diff --git a/.github/workflows/branch-deploy.yml b/.github/workflows/branch-deploy.yml index 720ceee3f..3fb11c66f 100644 --- a/.github/workflows/branch-deploy.yml +++ b/.github/workflows/branch-deploy.yml @@ -2,7 +2,6 @@ name: "Infra: Feature Testing: Init env" on: workflow_dispatch: - pull_request: types: ['labeled'] @@ -19,19 +18,20 @@ jobs: with: ref: ${{ github.event.pull_request.head.sha }} token: ${{ github.token }} + - name: get branch name id: extract_branch run: | tag='pr${{ github.event.pull_request.number }}' echo "tag=${tag}" >> $GITHUB_OUTPUT - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: Set up JDK uses: actions/setup-java@v4 with: java-version: '17' distribution: 'zulu' cache: 'maven' + - name: Build id: build run: | @@ -39,41 +39,21 @@ jobs: ./mvnw -B -V -ntp clean package -Pprod -DskipTests export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec) echo "version=${VERSION}" >> $GITHUB_OUTPUT - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v3 - - name: Cache Docker layers - uses: actions/cache@v4 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - name: Configure AWS credentials for Kafka-UI account - uses: aws-actions/configure-aws-credentials@v4 + + - name: Build and Push Docker Image + uses: ./.github/workflows/docker_build.yml with: + tag: ${{ steps.extract_branch.outputs.tag }} + version: ${{ steps.build.outputs.version }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: eu-central-1 - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v2 - - name: Build and push - id: docker_build_and_push - uses: docker/build-push-action@v5 - with: - builder: ${{ steps.buildx.outputs.name }} - context: api - push: true - tags: 297478128798.dkr.ecr.eu-central-1.amazonaws.com/kafka-ui:${{ steps.extract_branch.outputs.tag }} - build-args: | - JAR_FILE=api-${{ steps.build.outputs.version }}.jar - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache + repository: 297478128798.dkr.ecr.eu-central-1.amazonaws.com/kafka-ui + build-context: api + outputs: tag: ${{ steps.extract_branch.outputs.tag }} + make-branch-env: needs: build runs-on: ubuntu-latest @@ -89,7 +69,7 @@ jobs: git config --global user.email "infra@kafbat.io" git config --global user.name "infra-tech" git add ../kafka-ui-from-branch/ - git commit -m "added env:${{ needs.build.outputs.deploy }}" && git push || true + git commit -m "added env:${{ needs.build.outputs.tag }}" && git push || true - name: update status check for private deployment if: ${{ github.event.label.name == 'status/feature_testing' }} @@ -98,7 +78,7 @@ jobs: authToken: ${{secrets.GITHUB_TOKEN}} context: "Click Details button to open custom deployment page" state: "success" - sha: ${{ github.event.pull_request.head.sha || github.sha }} + sha: ${{ github.event.pull_request.head.sha || github.sha }} target_url: "http://${{ needs.build.outputs.tag }}.internal.ui.kafbat.dev" - name: update status check for public deployment @@ -108,5 +88,5 @@ jobs: authToken: ${{secrets.GITHUB_TOKEN}} context: "Click Details button to open custom deployment page" state: "success" - sha: ${{ github.event.pull_request.head.sha || github.sha }} + sha: ${{ github.event.pull_request.head.sha || github.sha }} target_url: "http://${{ needs.build.outputs.tag }}.internal.ui.kafbat.dev" diff --git a/.github/workflows/build-public-image.yml b/.github/workflows/build-public-image.yml index ac48d29a0..d8da2b43a 100644 --- a/.github/workflows/build-public-image.yml +++ b/.github/workflows/build-public-image.yml @@ -17,17 +17,20 @@ jobs: with: ref: ${{ github.event.pull_request.head.sha }} token: ${{ github.token }} + - name: get branch name id: extract_branch run: | tag='${{ github.event.pull_request.number }}' echo "tag=${tag}" >> $GITHUB_OUTPUT + - name: Set up JDK uses: actions/setup-java@v4 with: java-version: '17' distribution: 'zulu' cache: 'maven' + - name: Build id: build run: | @@ -35,41 +38,13 @@ jobs: ./mvnw -B -V -ntp clean package -Pprod -DskipTests export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec) echo "version=${VERSION}" >> $GITHUB_OUTPUT - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v3 - - name: Cache Docker layers - uses: actions/cache@v4 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - name: Configure AWS credentials for Kafka-UI account - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-east-1 - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v2 - with: - registry-type: 'public' - - name: Build and push - id: docker_build_and_push - uses: docker/build-push-action@v5 + + - name: Build and Test Docker Image + uses: ./.github/workflows/docker_build.yml with: - builder: ${{ steps.buildx.outputs.name }} - context: api - push: true - tags: public.ecr.aws/kafbat/kafka-ui-custom-build:${{ steps.extract_branch.outputs.tag }} - build-args: | - JAR_FILE=api-${{ steps.build.outputs.version }}.jar - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache + tag: ${{ steps.extract_branch.outputs.tag }} + version: ${{ steps.build.outputs.version }} + - name: make comment with private deployment link uses: peter-evans/create-or-update-comment@v4 with: diff --git a/.github/workflows/cve_checks.yml b/.github/workflows/cve_checks.yml index 5df2d33bf..6d6d8c0ad 100644 --- a/.github/workflows/cve_checks.yml +++ b/.github/workflows/cve_checks.yml @@ -1,4 +1,5 @@ name: "Infra: CVE checks" + on: workflow_dispatch: schedule: @@ -17,6 +18,12 @@ jobs: with: token: ${{ github.token }} + - name: get branch name + id: extract_branch + run: | + tag='build-${{ github.sha }}' + echo "tag=${tag}" >> $GITHUB_OUTPUT + - name: Set up JDK uses: actions/setup-java@v4 with: @@ -32,34 +39,16 @@ jobs: export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec) echo "version=${VERSION}" >> $GITHUB_OUTPUT - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Cache Docker layers - uses: actions/cache@v4 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx- - - - name: Build docker image - uses: docker/build-push-action@v5 + - name: Build Docker Image + uses: ./.github/workflows/docker_build.yml with: - builder: ${{ steps.buildx.outputs.name }} - context: api - platforms: linux/amd64 - push: false - load: true - tags: | - ghcr.io/kafbat/kafka-ui:${{ steps.build.outputs.version }} - build-args: | - JAR_FILE=api-${{ steps.build.outputs.version }}.jar - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache + tag: ${{ steps.extract_branch.outputs.tag }} + version: ${{ steps.build.outputs.version }} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: eu-central-1 + repository: ghcr.io/kafbat/kafka-ui + build-context: api - name: Run CVE checks uses: aquasecurity/trivy-action@0.19.0 diff --git a/.github/workflows/docker_build.yml b/.github/workflows/docker_build.yml index 2c4f513d5..2c503fbe2 100644 --- a/.github/workflows/docker_build.yml +++ b/.github/workflows/docker_build.yml @@ -20,7 +20,7 @@ jobs: - name: Checkout uses: actions/checkout@v4 with: - ref: ${{ github.event.pull_request.head.sha }} + ref: ${{ inputs.sha }} token: ${{ github.token }} - name: Download maven artifacts diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7701b91e6..318e274c2 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,7 +1,7 @@ name: "Main: Build & deploy" + on: workflow_dispatch: - push: branches: [ "main" ] diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3a3c9de23..e68eef72c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,5 @@ name: "Infra: Release" + on: release: types: [ published ]