AUT-250 - Getting deploy pipeline for autograph-monitor fixed (#985) #45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
tags: | |
- '[0-9]+.[0-9a-z]+.[0-9a-z]+' | |
jobs: | |
docker: | |
name: Docker Images | |
runs-on: ubuntu-22.04 | |
environment: build | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Clone repository | |
uses: actions/checkout@v4 | |
- name: Setup Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Docker Metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ vars.DOCKERHUB_REPO }} | |
${{ vars.GAR_LOCATION }}-docker.pkg.dev/${{ vars.GCP_PROJECT_ID }}/${{ vars.GAR_REPOSITORY}}/autograph | |
tags: | | |
type=semver,pattern={{raw}} | |
type=raw,value=latest,enable={{is_default_branch}} | |
- name: Generate version.json | |
shell: bash | |
run: make generate | |
- id: gcp-auth | |
uses: google-github-actions/auth@v2 | |
with: | |
token_format: 'access_token' | |
service_account: artifact-writer@${{ vars.GCP_PROJECT_ID}}.iam.gserviceaccount.com | |
workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }} | |
- name: Login to Google Artifact Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ vars.GAR_LOCATION }}-docker.pkg.dev | |
username: oauth2accesstoken | |
password: ${{ steps.gcp-auth.outputs.access_token }} | |
- name: Login to Dockerhub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ vars.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Build and push | |
uses: docker/build-push-action@v6 | |
with: | |
push: ${{ github.event_name != 'pull_request' }} | |
sbom: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
context: . | |
monitor: | |
name: Build Monitor Lambda Zip | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: write | |
env: | |
GH_TOKEN: ${{ github.token }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version-file: 'go.mod' | |
- name: Build monitor | |
run: | | |
cd tools/autograph-monitor | |
make build | |
- name: Create release draft if a release doesn't exist yet | |
run: | | |
EXISTING_RELEASE=$(gh release view $GITHUB_REF_NAME --json="id" || echo '') | |
if [[ -z $EXISTING_RELEASE ]]; then | |
gh release create $GITHUB_REF_NAME --generate-notes -d | |
fi | |
- name: Upload zip package to release | |
run: | | |
gh release upload $GITHUB_REF_NAME "$RUNNER_TEMP/tools/autograph-monitor/autograph-monitor.zip" --clobber |