BC-7234 - lerne inject #184

Workflow file for this run

	name: Push Workflow
	on: [push, pull_request]

	permissions:
	contents: read

	env:
	tenants: "dbc"

	jobs:
	branch_meta:
	runs-on: ubuntu-latest
	outputs:
	branch: ${{ steps.extract_branch_meta.outputs.branch }}
	sha: ${{ steps.extract_branch_meta.outputs.sha }}
	steps:
	- name: Extract branch meta
	shell: bash
	id: extract_branch_meta
	env:
	PR_HEAD_REF: ${{ github.event.pull_request.head.ref }}
	PR_HEAD_SHA: ${{ github.event.pull_request.head.sha }}
	BRANCH_REF_NAME: ${{ github.ref_name}}
	BRANCH_SHA: ${{ github.sha }}
	run: \|
	if [ "${{ github.event_name }}" == 'pull_request' ]; then
	echo "branch=devops-$PR_HEAD_REF" >> $GITHUB_OUTPUT
	echo "sha=$PR_HEAD_SHA" >> $GITHUB_OUTPUT
	else
	echo "branch=devops-$BRANCH_REF_NAME" >> $GITHUB_OUTPUT
	echo "sha=$BRANCH_SHA" >> $GITHUB_OUTPUT
	fi

	test:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: 17
	distribution: temurin
	cache: maven

	- name: run Test
	env:
	SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
	run: \|
	mvn verify sonar:sonar \
	-Dsonar.host.url=https://sonarcloud.io \
	-Dsonar.organization=schulcloud-verbund \
	-Dsonar.projectKey=hpi-schul-cloud_doido-mongo

	- name: Upload Report
	uses: actions/upload-artifact@v4
	if: always()
	with:
	name: report
	path: target/jacoco-report



	build:
	runs-on: ubuntu-latest
	needs:
	- branch_meta
	permissions:
	packages: write
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: 17
	distribution: temurin
	cache: maven

	- name: build
	run: \|
	./mvnw install -Dnative -Dquarkus.native.container-build=true
	ls -la

	- name: Login to registry
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Docker meta Service Name
	id: docker_meta_img
	uses: docker/metadata-action@v5
	with:
	images: ghcr.io/${{ github.repository }}
	tags: \|
	type=ref,event=branch,enable=false,priority=600
	type=sha,enable=true,priority=600,prefix=

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: test image exists
	run: \|
	echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }} > /dev/null && echo 1 \|\| echo 0)" >> $GITHUB_ENV


	- name: Build and push ${{ github.repository }}
	if: ${{ env.IMAGE_EXISTS == 0 }}
	uses: docker/build-push-action@v5
	with:
	context: .
	file: ./src/main/docker/Dockerfile.native
	platforms: linux/amd64
	push: true
	pull: true
	tags: ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }}
	labels: ${{ steps.docker_meta_img.outputs.labels }}

	create_branch_identifier:
	needs:
	- branch_meta
	uses: hpi-schul-cloud/dof_app_deploy/.github/workflows/branch-to-namespace.yml@main
	with:
	branch: ${{ needs.branch_meta.outputs.branch }}

	create_artifacts_repos:
	runs-on: ubuntu-latest
	needs:
	- branch_meta
	strategy:
	matrix:
	repos:
	- dof_app_deploy
	- doido-mongo
	steps:
	- run: \|
	echo "git_ref_name=${{ needs.branch_meta.outputs.branch }}" >> $GITHUB_ENV
	echo git_ref_name ${{ needs.branch_meta.outputs.branch }}
	- uses: actions/checkout@v4
	with:
	repository: hpi-schul-cloud/${{ matrix.repos }}
	token: ${{ secrets.GITHUB_TOKEN }}
	path: ${{ matrix.repos }}
	fetch-depth: 0
	- working-directory: ${{github.workspace }}/${{ matrix.repos }}
	shell: bash
	run: \|
	git checkout ${{ env.git_ref_name }} \|\| true
	commit_id=$(git rev-parse HEAD)
	mkdir -pv ansible/group_vars/all
	ansible_varname=$(echo ${{ matrix.repos }} \| tr [a-z] [A-Z] \| tr - _ \| tr \. _ \| tr [:blank:] _ )
	filename=$(echo ${ansible_varname} \| tr [A-Z] [a-z] )
	reponame=$(echo ${filename} \| tr _ - )
	branch_varname=$(echo ${{ needs.branch_meta.outputs.branch }} \| tr -d [:cntrl:] \| tr / \. \| tr [:blank:] _ )
	for i in ${{ env.tenants }}; do
	mkdir -pv ansible/host_vars/${i}_host
	echo "${ansible_varname}_IMAGE_TAG: $commit_id" >> ansible/host_vars/${i}_host/$filename.yml
	echo "${ansible_varname}_BRANCH_NAME: ${branch_varname}" >> ansible/host_vars/${i}_host/$filename.yml
	echo "${ansible_varname}_REPO_NAME: ${reponame}" >> ansible/host_vars/${i}_host/$filename.yml
	done
	- run: tar -cf ${{ matrix.repos }}.tar ansible
	working-directory: ${{github.workspace }}/${{ matrix.repos }}
	- uses: actions/upload-artifact@v4
	with:
	name: ${{ matrix.repos }}
	path: ${{github.workspace }}/${{ matrix.repos }}/${{ matrix.repos }}.tar

	create_artifacts_workspaces:
	runs-on: ubuntu-latest
	needs:
	- create_branch_identifier
	strategy:
	matrix:
	tenants: [ dbc ]
	steps:
	- shell: bash
	run: \|
	mkdir -pv ansible/host_vars/${{ matrix.tenants }}_host
	- shell: bash
	working-directory: ${{github.workspace }}/ansible/host_vars/${{ matrix.tenants }}_host
	run: \|
	echo "NAMESPACE: ${{ needs.create_branch_identifier.outputs.id_branch }}" > cfg_host.yml
	echo "DOMAIN: ${{ needs.create_branch_identifier.outputs.id_branch }}.${{ matrix.tenants }}.dbildungscloud.dev" >> cfg_host.yml
	- run: tar -cf ${{ matrix.tenants }}.tar ansible
	- uses: actions/upload-artifact@v4
	with:
	name: ${{ matrix.tenants }}
	path: ${{github.workspace }}/${{ matrix.tenants }}.tar

	deploy:
	runs-on: ubuntu-latest
	name: deploy dbc
	needs:
	- create_artifacts_repos
	- create_artifacts_workspaces
	- build
	steps:
	- uses: actions/download-artifact@v4
	- run: ls -R
	- run: mv /.tar ./
	- run: find -name "*.tar" -exec tar -xf {} \;
	- run: tar -cf dbc-ansible.tar ansible
	- uses: actions/upload-artifact@v4
	with:
	name: debug-dbc-ansible
	path: ${{github.workspace }}/dbc-ansible.tar
	overwrite: true
	- shell: bash
	run: \|
	python3 -m pip install kubernetes 'urllib3>=1.26.16'

	- name: TLS
	working-directory: ${{github.workspace }}/ansible/group_vars
	run: \|
	echo "TLS_ENABLED: \"true\"" >> develop/dof_deploy.yml

	- name: 1Password
	working-directory: ${{github.workspace }}/ansible/group_vars
	run: \|
	echo "ONEPASSWORD_OPERATOR_VAULT: ${{ secrets.DEV_VAULT_DBC }}" >> develop/dof_deploy.yml

	- run: ansible-galaxy install -r ansible/collections/requirements.yml
	- working-directory: ${{github.workspace }}/ansible/roles/sys
	run: \|
	mkdir files
	echo "${{ secrets.DEV_KUBE_CONFIG_DBC }}" > files/config
	# It's necessary for the ansible k8s module to define proxy options as environment vars
	# (doesn't use the proxy defined in kubeconfig)
	# https://github.com/kubernetes-client/python/issues/1862
	# https://docs.ansible.com/ansible/latest/collections/kubernetes/core/k8s_module.html#parameter-proxy
	# Format in kubeconfig is <protocoll>://<user>:<password>@<domain>:<port>
	# Set K8S_AUTH_PROXY=<protocoll>://<domain>:<port>
	# Set K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH=<user>:<password>
	# If proxy-url is not defined in the kubeconfig no variables are set
	- name: Set proxy environment variable if included in the kubeconfig
	working-directory: ${{github.workspace }}/ansible/roles/sys/files
	run: \|
	yq ".clusters[0].cluster.proxy-url" config \| sed -nr 's+(.//).@(.*)+K8S_AUTH_PROXY=\1\2+p' >> $GITHUB_ENV
	yq ".clusters[0].cluster.proxy-url" config \| sed -nr 's+.//(.)@.*+K8S_AUTH_PROXY_HEADERS_PROXY_BASIC_AUTH=\1+p' >> $GITHUB_ENV
	- run: ansible-playbook ./playbock-operator.yml --inventory-file hosts --limit "dbc_host" -e 'ansible_python_interpreter=/usr/bin/python3'
	working-directory: ${{github.workspace }}/ansible
	- working-directory: ${{github.workspace }}/ansible/roles/sys/files
	run: \|
	rm -rf /config

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

BC-7234 - lerne inject #184

Workflow file

BC-7234 - lerne inject #184

Jobs

Run details

Workflow file for this run