Dashboard cache RPC query results (#35) #69
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Kubernetes CI/CD | |
| on: | |
| push: | |
| branches: | |
| - main | |
| # pull_request: | |
| # branches: | |
| # - main | |
| # types: | |
| # - closed | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: 'Select environment' | |
| default: 'staging' | |
| type: choice | |
| options: | |
| - staging | |
| # currently we do not support cd to production, its only for future reference | |
| - production | |
| env: | |
| CI: false | |
| COMMIT: ${{ github.sha }} | |
| permissions: {} | |
| jobs: | |
| build-and-push: | |
| permissions: | |
| id-token: write | |
| name: Build and Push Docker Images | |
| runs-on: ubuntu-latest | |
| environment: ${{ inputs.environment || (github.ref == 'refs/heads/main' && 'staging') }} | |
| strategy: | |
| matrix: | |
| service: [frontend, backend] | |
| outputs: | |
| service: ${{ matrix.service }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 | |
| with: | |
| persist-credentials: false | |
| - name: Configure AWS ECR Details | |
| uses: aws-actions/configure-aws-credentials@b47578312673ae6fa5b5096b330d9fbac3d116df # v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ECR_ROLE }} | |
| aws-region: us-east-1 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2 | |
| with: | |
| mask-password: "true" | |
| - name: Build and push Docker image | |
| id: build-and-push | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY_PREFIX: ${{ vars.ECR_REPOSITORY_PREFIX }} | |
| run: | | |
| IMAGE_TAG=${COMMIT::7} | |
| SERVICE="${{ matrix.service }}" | |
| echo "Building and pushing $SERVICE image with tag $IMAGE_TAG and latest" | |
| DOCKERFILE_PATH="$SERVICE.Dockerfile" | |
| CONTEXT_DIR="." | |
| ECR_REPOSITORY="$ECR_REPOSITORY_PREFIX/${SERVICE}" | |
| # Build with both the commit tag and latest | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG \ | |
| -t $ECR_REGISTRY/$ECR_REPOSITORY:latest \ | |
| -f $DOCKERFILE_PATH $CONTEXT_DIR | |
| # Push both tags | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| update-helm-values: | |
| name: Update Helm Values | |
| needs: [build-and-push] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| environment: ${{ inputs.environment || (github.ref == 'refs/heads/main' && 'staging') }} | |
| steps: | |
| - name: Set up SSH for private repo access | |
| uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # 0.9.1 | |
| with: | |
| ssh-private-key: ${{ secrets.DEPLOYMENTS_REPO_WRITE }} | |
| - name: Clone deployments repo (specific branch) | |
| env: | |
| BRANCH_OF_DEPLOYMENT_REPO: ${{ vars.BRANCH_OF_DEPLOYMENT_REPO }} | |
| run: | | |
| git clone --depth=1 --branch "$BRANCH_OF_DEPLOYMENT_REPO" git@github.com:alpenlabs/deployments.git deployments | |
| cd deployments || exit 1 | |
| git checkout "$BRANCH_OF_DEPLOYMENT_REPO" | |
| - name: Install yq | |
| run: | | |
| sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/local/bin/yq | |
| sudo chmod +x /usr/local/bin/yq | |
| - name: Debug yq Version | |
| run: | | |
| yq --version | |
| which yq | |
| - name: Update Docker image tag in Helm values # Sanitized SHORT_TAG and safe yq usage | |
| env: | |
| CLUSTER_NAME: ${{ vars.CLUSTER_NAME }} | |
| run: | | |
| # Sanitize and truncate SHORT_TAG | |
| SHORT_TAG="${COMMIT//[^a-zA-Z0-9._-]/}" | |
| SHORT_TAG="${SHORT_TAG:0:7}" | |
| VALUES_FILE="deployments/clusters/$CLUSTER_NAME/values/strata-apps-values.yaml" | |
| echo "Updating frontend tag in $VALUES_FILE" | |
| yq eval -i ".strataStatus.frontend.image.tag = \"$SHORT_TAG\"" "$VALUES_FILE" | |
| echo "Updating backend tag in $VALUES_FILE" | |
| yq eval -i ".strataStatus.backend.image.tag = \"$SHORT_TAG\"" "$VALUES_FILE" | |
| - name: Commit and push changes | |
| env: | |
| GH_ACTIONS_USER_NAME: ${{ vars.GH_ACTIONS_USER_NAME }} | |
| CLUSTER_NAME: ${{ vars.CLUSTER_NAME }} | |
| BRANCH_OF_DEPLOYMENT_REPO: ${{ vars.BRANCH_OF_DEPLOYMENT_REPO }} | |
| run: | | |
| SHORT_TAG="${COMMIT//[^a-zA-Z0-9._-]/}" | |
| SHORT_TAG="${SHORT_TAG:0:7}" | |
| cd deployments | |
| git config user.name "$GH_ACTIONS_USER_NAME" | |
| git config user.email "$GH_ACTIONS_USER_NAME@alpenlabs.io" | |
| if git diff --quiet; then | |
| echo "No changes to commit." | |
| else | |
| git add clusters/$CLUSTER_NAME/values | |
| git commit -m "Update image tags to $SHORT_TAG for updated services" | |
| git pull --rebase origin $BRANCH_OF_DEPLOYMENT_REPO | |
| git push origin $BRANCH_OF_DEPLOYMENT_REPO | |
| fi |