Skip to content
Build Images and Create Deployment

build-images-for-staging #977

Sign in to view logs

build-images-for-staging

build-images-for-staging #977

Workflow file for this run

.github/workflows/build-images-and-create-deployment.yml at c9c8015
name: Build Images and Create Deployment
on:
push:
branches:
- main
- prod
repository_dispatch:
types: [build-images-for-staging]
env:
# Force using BuildKit instead of normal Docker, required so that metadata
# is written/read to allow us to use layers of previous builds as cache.
DOCKER_BUILDKIT: 1
COMPOSE_DOCKER_CLI_BUILD: 1
DOCKER_REPO: ${{ secrets.ECR_REPO }}/
GITHUB_BRANCH: ${{ github.event.client_payload.ref || github.ref }}
permissions:
id-token: write
contents: read
deployments: write
jobs:
build_images:
strategy:
matrix:
image:
- frontend # pushed both the frontend and backend images
- upload_failures
- upload_success
- dataset_submissions
- processing
- wmg_processing
- cellguide_pipeline
runs-on: ubuntu-22.04
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: us-west-2
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-duration-seconds: 1800
- name: Login to ECR
uses: docker/login-action@v1
with:
registry: ${{ secrets.ECR_REPO }}
- uses: actions/checkout@v2
with:
ref: ${{ env.GITHUB_BRANCH }}
fetch-depth: 1
- name: Install happy
uses: chanzuckerberg/github-actions/.github/actions/[email protected]
with:
happy_version: "0.110.1"
- name: Push images
run: |
echo "HAPPY_COMMIT=$(git rev-parse --verify HEAD)" >> envfile
echo "HAPPY_BRANCH=$(git branch --show-current)" >> envfile
happy push devstack --env dev --slice ${{ matrix.image }} \
--docker-compose-env-file envfile --aws-profile "" \
--tags sha-${GITHUB_SHA:0:8},branch-$(echo ${GITHUB_REF#refs/heads/} | sed 's/[\+\/]/-/g')
- uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
fields: repo,commit,author,eventName,workflow,job,mention
mention: "here"
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
if: failure() && (env.GITHUB_BRANCH == 'refs/heads/main' || env.GITHUB_BRANCH == 'refs/heads/staging' || env.GITHUB_BRANCH == 'refs/heads/prod')
create_deployment:
needs:
- build_images
runs-on: ubuntu-22.04
steps:
- name: Generate payload
run: |
echo "payload={\"tag\":\"sha-${GITHUB_SHA:0:8}\"}" >> $GITHUB_ENV
if [[ "${{ env.GITHUB_BRANCH }}" == "refs/heads/prod" ]]; then
echo "DEPLOYMENT_STAGE=prod" >> $GITHUB_ENV
elif [[ "${{ env.GITHUB_BRANCH }}" == "refs/heads/staging" ]]; then
echo "DEPLOYMENT_STAGE=stage" >> $GITHUB_ENV
else
echo "DEPLOYMENT_STAGE=dev" >> $GITHUB_ENV
fi
- uses: avakar/create-deployment@v1
# TODO remove if conidition after pentest on October 31st 2023
if: env.GITHUB_BRANCH == 'refs/heads/staging' || env.GITHUB_BRANCH == 'refs/heads/prod'
with:
auto_merge: false
environment: ${{ env.DEPLOYMENT_STAGE }}
payload: ${{ env.payload }}
required_contexts: "" # Temporary hack to avoid checking Github Status for the commit
# TODO: Avoid circular dependency on the deploy step; this step hasn't finished yet so
# it's not considered ready for deploy normally by required_contexts, but we need to
# deploy for this to be considered ready.
# Unfortunately there is no blocklist for required_contexts, only an allowlist, so
# we'd have to enumerate every other Github PR status here, which can be constantly changing.
# For now, we just ignore required_contexts to deploy on every success.
# See https://github.community/t/can-i-avoid-creating-a-check-run-from-a-job-needed-for-deployments-api/16426
env:
GITHUB_TOKEN: ${{ secrets.CZIBUILDBOT_GITHUB_TOKEN }}