Pushing GitHub Actions to apps fork

ldabas-msft · Sep 27, 2024 · de12afd · de12afd
1 parent 2edcf5d
commit de12afd
Show file tree

Hide file tree

Showing 5 changed files with 606 additions and 0 deletions.
diff --git a/.github/workflows/pos-app-build-canary.yml b/.github/workflows/pos-app-build-canary.yml
@@ -0,0 +1,102 @@
+name: Promote-to-canary
+on:
+  repository_dispatch:
+    types:
+      - Kustomization/config-supermarket-pos-contosopos.contoso-supermarket
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  promote-to-canary:
+    runs-on: ubuntu-latest
+    if: |
+      github.event.client_payload.metadata.summary == 'env=staging' && github.event.client_payload.severity == 'info' && contains(github.event.client_payload.message,'Health check passed')
+
+    steps:
+    - name: 'Checkout repository'
+      uses: actions/checkout@v4
+
+    - name: 'Login to ACR'
+      uses: azure/docker-login@v1
+      with:
+        login-server: "${{ secrets.ACR_NAME }}.azurecr.io"
+        username: ${{ secrets.SPN_CLIENT_ID }}
+        password: ${{ secrets.SPN_CLIENT_SECRET }}
+
+    - name: Get latest Staging Image Tag
+      id: latestImageTag
+      env:
+        ACR_NAME: ${{ secrets.ACR_NAME }}
+        namespace: "staging"
+      run: |
+        az login --service-principal --username ${{ secrets.SPN_CLIENT_ID }} --password=${{ secrets.SPN_CLIENT_SECRET }} --tenant ${{ secrets.SPN_TENANT_ID }}
+        LATEST_TAG=$(az acr repository show-tags --name $ACR_NAME --repository $namespace/contoso-supermarket/pos --orderby time_desc --top 1 --output tsv)
+        echo $LATEST_TAG
+        echo "latest_tag=$LATEST_TAG" >> $GITHUB_OUTPUT
+
+    - name: Get latest Canary Image Tag
+      id: canaryLatestImageTag
+      env:
+        ACR_NAME: ${{ secrets.ACR_NAME }}
+        namespace: "canary"
+      run: |
+        az login --service-principal --username ${{ secrets.SPN_CLIENT_ID }} --password=${{ secrets.SPN_CLIENT_SECRET }} --tenant ${{ secrets.SPN_TENANT_ID }}
+        CANARY_LATEST_TAG=$(az acr repository show-tags --name $ACR_NAME --repository $namespace/contoso-supermarket/pos --orderby time_desc --top 1 --output tsv)
+        echo $CANARY_LATEST_TAG
+        echo "latest_tag=$CANARY_LATEST_TAG" >> $GITHUB_OUTPUT
+
+    - name: Run integration tests
+      uses: mscoutermarsh/ascii-art-action@master
+      env:
+        latest_tag: ${{ steps.latestImageTag.outputs.latest_tag }}
+        canary_latest_tag: ${{ steps.canaryLatestImageTag.outputs.latest_tag }}
+      if: ${{ env.latest_tag != 'v1.0' && env.canary_latest_tag != env.latest_tag}}
+      with:
+        text: 'Integration tests complete!'
+
+    - name: 'Build and push new images'
+      env:
+        latest_tag: ${{ steps.latestImageTag.outputs.latest_tag }}
+        canary_latest_tag: ${{ steps.canaryLatestImageTag.outputs.latest_tag }}
+        namespace: "canary"
+      if: ${{ env.latest_tag != 'v1.0' && env.canary_latest_tag != env.latest_tag}}
+      run: |
+        if [ "$latest_tag" != "v1.0" ]; then
+          docker build ./contoso_supermarket/developer/pos/src -t "${{ secrets.ACR_NAME }}.azurecr.io/$namespace/contoso-supermarket/pos:$latest_tag"
+          docker push ${{ secrets.ACR_NAME }}.azurecr.io/$namespace/contoso-supermarket/pos:$latest_tag
+        fi
+
+    - name: 'Checkout canary branch'
+      uses: actions/checkout@v4
+      env:
+        latest_tag: ${{ steps.latestImageTag.outputs.latest_tag }}
+        canary_latest_tag: ${{ steps.canaryLatestImageTag.outputs.latest_tag }}
+      if: ${{ env.latest_tag != 'v1.0' && env.canary_latest_tag != env.latest_tag}}
+      with:
+        ref: 'canary'
+
+    - name: 'Update Image tag on canary branch and submit PR'
+      env:
+        latest_tag: ${{ steps.latestImageTag.outputs.latest_tag }}
+        canary_latest_tag: ${{ steps.canaryLatestImageTag.outputs.latest_tag }}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      if: ${{ env.latest_tag != 'v1.0' && env.canary_latest_tag != env.latest_tag}}
+      run: |
+        FILE_PATH=$(find . -name "chicago.yaml")
+        newLine="    image_tag: $latest_tag"
+        if [ ! -z "$FILE_PATH" ]; then
+          sed -i "s/.*image_tag.*/$newLine/" $FILE_PATH
+        else
+          echo "chicago.yaml not found"
+        fi
+        git config --global user.name "GitHub Action"
+        git config --global user.email "[email protected]"
+        newBranch="update-canary-image-tag-${latest_tag}"
+        git checkout -b $newBranch canary
+        git config pull.rebase false
+        git add --all
+        git commit -m "Update Image Tag on Canary to $latest_tag"
+        git push --set-upstream origin $newBranch
+        gh pr create --title "Update Canary Image Tag to $latest_tag" --body "Update Canary Image Tag to $latest_tag" --base canary
diff --git a/.github/workflows/pos-app-build-production.yml b/.github/workflows/pos-app-build-production.yml
@@ -0,0 +1,100 @@
+name: Promote-to-production
+on:
+  repository_dispatch:
+    types:
+      - Kustomization/config-supermarket-pos-contosopos.contoso-supermarket
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  promote-to-production:
+    runs-on: ubuntu-latest
+    if: |
+      github.event.client_payload.metadata.summary == 'env=canary' && github.event.client_payload.severity == 'info' && contains(github.event.client_payload.message,'Health check passed')
+
+    steps:
+    - name: 'Checkout repository'
+      uses: actions/checkout@v4
+
+    - name: 'Login to ACR'
+      uses: azure/docker-login@v1
+      with:
+        login-server: "${{ secrets.ACR_NAME }}.azurecr.io"
+        username: ${{ secrets.SPN_CLIENT_ID }}
+        password: ${{ secrets.SPN_CLIENT_SECRET }}
+
+    - name: Get latest Canary Image Tag
+      id: latestImageTag
+      env:
+        ACR_NAME: ${{ secrets.ACR_NAME }}
+        namespace: "canary"
+      run: |
+        az login --service-principal --username ${{ secrets.SPN_CLIENT_ID }} --password=${{ secrets.SPN_CLIENT_SECRET }} --tenant ${{ secrets.SPN_TENANT_ID }}
+        LATEST_TAG=$(az acr repository show-tags --name $ACR_NAME --repository $namespace/contoso-supermarket/pos --orderby time_desc --top 1 --output tsv)
+        echo $LATEST_TAG
+        echo "latest_tag=$LATEST_TAG" >> $GITHUB_OUTPUT
+
+    - name: Get latest Production Image Tag
+      id: prodLatestImageTag
+      env:
+        ACR_NAME: ${{ secrets.ACR_NAME }}
+        namespace: "production"
+      run: |
+        az login --service-principal --username ${{ secrets.SPN_CLIENT_ID }} --password=${{ secrets.SPN_CLIENT_SECRET }} --tenant ${{ secrets.SPN_TENANT_ID }}
+        PROD_LATEST_TAG=$(az acr repository show-tags --name $ACR_NAME --repository $namespace/contoso-supermarket/pos --orderby time_desc --top 1 --output tsv)
+        echo $PROD_LATEST_TAG
+        echo "latest_tag=$PROD_LATEST_TAG" >> $GITHUB_OUTPUT
+
+    - name: Run integration tests
+      uses: mscoutermarsh/ascii-art-action@master
+      env:
+        latest_tag: ${{ steps.latestImageTag.outputs.latest_tag }}
+        prod_latest_tag: ${{ steps.prodLatestImageTag.outputs.latest_tag }}
+      if: ${{ env.latest_tag != 'v1.0' && env.prod_latest_tag != env.latest_tag}}
+      with:
+        text: 'Integration tests complete!'
+
+    - name: 'Build and push new images'
+      env:
+        latest_tag: ${{ steps.latestImageTag.outputs.latest_tag }}
+        namespace: "production"
+        prod_latest_tag: ${{ steps.prodLatestImageTag.outputs.latest_tag }}
+      if: ${{ env.latest_tag != 'v1.0' && env.prod_latest_tag != env.latest_tag}}
+      run: |
+        docker build ./contoso_supermarket/developer/pos/src -t "${{ secrets.ACR_NAME }}.azurecr.io/$namespace/contoso-supermarket/pos:$latest_tag"
+        docker push ${{ secrets.ACR_NAME }}.azurecr.io/$namespace/contoso-supermarket/pos:$latest_tag
+
+    - name: 'Checkout production branch'
+      uses: actions/checkout@v4
+      env:
+        latest_tag: ${{ steps.latestImageTag.outputs.latest_tag }}
+        prod_latest_tag: ${{ steps.prodLatestImageTag.outputs.latest_tag }}
+      if: ${{ env.latest_tag != 'v1.0' && env.prod_latest_tag != env.latest_tag}}
+      with:
+        ref: 'production'
+
+    - name: 'Update Image tag on production branch and submit PR'
+      env:
+        latest_tag: ${{ steps.latestImageTag.outputs.latest_tag }}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        prod_latest_tag: ${{ steps.prodLatestImageTag.outputs.latest_tag }}
+      if: ${{ env.latest_tag != 'v1.0' && env.prod_latest_tag != env.latest_tag}}
+      run: |
+        FILE_PATH=$(find . -name "seattle.yaml")
+        newLine="    image_tag: $latest_tag"
+        if [ ! -z "$FILE_PATH" ]; then
+          sed -i "s/.*image_tag.*/$newLine/" $FILE_PATH
+        else
+          echo "seattle.yaml not found"
+        fi
+        git config --global user.name "GitHub Action"
+        git config --global user.email "[email protected]"
+        newBranch="update-production-image-tag-${latest_tag}"
+        git checkout -b $newBranch production
+        git config pull.rebase false
+        git add --all
+        git commit -m "Update Image Tag on production to $latest_tag"
+        git push --set-upstream origin $newBranch
+        gh pr create --title "Update production Image Tag to $latest_tag" --body "Update production Image Tag to $latest_tag" --base production
diff --git a/.github/workflows/pos-app-build-staging.yml b/.github/workflows/pos-app-build-staging.yml
@@ -0,0 +1,127 @@
+name: Promote-to-staging
+
+on:
+  pull_request:
+        branches:
+            - main
+        types:
+            - closed
+        paths:
+        - 'contoso_supermarket/developer/pos/**'
+
+  workflow_dispatch: {}
+
+permissions:
+    contents: write
+    pull-requests: write
+    id-token: write
+
+jobs:
+  promote-to-staging:
+      if: github.repository != 'microsoft/jumpstart-agora-apps' && github.event.pull_request.merged == true
+      runs-on: ubuntu-latest
+      steps:
+      # checkout the repo
+      - name: 'Checkout repository'
+        uses: actions/checkout@v4
+
+      - name: 'Login to ACR'
+        uses: azure/docker-login@v1
+        with:
+          login-server: "${{ secrets.ACR_NAME }}.azurecr.io"
+          username: ${{ secrets.SPN_CLIENT_ID }}
+          password: ${{ secrets.SPN_CLIENT_SECRET }}
+
+      - name: Increment Image Tag
+        id: latestImageTag
+        env:
+          ACR_NAME: ${{ secrets.ACR_NAME }}
+          namespace: "dev"
+        run: |
+          az login --service-principal --username ${{ secrets.SPN_CLIENT_ID }} --password=${{ secrets.SPN_CLIENT_SECRET }} --tenant ${{ secrets.SPN_TENANT_ID }}
+          LATEST_TAG=$(az acr repository show-tags --name $ACR_NAME --repository $namespace/contoso-supermarket/pos --orderby time_desc --top 1 --output tsv)
+          NEW_VERSION=$(echo $LATEST_TAG | awk -F. '{$NF = $NF + 1;} 1' OFS=.)
+          echo $NEW_VERSION
+          echo "latest_tag=$NEW_VERSION" >> $GITHUB_OUTPUT
+
+      - name: Run unit tests
+        uses: mscoutermarsh/ascii-art-action@master
+        env:
+          latest_tag: ${{ steps.latestImageTag.outputs.latest_tag }}
+          canary_latest_tag: ${{ steps.canaryLatestImageTag.outputs.latest_tag }}
+        with:
+          text: 'Unit Tests complete!'
+
+      - name: 'Build and push new images'
+        env:
+          latest_tag: ${{ steps.latestImageTag.outputs.latest_tag }}
+        run: |
+              docker build ./contoso_supermarket/developer/pos/src -t "${{ secrets.ACR_NAME }}.azurecr.io/dev/contoso-supermarket/pos:$latest_tag"
+              docker push ${{ secrets.ACR_NAME }}.azurecr.io/dev/contoso-supermarket/pos:$latest_tag
+              docker build ./contoso_supermarket/developer/pos/src -t "${{ secrets.ACR_NAME }}.azurecr.io/staging/contoso-supermarket/pos:$latest_tag"
+              docker push ${{ secrets.ACR_NAME }}.azurecr.io/staging/contoso-supermarket/pos:$latest_tag
+
+      - name: 'Update Image tag on main branch'
+        env:
+            latest_tag: ${{ steps.latestImageTag.outputs.latest_tag }}
+        run: |
+          FILE_PATH=$(find . -name "dev.yaml")
+          newLine="    image_tag: $latest_tag"
+          if [ ! -z "$FILE_PATH" ]; then
+            sed -i "s/.*image_tag.*/$newLine/" $FILE_PATH
+          else
+            echo "dev.yaml not found"
+          fi
+
+      - name: Commit and push changes to main branch
+        continue-on-error: true
+        env:
+          latest_tag: ${{ steps.latestImageTag.outputs.latest_tag }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+            git config --global user.name "GitHub Action"
+            git config --global user.email "[email protected]"
+            newBranch="update-dev-image-tag-${latest_tag}"
+            git checkout -b $newBranch main
+            git config pull.rebase false
+            git add --all
+            git commit -m "Update Image Tag on dev to $latest_tag"
+            git push --set-upstream origin $newBranch
+            pr=$(gh pr create --title "Update dev Image Tag to $latest_tag" --body "Update dev Image Tag to $latest_tag")
+            pr_number=$(echo "${url}" | awk -F'/' '{print $NF}')
+            gh pr merge $pr_number --merge --delete-branch
+
+      - name: 'Checkout staging branch'
+        uses: actions/checkout@v4
+        with:
+          ref: 'staging'
+
+      - name: 'Update Image tag on staging branch'
+        env:
+            latest_tag: ${{ steps.latestImageTag.outputs.latest_tag }}
+        run: |
+          FILE_PATH=$(find . -name "staging.yaml")
+          newLine="    image_tag: $latest_tag"
+          if [ ! -z "$FILE_PATH" ]; then
+            sed -i "s/.*image_tag.*/$newLine/" $FILE_PATH
+          else
+            echo "staging.yaml not found"
+          fi
+
+      - name: Commit and push changes to staging branch
+        continue-on-error: true
+        env:
+          latest_tag: ${{ steps.latestImageTag.outputs.latest_tag }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+            git config --global user.name "GitHub Action"
+            git config --global user.email "[email protected]"
+            newBranch="update-staging-image-tag-${latest_tag}"
+            git checkout -b $newBranch staging
+            git config pull.rebase false
+            git add --all
+            git commit -m "Update Image Tag on Staging to $latest_tag"
+            git push --set-upstream origin $newBranch
+            pr=$(gh pr create --title "Update Staging Image Tag to $latest_tag" --body "Update Staging Image Tag to $latest_tag" --base staging)
+            pr_number=$(echo "${url}" | awk -F'/' '{print $NF}')
+            gh pr merge $pr_number --merge --delete-branch