Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update flow to use different artifact registry #2716

Merged
merged 2 commits into from
Jan 31, 2025
Merged

Update flow to use different artifact registry #2716

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c3cf1e6
Update flow to use different artifact registry
dzmitrydd Dec 30, 2024
466839b
3199 separate base versions for prod and non-prod
dzmitrydd Jan 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 35 additions & 34 deletions .github/workflows/base.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,15 +17,19 @@ on:
required: true
type: string
secrets:
REGISTRY_URL:
ARTIFACTORY_REGISTRY_URL:
required: true
REGISTRY_USER:
ARTIFACTORY_AUTH2_USER:
required: true
REGISTRY_PASSWORD:
WFI_PROVIDER:
required: true
COMMON_HELMCHART_NAME:
WFI_SA:
required: true
COMMON_HELMCHART_VERSION:
BASE_HELMCHART_NAME:
required: true
BASE_HELMCHART_VERSION:
required: true
PROJECT_ID:
required: true
APP_NAME_BASE:
required: true
Expand All @@ -36,11 +40,14 @@ env:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
build-and-test:
permissions:
contents: 'read'
id-token: 'write'

runs-on: ubuntu-latest
env:
ACTIONS_STEP_DEBUG: true
REGISTRY_URL: ${{ secrets.REGISTRY_URL }}
VALUES_FILE: ${{ inputs.values-file }}

steps:
- uses: actions/checkout@v4
Expand All @@ -66,20 +73,29 @@ jobs:
- name: stylelint
run: yarn stylelint

- name: Login to registry
uses: docker/login-action@v2
- name: Authenticate to Cloud
id: auth
uses: 'google-github-actions/auth@v2'
with:
registry: ${{ secrets.REGISTRY_URL }}
username: ${{ secrets.REGISTRY_USER }}
password: ${{ secrets.REGISTRY_PASSWORD }}
token_format: access_token
project_id: ${{ secrets.PROJECT_ID }}
workload_identity_provider: ${{ secrets.WFI_PROVIDER }}
service_account: ${{ secrets.WFI_SA }}

- name: Login to artifactory
uses: docker/login-action@v3
with:
registry: ${{ secrets.ARTIFACTORY_REGISTRY_URL }}
username: ${{ secrets.ARTIFACTORY_AUTH2_USER }}
password: ${{ steps.auth.outputs.access_token }}

- name: Docker meta
id: meta
uses: docker/metadata-action@v4
with:
# list of Docker images to use as base name for tags
images: |
${{ secrets.REGISTRY_URL }}/${{ inputs.image-name }}
${{ secrets.ARTIFACTORY_REGISTRY_URL }}/${{ secrets.PROJECT_ID }}/apps-docker-repo/${{ inputs.image-name }}
# generate Docker tags based on the following events/attributes
# This is our main tag for image in form sha-XXXXXX which we will use in helm values file (see "Preparation and Helm chart packaging" job)
tags: |
Expand All @@ -98,21 +114,6 @@ jobs:
# Image will be tagged with all tags from "Docker meta" step
tags: ${{ steps.meta.outputs.tags }}

package:
needs: build-and-test
runs-on: ubuntu-20.04 # Gitversion requires .NET SDK 3.1
env:
ACTIONS_STEP_DEBUG: true
REGISTRY_URL: ${{ secrets.REGISTRY_URL }}
VALUES_FILE: ${{ inputs.values-file }}
COMMON_HELMCHART_VER: ${{ secrets.COMMON_HELMCHART_VERSION }}

steps:
- uses: actions/checkout@v3
name: Code checkout
with:
fetch-depth: 0

# install Gitversion to obtain semver version
- name: Install GitVersion
uses: gittools/actions/gitversion/[email protected]
Expand All @@ -134,11 +135,11 @@ jobs:

- name: Preparation and Helm chart packaging
run: |
echo ${{ secrets.REGISTRY_PASSWORD }} | helm registry login ${{ secrets.REGISTRY_URL }} --username ${{ secrets.REGISTRY_USER }} --password-stdin
echo ${{ steps.auth.outputs.access_token }} | helm registry login ${{ secrets.ARTIFACTORY_REGISTRY_URL }} --username ${{ secrets.ARTIFACTORY_AUTH2_USER }} --password-stdin
mkdir helmchart && cd ./helmchart # helm cannot untar file to the repo with the same name as a package. To avoid error we create temp folder
helm pull oci://${{ secrets.REGISTRY_URL }}/helm/${{ secrets.COMMON_HELMCHART_NAME }} --version ${COMMON_HELMCHART_VER} --untar
helm pull oci://${{ secrets.ARTIFACTORY_REGISTRY_URL }}/${{ secrets.PROJECT_ID }}/apps-docker-repo/helm/${{ secrets.BASE_HELMCHART_NAME }} --version ${{ secrets.BASE_HELMCHART_VERSION }} --untar
echo "[INFO] Replace Docker image tag in helm chart..."
sed -i -e "s/tag: latest/tag: sha-${GITVERSION_SHORTSHA}/g" ${{ secrets.COMMON_HELMCHART_NAME }}/${VALUES_FILE}
sed -i -e "s/tag: latest/tag: sha-${GITVERSION_SHORTSHA}/g" ${{ secrets.BASE_HELMCHART_NAME }}/${VALUES_FILE}

- name: Packaging and Uploading Helm Chart
run: |
Expand All @@ -149,8 +150,8 @@ jobs:
echo "[INFO] ${helm_tag}..."

echo "[INFO] Replace Helm Chart package version..."
sed -i -e "s/version: ${COMMON_HELMCHART_VER}/version: ${helm_tag}/g" ${{ secrets.COMMON_HELMCHART_NAME }}/Chart.yaml
sed -i -e "s/version: ${{ secrets.BASE_HELMCHART_VERSION }}/version: ${helm_tag}/g" ${{ secrets.BASE_HELMCHART_NAME }}/Chart.yaml
echo "[INFO] Changing Helm Chart package name..."
sed -i -e "s/name: ${{ secrets.COMMON_HELMCHART_NAME }}/name: ${{ secrets.APP_NAME_BASE }}/g" ${{ secrets.COMMON_HELMCHART_NAME }}/Chart.yaml
helm package ${{ secrets.COMMON_HELMCHART_NAME }}
helm push ${{ secrets.APP_NAME_BASE }}-${helm_tag}.tgz oci://${{ secrets.REGISTRY_URL }}/helm
sed -i -e "s/name: ${{ secrets.BASE_HELMCHART_NAME }}/name: ${{ secrets.APP_NAME_BASE }}/g" ${{ secrets.BASE_HELMCHART_NAME }}/Chart.yaml
helm package ${{ secrets.BASE_HELMCHART_NAME }}
helm push ${{ secrets.APP_NAME_BASE }}-${helm_tag}.tgz oci://${{ secrets.ARTIFACTORY_REGISTRY_URL }}/${{ secrets.PROJECT_ID }}/apps-docker-repo/helm
12 changes: 7 additions & 5 deletions .github/workflows/dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,13 @@ jobs:
# Call all jobs from base.yml
uses: ./.github/workflows/base.yml
secrets:
REGISTRY_URL: ${{ secrets.REGISTRY_URL }}
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
COMMON_HELMCHART_NAME: ${{ secrets.COMMON_HELMCHART_NAME }}
COMMON_HELMCHART_VERSION: ${{ secrets.COMMON_HELMCHART_VERSION_NONPROD }}
BASE_HELMCHART_VERSION: ${{ secrets.BASE_HELMCHART_VERSION_NONPROD }}
BASE_HELMCHART_NAME: ${{ secrets.BASE_HELMCHART_NAME }}
WFI_PROVIDER: ${{ secrets.WFI_PROVIDER }}
WFI_SA: ${{ secrets.WFI_SA }}
PROJECT_ID: ${{ secrets.PROJECT_ID }}
ARTIFACTORY_REGISTRY_URL: ${{ secrets.ARTIFACTORY_REGISTRY_URL }}
ARTIFACTORY_AUTH2_USER: ${{ secrets.ARTIFACTORY_AUTH2_USER }}
APP_NAME_BASE: ${{ secrets.APP_NAME_DEV }}
with:
values-file: values.dev.yaml
Expand Down
12 changes: 7 additions & 5 deletions .github/workflows/prod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,14 @@ jobs:
# Call all jobs from base.yml
uses: ./.github/workflows/base.yml
secrets:
REGISTRY_URL: ${{ secrets.REGISTRY_URL }}
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
COMMON_HELMCHART_NAME: ${{ secrets.COMMON_HELMCHART_NAME }}
COMMON_HELMCHART_VERSION: ${{ secrets.COMMON_HELMCHART_VERSION_PROD }}
APP_NAME_BASE: ${{ secrets.APP_NAME }}
BASE_HELMCHART_VERSION: ${{ secrets.BASE_HELMCHART_VERSION }}
BASE_HELMCHART_NAME: ${{ secrets.BASE_HELMCHART_NAME }}
WFI_PROVIDER: ${{ secrets.WFI_PROVIDER }}
WFI_SA: ${{ secrets.WFI_SA }}
PROJECT_ID: ${{ secrets.PROJECT_ID }}
ARTIFACTORY_REGISTRY_URL: ${{ secrets.ARTIFACTORY_REGISTRY_URL }}
ARTIFACTORY_AUTH2_USER: ${{ secrets.ARTIFACTORY_AUTH2_USER }}
with:
values-file: values.prod.yaml
# TODO: After migrating prod environment we can use the same image name for prod and non-prod
Expand Down
12 changes: 7 additions & 5 deletions .github/workflows/qa.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,13 @@ jobs:
# Call all jobs from base.yml
uses: ./.github/workflows/base.yml
secrets:
REGISTRY_URL: ${{ secrets.REGISTRY_URL }}
REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
COMMON_HELMCHART_NAME: ${{ secrets.COMMON_HELMCHART_NAME }}
COMMON_HELMCHART_VERSION: ${{ secrets.COMMON_HELMCHART_VERSION_NONPROD }}
BASE_HELMCHART_VERSION: ${{ secrets.BASE_HELMCHART_VERSION_NONPROD }}
BASE_HELMCHART_NAME: ${{ secrets.BASE_HELMCHART_NAME }}
WFI_PROVIDER: ${{ secrets.WFI_PROVIDER }}
WFI_SA: ${{ secrets.WFI_SA }}
PROJECT_ID: ${{ secrets.PROJECT_ID }}
ARTIFACTORY_REGISTRY_URL: ${{ secrets.ARTIFACTORY_REGISTRY_URL }}
ARTIFACTORY_AUTH2_USER: ${{ secrets.ARTIFACTORY_AUTH2_USER }}
APP_NAME_BASE: ${{ secrets.APP_NAME_QA }}
with:
values-file: values.qa.yaml
Expand Down