Skip to content
push_on_tag_prod_workflow

fixed to add settings all the time #21

Sign in to view logs

fixed to add settings all the time

fixed to add settings all the time #21

Workflow file for this run

.github/workflows/prod_workflow.yml at 5645be4
name: push_on_tag_prod_workflow
# Push to docker hub if tag has been created.
on:
push:
tags:
- '*'
paths:
- 'charts/**'
- 'salt/**'
- 'config/**'
- '**.Dokerfile'
- 'snow-inspector/**'
- 'tethysapp-hydrocompute/**'
- 'tethysapp-metdataexplorer/**'
- 'tethysapp-swe/**'
- 'tethysapp-tethys_app_store/**'
- 'tethysext-ciroh_theme/**'
- 'Water-Data-Explorer/**'
env:
DOCKER_HUB_ORG: gioelkin
# DOCKER_HUB_ORG: ciroh
DOCKER_REPO: tethysapp-ciroh-portal
# DOCKER_REPO: tethysapp-ciroh
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# build image
build:
runs-on: ubuntu-latest
steps:
- name: Free disk space
run: |
sudo docker rmi $(docker image ls -aq) || true
sudo swapoff /mnt/swapfile || true
sudo rm -rf /mnt/swapfile /usr/share/dotnet /usr/local/lib/android /opt/ghc || true
sudo apt purge aria2 ansible azure-cli shellcheck rpm xorriso zsync \
clang-6.0 lldb-6.0 lld-6.0 clang-format-6.0 clang-8 lldb-8 lld-8 clang-format-8 \
clang-9 lldb-9 lld-9 clangd-9 clang-format-9 dotnet-sdk-3.0 dotnet-sdk-3.1=3.1.101-1 \
esl-erlang firefox g++-8 g++-9 gfortran-8 gfortran-9 google-chrome-stable \
google-cloud-sdk ghc-8.0.2 ghc-8.2.2 ghc-8.4.4 ghc-8.6.2 ghc-8.6.3 ghc-8.6.4 \
ghc-8.6.5 ghc-8.8.1 ghc-8.8.2 ghc-8.8.3 ghc-8.10.1 cabal-install-2.0 cabal-install-2.2 \
cabal-install-2.4 cabal-install-3.0 cabal-install-3.2 heroku imagemagick \
libmagickcore-dev libmagickwand-dev libmagic-dev ant ant-optional kubectl \
mercurial apt-transport-https mono-complete mysql-client libmysqlclient-dev \
mysql-server mssql-tools unixodbc-dev yarn bazel chrpath libssl-dev libxft-dev \
libfreetype6 libfreetype6-dev libfontconfig1 libfontconfig1-dev php7.1 php7.1-bcmath \
php7.1-bz2 php7.1-cgi php7.1-cli php7.1-common php7.1-curl php7.1-dba php7.1-dev \
php7.1-enchant php7.1-fpm php7.1-gd php7.1-gmp php7.1-imap php7.1-interbase php7.1-intl \
php7.1-json php7.1-ldap php7.1-mbstring php7.1-mcrypt php7.1-mysql php7.1-odbc \
php7.1-opcache php7.1-pgsql php7.1-phpdbg php7.1-pspell php7.1-readline php7.1-recode \
php7.1-snmp php7.1-soap php7.1-sqlite3 php7.1-sybase php7.1-tidy php7.1-xml \
php7.1-xmlrpc php7.1-xsl php7.1-zip php7.2 php7.2-bcmath php7.2-bz2 php7.2-cgi \
php7.2-cli php7.2-common php7.2-curl php7.2-dba php7.2-dev php7.2-enchant php7.2-fpm \
php7.2-gd php7.2-gmp php7.2-imap php7.2-interbase php7.2-intl php7.2-json php7.2-ldap \
php7.2-mbstring php7.2-mysql php7.2-odbc php7.2-opcache php7.2-pgsql php7.2-phpdbg \
php7.2-pspell php7.2-readline php7.2-recode php7.2-snmp php7.2-soap php7.2-sqlite3 \
php7.2-sybase php7.2-tidy php7.2-xml php7.2-xmlrpc php7.2-xsl php7.2-zip php7.3 \
php7.3-bcmath php7.3-bz2 php7.3-cgi php7.3-cli php7.3-common php7.3-curl php7.3-dba \
php7.3-dev php7.3-enchant php7.3-fpm php7.3-gd php7.3-gmp php7.3-imap php7.3-interbase \
php7.3-intl php7.3-json php7.3-ldap php7.3-mbstring php7.3-mysql php7.3-odbc \
php7.3-opcache php7.3-pgsql php7.3-phpdbg php7.3-pspell php7.3-readline php7.3-recode \
php7.3-snmp php7.3-soap php7.3-sqlite3 php7.3-sybase php7.3-tidy php7.3-xml \
php7.3-xmlrpc php7.3-xsl php7.3-zip php7.4 php7.4-bcmath php7.4-bz2 php7.4-cgi \
php7.4-cli php7.4-common php7.4-curl php7.4-dba php7.4-dev php7.4-enchant php7.4-fpm \
php7.4-gd php7.4-gmp php7.4-imap php7.4-interbase php7.4-intl php7.4-json php7.4-ldap \
php7.4-mbstring php7.4-mysql php7.4-odbc php7.4-opcache php7.4-pgsql php7.4-phpdbg \
php7.4-pspell php7.4-readline php7.4-snmp php7.4-soap php7.4-sqlite3 php7.4-sybase \
php7.4-tidy php7.4-xml php7.4-xmlrpc php7.4-xsl php7.4-zip php-amqp php-apcu \
php-igbinary php-memcache php-memcached php-mongodb php-redis php-xdebug \
php-zmq snmp pollinate libpq-dev postgresql-client powershell ruby-full \
sphinxsearch subversion mongodb-org -yq >/dev/null 2>&1 || true
sudo apt-get autoremove -y >/dev/null 2>&1 || true
sudo apt-get autoclean -y >/dev/null 2>&1 || true
- name: Check disk space
run: df -h
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
with:
fetch-depth: 0
submodules: 'true'
# Checks-out the hydrocompute extra submodule
- name: checkout Hydrocompute submodule
run: |
cd tethysapp-hydrocompute/tethysapp/hydrocompute/public/HydroCompute && git submodule update --init --recursive
- name: Set Tag
run: |
echo "TAG=${GITHUB_REF:10}" >> $GITHUB_ENV
echo "TAG_LATEST=latest" >> $GITHUB_ENV
- name: Test Tag
run: |
echo $TAG
- name: check_docker_file_changed_files
id: changed-files-yaml
uses: tj-actions/changed-files@v37
with:
files_yaml: |
docker:
- salt/**
- prod.Dockerfile
- piprequirements.txt
- config/**
- .gitmodules
- snow-inspector/**
- tethysapp-hydrocompute/**
- tethysapp-metdataexplorer/**
- tethysapp-swe/**
- tethysapp-tethys_app_store/**
- tethysext-ciroh_theme/**
- Water-Data-Explorer/**
- name: Set up Docker Buildx
if: steps.changed-files-yaml.outputs.docker_any_changed == 'true'
uses: docker/setup-buildx-action@v2
- name: Login to Docker Hub
if: steps.changed-files-yaml.outputs.docker_any_changed == 'true'
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_BUILDER_USERNAME }}
password: ${{ secrets.DOCKER_BUILDER_TOKEN }}
- name: build and push stable tag
if: steps.changed-files-yaml.outputs.docker_any_changed == 'true'
uses: docker/build-push-action@v4
with:
context: .
file: ./prod.Dockerfile
push: true
tags: ${{ env.DOCKER_HUB_ORG }}/${{ env.DOCKER_REPO }}:${{ env.TAG }}
cache-from: type=registry,ref=${{ env.DOCKER_HUB_ORG }}/${{ env.DOCKER_REPO }}-cache:latest
cache-to: type=registry,ref=${{ env.DOCKER_HUB_ORG }}/${{ env.DOCKER_REPO }}-cache:latest,mode=max
# - name: build and push latest tag
# if: steps.changed-files-yaml.outputs.docker_any_changed == 'true'
# uses: docker/build-push-action@v4
# with:
# context: .
# file: ./prod.Dockerfile
# push: true
# tags: ${{ env.DOCKER_HUB_ORG }}/${{ env.DOCKER_REPO }}:${{ env.TAG_LATEST }}
# cache-from: type=registry,ref=${{ env.DOCKER_HUB_ORG }}/${{ env.DOCKER_REPO }}-cache:latest
# cache-to: type=registry,ref=${{ env.DOCKER_HUB_ORG }}/${{ env.DOCKER_REPO }}-cache:latest,mode=max
# lint and test chart
lint-test:
runs-on: ubuntu-latest
needs: [build]
if: |
always() &&
!contains(needs.*.result, 'failure') &&
!cancelled()
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: check_chart_file_changed_files
id: changed-chart-files-yaml
uses: tj-actions/changed-files@v37
with:
files_yaml: |
charts:
- charts/**
- name: Set up Helm
uses: azure/setup-helm@v3
with:
version: v3.6.3
token: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: 3.7
- name: Set up chart-testing
uses: helm/[email protected]
- name: Run chart-testing (list-changed)
id: list-changed
run: |
## If executed with debug this won't work anymore.
changed=$(ct --config .github/config/ct.yaml list-changed)
charts=$(echo "$changed" | tr '\n' ' ' | xargs)
if [[ -n "$changed" ]]; then
echo "::set-output name=changed::true"
echo "::set-output name=changed_charts::$charts"
fi
- name: Run Artifact Hub lint
run: |
curl -s https://api.github.com/repos/artifacthub/hub/releases/latest | grep -E 'browser_download_url' | grep linux_amd64.tar.gz\" | grep -Eo 'https://[^\"]*' | xargs wget -O - | tar -xz
./ah lint -p charts/ciroh || exit 1
rm -f ./ah
- name: Run chart-testing (lint)
run: ct lint --debug --config .github/config/ct.yaml
## Might need to be uncommented when the testing gets resolved:
## the testing fails for two reasons the TDS services does never gets scheduled
## the automatization of the geoserver does not work and the salt job is failling
# - name: Create kind cluster
# uses: helm/[email protected]
# if: steps.list-changed.outputs.changed == 'true'
# - name: Run chart-testing (install)
# run: ct install --debug --config .github/config/ct.yaml
# if: steps.list-changed.outputs.changed == 'true'
# release chart
release:
runs-on: ubuntu-latest
needs: lint-test
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Publish Helm charts
uses: stefanprodan/helm-gh-pages@master
with:
token: ${{ secrets.GITHUB_TOKEN }}
charts_dir: charts
#deploy chart
deploy:
runs-on: ubuntu-latest
needs: release
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
env:
AWS_REGION: us-east-1
CLUSTER_NAME: ciroh-portal-prod
steps:
- uses: actions/checkout@v3
- name: AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: kubeconfig
run: |
aws eks update-kubeconfig --name ${{ env.CLUSTER_NAME }} --region ${{ env.AWS_REGION }} --kubeconfig ./kubeconfig
echo 'KUBE_CONFIG_DATA<<EOF' >> $GITHUB_ENV
echo $(cat ./kubeconfig | base64) >> $GITHUB_ENV
echo 'EOF' >> $GITHUB_ENV
- name: Set Tag
run: |
echo "TAG=${GITHUB_REF:10}" >> $GITHUB_ENV
echo "TAG_LATEST=latest" >> $GITHUB_ENV
- name: helm deploy
uses: koslib/helm-eks-action@master
env:
KUBE_CONFIG_DATA: ${{ env.KUBE_CONFIG_DATA }}
with:
command: helm repo add tethysportal-ciroh https://alabamawaterinstitute.github.io/tethysportal-ciroh && helm upgrade cirohportal-prod tethysportal-ciroh/ciroh --install --wait --timeout=3600s -f charts/ciroh/ci/prod_aws_values.yaml --set storageClass.parameters.fileSystemId=${{ secrets.FILE_SYSTEM_ID }} --set image.tag=${{ env.TAG }} --namespace cirohportal