Only build ARM version of the BE (#4172) #2822

Workflow file for this run

	name: Deploy

	concurrency: deploy-${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}

	on:
	push:
	branches:
	- main
	workflow_dispatch:

	env:
	TF_WORKSPACE: ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}

	jobs:
	create-db:
	runs-on: ubuntu-latest
	defaults:
	run:
	working-directory: ./infrastructure/applications
	steps:
	- uses: actions/checkout@v4
	if: github.ref != 'refs/heads/main'
	with:
	ref: ${{ github.ref }}
	fetch-depth: 0
	- name: Configure AWS credentials
	if: github.ref != 'refs/heads/main'
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.aws_access_key_id }}
	aws-secret-access-key: ${{ secrets.aws_secret_access_key }}
	aws-region: eu-central-1
	- uses: hashicorp/setup-terraform@v3
	if: github.ref != 'refs/heads/main'
	with:
	terraform_version: 1.2.4
	- name: Terraform Init
	if: github.ref != 'refs/heads/main'
	run: terraform init
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	- name: Terraform apply
	if: github.ref != 'refs/heads/main'
	run: terraform apply -target module.database -no-color -auto-approve &> /dev/null
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	AWS_DEFAULT_REGION: eu-central-1

	build-pretix:
	runs-on: [self-hosted]
	steps:
	- uses: actions/checkout@v4
	with:
	ref: ${{ github.ref }}
	fetch-depth: 0
	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.aws_access_key_id }}
	aws-secret-access-key: ${{ secrets.aws_secret_access_key }}
	aws-region: eu-central-1
	- name: Get service githash
	id: git
	run: \|
	hash=$(git rev-list -1 HEAD -- ./pretix)
	echo "githash=$hash" >> $GITHUB_OUTPUT
	- name: Check if commit is already on ECR
	id: image
	run: \|
	set +e
	aws ecr describe-images --repository-name=pythonit/pretix --image-ids=imageTag=arm-${{ steps.git.outputs.githash }}
	if [[ $? == 0 ]]; then
	echo "image_exists=1" >> $GITHUB_OUTPUT
	else
	echo "image_exists=0" >> $GITHUB_OUTPUT
	fi
	- uses: actions/checkout@v4
	if: ${{ steps.image.outputs.image_exists == 0 }}
	with:
	repository: pretix/pretix
	ref: v2024.10.0
	path: ./pretix-clone
	- name: Login to Amazon ECR
	if: ${{ steps.image.outputs.image_exists == 0 }}
	uses: aws-actions/amazon-ecr-login@v2
	- name: Set up Docker Buildx
	id: buildx
	if: ${{ steps.image.outputs.image_exists == 0 }}
	uses: docker/setup-buildx-action@v3
	- name: Build pretix base
	if: ${{ steps.image.outputs.image_exists == 0 }}
	uses: docker/build-push-action@v6
	id: build-pretix-base
	with:
	context: ./pretix-clone
	file: ./pretix-clone/Dockerfile
	builder: ${{ steps.buildx.outputs.name }}
	provenance: false
	push: true
	tags: \|
	${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/pretix:pretix-base-${{ steps.git.outputs.githash }}
	cache-from: type=local,src=/tmp/.buildx-cache
	cache-to: type=local,dest=/tmp/.buildx-cache
	platforms: linux/arm64
	- name: Build and push pretix
	if: ${{ steps.image.outputs.image_exists == 0 }}
	uses: docker/build-push-action@v6
	with:
	context: ./pretix
	file: ./pretix/Dockerfile
	builder: ${{ steps.buildx.outputs.name }}
	provenance: false
	push: true
	tags: \|
	${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/pretix:arm-${{ steps.git.outputs.githash }}
	cache-from: type=local,src=/tmp/.buildx-cache
	cache-to: type=local,dest=/tmp/.buildx-cache
	platforms: linux/arm64
	build-args: \|
	PRETIX_IMAGE=${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/pretix:pretix-base-${{ steps.git.outputs.githash }}

	build-and-push-arm-service:
	runs-on: [self-hosted]
	permissions:
	packages: write
	contents: read
	strategy:
	fail-fast: false
	matrix:
	service:
	- name: pycon-backend
	dir: backend

	steps:
	- uses: actions/checkout@v4
	with:
	ref: ${{ github.ref }}
	fetch-depth: 0
	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.aws_access_key_id }}
	aws-secret-access-key: ${{ secrets.aws_secret_access_key }}
	aws-region: eu-central-1
	- name: Get service githash
	id: git
	run: \|
	hash=$(git rev-list -1 HEAD -- ${{ matrix.service.dir }})
	echo "githash=$hash" >> $GITHUB_OUTPUT
	- name: Check if commit is already on ECR
	id: image
	run: \|
	set +e
	aws ecr describe-images --repository-name=pythonit/${{ matrix.service.name }} --image-ids=imageTag=arm-${{ steps.git.outputs.githash }}
	if [[ $? == 0 ]]; then
	echo "image_exists=1" >> $GITHUB_OUTPUT
	else
	echo "image_exists=0" >> $GITHUB_OUTPUT
	fi
	- name: Set up QEMU dependency
	if: ${{ steps.image.outputs.image_exists == 0 }}
	uses: docker/setup-qemu-action@v3
	- name: Login to GitHub Packages
	if: ${{ steps.image.outputs.image_exists == 0 }}
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}
	- name: Login to Amazon ECR
	if: ${{ steps.image.outputs.image_exists == 0 }}
	uses: aws-actions/amazon-ecr-login@v2
	- name: Set up Docker Buildx
	id: buildx
	if: ${{ steps.image.outputs.image_exists == 0 }}
	uses: docker/setup-buildx-action@v3
	- name: Build and push
	if: ${{ steps.image.outputs.image_exists == 0 }}
	uses: docker/build-push-action@v6
	with:
	context: ./${{ matrix.service.dir }}
	file: ./${{ matrix.service.dir }}/Dockerfile
	builder: ${{ steps.buildx.outputs.name }}
	provenance: false
	push: true
	tags: \|
	${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-central-1.amazonaws.com/pythonit/${{ matrix.service.name }}:arm-${{ steps.git.outputs.githash }}
	ghcr.io/pythonitalia/pycon/${{ matrix.service.name }}:arm-${{ steps.git.outputs.githash }}
	cache-from: type=local,src=/tmp/.buildx-cache
	cache-to: type=local,dest=/tmp/.buildx-cache
	platforms: linux/arm64

	terraform:
	runs-on: ubuntu-latest
	needs: [build-and-push-arm-service, build-pretix, create-db]
	environment:
	name: ${{ fromJSON('["pastaporto", "production"]')[github.ref == 'refs/heads/main'] }}
	defaults:
	run:
	working-directory: ./infrastructure/applications
	steps:
	- uses: actions/checkout@v4
	with:
	ref: ${{ github.ref }}
	fetch-depth: 0
	- uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: 1.2.4
	- name: Terraform Init
	run: terraform init
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	- name: Terraform Validate
	id: validate
	run: terraform validate -no-color

	- name: Terraform apply
	run: terraform apply -no-color -auto-approve &> /dev/null
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	AWS_DEFAULT_REGION: eu-central-1

	wait-aws-update:
	runs-on: ubuntu-latest
	needs: [terraform]
	steps:
	- name: Check health status
	run: \|
	while true; do
	response=$(curl -s "https://${{ fromJSON('["pastaporto-", ""]')[github.ref == 'refs/heads/main'] }}admin.pycon.it/health")
	commit=$(echo $response \| jq -r '.commit')
	if [ "$commit" == "${{ steps.git.outputs.githash }}" ]; then
	echo "New version live"
	break
	else
	echo "Commit hash does not match. Retrying..."
	sleep 3
	fi
	done
	shell: bash

	deploy-fe:
	runs-on: ubuntu-latest
	needs: [wait-aws-update]
	steps:
	- name: Trigger hook
	if: github.ref == 'refs/heads/main'
	run: \|
	curl -X POST ${{ secrets.VERCEL_DEPLOY_HOOK }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Only build ARM version of the BE (#4172) #2822

Workflow file

Only build ARM version of the BE (#4172) #2822

Jobs

Run details

Workflow file for this run