|
5 | 5 | push: |
6 | 6 | branches: |
7 | 7 | - master |
8 | | -env: |
9 | | - AWS_ACCESS_KEY_ID: ${{ secrets.CI_AWS_CLIENT_ID }} |
10 | | - AWS_DEFAULT_REGION: eu-west-1 |
11 | | - AWS_SECRET_ACCESS_KEY: ${{ secrets.CI_AWS_CLIENT_SECRET }} |
12 | | - NDLA_AWS_ECR_REPO: ${{ secrets.NDLA_AWS_ECR_REPO }} |
13 | | - CI_RELEASE_ROLE: ${{ secrets.CI_RELEASE_ROLE }} |
14 | | - CI_GITHUB_TOKEN: ${{ secrets.CI_GITHUB_TOKEN }} |
15 | | - DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} |
16 | | - DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }} |
17 | | - NDLA_RELEASES: ${{ secrets.NDLA_RELEASES }} |
18 | | - NDLA_ENVIRONMENT: local |
19 | | - NDLA_HOME: ${{ github.workspace }}/ndla |
20 | | - NDLA_DEPLOY: ${{ github.workspace }}/ndla/deploy |
21 | | - NODE_OPTIONS: "--max_old_space_size=4096" |
22 | | - COMPONENT: ${{ github.event.repository.name }} |
23 | | - GPG_KEY: ${{ secrets.DEPLOY_BLACKBOX_GPG_KEY_B64 }} |
24 | 8 | jobs: |
25 | 9 | release: |
26 | | - name: Release and push to registry |
27 | | - runs-on: ubuntu-latest |
28 | | - steps: |
29 | | - - uses: actions/checkout@v4 |
30 | | - with: |
31 | | - path: ndla/${{ github.event.repository.name }} |
32 | | - - uses: actions/checkout@v4 |
33 | | - with: |
34 | | - repository: NDLANO/deploy |
35 | | - token: ${{ secrets.CI_GITHUB_TOKEN }} |
36 | | - path: ndla/deploy |
37 | | - - uses: actions/setup-python@v4 |
38 | | - with: |
39 | | - python-version: ${{ vars.PYTHON_VERSION }} |
40 | | - - uses: abatilo/actions-poetry@v2 |
41 | | - with: |
42 | | - poetry-version: ${{ vars.POETRY_VERSION }} |
43 | | - - uses: hashicorp/setup-terraform@v3 |
44 | | - with: |
45 | | - terraform_version: ${{ vars.TERRAFORM_VERSION }} |
46 | | - - name: Setup ~/bin directory |
47 | | - run: | |
48 | | - mkdir -p /home/runner/bin |
49 | | - echo "/home/runner/bin" >> $GITHUB_PATH |
50 | | - - name: Login to ECR repo |
51 | | - run: RES=$(aws sts assume-role --role-arn $CI_RELEASE_ROLE --role-session-name |
52 | | - github-actions-ecr-login) AWS_ACCESS_KEY_ID=$(echo $RES | jq -r .Credentials.AccessKeyId) |
53 | | - AWS_SECRET_ACCESS_KEY=$(echo $RES | jq -r .Credentials.SecretAccessKey) AWS_SESSION_TOKEN=$(echo |
54 | | - $RES | jq -r .Credentials.SessionToken) aws ecr get-login-password --region |
55 | | - eu-central-1 | docker login --username AWS --password-stdin $NDLA_AWS_ECR_REPO |
56 | | - - name: Login to dockerhub |
57 | | - run: echo $DOCKER_HUB_PASSWORD | docker login --username $DOCKER_HUB_USERNAME |
58 | | - --password-stdin |
59 | | - - name: Cache pip |
60 | | - uses: actions/cache@v3 |
61 | | - with: |
62 | | - path: ndla/deploy/.venv |
63 | | - key: ${{ runner.os }}-pip-${{ hashFiles('ndla/deploy/poetry.lock') }} |
64 | | - restore-keys: | |
65 | | - ${{ runner.os }}-pip- |
66 | | - ${{ runner.os }}- |
67 | | - - name: Install python dependencies |
68 | | - run: | |
69 | | - # Setup the virtualenv in the repo to make caching of dependencies easier |
70 | | - poetry config virtualenvs.create true --local |
71 | | - poetry config virtualenvs.in-project true --local |
72 | | -
|
73 | | - # Install the deps! |
74 | | - poetry --directory $NDLA_DEPLOY install |
75 | | - - name: Download blackbox |
76 | | - uses: actions/checkout@v3 |
77 | | - with: |
78 | | - repository: StackExchange/blackbox |
79 | | - path: blackbox |
80 | | - - name: Install Blackbox and key |
81 | | - run: | |
82 | | - # Move binaries to path |
83 | | - sudo mv blackbox/bin/* /home/runner/bin/ |
84 | | - echo -n "$GPG_KEY" | base64 --decode | gpg --import |
85 | | - - name: Install kubectl |
86 | | - run: | |
87 | | - curl -L https://dl.k8s.io/release/v${{ vars.KUBECTL_VERSION }}/bin/linux/amd64/kubectl > kubectl |
88 | | - sudo mv kubectl /home/runner/bin/kubectl |
89 | | - sudo chmod +x /home/runner/bin/kubectl |
90 | | - mkdir -p ~/.kube |
91 | | - - name: Install aws-iam-authenticator |
92 | | - run: | |
93 | | - sudo curl -L https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v${{ vars.AWS_IAM_AUTHENTICATOR_VERSION }}/aws-iam-authenticator_${{ vars.AWS_IAM_AUTHENTICATOR_VERSION }}_linux_amd64 > aws-iam-authenticator |
94 | | - sudo mv aws-iam-authenticator /home/runner/bin/aws-iam-authenticator |
95 | | - sudo chmod +x /home/runner/bin/aws-iam-authenticator |
96 | | - - name: Install helm /w push-plugin |
97 | | - run: | |
98 | | - curl -L https://get.helm.sh/helm-v${{ vars.HELM_VERSION }}-linux-amd64.tar.gz > /tmp/helm.tar.gz |
99 | | - tar xvzf /tmp/helm.tar.gz -C /tmp/ |
100 | | - sudo mv /tmp/linux-amd64/helm /home/runner/bin/ |
101 | | - sudo chmod +x /home/runner/bin/helm |
102 | | - - name: Build kubernetes config |
103 | | - run: poetry -C $NDLA_DEPLOY run ndla env kubeconfig test |
104 | | - - name: Do release |
105 | | - shell: bash |
106 | | - run: poetry -C $NDLA_DEPLOY run ndla release $COMPONENT --update-chart |
| 10 | + uses: ndlano/reusable-workflows/.github/workflows/release.yaml@main |
| 11 | + secrets: inherit |
| 12 | + with: |
| 13 | + component: learningpath-frontend |
0 commit comments