-
Notifications
You must be signed in to change notification settings - Fork 0
117 lines (104 loc) · 4.06 KB
/
ci+cd.yaml
File metadata and controls
117 lines (104 loc) · 4.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
name: CI/CD - Push Image & Update Manifests
# https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax\#onpushpull_requestpull_request_targetpathspaths-ignore
# https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax\#onworkflow_dispatch
on:
push:
branches: ["main"]
# Skip this workflow when only K8s manifest files change, since
# such changes don’t require rebuilding the whole application.
# Argo CD picks them up automatically.
paths:
- "app/**"
- "**/Dockerfile*"
- ".github/workflows/**"
workflow_dispatch:
# https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax\#env
env:
# Use GitHub Container registry (GHCR).
REGISTRY: ghcr.io
# https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax\#jobs
jobs:
ci:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
outputs:
tags: ${{ steps.meta.outputs.tags }}
steps:
# https://github.com/actions/checkout
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1
# https://github.com/docker/setup-buildx-action
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# https://github.com/docker/login-action
- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
# https://docs.github.com/en/actions/tutorials/authenticate-with-github_token
password: ${{ secrets.GITHUB_TOKEN }}
# https://github.com/docker/metadata-action
- name: Define image metadata
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.REGISTRY }}/${{ github.repository }}
# While preprocessing, tags are sorted based on its priority (from high to low).
# https://github.com/docker/metadata-action\#priority-attribute
tags: |
type=raw,value=latest,priority=200
type=sha,prefix=sha-,priority=100
env:
# https://github.com/docker/metadata-action\#typesha
DOCKER_METADATA_SHORT_SHA_LENGTH: 12
# https://github.com/docker/build-push-action
- name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
# https://github.com/moby/buildkit\#github-actions-cache-experimental
cache-from: type=gha
cache-to: type=gha,mode=max
cd:
needs: ci
runs-on: ubuntu-latest
permissions:
contents: write
steps:
# https://github.com/actions/checkout
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1
# https://github.com/mikefarah/yq
- name: Install yq
run: |
VERSION=v4.43.1
wget "https://github.com/mikefarah/yq/releases/download/${VERSION}/yq_linux_amd64" -O /usr/local/bin/yq
chmod +x /usr/local/bin/yq
- name: Patch kubernetes manifest with image tag
id: patch
run: |
export IMG_SHA_REF=$(echo -n "${{ needs.ci.outputs.tags }}" | tail -n 1)
echo "img-sha-ref=$IMG_SHA_REF" >> $GITHUB_OUTPUT
yq e '.spec.template.spec.containers[0].image = strenv(IMG_SHA_REF)' -i manifests/deployment.yaml
- name: Commit and push manifest update
# https://docs.github.com/en/actions/how-tos/manage-workflow-runs/skip-workflow-runs
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git commit -a -F - <<'EOF' || echo "No changes to commit"
chore(cd): [skip ci] update manifests
Used image: ${{ steps.patch.outputs.img-sha-ref }}
EOF
git push