diff --git a/.github/workflows/alibabacloud.yml b/.github/workflows/alibabacloud.yml new file mode 100644 index 0000000..36cd34f --- /dev/null +++ b/.github/workflows/alibabacloud.yml @@ -0,0 +1,122 @@ +# This workflow will build and push a new container image to Alibaba Cloud Container Registry (ACR), +# and then will deploy it to Alibaba Cloud Container Service for Kubernetes (ACK), when there is a push to the "master" branch. +# +# To use this workflow, you will need to complete the following set-up steps: +# +# 1. Create an ACR repository to store your container images. +# You can use ACR EE instance for more security and better performance. +# For instructions see https://www.alibabacloud.com/help/doc-detail/142168.htm +# +# 2. Create an ACK cluster to run your containerized application. +# You can use ACK Pro cluster for more security and better performance. +# For instructions see https://www.alibabacloud.com/help/doc-detail/95108.htm +# +# 3. Store your AccessKey pair in GitHub Actions secrets named `ACCESS_KEY_ID` and `ACCESS_KEY_SECRET`. +# For instructions on setting up secrets see: https://developer.github.com/actions/managing-workflows/storing-secrets/ +# +# 4. Change the values for the REGION_ID, REGISTRY, NAMESPACE, IMAGE, ACK_CLUSTER_ID, and ACK_DEPLOYMENT_NAME. +# + +name: Build and Deploy to ACK + +on: + push: + branches: [ "master" ] + +# Environment variables available to all jobs and steps in this workflow. +env: + REGION_ID: cn-hangzhou + REGISTRY: registry.cn-hangzhou.aliyuncs.com + NAMESPACE: namespace + IMAGE: repo + TAG: ${{ github.sha }} + ACK_CLUSTER_ID: clusterID + ACK_DEPLOYMENT_NAME: nginx-deployment + + ACR_EE_REGISTRY: myregistry.cn-hangzhou.cr.aliyuncs.com + ACR_EE_INSTANCE_ID: instanceID + ACR_EE_NAMESPACE: namespace + ACR_EE_IMAGE: repo + ACR_EE_TAG: ${{ github.sha }} + +permissions: + contents: read + +jobs: + build: + runs-on: ubuntu-latest + environment: production + + steps: + - name: Checkout + uses: actions/checkout@v4 + + # 1.1 Login to ACR + - name: Login to ACR with the AccessKey pair + uses: aliyun/acr-login@v1 + with: + region-id: "${{ env.REGION_ID }}" + access-key-id: "${{ secrets.ACCESS_KEY_ID }}" + access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}" + + # 1.2 Build and push image to ACR + - name: Build and push image to ACR + run: | + docker build --tag "$REGISTRY/$NAMESPACE/$IMAGE:$TAG" . + docker push "$REGISTRY/$NAMESPACE/$IMAGE:$TAG" + + # 1.3 Scan image in ACR + - name: Scan image in ACR + uses: aliyun/acr-scan@v1 + with: + region-id: "${{ env.REGION_ID }}" + access-key-id: "${{ secrets.ACCESS_KEY_ID }}" + access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}" + repository: "${{ env.NAMESPACE }}/${{ env.IMAGE }}" + tag: "${{ env.TAG }}" + + # 2.1 (Optional) Login to ACR EE + - uses: actions/checkout@v4 + - name: Login to ACR EE with the AccessKey pair + uses: aliyun/acr-login@v1 + with: + login-server: "https://${{ env.ACR_EE_REGISTRY }}" + region-id: "${{ env.REGION_ID }}" + access-key-id: "${{ secrets.ACCESS_KEY_ID }}" + access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}" + instance-id: "${{ env.ACR_EE_INSTANCE_ID }}" + + # 2.2 (Optional) Build and push image ACR EE + - name: Build and push image to ACR EE + run: | + docker build -t "$ACR_EE_REGISTRY/$ACR_EE_NAMESPACE/$ACR_EE_IMAGE:$TAG" . + docker push "$ACR_EE_REGISTRY/$ACR_EE_NAMESPACE/$ACR_EE_IMAGE:$TAG" + # 2.3 (Optional) Scan image in ACR EE + - name: Scan image in ACR EE + uses: aliyun/acr-scan@v1 + with: + region-id: "${{ env.REGION_ID }}" + access-key-id: "${{ secrets.ACCESS_KEY_ID }}" + access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}" + instance-id: "${{ env.ACR_EE_INSTANCE_ID }}" + repository: "${{ env.ACR_EE_NAMESPACE}}/${{ env.ACR_EE_IMAGE }}" + tag: "${{ env.ACR_EE_TAG }}" + + # 3.1 Set ACK context + - name: Set K8s context + uses: aliyun/ack-set-context@v1 + with: + access-key-id: "${{ secrets.ACCESS_KEY_ID }}" + access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}" + cluster-id: "${{ env.ACK_CLUSTER_ID }}" + + # 3.2 Deploy the image to the ACK cluster + - name: Set up Kustomize + run: |- + curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash /dev/stdin 3.8.6 + - name: Deploy + run: |- + ./kustomize edit set image REGISTRY/NAMESPACE/IMAGE:TAG=$REGISTRY/$NAMESPACE/$IMAGE:$TAG + ./kustomize build . | kubectl apply -f - + kubectl rollout status deployment/$ACK_DEPLOYMENT_NAME + kubectl get services -o wide diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml new file mode 100644 index 0000000..746e72c --- /dev/null +++ b/.github/workflows/blank.yml @@ -0,0 +1,36 @@ +# This is a basic workflow to help you get started with Actions + +name: CI + +# Controls when the workflow will run +on: + # Triggers the workflow on push or pull request events but only for the "master" branch + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +# A workflow run is made up of one or more jobs that can run sequentially or in parallel +jobs: + # This workflow contains a single job called "build" + build: + # The type of runner that the job will run on + runs-on: ubuntu-latest + + # Steps represent a sequence of tasks that will be executed as part of the job + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v4 + + # Runs a single command using the runners shell + - name: Run a one-line script + run: echo Hello, world! + + # Runs a set of commands using the runners shell + - name: Run a multi-line script + run: | + echo Add other actions to build, + echo test, and deploy your project. diff --git a/profile/README.md b/profile/README.md new file mode 100644 index 0000000..e2d8eae --- /dev/null +++ b/profile/README.md @@ -0,0 +1,89 @@ +8## Hi there šŸ‘‹ + + +- uses: actions/setup-node@v4 + with: + # Version Spec of the version to use in SemVer notation. + # It also admits such aliases as lts/*, latest, nightly and canary builds + # Examples: 12.x, 10.15.1, >=10.15.0, lts/Hydrogen, 16-nightly, latest, node + node-version: '' + + # File containing the version Spec of the version to use. Examples: package.json, .nvmrc, .node-version, .tool-versions. + # If node-version and node-version-file are both provided the action will use version from node-version. + node-version-file: '' + + # Set this option if you want the action to check for the latest available version + # that satisfies the version spec. + # It will only get affect for lts Nodejs versions (12.x, >=10.15.0, lts/Hydrogen). + # Default: false + check-latest: false + + # Target architecture for Node to use. Examples: x86, x64. Will use system architecture by default. + # Default: ''. The action use system architecture by default + architecture: '' + + # Used to pull node distributions from https://github.com/actions/node-versions. + # Since there's a default, this is typically not supplied by the user. + # When running this action on github.com, the default value is sufficient. + # When running on GHES, you can pass a personal access token for github.com if you are experiencing rate limiting. + # + # We recommend using a service account with the least permissions necessary. Also + # when generating a new PAT, select the least scopes necessary. + # + # [Learn more about creating and using encrypted secrets](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets) + # + # Default: ${{ github.server_url == 'https://github.com' && github.token || '' }} + token: '' + + # Used to specify a package manager for caching in the default directory. Supported values: npm, yarn, pnpm. + # Package manager should be pre-installed + # Default: '' + cache: '' + + # Used to specify the path to a dependency file: package-lock.json, yarn.lock, etc. + # It will generate hash from the target file for primary key. It works only If cache is specified. + # Supports wildcards or a list of file names for caching multiple dependencies. + # Default: '' + cache-dependency-path: '' + + # Optional registry to set up for auth. Will set the registry in a project level .npmrc and .yarnrc file, + # and set up auth to read in from env.NODE_AUTH_TOKEN. + # Default: '' + registry-url: '' + + # Optional scope for authenticating against scoped registries. + # Will fall back to the repository owner when using the GitHub Packages registry (https://npm.pkg.github.com/). + # Default: '' + scope: '' + + # Set always-auth option in npmrc file. + # Default: '' + always-auth: '' + + # Optional mirror to download binaries from. + # Artifacts need to match the official Node.js + # Example: + # V8 Canaray Build: /download/v8-canary + # RC Build: /download/rc + # Official: Build /dist + # Nightly build: /download/nightly + # Default: '' + mirror: '' + + # Optional mirror token. + # The token will be used as a bearer token in the Authorization header + # Default: '' + mirror-token: ''