Use CNB builder for heroku-22 stack (#6) #61
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Build | |
on: [push, workflow_dispatch] | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-go@v3 | |
with: | |
go-version: 1.18 | |
- name: Install dependencies | |
run: go get -t -v ./... | |
working-directory: ./builder | |
- name: Test | |
run: go test -coverprofile=coverage.out ./... | |
working-directory: ./builder | |
- name: Coverage | |
run: go tool cover -func=coverage.out | |
working-directory: ./builder | |
build-image: | |
runs-on: ubuntu-latest | |
outputs: | |
image: ${{ steps.build.outputs.image }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build | |
id: build | |
run: | | |
set -ex | |
IMAGE=ghcr.io/${{ github.repository }}/builder:${{ github.run_id }} | |
docker build -t "$IMAGE" . | |
docker push "$IMAGE" | |
echo "image=$IMAGE" >> "$GITHUB_OUTPUT" | |
integration: | |
runs-on: ubuntu-latest | |
needs: [test, build-image] | |
permissions: | |
id-token: write | |
contents: read | |
packages: read | |
steps: | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Pull image | |
run: docker pull ${{ needs.build-image.outputs.image }} | |
- name: configure aws credentials | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
role-to-assume: arn:aws:iam::891426818781:role/github-actions-integration-tests | |
aws-region: us-east-1 | |
- name: Checkout sample repo | |
run: git clone https://github.com/apppackio/apppack-demo-python.git | |
- name: Run integration tests | |
working-directory: ./apppack-demo-python | |
run: | | |
cat <<EOF > .envfile | |
APPNAME=gh-integration | |
CODEBUILD_BUILD_ID=demo-python:${{ github.run_id }} | |
CODEBUILD_SOURCE_VERSION=${{ github.sha }} | |
DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_ACCESS_TOKEN=${{ secrets.DOCKERHUB_ACCESS_TOKEN }} | |
DOCKER_REPO=891426818781.dkr.ecr.us-east-1.amazonaws.com/github-integration-test | |
ARTIFACT_BUCKET=integration-test-buildartifacts | |
AWS_REGION | |
AWS_ACCESS_KEY_ID | |
AWS_SECRET_ACCESS_KEY | |
AWS_SESSION_TOKEN | |
EOF | |
docker run \ | |
--rm \ | |
--privileged \ | |
--env-file .envfile \ | |
--volume /var/run/docker.sock:/var/run/docker.sock \ | |
--volume "$(pwd):/app" \ | |
--workdir /app \ | |
${{ needs.build-image.outputs.image }} \ | |
/bin/sh -c "set -x; git config --global --add safe.directory /app && apppack-builder prebuild; apppack-builder build; apppack-builder postbuild" | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- name: Verify apppack.toml | |
working-directory: ./apppack-demo-python | |
run: | | |
set -ex | |
cat apppack.toml | |
test "$(python -c 'import tomllib; print(tomllib.load(open("apppack.toml", "rb"))["services"]["web"]["command"])')" = "bash -c 'gunicorn --access-logfile - --bind 0.0.0.0:\$PORT --forwarded-allow-ips '\"'\"'*'\"'\"' app:app'" | |
integration-appjson: | |
runs-on: ubuntu-latest | |
needs: [test, build-image] | |
permissions: | |
id-token: write | |
contents: read | |
packages: read | |
steps: | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Pull image | |
run: docker pull ${{ needs.build-image.outputs.image }} | |
- name: configure aws credentials | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
role-to-assume: arn:aws:iam::891426818781:role/github-actions-integration-tests | |
aws-region: us-east-1 | |
- name: Checkout sample repo | |
run: git clone --branch app.json https://github.com/apppackio/apppack-demo-python.git | |
- name: Run integration tests | |
working-directory: ./apppack-demo-python | |
run: | | |
cat <<EOF > .envfile | |
APPNAME=gh-integration | |
CODEBUILD_BUILD_ID=demo-python:${{ github.run_id }} | |
CODEBUILD_SOURCE_VERSION=${{ github.sha }} | |
DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_ACCESS_TOKEN=${{ secrets.DOCKERHUB_ACCESS_TOKEN }} | |
DOCKER_REPO=891426818781.dkr.ecr.us-east-1.amazonaws.com/github-integration-test | |
ARTIFACT_BUCKET=integration-test-buildartifacts | |
AWS_REGION | |
AWS_ACCESS_KEY_ID | |
AWS_SECRET_ACCESS_KEY | |
AWS_SESSION_TOKEN | |
EOF | |
docker run \ | |
--rm \ | |
--privileged \ | |
--env-file .envfile \ | |
--volume /var/run/docker.sock:/var/run/docker.sock \ | |
--volume "$(pwd):/app" \ | |
--workdir /app \ | |
${{ needs.build-image.outputs.image }} \ | |
/bin/sh -c "set -x; git config --global --add safe.directory /app && apppack-builder prebuild; apppack-builder build; apppack-builder postbuild" | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- name: Verify apppack.toml | |
working-directory: ./apppack-demo-python | |
run: | | |
set -ex | |
cat apppack.toml | |
test "$(python -c 'import tomllib; print(tomllib.load(open("apppack.toml", "rb"))["services"]["web"]["command"])')" = "bash -c 'gunicorn --access-logfile - --bind 0.0.0.0:\$PORT --forwarded-allow-ips '\"'\"'*'\"'\"' app:app'" | |
integration-heroku20: | |
runs-on: ubuntu-latest | |
needs: [test, build-image] | |
permissions: | |
id-token: write | |
contents: read | |
packages: read | |
steps: | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Pull image | |
run: docker pull ${{ needs.build-image.outputs.image }} | |
- name: configure aws credentials | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
role-to-assume: arn:aws:iam::891426818781:role/github-actions-integration-tests | |
aws-region: us-east-1 | |
- name: Checkout sample repo | |
run: git clone --branch buildpacks-20 https://github.com/apppackio/apppack-demo-python.git | |
- name: Run integration tests | |
working-directory: ./apppack-demo-python | |
run: | | |
cat <<EOF > .envfile | |
APPNAME=gh-integration | |
CODEBUILD_BUILD_ID=demo-python:${{ github.run_id }} | |
CODEBUILD_SOURCE_VERSION=${{ github.sha }} | |
DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_ACCESS_TOKEN=${{ secrets.DOCKERHUB_ACCESS_TOKEN }} | |
DOCKER_REPO=891426818781.dkr.ecr.us-east-1.amazonaws.com/github-integration-test | |
ARTIFACT_BUCKET=integration-test-buildartifacts | |
ALLOW_EOL_SHIMMED_BUILDER=1 | |
AWS_REGION | |
AWS_ACCESS_KEY_ID | |
AWS_SECRET_ACCESS_KEY | |
AWS_SESSION_TOKEN | |
EOF | |
docker run \ | |
--rm \ | |
--privileged \ | |
--env-file .envfile \ | |
--volume /var/run/docker.sock:/var/run/docker.sock \ | |
--volume "$(pwd):/app" \ | |
--workdir /app \ | |
${{ needs.build-image.outputs.image }} \ | |
/bin/sh -c "set -x; git config --global --add safe.directory /app && apppack-builder prebuild; apppack-builder build; apppack-builder postbuild" | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- name: Verify apppack.toml | |
working-directory: ./apppack-demo-python | |
run: | | |
set -ex | |
cat apppack.toml | |
test "$(python -c 'import tomllib; print(tomllib.load(open("apppack.toml", "rb"))["services"]["web"]["command"])')" = 'gunicorn --access-logfile - --bind 0.0.0.0:$PORT --forwarded-allow-ips '"'"'*'"' app:app" | |
integration-docker: | |
runs-on: ubuntu-latest | |
needs: [test, build-image] | |
permissions: | |
id-token: write | |
contents: read | |
packages: read | |
steps: | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Pull image | |
run: docker pull ${{ needs.build-image.outputs.image }} | |
- name: configure aws credentials | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
role-to-assume: arn:aws:iam::891426818781:role/github-actions-integration-tests | |
aws-region: us-east-1 | |
- name: Checkout sample repo (docker-build branch) | |
run: git clone --branch docker-build https://github.com/apppackio/apppack-demo-python.git | |
- name: Run integration tests | |
working-directory: ./apppack-demo-python | |
run: | | |
cat <<EOF > .envfile | |
APPNAME=gh-docker-integration | |
CODEBUILD_BUILD_ID=demo-python:${{ github.run_id }} | |
CODEBUILD_SOURCE_VERSION=${{ github.sha }} | |
DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_ACCESS_TOKEN=${{ secrets.DOCKERHUB_ACCESS_TOKEN }} | |
DOCKER_REPO=891426818781.dkr.ecr.us-east-1.amazonaws.com/github-integration-test | |
ARTIFACT_BUCKET=integration-test-buildartifacts | |
AWS_REGION | |
AWS_ACCESS_KEY_ID | |
AWS_SECRET_ACCESS_KEY | |
AWS_SESSION_TOKEN | |
EOF | |
docker run \ | |
--rm \ | |
--privileged \ | |
--env-file .envfile \ | |
--volume /var/run/docker.sock:/var/run/docker.sock \ | |
--volume "$(pwd):/app" \ | |
--workdir /app \ | |
${{ needs.build-image.outputs.image }} \ | |
/bin/sh -c "set -x; git config --global --add safe.directory /app && apppack-builder prebuild; apppack-builder build; apppack-builder postbuild" | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: "3.11" | |
- name: Verify apppack.toml | |
working-directory: ./apppack-demo-python | |
run: | | |
set -ex | |
cat apppack.toml | |
test "$(python -c 'import tomllib; print(tomllib.load(open("apppack.toml", "rb"))["services"]["web"]["command"])')" = 'gunicorn --access-logfile - --bind 0.0.0.0:$PORT --forwarded-allow-ips '"'"'*'"' app:app" | |
deploy: | |
runs-on: ubuntu-latest | |
# Only run this job if the current commit is tagged with a version | |
if: startswith(github.ref, 'refs/tags/v') | |
needs: [test, build-image, integration, integration-docker, integration-appjson, integration-heroku20] | |
permissions: | |
id-token: write | |
contents: read | |
packages: read | |
env: | |
ECR_REPO: public.ecr.aws/d9q4v8a4/apppack-build | |
steps: | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Pull and tag image | |
run: | | |
set -ex | |
docker pull ${{ needs.build-image.outputs.image }} | |
docker tag ${{ needs.build-image.outputs.image }} "$ECR_REPO:builder" | |
docker tag ${{ needs.build-image.outputs.image }} "$ECR_REPO:${{ github.ref_name }}" | |
- name: configure aws credentials | |
uses: aws-actions/configure-aws-credentials@v1-node16 | |
with: | |
role-to-assume: "arn:aws:iam::101287669015:role/codebuild-image-github-actions" | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
registry-type: public | |
- name: Push image | |
run: | | |
set -ex | |
docker push "$ECR_REPO:builder" | |
docker push "$ECR_REPO:${{ github.ref_name }}" |