From 26f523fd15a554a7f4b8b6b95f466a4251e668e6 Mon Sep 17 00:00:00 2001 From: Viet Nguyen Date: Tue, 10 Dec 2024 01:07:15 +1100 Subject: [PATCH] add initial gh actions files --- .github/workflows/build_deploy_edge.yml | 66 +++++++++++++++++++ .github/workflows/ci.yml | 3 +- .github/workflows/semantic-release-ci.yml | 5 +- .github/workflows/trigger_deploy.yml | 80 +++++++++++++++++++++++ 4 files changed, 152 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/build_deploy_edge.yml create mode 100644 .github/workflows/trigger_deploy.yml diff --git a/.github/workflows/build_deploy_edge.yml b/.github/workflows/build_deploy_edge.yml new file mode 100644 index 0000000..b0da160 --- /dev/null +++ b/.github/workflows/build_deploy_edge.yml @@ -0,0 +1,66 @@ +name: Build/Deploy Edge +on: + push: + branches: + - main + paths-ignore: + - '**/*.md' + - "notebooks/**" + - "extras/**" + - '.github/environment/**' +permissions: + id-token: write + contents: read +jobs: + build_push: + runs-on: ubuntu-latest + environment: central + outputs: + digest: ${{ steps.build_and_push.outputs.digest }} + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + # - name: Set up JDK 17 + # uses: actions/setup-java@v4 + # with: + # distribution: 'temurin' + # java-version: '17' + # cache: 'maven' + # server-id: 'codeartifact' + # server-password: 'CODEARTIFACT_AUTH_TOKEN' + - name: Configure AWS Credentials + id: aws_auth + uses: aws-actions/configure-aws-credentials@v4 + with: + audience: sts.amazonaws.com + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: ${{ vars.AWS_ROLE_ARN }} + # - name: Build with Maven + # run: mvn -B verify --file pom.xml + - name: Login to ECR + uses: docker/login-action@v3 + with: + registry: ${{ vars.ECR_REGISTRY }} + - name: Build and Push Docker Image + id: build_and_push + uses: docker/build-push-action@v5 + with: + context: . + # Only building for AMD64 for now + # platforms: linux/amd64,linux/arm64 + push: true + tags: | + ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:${{ github.sha }} + ${{ vars.ECR_REGISTRY }}/${{ vars.ECR_REPOSITORY }}:latest + trigger_edge_deploy: + needs: [build_push] + uses: ./.github/workflows/trigger_deploy.yml + with: + app_name: data-discovery-ai + environment: edge + digest: ${{ needs.build_push.outputs.digest }} + secrets: inherit diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5789419..4108fac 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,9 +7,10 @@ on: branches: - main paths-ignore: - - "**/*.md" + - '**/*.md' - "notebooks/**" - "extras/**" + - '.github/environment/**' concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/semantic-release-ci.yml b/.github/workflows/semantic-release-ci.yml index 8a378f4..c9f4be5 100644 --- a/.github/workflows/semantic-release-ci.yml +++ b/.github/workflows/semantic-release-ci.yml @@ -4,7 +4,10 @@ on: branches: - main paths-ignore: - - "**/*.md" + - '**/*.md' + - "notebooks/**" + - "extras/**" + - '.github/environment/**' permissions: contents: write concurrency: diff --git a/.github/workflows/trigger_deploy.yml b/.github/workflows/trigger_deploy.yml new file mode 100644 index 0000000..2fcae55 --- /dev/null +++ b/.github/workflows/trigger_deploy.yml @@ -0,0 +1,80 @@ +name: Trigger Deploy +on: + workflow_dispatch: + inputs: + app_name: + required: true + description: The short-name of the app corresponding to the folder in appdeploy. + type: string + environment: + required: true + description: The environment to use for the deploy job. + type: choice + options: + - edge + - staging + - production + digest: + required: false + description: The image digest to pass to the deploy job. + type: string + workflow_call: + inputs: + app_name: + required: true + type: string + digest: + required: false + type: string + environment: + required: true + type: string +permissions: + id-token: write + contents: read +jobs: + trigger_deploy: + runs-on: ubuntu-latest + environment: ${{ inputs.environment }} + steps: + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + audience: sts.amazonaws.com + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: ${{ vars.AWS_ROLE_ARN }} + - name: Push Image Digest to SSM + if: ${{ inputs.digest != '' }} + run: | + aws ssm put-parameter \ + --name "/apps/${{ inputs.app_name }}/${{ inputs.environment }}/image_digest" \ + --type "String" \ + --value "$digest" \ + --overwrite + env: + digest: ${{ inputs.digest }} + - name: Generate App Token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.DEPLOY_APP_ID }} + private-key: ${{ secrets.DEPLOY_APP_PRIVATE_KEY }} + owner: ${{ github.repository_owner }} + repositories: "appdeploy" + - name: Trigger Deploy Workflow + uses: actions/github-script@v7 + with: + github-token: ${{ steps.app-token.outputs.token }} + retries: 3 + retry-exempt-status-codes: 204 + script: | + github.rest.actions.createWorkflowDispatch({ + owner: 'aodn', + repo: 'appdeploy', + workflow_id: 'deploy.yml', + ref: 'main', + inputs: { + app_name: '${{ inputs.app_name }}', + environment: '${{ inputs.environment }}' + } + })