT_TOKEN }}

	# Update version to the one that was just built
	- name: Change Version in Rubicon
	env:
	IMAGE: ${{ env.DOCKER_IMAGE }}
	SERVICE: ${{ env.SERVICE_NAME }}
	VERSION: ${{ env.RELEASE_VERSION }}
	run: \|
	# go to directory with configuration
	cd "rubicon/prod/services/$SERVICE"
	# escape literals for the sed and set output with GCR
	export SED_PREPARED=$(echo $IMAGE \| awk '{ gsub("/", "\\/", $1); print "eu.gcr.io\\/"$1 }')
	# update final yaml
	sed -i".bak" "s/image: $SED_PREPARED.*/image: $SED_PREPARED:$VERSION/g" "$SERVICE.yaml"
	# delete bakup file
	rm "$SERVICE.yaml.bak"

	- name: Enable auth plugin
	run: \|
	echo "USE_GKE_GCLOUD_AUTH_PLUGIN=True" >> $GITHUB_ENV

	# Auth to GKE
	- name: Authenticate to GKE
	uses: google-github-actions/auth@v1
	with:
	project_id: wire-bot
	credentials_json: ${{ secrets.GKE_SA_KEY }}
	service_account: kubernetes-deployment-agent@wire-bot.iam.gserviceaccount.com

	# Setup gcloud CLI
	- name: Set up Cloud SDK
	uses: google-github-actions/setup-gcloud@v1

	# Prepare components
	- name: Prepare gcloud components
	run: \|
	gcloud components install gke-gcloud-auth-plugin
	gcloud components update
	gcloud --quiet auth configure-docker

	# Get the GKE credentials so we can deploy to the cluster
	- name: Obtain k8s credentials
	env:
	GKE_CLUSTER: anayotto
	GKE_ZONE: europe-west1-c
	run: \|
	gcloud container clusters get-credentials "$GKE_CLUSTER" --zone "$GKE_ZONE"

	# K8s is set up, deploy the app
	- name: Deploy the Service
	env:
	SERVICE: ${{ env.SERVICE_NAME }}
	run: \|
	kubectl apply -f "rubicon/prod/services/$SERVICE/$SERVICE.yaml"

	# Commit all data to Rubicon and open PR
	- name: Create Rubicon Pull Request
	uses: peter-evans/create-pull-request@v3
	with:
	path: rubicon
	branch: ${{ env.SERVICE_NAME }}-release
	token: ${{ secrets.RUBICON_GIT_TOKEN }}
	labels: version-bump, automerge
	title: ${{ env.SERVICE_NAME }} release ${{ env.RELEASE_VERSION }}
	commit-message: ${{ env.SERVICE_NAME }} version bump to ${{ env.RELEASE_VERSION }}
	body: \|
	This is automatic version bump from the pipeline.

	# Send webhook to Wire using Slack Bot
	- name: Webhook to Wire
	uses: 8398a7/action-slack@v2
	with:
	status: ${{ job.status }}
	author_name: ${{ env.SERVICE_NAME }} Production Deployment
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.WEBHOOK_RELEASE }}
	# Notify every release
	if: always()

	quay_publish:
	name: Quay Publish Pipeline
	runs-on: ubuntu-20.04
	steps:
	- uses: actions/checkout@v2
	- name: Set Release Version
	# use latest tag as release version
	run: echo "RELEASE_VERSION=${GITHUB_REF:10}" >> $GITHUB_ENV

	# extract metadata for labels https://github.com/crazy-max/ghaction-docker-meta
	- name: Docker meta
	id: docker_meta
	uses: crazy-max/ghaction-docker-meta@v1
	with:
	images: quay.io/wire/${{ env.SERVICE_NAME }}

	# setup docker actions https://github.com/docker/build-push-action
	- name: Set up QEMU
	uses: docker/setup-qemu-action@v1
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1
	# login to GCR repo
	- name: Login to DockerHub
	uses: docker/login-action@v1
	with:
	registry: quay.io
	username: wire+roman_github_actions
	password: ${{ secrets.QUAY_PASSWORD }}

	- name: Build and push
	id: docker_build
	uses: docker/build-push-action@v2
	with:
	tags: ${{ steps.docker_meta.outputs.tags }}
	labels: ${{ steps.docker_meta.outputs.labels }}
	push: true
	build-args: \|
	release_version=${{ env.RELEASE_VERSION }}

	# Send webhook to Wire using Slack Bot
	- name: Webhook to Wire
	uses: 8398a7/action-slack@v2
	with:
	status: ${{ job.status }}
	author_name: ${{ env.SERVICE_NAME }} Quay Production Publish
	env:
	SLACK_WEBHOOK_URL: ${{ secrets.WEBHOOK_RELEASE }}
	# Send message only if previous step failed
	if: always()

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

1.18.5 #21

Workflow file

1.18.5 #21

Jobs

Run details

Workflow file for this run