Merge pull request #178 from vrk-kpa/REKDAT-111_remove-dataset-license #200
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and deploy containers | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| jobs: | |
| build-and-test-containers: | |
| name: Build and test | |
| uses: ./.github/workflows/test.yml | |
| secrets: inherit | |
| build-and-push: | |
| name: Build and push containers | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-and-test-containers | |
| permissions: | |
| id-token: write | |
| contents: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - dockerfile: ./docker/solr/Dockerfile | |
| context: ./docker/solr | |
| submodules: "" | |
| build-frontend: false | |
| name: solr | |
| build-container: ${{ needs.build-and-test-containers.outputs.solr == 'true' }} | |
| - dockerfile: ./docker/nginx/Dockerfile | |
| context: ./docker/nginx | |
| submodules: "" | |
| build-frontend: false | |
| name: nginx | |
| build-container: ${{ needs.build-and-test-containers.outputs.nginx == 'true' }} | |
| - dockerfile: ./ckan/Dockerfile | |
| context: ./ckan | |
| submodules: recursive | |
| build-frontend: true | |
| name: ckan | |
| build-container: ${{ (needs.build-and-test-containers.outputs.ckan == 'true') || (needs.build-and-test-containers.outputs.assets == 'true') }} | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: ${{ matrix.submodules }} | |
| - name: setup docker buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4.0.1 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_BUILD_ROLE }} | |
| role-session-name: github-actions | |
| aws-region: eu-north-1 | |
| - name: login to AWS ECR | |
| id: login | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: configure NPM credentials | |
| if: ${{ matrix.build-frontend == true && matrix.build-container == true }} | |
| run: | | |
| cat <<EOT >> ./.npmrc | |
| @fortawesome:registry=https://npm.fontawesome.com/ | |
| //npm.fontawesome.com/:_authToken=$NPM_TOKEN | |
| EOT | |
| env: | |
| NPM_TOKEN: ${{ secrets.NPM_TOKEN }} | |
| - name: install nodejs v20 | |
| if: ${{ matrix.build-frontend == true && matrix.build-container == true }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: 'npm' | |
| - name: cache node_modules | |
| uses: actions/cache@v3 | |
| id: cache-node_modules | |
| with: | |
| path: node_modules | |
| key: ${{ runner.os }}-build-node_v20-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-build-node_v20- | |
| - name: install npm packages | |
| if: ${{ matrix.build-frontend == true && matrix.build-container == true && steps.cache-node_modules.outputs.cache-hit != 'true'}} | |
| run: npm ci | |
| - name: build frontend with gulp | |
| if: ${{ matrix.build-frontend == true && matrix.build-container == true }} | |
| run: npx gulp | |
| - name: build images | |
| uses: docker/build-push-action@v4 | |
| if: ${{ matrix.build-container == true }} | |
| with: | |
| context: ${{ matrix.context }} | |
| file: ${{ matrix.dockerfile }} | |
| push: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| tags: | | |
| ${{ env.REGISTRY }}/${{ env.REPOSITORY }}/${{ matrix.name }}:${{ github.sha }} | |
| ${{ env.REGISTRY }}/${{ env.REPOSITORY }}/${{ matrix.name }}:latest | |
| env: | |
| REPOSITORY: ${{ vars.REPOSITORY }} | |
| REGISTRY: ${{ secrets.REGISTRY }} | |
| commit-new-images: | |
| name: Commit new image tags | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-and-test-containers | |
| - build-and-push | |
| permissions: | |
| id-token: write | |
| contents: write | |
| outputs: | |
| sha: ${{ steps.envtemplate.outputs.commit_sha || github.sha }} | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.BOT_TOKEN }} | |
| - name: Update .env.template to reference new ckan image | |
| if: ${{ (needs.build-and-test-containers.outputs.ckan == 'true') || (needs.build-and-test-containers.outputs.assets == 'true') }} | |
| run: | | |
| sed -i.bak -E 's/^(CKAN_IMAGE_TAG[[:blank:]]*=[[:blank:]]*).*/\1\"'"${{ github.sha }}"'\"/' docker/.env.template | |
| - name: Update .env.template to reference new solr image | |
| if: ${{ (needs.build-and-test-containers.outputs.solr == 'true') }} | |
| run: | | |
| sed -i.bak -E 's/^(SOLR_IMAGE_TAG[[:blank:]]*=[[:blank:]]*).*/\1\"'"${{ github.sha }}"'\"/' docker/.env.template | |
| - name: Update .env.template to reference new nginx image | |
| if: ${{ (needs.build-and-test-containers.outputs.nginx == 'true') }} | |
| run: | | |
| sed -i.bak -E 's/^(NGINX_IMAGE_TAG[[:blank:]]*=[[:blank:]]*).*/\1\"'"${{ github.sha }}"'\"/' docker/.env.template | |
| - name: Commit updated .env.template | |
| id: envtemplate | |
| if: ${{ (needs.build-and-test-containers.outputs.ckan == 'true') || | |
| (needs.build-and-test-containers.outputs.solr == 'true') || | |
| (needs.build-and-test-containers.outputs.nginx == 'true') || | |
| (needs.build-and-test-containers.outputs.assets == 'true') }} | |
| run: | | |
| git config user.name "YTP Bot" | |
| git config user.email "yhteentoimivuus.kehittajat@gofore.com" | |
| git add docker/.env.template | |
| git commit -m "[skip ci] .env.template updated by new image tags" | |
| git push | |
| echo "commit_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| deploy-dev: | |
| name: Deploy dev | |
| runs-on: ubuntu-latest | |
| environment: qa | |
| permissions: | |
| id-token: write | |
| contents: read | |
| needs: | |
| - build-and-push | |
| - commit-new-images | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ needs.commit-new-images.outputs.sha }} | |
| - name: install nodejs v20 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: cache node_modules | |
| uses: actions/cache@v3 | |
| with: | |
| path: cdk/node_modules | |
| key: ${{ runner.os }}-node_cdk_v20-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node_cdk_v20- | |
| - name: install cdk npm packages and verify installation | |
| working-directory: cdk | |
| run: | | |
| npm install | |
| npx cdk doctor | |
| #- name: build cdk project | |
| # working-directory: cdk | |
| # run: | | |
| # npm run build | |
| - name: configure environment | |
| shell: bash | |
| run: | | |
| # configure docker | |
| cp -f docker/.env.template docker/.env | |
| sed -i.bak -E 's/^(REGISTRY[[:blank:]]*=[[:blank:]]*).*/\1\"'"${REGISTRY}"'\"/' docker/.env | |
| sed -i.bak -E 's/^(REPOSITORY[[:blank:]]*=[[:blank:]]*).*/\1\"'"${REPOSITORY}"'\"/' docker/.env | |
| env: | |
| REGISTRY: ${{ secrets.REGISTRY }} | |
| REPOSITORY: ${{ vars.REPOSITORY }} | |
| - name: configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4.0.1 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_DEV_DEPLOY_ROLE }} | |
| role-session-name: github-actions | |
| aws-region: eu-north-1 | |
| - name: synthesize cdk stacks | |
| working-directory: cdk | |
| run: | | |
| npx cdk synth *-dev --quiet >/dev/null 2>&1 | |
| - name: deploy cdk stacks | |
| working-directory: cdk | |
| run: | | |
| npx cdk deploy *-dev --require-approval=never > /tmp/deploy.log 2>&1 | |
| - name: upload log artifacts | |
| if: failure() | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: deploy-logs | |
| path: /tmp/deploy.log | |
| - name: Notify Zulip | |
| uses: zulip/github-actions-zulip/send-message@v1 | |
| with: | |
| api-key: ${{ secrets.ZULIP_API_KEY }} | |
| email: 'avoindata-bot@turina.dvv.fi' | |
| organization-url: 'https://turina.dvv.fi' | |
| to: 'DGA' | |
| type: 'stream' | |
| topic: 'Dev Deployments' | |
| content: 'Dev deployment succeeded! (${{ github.event.head_commit.message }})' |