diff --git a/.github/actions/build_koski/action.yaml b/.github/actions/build_koski/action.yaml index 3246282fbf..530de2e947 100644 --- a/.github/actions/build_koski/action.yaml +++ b/.github/actions/build_koski/action.yaml @@ -1,10 +1,9 @@ name: "Build Koski app + tests" inputs: commithash: - required: false + required: true type: string description: "Commit hash to build" - default: ${{ github.sha }} runs: using: composite steps: @@ -51,4 +50,4 @@ runs: uses: actions/cache/save@v4 with: path: target/ - key: ${{ runner.os }}-target-${{ github.sha }} + key: ${{ runner.os }}-target-${{ inputs.commithash }} diff --git a/.github/workflows/all_tests.yml b/.github/workflows/all_tests.yml index 728fad8752..4a637d153c 100644 --- a/.github/workflows/all_tests.yml +++ b/.github/workflows/all_tests.yml @@ -18,6 +18,8 @@ jobs: steps: - uses: actions/checkout@v4 - uses: ./.github/actions/build_koski + with: + commithash: ${{ github.sha }} lint_koski: name: Lint Koski runs-on: ${{ inputs.runs-on }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 2680328c6f..cf11a8e404 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -15,8 +15,23 @@ env: run-name: Deploy to ${{ inputs.environment }} jobs: + build: + name: Build Koski + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/build_koski + with: + commithash: ${{ inputs.commithash }} + publish_image: + name: Publish Koski Docker Image + needs: [build] + uses: ./.github/workflows/publish_image.yml + with: + commithash: ${{ inputs.commithash }} checkbuilddeploy: - name: Build and deploy + name: Deploy + needs: [publish_image] environment: name: ${{ github.event.inputs.environment }} runs-on: ubuntu-20.04 @@ -25,92 +40,6 @@ jobs: contents: read packages: write steps: - - uses: actions/checkout@v4 - with: - ref: ${{ github.event.inputs.commithash }} - # Number of commits to fetch. 0 indicates all history for all branches and tags. - fetch-depth: 0 - - - name: Print git diff with master branch - run: | - echo "Changed files:" - git diff --name-only origin/master... - echo "Changes to files:" - git diff origin/master... - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1-node16 - with: - role-to-assume: ${{ secrets.ECR_ROLE }} - role-duration-seconds: 3600 - role-session-name: KoskiDeploymentEcr-${{ github.event.inputs.environment }}-${{ github.event.inputs.commithash }} - aws-region: eu-west-1 - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - with: - registries: ${{ secrets.ECR_ACCOUNT_ID }} - mask-password: "true" - - - name: Check if container image already exists in ECR - env: - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - ECR_REPOSITORY: koski - IMAGE_TAG: ${{ github.event.inputs.commithash }} - id: check-image - run: | - echo "image-exists=$(docker manifest inspect $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG > /dev/null 2>&1 ; echo $?)" >> $GITHUB_OUTPUT - - - name: Cache Maven packages - uses: actions/cache@v3 - if: steps.check-image.outputs.image-exists != '0' - with: - path: ~/.m2/repository - key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} - restore-keys: | - ${{ runner.os }}-maven- - - - name: Cache Node modules - uses: actions/cache@v3 - if: steps.check-image.outputs.image-exists != '0' - with: - path: ~/.npm - key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-node- - - - name: Set up Java 11 - uses: actions/setup-java@v4 - if: steps.check-image.outputs.image-exists != '0' - with: - java-version: "11" - architecture: "x64" - distribution: "zulu" - cache: "maven" - - - name: Setup settings.xml - uses: s4u/maven-settings-action@v2.8.0 - if: steps.check-image.outputs.image-exists != '0' - with: - servers: '[{"id": "github","configuration": {"httpHeaders": {"property": {"name": "Authorization","value": "Bearer ${{ secrets.GITHUB_TOKEN }}"}}}}]' - - - name: Build application and publish it to Github Packages - if: steps.check-image.outputs.image-exists != '0' - run: make dist version=${{ github.event.inputs.commithash }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Build, tag, and push image to Amazon ECR - if: steps.check-image.outputs.image-exists != '0' - env: - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - ECR_REPOSITORY: koski - IMAGE_TAG: ${{ github.event.inputs.commithash }} - run: | - docker build -f docker-build/Dockerfile -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG --build-arg KOSKI_VERSION=$IMAGE_TAG . - docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1-node16 with: diff --git a/.github/workflows/publish_image.yml b/.github/workflows/publish_image.yml new file mode 100644 index 0000000000..b1d4fc4eaf --- /dev/null +++ b/.github/workflows/publish_image.yml @@ -0,0 +1,96 @@ +name: Publish +on: + workflow_dispatch: + inputs: + commithash: + description: "Commit hash (version) of the image to package and publish" + required: true +env: + DOCKER_BUILDKIT: 1 + SSH_AUTH_SOCK: /tmp/ssh_agent.sock + +jobs: + publish: + name: Publish Koski Docker image + runs-on: ubuntu-20.04 + permissions: + id-token: write + contents: read + packages: write + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ inputs.commithash }} + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1-node16 + with: + role-to-assume: ${{ secrets.ECR_ROLE }} + role-duration-seconds: 3600 + role-session-name: KoskiPublishEcr-${{ inputs.commithash }} + aws-region: eu-west-1 + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + with: + registries: ${{ secrets.ECR_ACCOUNT_ID }} + mask-password: "true" + + - name: Check if container image already exists in ECR + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REPOSITORY: koski + IMAGE_TAG: ${{ inputs.commithash }} + id: check-image + run: | + echo "image-exists=$(docker manifest inspect $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG > /dev/null 2>&1 ; echo $?)" >> $GITHUB_OUTPUT + + - name: Cache Maven packages + uses: actions/cache@v3 + if: steps.check-image.outputs.image-exists != '0' + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + + - name: Set up Java 11 + uses: actions/setup-java@v4 + if: steps.check-image.outputs.image-exists != '0' + with: + java-version: "11" + architecture: "x64" + distribution: "zulu" + cache: "maven" + + - name: Setup settings.xml + uses: s4u/maven-settings-action@v2.8.0 + if: steps.check-image.outputs.image-exists != '0' + with: + servers: '[{"id": "github","configuration": {"httpHeaders": {"property": {"name": "Authorization","value": "Bearer ${{ secrets.GITHUB_TOKEN }}"}}}}]' + + - name: Restore target dir + uses: actions/cache/restore@v4 + with: + path: "target/" + key: ${{ runner.os }}-target-${{ inputs.commithash }} + fail-on-cache-miss: "true" + + - name: Build application and publish it to Github Packages + if: steps.check-image.outputs.image-exists != '0' + run: | + make dist version=${{ inputs.commithash }} + mvn war:war deploy:deploy --batch-mode -Dmaven.skip.install=true -DaltDeploymentRepository=github::default::https://maven.pkg.github.com/Opetushallitus/koski + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Build, tag, and push image to Amazon ECR + if: steps.check-image.outputs.image-exists != '0' + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REPOSITORY: koski + IMAGE_TAG: ${{ inputs.commithash }} + run: | + docker build -f docker-build/Dockerfile -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG --build-arg KOSKI_VERSION=$IMAGE_TAG . + docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG