Deploy latest in DEV #15
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy latest in DEV | |
on: | |
workflow_dispatch: | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
environment: dev-cd | |
permissions: | |
id-token: write | |
packages: write | |
contents: write | |
steps: | |
# | |
# Checkout the source code. | |
# | |
- name: Checkout the source code | |
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab | |
with: | |
token: ${{ secrets.GIT_PAT }} | |
fetch-depth: 0 | |
# | |
# Cache JDK. | |
# | |
- name: Cache JDK | |
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 | |
id: cache-jdk | |
with: | |
key: OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz | |
path: | | |
${{ runner.temp }}/jdk_setup.tar.gz | |
${{ runner.temp }}/jdk_setup.sha256 | |
# | |
# Download JDK and verify its hash. | |
# | |
- name: Download JDK and verify its hash | |
if: steps.cache-jdk.outputs.cache-hit != 'true' | |
run: | | |
echo "e9458b38e97358850902c2936a1bb5f35f6cffc59da9fcd28c63eab8dbbfbc3b ${{ runner.temp }}/jdk_setup.tar.gz" >> ${{ runner.temp }}/jdk_setup.sha256 | |
curl -L "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.7%2B7/OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz" -o "${{ runner.temp }}/jdk_setup.tar.gz" | |
sha256sum --check --status "${{ runner.temp }}/jdk_setup.sha256" | |
# | |
# Setup JDK. | |
# | |
- name: Setup JDK | |
uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 | |
with: | |
distribution: "jdkfile" | |
jdkFile: "${{ runner.temp }}/jdk_setup.tar.gz" | |
java-version: "17" | |
cache: maven | |
# | |
# Cache Maven. | |
# | |
- name: Cache Maven | |
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 | |
id: cache-maven | |
with: | |
key: apache-maven-3.9.2-bin.tar.gz | |
path: | | |
${{ runner.temp }}/maven_setup.tar.gz | |
${{ runner.temp }}/maven_setup.sha256 | |
# | |
# Download Maven and verify its hash. | |
# | |
- name: Download Maven and verify its hash | |
if: steps.cache-maven.outputs.cache-hit != 'true' | |
run: | | |
echo "809ef3220c6d179195c06c324cb9a6d34d8ecba566c5cfd8eb83167bc034117d ${{ runner.temp }}/maven_setup.tar.gz" >> ${{ runner.temp }}/maven_setup.sha256 | |
curl -L "https://archive.apache.org/dist/maven/maven-3/3.9.2/binaries/apache-maven-3.9.2-bin.tar.gz" -o "${{ runner.temp }}/maven_setup.tar.gz" | |
sha256sum --check --status "${{ runner.temp }}/maven_setup.sha256" | |
# | |
# Setup Maven. | |
# | |
- name: Setup Maven | |
run: | | |
mkdir ${{ runner.temp }}/maven | |
tar -xvf ${{ runner.temp }}/maven_setup.tar.gz -C ${{ runner.temp }}/maven --strip-components=1 | |
echo "<settings><servers><server><id>github</id><username>${{ secrets.GIT_USER }}</username><password>${{ secrets.GIT_PAT }}</password></server></servers></settings>" >> ${{ runner.temp }}/settings.xml | |
# | |
# Build native executable. | |
# | |
- name: Build native executable | |
run: ${{ runner.temp }}/maven/bin/mvn clean package -Pnative -Dmaven.test.skip=true -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image@sha256:05baf3fd2173f6f25ad35216b6b066c35fbfb97f06daba75efb5b22bc0a85b9c -s ${{ runner.temp }}/settings.xml --no-transfer-progress | |
# | |
# Build Docker image. | |
# | |
- name: Build Docker image | |
run: docker build -f src/main/docker/Dockerfile.native-micro -t ghcr.io/${{ github.repository }}:latest . | |
# | |
# Push Docker image. | |
# | |
- name: Push Docker image | |
run: | | |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
docker push -a ghcr.io/${{ github.repository }} | |
# | |
# Login to Azure. | |
# | |
- name: Login to Azure | |
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
# | |
# Update Container App. | |
# | |
- name: Update Container App | |
uses: azure/CLI@fa0f960f00db49b95fdb54328a767aee31e80105 | |
with: | |
inlineScript: | | |
az config set extension.use_dynamic_install=yes_without_prompt | |
az containerapp update -n ${{ secrets.AZURE_CONTAINER_APP_NAME }} -g ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} --image ghcr.io/${{ github.repository }}:latest |