alp-dev-sg-2 #615
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: DC Deploy AzureTest CD | |
| run-name: ${{ github.event_name == 'push' && vars.ENVIRONMENT_NAME_CD || github.event.inputs.env }} | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| workflow_dispatch: | |
| inputs: | |
| docker_tag_name: | |
| default: develop | |
| description: Enter BranchName / Release Tag Name | |
| required: true | |
| type: string | |
| env: | |
| type: environment | |
| description: Select the environment | |
| required: true | |
| default: alp-dev-sg-2 | |
| force-cleanup-containers: | |
| description: Force cleanup all containers | |
| type: boolean | |
| default: true | |
| env: | |
| DOCKER_TAG_NAME: ${{ github.event.inputs.docker_tag_name || 'develop' }} | |
| ENV_NAME: ${{ github.event_name == 'push' && vars.ENVIRONMENT_NAME_CD || github.event.inputs.env }} | |
| ENV_TYPE: remote | |
| concurrency: | |
| group: az-dc-cd-${{ github.event_name == 'push' && vars.ENVIRONMENT_NAME_CD || github.event.inputs.env }} | |
| cancel-in-progress: true | |
| jobs: | |
| deploy: | |
| environment: ${{ github.event_name == 'push' && vars.ENVIRONMENT_NAME_CD || github.event.inputs.env }} | |
| name: ${{ github.event_name == 'push' && vars.ENVIRONMENT_NAME_CD || github.event.inputs.env }} | |
| runs-on: | |
| [ | |
| "${{ github.event_name == 'push' && vars.ENVIRONMENT_NAME_CD || github.event.inputs.env }}", | |
| self-hosted, | |
| Linux, | |
| X64, | |
| ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| clean: false | |
| - name: Install 1Password CLI | |
| uses: 1Password/[email protected] | |
| - name: 1password ratelimit start | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| run: | | |
| ./internal/scripts/get-op-ratelimit.sh | |
| - name: Load secrets from 1password | |
| uses: 1password/load-secrets-action@v2 | |
| id: op-load-secret | |
| with: | |
| export-env: true | |
| env: | |
| ENV__BASE_ALL__YML: op://${{ secrets.OP_VAULT_NAME }}/.env.base-all.yml/notesPlain # deprecate once 1password updated with flat yml | |
| ENV__BASE_REMOTE__YML: op://${{ secrets.OP_VAULT_NAME }}/.env.base-remote.yml/notesPlain # deprecate once 1password updated with flat yml | |
| ENV__NAME__YML: op://${{ secrets.OP_VAULT_NAME }}/.env.${{ env.ENV_NAME }}.yml/notesPlain | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| REGISTRY_USERNAME: "op://${{ secrets.OP_VAULT_NAME }}/az-alpCR/username" | |
| REGISTRY_PASSWORD: "op://${{ secrets.OP_VAULT_NAME }}/az-alpCR/password" | |
| - name: 1password ratelimit end | |
| env: | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| run: | | |
| ./internal/scripts/get-op-ratelimit.sh | |
| - name: Upload stats.yml artifacts | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: stats | |
| retention-days: 30 | |
| path: | | |
| *${{ github.job }}*.yml | |
| - name: Generate dotenv | |
| env: | |
| CACHE_DIR: cache/op | |
| DOTENV_FILE: .env.${{ env.ENV_TYPE }} | |
| DOTENV_YML: .env.${{ env.ENV_NAME }}.yml | |
| OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }} | |
| OP_VAULT_NAME: ${{ secrets.OP_VAULT_NAME }} | |
| OVERWRITE: true | |
| run: | | |
| ACTIONS_STEP_DEBUG=false | |
| # echo dot env yml files from 1password | |
| echo "${ENV__BASE_ALL__YML}" > $CACHE_DIR/.env.base-all.yml # deprecate once 1password updated with flat yml | |
| echo "${ENV__BASE_REMOTE__YML}" > $CACHE_DIR/.env.base-remote.yml # deprecate once 1password updated with flat yml | |
| echo "${ENV__NAME__YML}" > $CACHE_DIR/.env.$ENV_NAME.yml # remove $CACHE_DIR/ once 1password updated with flat yml | |
| # cache: .env.base-all.yml .env.base-$ENV_TYPE.yml .env.$ENV_NAME.yml => .env.$ENV_NAME.yml | |
| yarn internal flatten:env # deprecate once 1password updated with flat yml | |
| # convert .env.${ENV_NAME}.yml to .env.${ENV_TYPE} | |
| yarn internal set:env | |
| # additional mask sensitive values | |
| internal/scripts/mask-env-gha.sh | |
| cp $DOTENV_FILE ../$DOTENV_FILE-${GITHUB_RUN_ID}-$(date '+%Y%m%dT%H%M%S') | |
| echo DOCKER_TAG_NAME=$DOCKER_TAG_NAME | tee -a $DOTENV_FILE | tee -a $GITHUB_STEP_SUMMARY | |
| echo HEAD_COMMIT_MESSAGE=$(git show -s --format=%s) | tee -a "$GITHUB_STEP_SUMMARY" | |
| echo GITHUB_SHA_SHORT=$(git rev-parse --short HEAD) | tee -a "$GITHUB_STEP_SUMMARY" | |
| - shell: bash | |
| if: github.event_name == 'push' | |
| id: enable_delay_for_docker_build_to_complete | |
| run: | | |
| sleep 240 # Temporary solution | |
| - name: Pull docker images | |
| uses: nick-fields/retry@v3 | |
| with: | |
| timeout_seconds: 1800 | |
| retry_wait_seconds: 60 | |
| max_attempts: 10 | |
| retry_on: any | |
| command: | | |
| # customize dc.yml | |
| yq -i '.services.alp-minerva-postgres.ports=["41190:5432"]' docker-compose.yml # expose PG port | |
| yarn remote:minerva pull | |
| docker pull ghcr.io/data2evidence/d2e-flow/base:${DOCKER_TAG_NAME} # To handle if not present | |
| - name: docker compose up | |
| run: | | |
| yarn remote:minerva up --remove-orphans --force-recreate --wait | |
| DC_EXIT_CODE=$? | |
| echo DC_EXIT_CODE=$DC_EXIT_CODE | tee -a $GITHUB_STEP_SUMMARY | |
| DOCKER_STATUS_FILE=../docker-status-${GITHUB_RUN_ID:-ghRunId}-$(date '+%Y%m%dT%H%M%S').txt | |
| docker ps --format {{.Names}},{{.Status}} 2> /dev/null | sort | tee $DOCKER_STATUS_FILE | tee -a $GITHUB_STEP_SUMMARY | |
| DC_FAIL_COUNT=$( grep -icE "starting|unhealthy" $DOCKER_STATUS_FILE || true ) | |
| echo DC_FAIL_COUNT=$DC_FAIL_COUNT | tee -a $GITHUB_STEP_SUMMARY | |
| [ $DC_EXIT_CODE = 0 ] || { echo EXIT DC_EXIT_CODE=$DC_EXIT_CODE && exit $DC_EXIT_CODE; } | |
| - name: Logs minerva | |
| if: success() || failure() | |
| run: | | |
| yarn ci:logs:minerva | |
| - name: Post cleanup | |
| if: always() | |
| run: | | |
| docker rm -f alp-caddy-certs-mgmt || true # Cleanup cert mgmt container if job aborted |