diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml new file mode 100644 index 0000000000..52f53702a7 --- /dev/null +++ b/.github/actions/build/action.yml @@ -0,0 +1,88 @@ +# this is a reusable workflow that will be called by the +# push_staging and push_production workflows +# more info: https://docs.github.com/en/actions/learn-github-actions/reusing-workflows + +name: openverse/build +description: build a docker image that can be used in different environments + +inputs: + is_production: + required: true + description: Determine whether the current workflow is executed against production or not + aws_region: + required: true + description: AWS region where the resource will be deployed + aws_account_id: + required: true + description: AWS account number where the resources are already deployed + aws_access_key_id: + required: true + description: AWS access key id that performs the modifications described in this action + aws_secret_access_key: + required: true + description: AWS secret access key associated to the access key id specified above + +runs: + using: "composite" + steps: + # setup docker buildx + - name: setup docker buildx + uses: docker/setup-buildx-action@v1 + with: + install: true + + # login in docker repository + - name: docker login + uses: aws-actions/amazon-ecr-login@v1 + env: + AWS_REGION: ${{ inputs.aws_region }} + AWS_ACCOUNT_ID: ${{ inputs.aws_account_id }} + AWS_ACCESS_KEY_ID: ${{ inputs.aws_access_key_id }} + AWS_SECRET_ACCESS_KEY: ${{ inputs.aws_secret_access_key }} + + # for staging + # gather metadata from git & github actions to reference in docker + - name: git & github metadata staging + id: metadata_staging + uses: docker/metadata-action@v3 + if: ${{ github.event.inputs.is_production == false }} + with: + images: ${{ inputs.aws_account_id }}.dkr.ecr.${{ inputs.aws_region }}.amazonaws.com/openverse/frontend + tags: | + type=raw,value=latest + type=ref,event=branch + + # build a docker image + - name: build docker image + uses: docker/build-push-action@v2 + if: ${{ github.event.inputs.is_production == false }} + with: + context: . + tags: ${{ steps.metadata_staging.outputs.tags }} + labels: ${{ steps.metadata_staging.outputs.labels }} + push: true + + # for production + # gather metadata from git & github actions to reference in docker + - name: git & github metadata production + id: metadata_production + uses: docker/metadata-action@v3 + if: ${{ github.event.inputs.is_production == true }} + with: + images: ${{ inputs.aws_account_id }}.dkr.ecr.${{ inputs.aws_region }}.amazonaws.com/openverse/frontend + flavor: | + latest=false + tags: | + type=raw,value=stable + type=ref,event=tag + type=semver,pattern={{version}} + + # build a docker image + - name: build docker image + uses: docker/build-push-action@v2 + if: ${{ github.event.inputs.is_production == true }} + with: + context: . + tags: ${{ steps.metadata_production.outputs.tags }} + labels: ${{ steps.metadata_production.outputs.labels }} + push: true diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index fdf44c5009..0000000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,50 +0,0 @@ -# this build is triggered when a new pre-release has been created -# it creates a new docker build image based on the tag associated - -name: build - -on: - release: - types: - - "prereleased" -env: - AWS_REGION: ${{ secrets.AWS_REGION }} - AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - -jobs: - build: - name: build - runs-on: ubuntu-latest - - steps: - # download the source code into the runner - - name: checkout - uses: actions/checkout@v2 - - # gather metadata from git & github actions to reference in docker - - name: git & github metadata - id: metadata - uses: docker/metadata-action@v3 - with: - images: ${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/openverse/frontend - - # setup docker buildx - - name: setup docker buildx - uses: docker/setup-buildx-action@v1 - with: - install: true - - # login in docker repository - - name: docker login - uses: aws-actions/amazon-ecr-login@v1 - - # build a docker image - - name: build docker image - uses: docker/build-push-action@v2 - with: - context: . - tags: ${{ steps.metadata.outputs.tags }} - labels: ${{ steps.metadata.outputs.labels }} - push: true diff --git a/.github/workflows/pre-build.yaml b/.github/workflows/pre-build.yaml index 39c494e246..f54703514c 100644 --- a/.github/workflows/pre-build.yaml +++ b/.github/workflows/pre-build.yaml @@ -1,16 +1,16 @@ # this workflow will try to lint and build a node.js application # -# this is useful for stages that you require to make sure everything is working +# this is useful for stages that you require making sure everything is working # properly before creating a container image to be pushed on the cloud # -name: pre_build +name: openverse/validate on: pull_request: - push: - branches: - - 'main' - - 'ci/*' # branches that follows the pattern ci/* can access this workflow too +# push: +# branches: +# - 'main' +# - 'ci/*' # branches that follows the pattern ci/* can access this workflow too jobs: pre_build: diff --git a/.github/workflows/push_production.yaml b/.github/workflows/push_production.yaml new file mode 100644 index 0000000000..47779f6ee0 --- /dev/null +++ b/.github/workflows/push_production.yaml @@ -0,0 +1,32 @@ +# this build is triggered when a new pre-release has been created +# it creates a new docker build image based on the tag associated + +name: openverse/deploy/production + +on: + release: + types: + - 'released' + +jobs: + push: + name: push + runs-on: ubuntu-latest + environment: + name: production + url: https://search-prod.openverse.engineering + + steps: + # download the source code into the runner + - name: checkout + uses: actions/checkout@v2 + + # build a new docker image and push it into the repository + - name: docker build + uses: ./.github/actions/build + with: + is_production: true + AWS_REGION: ${{ secrets.AWS_REGION }} + AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/.github/workflows/push_staging.yaml b/.github/workflows/push_staging.yaml new file mode 100644 index 0000000000..a494bf57bd --- /dev/null +++ b/.github/workflows/push_staging.yaml @@ -0,0 +1,33 @@ +# this build is triggered when a new pull request has been merged +# into the main branch + +name: openverse/deploy/staging + +on: + push: + branches: + - main + - ci/* # allow any ci/* branch the ability to deploy to staging without the need to merge the PR + +jobs: + push: + name: push + runs-on: ubuntu-latest + environment: + name: staging + url: https://search-staging.openverse.engineering + + steps: + # download the source code into the runner + - name: checkout + uses: actions/checkout@v2 + + # build a new docker image and push it into the repository + - name: docker build + uses: ./.github/actions/build + with: + is_production: false + AWS_REGION: ${{ secrets.AWS_REGION }} + AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}