Update Cinder Explorer on oidc-test branch, take 2 #1568
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Cinder OSS Build and Test | |
| on: [push] | |
| env: | |
| REGISTRY: ghcr.io | |
| CINDER_BUILD_IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/cinder-build | |
| CINDER_RUNTIME_IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/cinder-runtime | |
| CINDER_EXPLORER_IMAGE_NAME: ghcr.io/${{ github.repository_owner }}/cinder-explorer | |
| CINDER_EXPLORER_AWS_REGION: us-west-1 | |
| CINDER_EXPLORER_ECS_CLUSTER: trycinder-test-Cluster-YNmjygvkMeeY | |
| CINDER_EXPLORER_ECS_SERVICE: trycinder-test-webserver-Service-vvi2qdzv9lgX | |
| CINDER_EXPLORER_AUTO_DEPLOY_REPO: facebookincubator/cinder | |
| jobs: | |
| cinder-oss-build-and-test-job: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Log in to the GitHub container registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Build and push the "build" image (only using sha, since it didn't pass tests yet) | |
| - name: Extract metadata for pre-test Cinder Docker image | |
| id: buildmeta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ${{ env.CINDER_BUILD_IMAGE_NAME }} | |
| # we publish the [untested] image using the branch + sha (e.g. "cinder-3.10.162db45") for debuggability | |
| # note: `/` in the branch name (e.g "cinder/3.10") are auto-converted to `-` by this action | |
| tags: type=sha,prefix={{branch}}. | |
| - name: Build and push Cinder Docker image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| tags: ${{ steps.buildmeta.outputs.tags }} | |
| push: true | |
| target: build | |
| file: .github/workflows/cinder/Dockerfile | |
| # Run tests, and build and push the runtime image using the branch and latest tags if tests pass | |
| - name: Run Cinder Tests | |
| run: docker run --rm -w /cinder/build ${{ steps.buildmeta.outputs.tags }} ./oss-cinder-test.sh | |
| - name: Extract metadata for tested Cinder Docker image push | |
| id: runtimemeta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ${{ env.CINDER_RUNTIME_IMAGE_NAME }} | |
| # once the tests pass, we publish the runtime image using the sha and branch name (e.g. "cinder-3.10") | |
| # if this is the default branch, we also publish the image as "latest" | |
| tags: | | |
| type=sha,prefix={{branch}}. | |
| type=ref,event=branch | |
| type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }} | |
| - name: Publish new version of latest Cinder Docker images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.runtimemeta.outputs.tags }} | |
| labels: ${{ steps.runtimemeta.outputs.labels }} | |
| # the build should be efficient, reusing the build image layers from a previous step | |
| target: runtime | |
| file: .github/workflows/cinder/Dockerfile | |
| # Also build and push Cinder Explorer image if tests passed | |
| - name: Extract metadata for Cinder Explorer app Docker image push | |
| id: explorermeta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ${{ env.CINDER_EXPLORER_IMAGE_NAME }} | |
| # publish the explorer image using the sha and branch name | |
| # if this is the default branch, we also publish the image as "latest" | |
| tags: | | |
| type=sha,prefix={{branch}}. | |
| type=ref,event=branch | |
| type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }} | |
| - name: Build and Push Cinder Explorer Docker Images | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.explorermeta.outputs.tags }} | |
| labels: ${{ steps.explorermeta.outputs.labels }} | |
| target: explorer | |
| file: .github/workflows/cinder/Dockerfile | |
| # Redeploy Cinder Explorer to AWS ECS using the new Cinder Explorer image (built above) | |
| # by forcing a new deployment that forces Fargate to pull the latest version of the image | |
| # (run auto-deploy only on the default branch of the main repo (not forks)) | |
| - name: Configure AWS credentials | |
| if: | | |
| github.repository == env.CINDER_EXPLORER_AUTO_DEPLOY_REPO && | |
| github.ref == format('refs/heads/{0}', 'oidc-test') | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: arn:aws:iam::452325537650:role/SSOCinderExplorerDeployer | |
| role-session-name: UpdateCinderExplorer | |
| aws-region: ${{ env.CINDER_EXPLORER_AWS_REGION }} | |
| - name: Deploy Cinder Explorer to ECS | |
| if: | | |
| github.repository == env.CINDER_EXPLORER_AUTO_DEPLOY_REPO && | |
| github.ref == format('refs/heads/{0}', 'oidc-test') | |
| run: | | |
| aws ecs update-service \ | |
| --region ${{ env.CINDER_EXPLORER_AWS_REGION }} \ | |
| --cluster ${{ env.CINDER_EXPLORER_ECS_CLUSTER }} \ | |
| --service ${{ env.CINDER_EXPLORER_ECS_SERVICE }} \ | |
| --force-new-deployment |