Merge pull request #90 from steadybit/develop #355
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: [ push ] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: zulu | |
| java-version: 21 | |
| cache: maven | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: v18 | |
| cache: 'npm' | |
| cache-dependency-path: | | |
| shopping-ui/package-lock.json | |
| - name: "[main] Set up Snyk CLI" | |
| if: github.ref == 'refs/heads/main' | |
| uses: snyk/actions/setup@master | |
| - name: "[main] Synk monitor: maven" | |
| if: github.ref == 'refs/heads/main' | |
| run: snyk monitor --all-projects --prune-repeated-subdependencies --target-reference=${{ github.ref_name }} -- -s .github/workflows/maven-settings.xml | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| PAT_USERNAME: ${{ secrets.PAT_USERNAME }} | |
| PAT_TOKEN: ${{ secrets.PAT_TOKEN }} | |
| - name: Build | |
| run: mvn -s .github/workflows/maven-settings.xml verify -B -V -U | |
| - name: Upload JARs | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: demo-jars | |
| path: | | |
| bestseller-fashion/target/*.jar | |
| bestseller-fashion/target/licenses/ | |
| bestseller-toys/target/*.jar | |
| bestseller-toys/target/licenses/ | |
| checkout/target/*.jar | |
| checkout/target/licenses/ | |
| gateway/target/*.jar | |
| gateway/target/licenses/ | |
| hot-deals/target/*.jar | |
| hot-deals/target/licenses/ | |
| inventory-service-mock/target/*.jar | |
| inventory-service-mock/target/licenses/ | |
| order/target/*.jar | |
| order/target/licenses/ | |
| if-no-files-found: error | |
| retention-days: 3 | |
| docker-image: | |
| name: Docker Image steadybit/${{ matrix.image.name || matrix.image.folder }} | |
| timeout-minutes: 20 | |
| runs-on: ubuntu-latest | |
| needs: [ build ] | |
| permissions: | |
| contents: read | |
| packages: write | |
| strategy: | |
| matrix: | |
| image: | |
| - {folder: bestseller-fashion} | |
| - {folder: bestseller-toys} | |
| - {folder: checkout} | |
| - {folder: gateway} | |
| - {folder: hot-deals} | |
| - {folder: inventory-service-mock, name: inventory} | |
| - {folder: order, name: orders} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download JARs | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: demo-jars | |
| path: . | |
| - name: Log in to the Docker container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: docker.io | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - uses: docker/setup-qemu-action@v3 | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| name=steadybit/${{ matrix.image.name || matrix.image.folder }} | |
| flavor: | | |
| latest=auto | |
| prefix= | |
| tags: | | |
| type=schedule | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| type=sha,format=long,prefix= | |
| - name: Build Docker image | |
| uses: docker/build-push-action@v6 | |
| id: image | |
| with: | |
| context: ${{ matrix.image.folder }} | |
| file: ${{ matrix.image.folder }}/Dockerfile | |
| push: ${{ github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/main' }} | |
| load: ${{ github.ref != 'refs/heads/develop' && github.ref != 'refs/heads/main' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/amd64${{ (github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/main') && ',linux/arm64' || '' }} #for branches we just do a load, and this supports no multi-arch | |
| - name: "[main] Snyk monitor docker image" | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| uses: snyk/actions/docker@master | |
| with: | |
| image: "steadybit/${{ matrix.image.name || matrix.image.folder }}:${{ github.ref_name }}" | |
| args: --file=${{ matrix.image.folder }}/Dockerfile --target-reference=${{ github.ref_name }} --username=${{ secrets.DOCKER_USERNAME }} --password=${{ secrets.DOCKER_PASSWORD }} | |
| command: monitor | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| trigger-deployment: | |
| name: Trigger Deployment | |
| needs: [docker-image] | |
| runs-on: ubuntu-latest | |
| concurrency: deploy-to-demo | |
| steps: | |
| - name: Dispatch event to trigger deployment to DEV | |
| if: github.ref == 'refs/heads/develop' | |
| run: | | |
| curl -XPOST -u "${{ secrets.PAT_USERNAME}}:${{secrets.PAT_TOKEN}}" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" https://api.github.com/repos/steadybit/demo-infrastructure/dispatches --data '{"event_type": "deploy-to-dev-demo"}' | |
| # curl -XPOST -u "${{ secrets.PAT_USERNAME}}:${{secrets.PAT_TOKEN}}" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" https://api.github.com/repos/steadybit/demo-infrastructure/dispatches --data '{"event_type": "deploy-to-sandbox-demo"}' | |
| - name: Dispatch event to trigger deployment to PROD | |
| if: github.ref == 'refs/heads/main' | |
| run: | | |
| curl -XPOST -u "${{ secrets.PAT_USERNAME}}:${{secrets.PAT_TOKEN}}" -H "Accept: application/vnd.github.everest-preview+json" -H "Content-Type: application/json" https://api.github.com/repos/steadybit/demo-infrastructure/dispatches --data '{"event_type": "deploy-to-prod-demo"}' | |
| build-fashion-lambda: | |
| name: "Build and Upload fashion-bestseller Lambda" | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: v20 | |
| cache: 'npm' | |
| cache-dependency-path: | | |
| bestseller-fashion-lambda/package-lock.json | |
| - run: npm install | |
| working-directory: bestseller-fashion-lambda | |
| - name: "[main] setup snyk" | |
| if: github.ref == 'refs/heads/main' | |
| uses: snyk/actions/setup@master | |
| - name: "[main] snyk monitor" | |
| if: github.ref == 'refs/heads/main' | |
| working-directory: bestseller-fashion-lambda | |
| run: snyk monitor --prune-repeated-subdependencies --target-reference=${{ github.ref_name }} | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
| - name: Install zip | |
| uses: montudor/action-zip@v1 | |
| - name: Zip lambda | |
| run: mkdir -p ../dist && zip -r --exclude="*test*" ../dist/fashion-bestseller.zip . | |
| working-directory: bestseller-fashion-lambda | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: fashion-bestseller.zip | |
| path: dist/fashion-bestseller.zip | |
| if-no-files-found: error | |
| retention-days: 3 | |
| - name: Configure AWS credentials (eu-central-1) | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: 'eu-central-1' | |
| # Deploy to shared account | |
| role-to-assume: 'arn:aws:iam::292929100161:role/allow-auto-deploy-from-other-accounts' | |
| role-duration-seconds: 1200 | |
| role-session-name: S3DeployLicense | |
| - name: Push zips to S3 (eu-central-1) | |
| working-directory: dist | |
| run: | | |
| aws s3 cp fashion-bestseller.zip s3://steadybit-lambdas/fashion-bestseller.zip | |
| VERSION_ID=$(aws s3api list-object-versions --bucket steadybit-lambdas --prefix fashion-bestseller.zip --query 'Versions[?IsLatest].[VersionId]' --output text) | |
| echo "::notice:: eu-central-1 -> fashion_bestseller_lambda_version = \"$VERSION_ID\"" | |
| - name: Configure AWS credentials (eu-west-1) | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: 'eu-west-1' | |
| # Deploy to shared account | |
| role-to-assume: 'arn:aws:iam::292929100161:role/allow-auto-deploy-from-other-accounts' | |
| role-duration-seconds: 1200 | |
| role-session-name: S3DeployLicense | |
| - name: Push zips to S3 (eu-west-1) | |
| working-directory: dist | |
| run: | | |
| aws s3 cp fashion-bestseller.zip s3://steadybit-lambdas-region-eu-west-1/fashion-bestseller.zip | |
| VERSION_ID=$(aws s3api list-object-versions --bucket steadybit-lambdas-region-eu-west-1 --prefix fashion-bestseller.zip --query 'Versions[?IsLatest].[VersionId]' --output text) | |
| echo "::notice:: eu-west-1 -> fashion_bestseller_lambda_version = \"$VERSION_ID\"" | |
| test-helm-charts: | |
| name: "Test Helm Charts" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Helm | |
| uses: azure/setup-helm@v4 | |
| with: | |
| version: v3.12.2 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.10" | |
| - name: Add unit testing plugin | |
| run: | | |
| helm plugin install https://github.com/helm-unittest/helm-unittest.git | |
| - name: Run unit tests | |
| run: make charttesting | |
| - name: Set up chart-testing | |
| uses: helm/chart-testing-action@v2.6.1 | |
| - name: Run chart-testing (lint) | |
| run: make chartlint | |
| release-helm-chart: | |
| name: "Release Helm Chart" | |
| runs-on: ubuntu-latest | |
| needs: [ test-helm-charts ] | |
| if: github.ref == 'refs/heads/main' | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Configure Git | |
| run: | | |
| git config user.name "$GITHUB_ACTOR" | |
| git config user.email "$GITHUB_ACTOR@users.noreply.github.com" | |
| - name: Set up Helm | |
| uses: azure/setup-helm@v4 | |
| with: | |
| version: v3.12.2 | |
| - name: Run chart-releaser | |
| uses: helm/chart-releaser-action@v1.6.0 | |
| with: | |
| charts_dir: charts | |
| mark_as_latest: false | |
| env: | |
| CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" |