Imagen julkaisu omaan workflowiin

Opetushallitus · Jan 14, 2025 · 345d5cc · 345d5cc
1 parent ca1aa7e
commit 345d5cc
Show file tree

Hide file tree

Showing 5 changed files with 119 additions and 106 deletions.
diff --git a/.github/actions/build_koski/action.yaml b/.github/actions/build_koski/action.yaml
@@ -1,10 +1,9 @@
 name: "Build Koski app + tests"
 inputs:
   commithash:
-    required: false
+    required: true
     type: string
     description: "Commit hash to build"
-    default: ${{ github.sha }}
 runs:
   using: composite
   steps:
@@ -51,4 +50,4 @@ runs:
       uses: actions/cache/save@v4
       with:
         path: target/
-        key: ${{ runner.os }}-target-${{ github.sha }}
+        key: ${{ runner.os }}-target-${{ inputs.commithash }}
diff --git a/.github/workflows/all_tests.yml b/.github/workflows/all_tests.yml
@@ -18,6 +18,8 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/build_koski
+        with:
+          commithash: ${{ github.sha }}
   lint_koski:
     name: Lint Koski
     runs-on: ${{ inputs.runs-on }}

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -15,8 +15,24 @@ env:
 
 run-name: Deploy to ${{ inputs.environment }}
 jobs:
+  build:
+    name: Build Koski
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/build_koski
+        with:
+          commithash: ${{ inputs.commithash }}
+  publish_image:
+    name: Publish Koski Docker Image
+    needs: [build]
+    uses: ./.github/workflows/publish_image.yml
+    with:
+      commithash: ${{ inputs.commithash }}
+    secrets: inherit
   checkbuilddeploy:
-    name: Build and deploy
+    name: Deploy
+    needs: [publish_image]
     environment:
       name: ${{ github.event.inputs.environment }}
     runs-on: ubuntu-20.04
@@ -25,92 +41,6 @@ jobs:
       contents: read
       packages: write
     steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.inputs.commithash }}
-          # Number of commits to fetch. 0 indicates all history for all branches and tags.
-          fetch-depth: 0
-
-      - name: Print git diff with master branch
-        run: |
-          echo "Changed files:"
-          git diff --name-only origin/master...
-          echo "Changes to files:"
-          git diff origin/master...
-
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1-node16
-        with:
-          role-to-assume: ${{ secrets.ECR_ROLE }}
-          role-duration-seconds: 3600
-          role-session-name: KoskiDeploymentEcr-${{ github.event.inputs.environment }}-${{ github.event.inputs.commithash }}
-          aws-region: eu-west-1
-
-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v1
-        with:
-          registries: ${{ secrets.ECR_ACCOUNT_ID }}
-          mask-password: "true"
-
-      - name: Check if container image already exists in ECR
-        env:
-          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-          ECR_REPOSITORY: koski
-          IMAGE_TAG: ${{ github.event.inputs.commithash  }}
-        id: check-image
-        run: |
-          echo "image-exists=$(docker manifest inspect $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG > /dev/null 2>&1 ; echo $?)" >> $GITHUB_OUTPUT
-
-      - name: Cache Maven packages
-        uses: actions/cache@v3
-        if: steps.check-image.outputs.image-exists != '0'
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
-
-      - name: Cache Node modules
-        uses: actions/cache@v3
-        if: steps.check-image.outputs.image-exists != '0'
-        with:
-          path: ~/.npm
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
-
-      - name: Set up Java 11
-        uses: actions/setup-java@v4
-        if: steps.check-image.outputs.image-exists != '0'
-        with:
-          java-version: "11"
-          architecture: "x64"
-          distribution: "zulu"
-          cache: "maven"
-
-      - name: Setup settings.xml
-        uses: s4u/maven-settings-action@v2.8.0
-        if: steps.check-image.outputs.image-exists != '0'
-        with:
-          servers: '[{"id": "github","configuration": {"httpHeaders": {"property": {"name": "Authorization","value": "Bearer ${{ secrets.GITHUB_TOKEN }}"}}}}]'
-
-      - name: Build application and publish it to Github Packages
-        if: steps.check-image.outputs.image-exists != '0'
-        run: make dist version=${{ github.event.inputs.commithash }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build, tag, and push image to Amazon ECR
-        if: steps.check-image.outputs.image-exists != '0'
-        env:
-          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-          ECR_REPOSITORY: koski
-          IMAGE_TAG: ${{ github.event.inputs.commithash }}
-        run: |
-          docker build -f docker-build/Dockerfile -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG --build-arg KOSKI_VERSION=$IMAGE_TAG .
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v1-node16
         with:

diff --git a/.github/workflows/publish_image.yml b/.github/workflows/publish_image.yml
@@ -0,0 +1,98 @@
+name: Publish
+on:
+  workflow_call:
+    inputs:
+      commithash:
+        description: "Commit hash (version) of the image to package and publish"
+        type: string
+        required: true
+env:
+  DOCKER_BUILDKIT: 1
+  SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+
+jobs:
+  publish:
+    name: Publish Koski Docker image
+    runs-on: ubuntu-20.04
+    permissions:
+      id-token: write
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.commithash }}
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1-node16
+        with:
+          role-to-assume: ${{ secrets.ECR_ROLE }}
+          role-duration-seconds: 3600
+          role-session-name: KoskiPublishEcr-${{ inputs.commithash }}
+          aws-region: eu-west-1
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+        with:
+          registries: ${{ secrets.ECR_ACCOUNT_ID }}
+          mask-password: "true"
+
+      - name: Check if container image already exists in ECR
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          ECR_REPOSITORY: koski
+          IMAGE_TAG: ${{ inputs.commithash }}
+        id: check-image
+        run: |
+          echo "image-exists=$(docker manifest inspect $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG > /dev/null 2>&1 ; echo $?)" >> $GITHUB_OUTPUT
+
+      - name: Cache Maven packages
+        uses: actions/cache@v3
+        if: steps.check-image.outputs.image-exists != '0'
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+
+      - name: Set up Java 11
+        uses: actions/setup-java@v4
+        if: steps.check-image.outputs.image-exists != '0'
+        with:
+          java-version: "11"
+          architecture: "x64"
+          distribution: "zulu"
+          cache: "maven"
+
+      - name: Setup settings.xml
+        uses: s4u/maven-settings-action@v2.8.0
+        if: steps.check-image.outputs.image-exists != '0'
+        with:
+          servers: '[{"id": "github","configuration": {"httpHeaders": {"property": {"name": "Authorization","value": "Bearer ${{ secrets.GITHUB_TOKEN }}"}}}}]'
+
+      - name: Restore target dir
+        uses: actions/cache/restore@v4
+        if: steps.check-image.outputs.image-exists != '0'
+        with:
+          path: "target/"
+          key: ${{ runner.os }}-target-${{ inputs.commithash }}
+          fail-on-cache-miss: "true"
+
+      - name: Build application and publish it to Github Packages
+        if: steps.check-image.outputs.image-exists != '0'
+        run: |
+          make dist version=${{ inputs.commithash }}
+          mvn war:war deploy:deploy --batch-mode -Dmaven.skip.install=true -DaltDeploymentRepository=github::default::https://maven.pkg.github.com/Opetushallitus/koski
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build, tag, and push image to Amazon ECR
+        if: steps.check-image.outputs.image-exists != '0'
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          ECR_REPOSITORY: koski
+          IMAGE_TAG: ${{ inputs.commithash }}
+        run: |
+          docker build -f docker-build/Dockerfile -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG --build-arg KOSKI_VERSION=$IMAGE_TAG .
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
diff --git a/Makefile b/Makefile
@@ -17,7 +17,6 @@ help:
 	@echo "make docker-dbs	- Start databases with docker compose"
 	@echo "make watch	- Watch for changes in webapp files"
 	@echo "make clean	- Remove generated build data"
-	@echo "make dist version=<version> - Builds and verifies application version"
 
 .PHONY: logdir
 logdir:
@@ -221,18 +220,3 @@ valpas-fronttest-5:
 .PHONY: valpas-fronttest-6
 valpas-fronttest-6:
 	mvn $(mvn_opts) -DargLine="$(mvn_argline)" scalatest:test -Dsuites="fi.oph.koski.frontendvalpas.jest.ValpasFrontSpec6" --batch-mode
-
-
-### Dist
-
-.PHONY: dist
-dist: check-version
-	./scripts/dist.sh $(version)
-
-.PHONY: check-version
-check-version:
-ifndef version
-	@echo "version is not set."
-	@echo "Set version with version=<version>"
-	exit 1
-endif