-
Notifications
You must be signed in to change notification settings - Fork 13
125 lines (125 loc) · 4.69 KB
/
cd-runtime.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
name: cd-runtime
on:
workflow_dispatch:
inputs:
environment:
description: "environment"
required: true
default: "stage"
type: choice
options:
- stage
- prod
releasetag:
description: "releasetag"
required: true
type: string
push:
branches:
- main
env:
GOPRIVATE: "github.com/dgraph-io/*,github.com/gohypermode/*,github.com/hypermodeAI/*"
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
jobs:
runtime-build-push:
if: ${{ github.event_name == 'push' }}
environment: stage
runs-on: warp-ubuntu-latest-x64-16x
steps:
- name: Configure git for private modules
env:
TOKEN: ${{ secrets.GO_PRIVATE_MODULES }}
run: git config --global url."https://admin-hypermode:${TOKEN}@github.com".insteadOf "https://github.com"
- uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
check-latest: true
- name: Runtime Git SHA
run: |
RUNTIME_GIT_SHA=$(git rev-parse --short HEAD)
echo "runtime git sha "$RUNTIME_GIT_SHA
echo "RUNTIME_GIT_SHA=$RUNTIME_GIT_SHA" >> $GITHUB_ENV
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: "${{ vars.AWS_ROLE }}"
role-session-name: CD_RUNTIME
aws-region: "${{ vars.AWS_REGION }}"
- name: Login to Amazon ECR
uses: aws-actions/amazon-ecr-login@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push runtime docker image
uses: docker/build-push-action@v6
with:
context: .
cache-from: type=gha
cache-to: type=gha,mode=max
platforms: linux/amd64,linux/arm64
push: true
# see https://github.com/docker/build-push-action/issues/755 for why provenance=false
provenance: false
tags: |
${{ vars.AWS_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com/hypermode/runtime:main-${{ env.RUNTIME_GIT_SHA }}
${{ vars.AWS_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com/hypermode/runtime:latest
runtime-build-workflow-dispatch:
if: ${{ github.event_name == 'workflow_dispatch' }}
environment: "${{ github.event.inputs.environment }}"
runs-on: warp-ubuntu-latest-x64-16x
steps:
- name: Configure git for private modules
env:
TOKEN: ${{ secrets.GO_PRIVATE_MODULES }}
run: git config --global url."https://admin-hypermode:${TOKEN}@github.com".insteadOf "https://github.com"
- uses: actions/checkout@v4
with:
ref: "${{ github.event.inputs.releasetag }}"
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version-file: "go.mod"
check-latest: true
- name: Set Runtime Release Version
run: |
#!/bin/bash
GIT_TAG_NAME='${{ github.event.inputs.releasetag }}'
if [[ "$GIT_TAG_NAME" == "v"* ]];
then
echo "this is a release tag"
else
echo "this is NOT a release tag"
exit 1
fi
RUNTIME_RELEASE_VERSION=$(echo $GIT_TAG_NAME | sed 's/runtime-//')
echo "making a new release for runtime "$RUNTIME_RELEASE_VERSION
echo "RUNTIME_RELEASE_VERSION=$RUNTIME_RELEASE_VERSION" >> $GITHUB_ENV
- name: Runtime Git SHA
run: |
RUNTIME_GIT_SHA=$(git rev-parse --short HEAD)
echo "runtime git sha "$RUNTIME_GIT_SHA
echo "RUNTIME_GIT_SHA=$RUNTIME_GIT_SHA" >> $GITHUB_ENV
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: "${{ vars.AWS_ROLE }}"
role-session-name: CD_RUNTIME
aws-region: "${{ vars.AWS_REGION }}"
- name: Login to Amazon ECR
uses: aws-actions/amazon-ecr-login@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push runtime docker image
uses: docker/build-push-action@v6
with:
context: .
cache-from: type=gha
cache-to: type=gha,mode=max
platforms: linux/amd64,linux/arm64
push: true
# see https://github.com/docker/build-push-action/issues/755 for why provenance=false
provenance: false
tags: ${{ vars.AWS_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com/hypermode/runtime:${{ env.RUNTIME_RELEASE_VERSION }}-${{ env.RUNTIME_GIT_SHA }}