-
Notifications
You must be signed in to change notification settings - Fork 4
168 lines (164 loc) · 6.35 KB
/
argus-docker-build.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
name: Docker Image Build
on:
workflow_call:
inputs:
envs:
description: The envs that this is building (rdev, staging, or prod), comma delimited
required: true
type: string
images:
description: 'JSON array of images to build (required keys: dockerfile, context, name, platform)'
required: true
type: string
path_filters:
description: 'Path to the configuration file or YAML string with filters definition'
required: false
type: string
default: '**/*'
path_filters_base:
description: |
Git reference (e.g. branch name) against which the changes will be detected. Defaults to repository default branch (e.g. master).
If it references same branch it was pushed to, changes are detected against the most recent commit before the push.
This option is ignored if action is triggered by pull_request event.
required: false
type: string
jobs:
prep:
name: Prep for Build
runs-on: [ARM64,self-hosted,Linux]
if: contains(github.event.head_commit.message, '[no-deploy]') == false
outputs:
image-tag: ${{ steps.build-tags.outputs.IMAGE_TAG }}
images: ${{ steps.parse-images.outputs.images }}
envs: ${{ steps.parse-envs.outputs.envs }}
run_build: ${{ steps.filter.outputs.run_on }}
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Parse filters
id: parse_filters
uses: actions/github-script@v7
with:
script: |
const filters = `${{ inputs.path_filters }}`.split(',').map(f => f.trim());
const filtersStr = "run_on:\n" + filters.map(f => ` - ${f}`).join('\n');
core.setOutput('filters', filtersStr);
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
${{ steps.parse_filters.outputs.filters }}
base: ${{ inputs.path_filters_base }}
list-files: json
- name: Get build tag
id: build-tags
run: |
echo "IMAGE_TAG=sha-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Parse images
id: parse-images
uses: actions/github-script@v7
with:
script: |
const images = JSON.parse(`${{ inputs.images }}`);
core.setOutput('images', images);
- name: Parse envs
id: parse-envs
uses: actions/github-script@v7
with:
script: |
const envs = `${{ inputs.envs }}`.split(',').map(env => env.trim());
core.setOutput('envs', envs.join(' '));
build-docker:
name: Build Docker Image
needs: [prep]
runs-on:
- self-hosted
- Linux
- ${{ matrix.image.platform == 'linux/amd64' && 'X64' || 'ARM64' }}
env:
IMAGE_TAG: ${{ needs.prep.outputs.image-tag }}
if: needs.prep.outputs.run_build == 'true' && needs.prep.outputs.image-tag != '' && needs.prep.outputs.image-tag != 'sha-' && needs.prep.outputs.images != '[]'
permissions:
id-token: write
contents: read
strategy:
matrix:
image: ${{ fromJson(needs.prep.outputs.images) }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
path: ${{ github.event.repository.name }}
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-west-2
role-to-assume: arn:aws:iam::533267185808:role/gh_actions_core_platform_infra_prod_eks
role-session-name: ContainerBuildTest
- name: Generate token
id: generate_token
uses: chanzuckerberg/[email protected]
with:
app_id: ${{ secrets.CZI_GITHUB_HELPER_APP_ID }}
private_key: ${{ secrets.CZI_GITHUB_HELPER_PK }}
- uses: actions/checkout@v4
with:
repository: chanzuckerberg/core-platform-settings
path: core-platform-settings
token: ${{ steps.generate_token.outputs.token }}
- name: Create ECR repo if necessary
uses: int128/create-ecr-repository-action@v1
with:
repository: core-platform/${{ github.event.repository.name }}/${{ matrix.image.name }}
lifecycle-policy: core-platform-settings/ecr/lifecycle-policy.json
repository-policy: core-platform-settings/ecr/repository-policy.json
- name: Build And Push
uses: chanzuckerberg/github-actions/.github/actions/[email protected]
with:
dockerfile: ${{ github.event.repository.name }}/${{ matrix.image.dockerfile }}
context: ${{ github.event.repository.name }}/${{ matrix.image.context }}
name: core-platform/${{ github.event.repository.name }}/${{ matrix.image.name }}
registry: 533267185808.dkr.ecr.us-west-2.amazonaws.com
custom_tag: ${{ env.IMAGE_TAG }}
platforms: ${{ matrix.image.platform == 'linux/amd64' && 'linux/amd64' || 'linux/arm64' }}
build_args: IMAGE_TAG=${{ env.IMAGE_TAG }}
update-manifests:
name: Update ArgoCD manifests
needs: [prep, build-docker]
runs-on: [ARM64,self-hosted,Linux]
env:
IMAGE_TAG: ${{ needs.prep.outputs.image-tag }}
if: needs.prep.outputs.image-tag != '' && needs.prep.outputs.image-tag != 'sha-' && needs.prep.outputs.images != '[]'
permissions:
id-token: write
contents: read
steps:
- run: |
echo IMAGE_TAG=$IMAGE_TAG
- name: Generate token
id: generate_token
uses: chanzuckerberg/[email protected]
with:
app_id: ${{ secrets.CZI_RELEASE_PLEASE_APP_ID }}
private_key: ${{ secrets.CZI_RELEASE_PLEASE_PK }}
- uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ steps.generate_token.outputs.token }}
- name: Update Manifest
shell: bash
run: |
for env in ${{ needs.prep.outputs.envs }}
do
sed -i 's/tag: sha-\w\+/tag: ${{ env.IMAGE_TAG }}/g' .infra/${env}/values.yaml
cat .infra/${env}/values.yaml
done
- name: Update Argus manifests
uses: EndBug/add-and-commit@v9
with:
add: -A
message: 'chore: Updated [${{ needs.prep.outputs.envs }}] values.yaml image tags to ${{ env.IMAGE_TAG }}'