-
Notifications
You must be signed in to change notification settings - Fork 0
252 lines (221 loc) · 9.21 KB
/
cicd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
# https://docs.github.com/en/actions/using-workflows/reusing-workflows
name: CI/CD build, test and deploy using github registry and nomad
on:
workflow_call:
secrets:
NOMAD_TOKEN:
description: 'nomad cluster credentials - store in your repo GitHub Secrets - required to deploy'
required: false
NOMAD_TOKEN_PROD:
description: 'nomad archive.org production cluster credentials - store in your repo GitHub Secrets'
required: false
NOMAD_TOKEN_EXT:
description: 'nomad archive.org ext cluster credentials - store in your repo GitHub Secrets'
required: false
NOMAD_SECRETS:
# NOTE: requires '=' char key/val separator instead of ':' (which would be actual JSON).
# NOTE: the values *in reality* should all be like the last value.
# Example: {"A"="yay", "STRINGY"="i'm \"json-like\"", "MY_TOKEN"="${{ secrets.MY_TOKEN }}"}
description: 'json-like key/value string which become env vars in your running deployment shell'
required: false
inputs:
PLATFORMS:
description: 'can set to: "linux/amd64,linux/arm64" for linux + mac arm'
required: false
type: string
default: 'linux/amd64'
BASE_DOMAIN:
description: 'nomad cluster wildcard DNS domain name, eg: example.com'
required: false
type: string
default: 'dev.archive.org'
NOMAD_ADDR:
description: 'nomad cluster API endpoint - archive.org deploys automate this but you can override'
required: false
type: string
TEST_SCRIPT:
description: 'default looks for [WORKDIR]/test.sh in docker image and runs it. pass in alt pathname'
default: './test.sh'
required: false
type: string
NO_TEST:
description: 'set to 1/true to skip [test] job for quicker & more efficient pipelines'
required: false
type: string
NOMAD_VAR_CHECK_PATH:
description: '@see https://gitlab.com/internetarchive/nomad#customizing'
required: false
type: string
NOMAD_VAR_CHECK_PROTOCOL:
description: '@see https://gitlab.com/internetarchive/nomad#customizing'
required: false
type: string
NOMAD_VAR_CHECK_TIMEOUT:
description: '@see https://gitlab.com/internetarchive/nomad#customizing'
required: false
type: string
NOMAD_VAR_COUNT:
description: '@see https://gitlab.com/internetarchive/nomad#customizing'
required: false
type: string
NOMAD_VAR_COUNT_CANARIES:
description: '@see https://gitlab.com/internetarchive/nomad#customizing'
required: false
type: string
NOMAD_VAR_CPU:
description: '@see https://gitlab.com/internetarchive/nomad#customizing'
required: false
type: string
NOMAD_VAR_FORCE_PULL:
description: '@see https://gitlab.com/internetarchive/nomad#customizing'
required: false
type: string
NOMAD_VAR_HEALTH_TIMEOUT:
description: '@see https://gitlab.com/internetarchive/nomad#customizing'
required: false
type: string
NOMAD_VAR_HOSTNAMES:
description: '@see https://gitlab.com/internetarchive/nomad#customizing'
required: false
type: string
NOMAD_VAR_IS_BATCH:
description: '@see https://gitlab.com/internetarchive/nomad#customizing'
required: false
type: string
NOMAD_VAR_MEMORY:
description: '@see https://gitlab.com/internetarchive/nomad#customizing'
required: false
type: string
NOMAD_VAR_MULTI_CONTAINER:
description: '@see https://gitlab.com/internetarchive/nomad#customizing'
required: false
type: string
NOMAD_VAR_NAMESPACE:
description: '@see https://gitlab.com/internetarchive/nomad#customizing'
required: false
type: string
NOMAD_VAR_NETWORK_MODE:
description: '@see https://gitlab.com/internetarchive/nomad#customizing'
required: false
type: string
NOMAD_VAR_NO_DEPLOY:
description: '@see https://gitlab.com/internetarchive/nomad#customizing'
required: false
type: string
NOMAD_VAR_PERSISTENT_VOLUME:
description: '@see https://gitlab.com/internetarchive/nomad#customizing'
required: false
type: string
NOMAD_VAR_PORTS:
description: '@see https://gitlab.com/internetarchive/nomad#customizing'
required: false
type: string
NOMAD_VAR_VOLUMES:
description: '@see https://gitlab.com/internetarchive/nomad#customizing'
required: false
type: string
env:
IMG: ghcr.io/${{ github.repository }}:${{ github.ref_name }}
jobs:
build:
runs-on: ubuntu-latest
env:
DOCKER_BUILDKIT: 1
steps:
- name: Checkout repo
uses: actions/checkout@v4
with:
lfs: true
- name: Get more space
# also... this nicely ensures .git/ subdir never copies into docker image ;-)
run: sudo rm -rf ${GITHUB_WORKSPACE}/.git
- name: Setup QEMU
uses: docker/setup-qemu-action@v3
if: ${{ inputs.PLATFORMS != 'linux/amd64' }}
- name: Setup docker buildx
uses: docker/setup-buildx-action@v3
if: ${{ inputs.PLATFORMS != 'linux/amd64' }}
- name: Login to registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: build and push (single arch)
if: ${{ inputs.PLATFORMS == 'linux/amd64' }}
run: |
docker build --tag ${{env.IMG}} .
echo IMGWORKDIR=$(docker inspect ${{env.IMG}} --format='{{.Config.WorkingDir}}') |tee -a "$GITHUB_OUTPUT"
echo get even more space
sudo find ${GITHUB_WORKSPACE} -mindepth 1 -delete
docker push ${{env.IMG}}
- name: build and push (multi arch)
if: ${{ inputs.PLATFORMS != 'linux/amd64' }}
uses: docker/build-push-action@v5
with:
context: .
platforms: ${{ inputs.PLATFORMS }}
push: ${{ github.event_name != 'pull_request' }}
tags: ${{env.IMG}}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Determine workdir
id: getworkdir
if: ${{ ! inputs.NO_TEST && inputs.PLATFORMS != 'linux/amd64' }}
# Wish we didn't have to docker pull -- but w/o this, GH Actions hijacks the container's
# normal workdir when we fire it up below in the [test] job
run: |
docker pull ${{env.IMG}}
echo IMGWORKDIR=$(docker inspect ${{env.IMG}} --format='{{.Config.WorkingDir}}') |tee -a "$GITHUB_OUTPUT"
outputs:
imgworkdir: ${{ inputs.NO_TEST && '/' || steps.getworkdir.outputs.IMGWORKDIR }}
test:
runs-on: ubuntu-latest
needs: build
if: ${{ ! inputs.NO_TEST }}
container:
# test the image that was just built above
image: ghcr.io/${{ github.repository }}:${{ github.ref_name }}
steps:
- name: test
# ensure we start in the container's natural WORKDIR
working-directory: ${{ needs.build.outputs.imgworkdir }}
run: sh -ec 'pwd; if [ -e ${{ inputs.TEST_SCRIPT }} ]; then ${{ inputs.TEST_SCRIPT }}; fi'
deploy:
runs-on: ubuntu-latest
needs: test
if: ${{ always() && !failure() && !cancelled() && ! inputs.NOMAD_VAR_NO_DEPLOY }}
container:
# https://gitlab.com/internetarchive/nomad
image: docker://registry.gitlab.com/internetarchive/nomad/master
env:
BASE_DOMAIN: ${{ inputs.BASE_DOMAIN }}
NOMAD_ADDR: ${{ inputs.NOMAD_ADDR }}
NOMAD_TOKEN: ${{ secrets.NOMAD_TOKEN }}
NOMAD_TOKEN_PROD: ${{ secrets.NOMAD_TOKEN_PROD }}
NOMAD_TOKEN_EXT: ${{ secrets.NOMAD_TOKEN_EXT }}
CI_REGISTRY_READ_TOKEN: ${{ secrets.GITHUB_TOKEN }}
NOMAD_SECRETS: ${{ secrets.NOMAD_SECRETS }}
PRIVATE_REPO: ${{ github.event.repository.private }}
NOMAD_VAR_CHECK_PATH: ${{ inputs.NOMAD_VAR_CHECK_PATH }}
NOMAD_VAR_CHECK_PROTOCOL: ${{ inputs.NOMAD_VAR_CHECK_PROTOCOL }}
NOMAD_VAR_CHECK_TIMEOUT: ${{ inputs.NOMAD_VAR_CHECK_TIMEOUT }}
NOMAD_VAR_COUNT: ${{ inputs.NOMAD_VAR_COUNT }}
NOMAD_VAR_COUNT_CANARIES: ${{ inputs.NOMAD_VAR_COUNT_CANARIES }}
NOMAD_VAR_CPU: ${{ inputs.NOMAD_VAR_CPU }}
NOMAD_VAR_FORCE_PULL: ${{ inputs.NOMAD_VAR_FORCE_PULL }}
NOMAD_VAR_HEALTH_TIMEOUT: ${{ inputs.NOMAD_VAR_HEALTH_TIMEOUT }}
NOMAD_VAR_HOSTNAMES: ${{ inputs.NOMAD_VAR_HOSTNAMES }}
NOMAD_VAR_IS_BATCH: ${{ inputs.NOMAD_VAR_IS_BATCH }}
NOMAD_VAR_MEMORY: ${{ inputs.NOMAD_VAR_MEMORY }}
NOMAD_VAR_MULTI_CONTAINER: ${{ inputs.NOMAD_VAR_MULTI_CONTAINER }}
NOMAD_VAR_NAMESPACE: ${{ inputs.NOMAD_VAR_NAMESPACE }}
NOMAD_VAR_NETWORK_MODE: ${{ inputs.NOMAD_VAR_NETWORK_MODE }}
NOMAD_VAR_NO_DEPLOY: ${{ inputs.NOMAD_VAR_NO_DEPLOY }}
NOMAD_VAR_PERSISTENT_VOLUME: ${{ inputs.NOMAD_VAR_PERSISTENT_VOLUME }}
NOMAD_VAR_PORTS: ${{ inputs.NOMAD_VAR_PORTS }}
NOMAD_VAR_VOLUMES: ${{ inputs.NOMAD_VAR_VOLUMES }}
steps:
# https://gitlab.com/internetarchive/nomad/-/blob/master/deploy.sh
- name: deploy
run: /deploy.sh