forked from novuhq/novu
-
Notifications
You must be signed in to change notification settings - Fork 0
153 lines (144 loc) · 6.24 KB
/
reusable-docker.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
name: Build, tag and push docker image to ghcr.io
# Controls when the action will run. Triggers the workflow on push or pull request
on:
workflow_call:
inputs:
# The environment with the GH secrets environment.
environment:
required: true
type: string
# The name of the package under which the docker image will be published on GH Packages.
package_name:
required: true
type: string
# The path to the project in the monorepo.
project_path:
required: true
type: string
# The ID of the depot project.
# Note: Currently we build everything under one project (it requires to set up the OIDC for each project and I had some issues with the Depot)
depot_project_id:
required: true
type: string
# The port used for testing. This is not a required input, and it defaults to '1341'.
# This value is added, so you can test the image after it's built in test mode and by doing a health-check.
test_port:
required: false
default: '1341'
type: string
# The boolean that helps to determine whether to perform a health check. This is not a required input and defaults to false.
health_check:
required: false
default: false
type: boolean
# The tag under which the image is built, it should align with the name in the project command docker:build:depot
local_tag:
required: true
type: string
# The environment tag. Possible values are dev, stg, and prod. This is not a required input of type string.
env_tag:
required: false
type: string
outputs:
docker_image:
description: 'The image that was built'
value: ${{ jobs.reusable_docker.outputs.docker_image }}
docker_image_ee:
description: 'The enterprise image that was built'
value: ${{ jobs.reusable_docker.outputs.docker_image_ee }}
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
reusable_docker:
runs-on: ubuntu-latest
timeout-minutes: 80
environment: ${{ inputs.environment }}
outputs:
docker_image: ${{ steps.save-image-to-output.outputs.IMAGE }}
docker_image_ee: ${{ steps.save-image-to-output.outputs.IMAGE_EE }}
permissions:
contents: read
packages: write
deployments: write
id-token: write
strategy:
matrix:
name: [ '${{ inputs.package_name }}-ee', '${{ inputs.package_name }}' ]
steps:
- uses: actions/checkout@v3
with:
submodules: ${{ contains (matrix.name,'-ee') }}
token: ${{ secrets.SUBMODULES_TOKEN }}
- uses: ./.github/actions/setup-project
with:
slim: 'true'
submodules: ${{ contains (matrix.name,'-ee') }}
- name: Setup Depot
uses: depot/setup-action@v1
with:
oidc: true
- name: Build, tag, and push image to ghcr.io
id: build-image
if: ${{ inputs.env_tag == 'dev' || inputs.env_tag == 'stg' }}
env:
REGISTRY_OWNER: novuhq
DOCKER_NAME: ${{ matrix.name }}
LOCAL_TAG: ${{ inputs.local_tag }}
IMAGE_TAG: ${{ github.sha }}
ENV_TAG: ${{ inputs.env_tag }}
PROJECT_PATH: ${{ inputs.project_path }}
GH_ACTOR: ${{ github.actor }}
GH_PASSWORD: ${{ secrets.GH_PACKAGES }}
DEPOT_PROJECT_ID: ${{ inputs.depot_project_id }}
run: |
echo $GH_PASSWORD | docker login ghcr.io -u $GH_ACTOR --password-stdin
cd $PROJECT_PATH && npm run docker:build:depot
docker tag $LOCAL_TAG ghcr.io/$REGISTRY_OWNER/$DOCKER_NAME:$IMAGE_TAG
docker tag $LOCAL_TAG ghcr.io/$REGISTRY_OWNER/$DOCKER_NAME:$ENV_TAG
docker push ghcr.io/$REGISTRY_OWNER/$DOCKER_NAME:$IMAGE_TAG
docker push ghcr.io/$REGISTRY_OWNER/$DOCKER_NAME:$ENV_TAG
- name: Production build, tag, and push image to ghcr.io
id: build-prod-image
if: ${{ inputs.env_tag == 'prod' }}
env:
REGISTRY_OWNER: novuhq
DOCKER_NAME: ${{ matrix.name }}
LOCAL_TAG: ${{ inputs.local_tag }}
IMAGE_TAG: ${{ github.sha }}
ENV_TAG: ${{ inputs.env_tag }}
PROJECT_PATH: ${{ inputs.project_path }}
GH_ACTOR: ${{ github.actor }}
GH_PASSWORD: ${{ secrets.GH_PACKAGES }}
DEPOT_PROJECT_ID: ${{ inputs.depot_project_id }}
run: |
echo $GH_PASSWORD | docker login ghcr.io -u $GH_ACTOR --password-stdin
cd $PROJECT_PATH && npm run docker:build:depot
docker tag $LOCAL_TAG ghcr.io/$REGISTRY_OWNER/$DOCKER_NAME:$IMAGE_TAG
docker tag $LOCAL_TAG ghcr.io/$REGISTRY_OWNER/$DOCKER_NAME:$ENV_TAG
docker tag $LOCAL_TAG ghcr.io/$REGISTRY_OWNER/$DOCKER_NAME:latest
docker push ghcr.io/$REGISTRY_OWNER/$DOCKER_NAME:$IMAGE_TAG
docker push ghcr.io/$REGISTRY_OWNER/$DOCKER_NAME:$ENV_TAG
docker push ghcr.io/$REGISTRY_OWNER/$DOCKER_NAME:latest
- name: Save image to output
id: save-image-to-output
env:
REGISTRY_OWNER: novuhq
DOCKER_NAME: ${{ matrix.name }}
IMAGE_TAG: ${{ github.sha }}
OUTPUT_NAME: ${{ contains(matrix.name,'-ee') && 'IMAGE_EE' || 'IMAGE' }}
run: |
echo "$OUTPUT_NAME=ghcr.io/$REGISTRY_OWNER/$DOCKER_NAME:$IMAGE_TAG" >> $GITHUB_OUTPUT
- name: Health check test
id: health-check
if: ${{ inputs.health_check == 'true' && (steps.build-image.outcome == 'success' || steps.build-prod-image.outcome == 'success') }}
env:
REGISTRY_OWNER: novuhq
DOCKER_NAME: ${{ matrix.name }}
LOCAL_TAG: ${{ inputs.local_tag }}
IMAGE_TAG: ${{ github.sha }}
TEST_PORT: ${{ inputs.test_port }}
GH_ACTOR: ${{ github.actor }}
GH_PASSWORD: ${{ secrets.GH_PACKAGES }}
run: |
echo $GH_PASSWORD | docker login ghcr.io -u $GH_ACTOR --password-stdin
docker run --network=host --name $LOCAL_TAG -dit --env NODE_ENV=test ghcr.io/$REGISTRY_OWNER/$DOCKER_NAME:$IMAGE_TAG
docker run --network=host appropriate/curl --retry 10 --retry-delay 5 --retry-connrefused http://127.0.0.1:$TEST_PORT/v1/health-check | grep 'ok'