alp-dev-sg-2 #527
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: DC Deploy AzureTest CD | |
| run-name: ${{ github.event_name == 'push' && vars.ENVIRONMENT_NAME_CD || github.event.inputs.env }} | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| workflow_dispatch: | |
| inputs: | |
| docker_tag_name: | |
| default: develop | |
| description: Enter BranchName / Release Tag Name | |
| required: true | |
| type: string | |
| env: | |
| type: environment | |
| description: Select the environment | |
| required: true | |
| default: alp-dev-sg-2 | |
| force-cleanup-containers: | |
| description: Force cleanup all containers | |
| type: boolean | |
| default: true | |
| env: | |
| DOCKER_TAG_NAME: ${{ github.event.inputs.docker_tag_name }} | |
| ENV_NAME: ${{ github.event_name == 'push' && vars.ENVIRONMENT_NAME_CD || github.event.inputs.env }} | |
| ENV_TYPE: remote | |
| concurrency: | |
| group: az-dc-cd-${{ github.event_name == 'push' && vars.ENVIRONMENT_NAME_CD || github.event.inputs.env }} | |
| cancel-in-progress: true | |
| jobs: | |
| deploy: | |
| environment: ${{ github.event_name == 'push' && vars.ENVIRONMENT_NAME_CD || github.event.inputs.env }} | |
| name: ${{ github.event_name == 'push' && vars.ENVIRONMENT_NAME_CD || github.event.inputs.env }} | |
| runs-on: | |
| [ | |
| "${{ github.event_name == 'push' && vars.ENVIRONMENT_NAME_CD || github.event.inputs.env }}", | |
| self-hosted, | |
| Linux, | |
| X64, | |
| ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| clean: false | |
| - name: Install 1Password CLI | |
| uses: 1Password/[email protected] | |
| - name: Force cleanup containers | |
| if: github.event.inputs.force-cleanup-containers | |
| continue-on-error: true | |
| run: docker rm -v -f $(docker ps -qa) | |
| - name: Generate dotenv | |
| env: | |
| DOTENV_FILE: .env.${{ env.ENV_TYPE }} | |
| DOTENV_YML: .env.${{ env.ENV_NAME }}.yml | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| OP_VAULT_NAME: ${{ secrets.OP_VAULT_NAME }} | |
| OVERWRITE: true | |
| run: | | |
| ./internal/scripts/get-op-ratelimit.sh | |
| ACTIONS_STEP_DEBUG=false | |
| # get env yml from 1password | |
| yarn --cwd internal op:get:$ENV_TYPE | |
| # mask sensitive values | |
| internal/scripts/gha-mask.sh | |
| # generate dotenv | |
| yarn --cwd internal gen:env | |
| cp $DOTENV_FILE ../$DOTENV_FILE-${GITHUB_RUN_ID:-ghRunId}-$(date '+%Y%m%dT%H%M%S') | |
| echo DOCKER_TAG_NAME=$DOCKER_TAG_NAME | tee -a $DOTENV_FILE | tee -a $GITHUB_STEP_SUMMARY | |
| echo HEAD_COMMIT_MESSAGE=$(git show -s --format=%s) | tee -a "$GITHUB_STEP_SUMMARY" | |
| echo GITHUB_SHA_SHORT=$(git rev-parse --short HEAD) | tee -a "$GITHUB_STEP_SUMMARY" | |
| - name: Load dotenv from 1password | |
| uses: 1password/load-secrets-action@v2 | |
| id: op-load-secret | |
| with: | |
| export-env: true | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| REGISTRY_USERNAME: "op://${{ secrets.OP_VAULT_NAME }}/az-alpCR/username" | |
| REGISTRY_PASSWORD: "op://${{ secrets.OP_VAULT_NAME }}/az-alpCR/password" | |
| - name: 1password ratelimit end | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| run: | | |
| ./internal/scripts/get-op-ratelimit.sh | |
| - name: Upload stats.yml artifact | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: stats | |
| retention-days: 30 | |
| path: | | |
| ${{ github.job }}*.yml | |
| - name: Login to ACR | |
| uses: docker/[email protected] | |
| with: | |
| registry: alpcr.azurecr.io | |
| username: ${{ env.REGISTRY_USERNAME }} | |
| password: ${{ env.REGISTRY_PASSWORD }} | |
| - shell: bash | |
| if: github.event_name == 'push' | |
| id: enable_delay_for_docker_build_to_complete | |
| run: | | |
| sleep 240 # Temporary solution | |
| - name: Pull docker images | |
| uses: nick-fields/retry@v3 | |
| with: | |
| timeout_seconds: 1800 | |
| retry_wait_seconds: 60 | |
| max_attempts: 10 | |
| retry_on: any | |
| command: | | |
| # customize dc.yml | |
| yq -i '.services.alp-minerva-postgres.ports=["41190:5432"]' docker-compose.yml # expose PG port | |
| yarn remote:minerva pull | |
| - name: docker compose up | |
| run: | | |
| yarn remote:minerva up --remove-orphans --force-recreate --wait | |
| DC_EXIT_CODE=$? | |
| echo DC_EXIT_CODE=$DC_EXIT_CODE | tee -a $GITHUB_STEP_SUMMARY | |
| DOCKER_STATUS_FILE=../docker-status-${GITHUB_RUN_ID:-ghRunId}-$(date '+%Y%m%dT%H%M%S').txt | |
| docker ps --format {{.Names}},{{.Status}} 2> /dev/null | sort | tee $DOCKER_STATUS_FILE | tee -a $GITHUB_STEP_SUMMARY | |
| DC_FAIL_COUNT=$( grep -icE "starting|unhealthy" $DOCKER_STATUS_FILE || true ) | |
| echo DC_FAIL_COUNT=$DC_FAIL_COUNT | tee -a $GITHUB_STEP_SUMMARY | |
| [ $DC_EXIT_CODE = 0 ] || { echo EXIT DC_EXIT_CODE=$DC_EXIT_CODE && exit $DC_EXIT_CODE; } | |
| - name: Logs minerva | |
| if: success() || failure() | |
| run: | | |
| yarn ci:logs:minerva | |
| - name: Post cleanup | |
| if: always() | |
| run: | | |
| docker rm -f alp-caddy-certs-mgmt || true # Cleanup cert mgmt container if job aborted |