This repository was archived by the owner on Jan 31, 2025. It is now read-only.
BC-6810 - fix playbock #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: GraalVM build | |
| on: [push, pull_request] | |
| permissions: | |
| contents: read | |
| jobs: | |
| branch_meta: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| branch: ${{ steps.extract_branch_meta.outputs.branch }} | |
| sha: ${{ steps.extract_branch_meta.outputs.sha }} | |
| steps: | |
| - name: Extract branch meta | |
| shell: bash | |
| id: extract_branch_meta | |
| env: | |
| PR_HEAD_REF: ${{ github.event.pull_request.head.ref }} | |
| PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }} | |
| BRANCH_REF_NAME: ${{ github.ref_name}} | |
| BRANCH_SHA: ${{ github.sha }} | |
| run: | | |
| if [ "${{ github.event_name }}" == 'pull_request' ]; then | |
| echo "branch=devops-$PR_HEAD_REF" >> $GITHUB_OUTPUT | |
| echo "sha=$PR_HEAD_SHA" >> $GITHUB_OUTPUT | |
| else | |
| echo "branch=devops-$BRANCH_REF_NAME" >> $GITHUB_OUTPUT | |
| echo "sha=$BRANCH_SHA" >> $GITHUB_OUTPUT | |
| fi | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - branch_meta | |
| permissions: | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: graalvm/setup-graalvm@v1 | |
| with: | |
| java-version: '21' # See 'Options' section below for all supported versions | |
| distribution: 'graalvm' # See 'Options' section below for all available distributions | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: build | |
| run: | | |
| ./mvnw install -Dnative | |
| - name: Login to registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Docker meta Service Name | |
| id: docker_meta_img | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| tags: | | |
| type=ref,event=branch,enable=false,priority=600 | |
| type=sha,enable=true,priority=600,prefix= | |
| - name: test image exists | |
| run: | | |
| echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV | |
| - name: Set up Docker Buildx | |
| if: ${{ env.IMAGE_EXISTS == 0 }} | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push ${{ github.repository }} | |
| if: ${{ env.IMAGE_EXISTS == 0 }} | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./src/main/docker/Dockerfile.native-micro | |
| platforms: linux/amd64 | |
| push: true | |
| pull: true | |
| tags: ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }} | |
| labels: ${{ steps.docker_meta_img.outputs.labels }} | |
| create_branch_identifier: | |
| needs: | |
| - branch_meta | |
| uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/branch-to-namespace.yml@main | |
| with: | |
| branch: ${{ needs.branch_meta.outputs.branch }} | |
| create_artifacts_repos: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - branch_meta | |
| strategy: | |
| matrix: | |
| repos: | |
| - dof_app_deploy | |
| - doido-mongo | |
| steps: | |
| - run: | | |
| echo "git_ref_name=${{ needs.branch_meta.outputs.branch }}" >> $GITHUB_ENV | |
| echo git_ref_name ${{ needs.branch_meta.outputs.branch }} | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: hpi-schul-cloud/${{ matrix.repos }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| path: ${{ matrix.repos }} | |
| fetch-depth: 0 | |
| - working-directory: ${{github.workspace }}/${{ matrix.repos }} | |
| shell: bash | |
| run: | | |
| git checkout ${{ env.git_ref_name }} || true | |
| commit_id=$(git rev-parse HEAD) | |
| mkdir -pv ansible/group_vars/all | |
| ansible_varname=$(echo ${{ matrix.repos }} | tr [a-z] [A-Z] | tr - _ | tr \. _ | tr [:blank:] _ ) | |
| filename=$(echo ${ansible_varname} | tr [A-Z] [a-z] ) | |
| reponame=$(echo ${filename} | tr _ - ) | |
| branch_varname=$(echo ${{ needs.branch_meta.outputs.branch }} | tr -d [:cntrl:] | tr / \. | tr [:blank:] _ ) | |
| for i in ${{ env.tenants }}; do | |
| mkdir -pv ansible/host_vars/${i}_host | |
| echo "${ansible_varname}_IMAGE_TAG: $commit_id" >> ansible/host_vars/${i}_host/$filename.yml | |
| echo "${ansible_varname}_BRANCH_NAME: ${branch_varname}" >> ansible/host_vars/${i}_host/$filename.yml | |
| echo "${ansible_varname}_REPO_NAME: ${reponame}" >> ansible/host_vars/${i}_host/$filename.yml | |
| done | |
| - run: tar -cf ${{ matrix.repos }}.tar ansible | |
| working-directory: ${{github.workspace }}/${{ matrix.repos }} | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.repos }} | |
| path: ${{github.workspace }}/${{ matrix.repos }}/${{ matrix.repos }}.tar | |
| create_artifacts_workspaces: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - create_branch_identifier | |
| strategy: | |
| matrix: | |
| tenants: [ dbc ] | |
| steps: | |
| - shell: bash | |
| run: | | |
| mkdir -pv ansible/host_vars/${{ matrix.tenants }}_host | |
| - shell: bash | |
| working-directory: ${{github.workspace }}/ansible/host_vars/${{ matrix.tenants }}_host | |
| run: | | |
| echo "NAMESPACE: ${{ needs.create_branch_identifier.outputs.id_branch }}" > cfg_host.yml | |
| echo "DOMAIN: ${{ needs.create_branch_identifier.outputs.id_branch }}.${{ matrix.tenants }}.dbildungscloud.dev" >> cfg_host.yml | |
| - run: tar -cf ${{ matrix.tenants }}.tar ansible | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.tenants }} | |
| path: ${{github.workspace }}/${{ matrix.tenants }}.tar | |
| deploy: | |
| runs-on: ubuntu-latest | |
| name: deploy dbc | |
| needs: | |
| - create_artifacts_repos | |
| - create_artifacts_workspaces | |
| - build | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| - run: ls -R | |
| - run: mv */*.tar ./ | |
| - run: find -name "*.tar" -exec tar -xf {} \; | |
| - run: tar -cf dbc-ansible.tar ansible | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: debug-dbc-ansible | |
| path: ${{github.workspace }}/dbc-ansible.tar | |
| overwrite: true | |
| - shell: bash | |
| run: | | |
| python3 -m pip install kubernetes 'urllib3>=1.26.16' | |
| - name: TLS | |
| working-directory: ${{github.workspace }}/ansible/group_vars | |
| run: | | |
| echo "TLS_ENABLED: \"true\"" >> develop/dof_deploy.yml | |
| - run: ansible-galaxy install -r ansible/collections/requirements.yml | |
| - working-directory: ${{github.workspace }}/ansible/roles/sys | |
| run: | | |
| mkdir files | |
| echo "${{ secrets.DEV_KUBE_CONFIG_DBC }}" > files/config | |
| # It's necessary for the ansible k8s module to define proxy options as environment vars | |
| # (doesn't use the proxy defined in kubeconfig) | |
| # https://github.com/kubernetes-client/python/issues/1862 | |
| # https://docs.ansible.com/ansible/latest/collections/kubernetes/core/k8s_module.html#parameter-proxy | |
| # Format in kubeconfig is <protocoll>://<user>:<password>@<domain>:<port> | |
| # Set K8S_AUTH_PROXY=<protocoll>://<domain>:<port> | |
| # Set K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH=<user>:<password> | |
| # If proxy-url is not defined in the kubeconfig no variables are set | |
| - name: Set proxy environment variable if included in the kubeconfig | |
| working-directory: ${{github.workspace }}/ansible/roles/sys/files | |
| run: | | |
| yq ".clusters[0].cluster.proxy-url" config | sed -nr 's+(.*//).*@(.*)+K8S_AUTH_PROXY=\1\2+p' >> $GITHUB_ENV | |
| yq ".clusters[0].cluster.proxy-url" config | sed -nr 's+.*//(.*)@.*+K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH=\1+p' >> $GITHUB_ENV | |
| - run: ansible-playbook ./playbock-operator.yml --inventory-file hosts --limit "dbc_host" -e 'ansible_python_interpreter=/usr/bin/python3' | |
| working-directory: ${{github.workspace }}/ansible | |
| - working-directory: ${{github.workspace }}/ansible/roles/sys/files | |
| run: | | |
| rm -rf /config |