checkpoint-explorer/.github/workflows/cd.yaml at cdc49ac05e3987f55e67d3bc65b405630d739cfa · alpenlabs/checkpoint-explorer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
name: Kubernetes CI/CD

on:
  # push:
  #   branches:
  #     - main
  pull_request:
    branches:
      - main
    types:
      - closed
  workflow_dispatch:
    inputs:
      environment:
        description: 'Select environment'
        required: true
        default: 'staging'
        type: choice
        options:
          - staging
          # currently we do not support cd to production, its only for future reference
          - production
env:
  CI: false
  COMMIT: ${{ github.sha }}
permissions:
  contents: read
  pull-requests: read
jobs:
  detect-changes:
    # only run this job when a PR is merged or manually triggered
    if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'
    name: Detect Changes
    runs-on: ubuntu-latest
    env:
      # select environment based on branch or manual input
      ENVIRONMENT: ${{ inputs.environment || (github.ref == 'refs/heads/main' && 'staging') }}
    outputs:
      frontend_changed: ${{ steps.filter.outputs.frontend }}
      backend_changed: ${{ steps.filter.outputs.backend }}
      environment: ${{ env.ENVIRONMENT }}
    steps:
      - uses: actions/checkout@v3
      - name: Check changed files
        id: filter
        uses: dorny/paths-filter@v2
        with:
          filters: |
            frontend:
              - 'frontend/**'
            backend:
              - 'backend/**'
  build-and-push:
    permissions:
      id-token: write
    name: Build and Push Docker Images
    runs-on: ubuntu-latest
    needs: detect-changes
    environment: ${{ needs.detect-changes.outputs.environment }}
    strategy:
      matrix:
        service: [frontend, backend]
    outputs:
      service: ${{ matrix.service }}
    steps:
      - uses: actions/checkout@v3
      - name: Configure AWS ECR Details
        uses: aws-actions/configure-aws-credentials@v3
        with:
          role-to-assume: ${{ secrets.AWS_ECR_ROLE }}
          aws-region: us-east-1
      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1
        with:
          mask-password: "true"
      - name: Build and push Docker image
        id: build-and-push
        if: |
          (matrix.service == 'frontend' && needs.detect-changes.outputs.frontend_changed == 'true') ||
          (matrix.service == 'backend' && needs.detect-changes.outputs.backend_changed == 'true')
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPOSITORY_PREFIX: ${{ vars.ECR_REPOSITORY_PREFIX }}
        run: |
          IMAGE_TAG=${COMMIT::7}
          SERVICE="${{ matrix.service }}"
          echo "Building and pushing $SERVICE image with tag $IMAGE_TAG"

          DOCKERFILE_PATH="$SERVICE/Dockerfile"
          CONTEXT_DIR="$SERVICE"
          ECR_REPOSITORY="$ECR_REPOSITORY_PREFIX/${SERVICE}"

          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f $DOCKERFILE_PATH $CONTEXT_DIR
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
  update-helm-values:
    name: Update Helm Values
    needs: [build-and-push, detect-changes]
    runs-on: ubuntu-latest
    environment: ${{ needs.detect-changes.outputs.environment }}
    steps:
      - name: Set up SSH for private repo access
        uses: webfactory/ssh-agent@v0.7.0
        with:
          ssh-private-key: ${{ secrets.DEPLOYMENTS_REPO_WRITE }}
      - name: Clone deployments repo (specific branch)
        env:
          BRANCH_OF_DEPLOYMENT_REPO: ${{ vars.BRANCH_OF_DEPLOYMENT_REPO }}
        run: |
          git clone --depth=1 --branch $BRANCH_OF_DEPLOYMENT_REPO git@github.com:alpenlabs/deployments.git deployments
          cd deployments
          git checkout $BRANCH_OF_DEPLOYMENT_REPO

      - name: Install yq
        run: |
          sudo wget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/local/bin/yq
          sudo chmod +x /usr/local/bin/yq

      - name: Update Docker image tag in Helm values
        env:
          CLUSTER_NAME: ${{ vars.CLUSTER_NAME }}
        run: |
          SHORT_TAG=${COMMIT::7}
          VALUES_FILE="deployments/clusters/$CLUSTER_NAME/values/strata-apps-values.yaml"

          if [[ "${{ needs.detect-changes.outputs.frontend_changed }}" == "true" ]]; then
            echo "Updating frontend tag in $VALUES_FILE"
            yq eval -i ".batchExpFe.image.tag = strenv(SHORT_TAG)" $VALUES_FILE
          fi
          if [[ "${{ needs.detect-changes.outputs.backend_changed }}" == "true" ]]; then
            echo "Updating backend tag in $VALUES_FILE"
            yq eval -i ".batchExpBe.image.tag = strenv(SHORT_TAG)" $VALUES_FILE
          fi
      - name: Commit and push changes
        env:
          GH_ACTIONS_USER_NAME: ${{ vars.GH_ACTIONS_USER_NAME }}
          CLUSTER_NAME: ${{ vars.CLUSTER_NAME }}
          BRANCH_OF_DEPLOYMENT_REPO: ${{ vars.BRANCH_OF_DEPLOYMENT_REPO }}
        run: |
          SHORT_TAG=${COMMIT::7}
          cd deployments
          git config user.name "$GH_ACTIONS_USER_NAME"
          git config user.email "$GH_ACTIONS_USER_NAME@alpenlabs.io"

          if git diff --quiet; then
            echo "No changes to commit."
          else
            git add clusters/$CLUSTER_NAME/values
            git commit -m "Update image tags to $SHORT_TAG for updated services"
            git pull --rebase origin $BRANCH_OF_DEPLOYMENT_REPO
            git push origin $BRANCH_OF_DEPLOYMENT_REPO
          fi