From 08cc99d0b2e1d8561cca0e0cd3fb342da768a8f6 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Tue, 2 Jul 2024 13:25:48 +0100 Subject: [PATCH 01/27] Build docker image on github action --- Dockerfile | 2 - .../.github/workflows/deploy-image.yml | 61 +++++++++++++++++++ 2 files changed, 61 insertions(+), 2 deletions(-) create mode 100644 github-action-temp/workflows/.github/workflows/deploy-image.yml diff --git a/Dockerfile b/Dockerfile index 4a5c6b8..3177dbc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,5 @@ FROM node:18-alpine -ARG SHOPIFY_API_KEY -ENV SHOPIFY_API_KEY=$SHOPIFY_API_KEY EXPOSE 8081 WORKDIR /app COPY web . diff --git a/github-action-temp/workflows/.github/workflows/deploy-image.yml b/github-action-temp/workflows/.github/workflows/deploy-image.yml new file mode 100644 index 0000000..1a9b076 --- /dev/null +++ b/github-action-temp/workflows/.github/workflows/deploy-image.yml @@ -0,0 +1,61 @@ +# +name: Create and publish a Docker image + +# Configures this workflow to run every time a change is pushed to the branch called `release`. +on: + push: + branches: ['jelastic'] + +# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu. +jobs: + build-and-push-image: + runs-on: ubuntu-latest + env: + SHOPIFY_API_KEY: ${{ secrets.SHOPIFY_API_KEY }} + # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. + permissions: + contents: read + packages: write + attestations: write + # + steps: + - name: Checkout repository + uses: actions/checkout@v4 + # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. + # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. + # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. + - name: Build and push Docker image + id: push + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)." + - name: Generate artifact attestation + uses: actions/attest-build-provenance@v1 + with: + subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true + From 8b8162a7e9860576a8bb3907d76238e776cf3aba Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Tue, 2 Jul 2024 13:27:34 +0100 Subject: [PATCH 02/27] tickle --- github-action-temp/workflows/.github/workflows/deploy-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github-action-temp/workflows/.github/workflows/deploy-image.yml b/github-action-temp/workflows/.github/workflows/deploy-image.yml index 1a9b076..1106340 100644 --- a/github-action-temp/workflows/.github/workflows/deploy-image.yml +++ b/github-action-temp/workflows/.github/workflows/deploy-image.yml @@ -58,4 +58,4 @@ jobs: subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} subject-digest: ${{ steps.push.outputs.digest }} push-to-registry: true - + \ No newline at end of file From 0863b9094f8985de5b2352b06d1b663fa0dad0b1 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Tue, 2 Jul 2024 13:28:42 +0100 Subject: [PATCH 03/27] wrong place --- .../workflows/.github => .github}/workflows/deploy-image.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {github-action-temp/workflows/.github => .github}/workflows/deploy-image.yml (100%) diff --git a/github-action-temp/workflows/.github/workflows/deploy-image.yml b/.github/workflows/deploy-image.yml similarity index 100% rename from github-action-temp/workflows/.github/workflows/deploy-image.yml rename to .github/workflows/deploy-image.yml From 607c46a9d8ac2b11068f0b955535189785c3c1e8 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Tue, 2 Jul 2024 13:41:05 +0100 Subject: [PATCH 04/27] try something --- .github/workflows/deploy-image.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy-image.yml b/.github/workflows/deploy-image.yml index 1106340..ec564ef 100644 --- a/.github/workflows/deploy-image.yml +++ b/.github/workflows/deploy-image.yml @@ -22,6 +22,7 @@ jobs: contents: read packages: write attestations: write + id-token: write # steps: - name: Checkout repository From d72c812cf3cc55a82bfb68aee84689c4773d4637 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Tue, 2 Jul 2024 13:52:26 +0100 Subject: [PATCH 05/27] attestation step failing - I think it's a bonus so I'm removing --- .github/workflows/deploy-image.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/deploy-image.yml b/.github/workflows/deploy-image.yml index ec564ef..67b8f25 100644 --- a/.github/workflows/deploy-image.yml +++ b/.github/workflows/deploy-image.yml @@ -53,10 +53,10 @@ jobs: labels: ${{ steps.meta.outputs.labels }} # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)." - - name: Generate artifact attestation - uses: actions/attest-build-provenance@v1 - with: - subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} - subject-digest: ${{ steps.push.outputs.digest }} - push-to-registry: true + # - name: Generate artifact attestation + # uses: actions/attest-build-provenance@v1 + # with: + # subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + # subject-digest: ${{ steps.push.outputs.digest }} + # push-to-registry: true \ No newline at end of file From 831110664b6f540025b32a8b638b9ae95cc63c27 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Tue, 2 Jul 2024 13:55:14 +0100 Subject: [PATCH 06/27] test --- .github/workflows/deploy-image.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/deploy-image.yml b/.github/workflows/deploy-image.yml index 67b8f25..b0893dc 100644 --- a/.github/workflows/deploy-image.yml +++ b/.github/workflows/deploy-image.yml @@ -58,5 +58,4 @@ jobs: # with: # subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} # subject-digest: ${{ steps.push.outputs.digest }} - # push-to-registry: true - \ No newline at end of file + # push-to-registry: true \ No newline at end of file From 141814e1000de6da7680c70267cf8cb4969d8681 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Tue, 2 Jul 2024 14:12:45 +0100 Subject: [PATCH 07/27] tag the image with the commit sha? --- .github/workflows/deploy-image.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/deploy-image.yml b/.github/workflows/deploy-image.yml index b0893dc..ad0d06b 100644 --- a/.github/workflows/deploy-image.yml +++ b/.github/workflows/deploy-image.yml @@ -40,6 +40,15 @@ jobs: uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=ref,event=tag + type=sha + type=sha,prefix={{branch}}- + type=sha,format=long + type=sha,format=long,prefix={{branch}}- + # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. From 18ae2270e12437548e90a85c7142968b44e8b3a9 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Wed, 3 Jul 2024 18:44:17 +0100 Subject: [PATCH 08/27] Try and automatically trigger a redeployment from a new commit --- .github/workflows/deploy-image.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-image.yml b/.github/workflows/deploy-image.yml index ad0d06b..ee948b6 100644 --- a/.github/workflows/deploy-image.yml +++ b/.github/workflows/deploy-image.yml @@ -6,10 +6,12 @@ on: push: branches: ['jelastic'] -# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} + JELASTIC_URL: app.jpc.infomaniak.com + JELASTIC_ENV: fdc-producer-staging + NODE_ID: 157485 # There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu. jobs: @@ -46,8 +48,6 @@ jobs: type=ref,event=tag type=sha type=sha,prefix={{branch}}- - type=sha,format=long - type=sha,format=long,prefix={{branch}}- # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. @@ -67,4 +67,8 @@ jobs: # with: # subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} # subject-digest: ${{ steps.push.outputs.digest }} - # push-to-registry: true \ No newline at end of file + # push-to-registry: true + - name: Redeploy containers + run: | + sudo apt-get install curl -y + curl https://${{ env.JELASTIC_URL }}/1.0/environment/control/rest/redeploycontainersbygroup?envName=${{env.JELASTIC_ENV}}\&session=${{secrets.JELASTIC_ACCESS_TOKEN}}\&tag=${{steps.meta.outputs.tags[0]}}\&nodeId=${{env.NODE_ID}} \ No newline at end of file From ea4a2c00cc76c2f4dcfb2f3937b087f7f1fa71b2 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Wed, 3 Jul 2024 18:48:12 +0100 Subject: [PATCH 09/27] try again --- .github/workflows/deploy-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-image.yml b/.github/workflows/deploy-image.yml index ee948b6..0ce5825 100644 --- a/.github/workflows/deploy-image.yml +++ b/.github/workflows/deploy-image.yml @@ -71,4 +71,4 @@ jobs: - name: Redeploy containers run: | sudo apt-get install curl -y - curl https://${{ env.JELASTIC_URL }}/1.0/environment/control/rest/redeploycontainersbygroup?envName=${{env.JELASTIC_ENV}}\&session=${{secrets.JELASTIC_ACCESS_TOKEN}}\&tag=${{steps.meta.outputs.tags[0]}}\&nodeId=${{env.NODE_ID}} \ No newline at end of file + curl https://${{ env.JELASTIC_URL }}/1.0/environment/control/rest/redeploycontainersbygroup?envName=${{env.JELASTIC_ENV}}\&session=${{secrets.JELASTIC_ACCESS_TOKEN}}\&tag=${{steps.meta.outputs.tags[0]}}\&nodeGroup=cp \ No newline at end of file From 5bd46673e0d0f5cfe36b2bf0efd064adbbc6a89a Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Wed, 3 Jul 2024 19:05:27 +0100 Subject: [PATCH 10/27] make action reusable so we can deploy to different environments --- .../buildAndDeploy/action.yml} | 43 ++++++------------- .github/workflows/deploy-staging.yml | 27 ++++++++++++ 2 files changed, 41 insertions(+), 29 deletions(-) rename .github/{workflows/deploy-image.yml => actions/buildAndDeploy/action.yml} (72%) create mode 100644 .github/workflows/deploy-staging.yml diff --git a/.github/workflows/deploy-image.yml b/.github/actions/buildAndDeploy/action.yml similarity index 72% rename from .github/workflows/deploy-image.yml rename to .github/actions/buildAndDeploy/action.yml index 0ce5825..b16f99a 100644 --- a/.github/workflows/deploy-image.yml +++ b/.github/actions/buildAndDeploy/action.yml @@ -1,39 +1,24 @@ -# name: Create and publish a Docker image -# Configures this workflow to run every time a change is pushed to the branch called `release`. -on: - push: - branches: ['jelastic'] +inputs: + jelastic_env: + description: 'Jelastic environment name' + required: true + image_name: + description: 'Name for image' + required: false + default: ${{ github.repository }} -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - JELASTIC_URL: app.jpc.infomaniak.com - JELASTIC_ENV: fdc-producer-staging - NODE_ID: 157485 - -# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu. -jobs: - build-and-push-image: - runs-on: ubuntu-latest - env: - SHOPIFY_API_KEY: ${{ secrets.SHOPIFY_API_KEY }} - # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job. - permissions: - contents: read - packages: write - attestations: write - id-token: write - # - steps: +runs: + using: "composite" + steps: - name: Checkout repository uses: actions/checkout@v4 # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. - name: Log in to the Container registry uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 with: - registry: ${{ env.REGISTRY }} + registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. @@ -41,7 +26,7 @@ jobs: id: meta uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + images: ghcr.io/${{ inputs.image_name }} tags: | type=ref,event=branch type=ref,event=pr @@ -71,4 +56,4 @@ jobs: - name: Redeploy containers run: | sudo apt-get install curl -y - curl https://${{ env.JELASTIC_URL }}/1.0/environment/control/rest/redeploycontainersbygroup?envName=${{env.JELASTIC_ENV}}\&session=${{secrets.JELASTIC_ACCESS_TOKEN}}\&tag=${{steps.meta.outputs.tags[0]}}\&nodeGroup=cp \ No newline at end of file + curl https://app.jpc.infomaniak.com/1.0/environment/control/rest/redeploycontainersbygroup?envName=${{inputs.jelastic_env}}\&session=${{secrets.JELASTIC_ACCESS_TOKEN}}\&tag=${{steps.meta.outputs.tags[0]}}\&nodeGroup=cp \ No newline at end of file diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml new file mode 100644 index 0000000..4298002 --- /dev/null +++ b/.github/workflows/deploy-staging.yml @@ -0,0 +1,27 @@ +# +name: Create and publish a Docker image + +on: + push: + branches: ['jelastic'] + +env: + JELASTIC_ENV: fdc-producer-staging + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + env: + SHOPIFY_API_KEY: ${{ secrets.SHOPIFY_API_KEY }} + permissions: + contents: read + packages: write + attestations: write + id-token: write + steps: + - name: build and deploy + uses: ./.github/actions/buildAndDeploy + with: + jelastic_env: env-0105831 + secrets: inherit + \ No newline at end of file From 14ed835f279b385912f2fc88928c065c2355070f Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Thu, 4 Jul 2024 11:11:18 +0100 Subject: [PATCH 11/27] try a reusable workflow --- .github/actions/buildAndDeploy/action.yml | 59 ------------------ .github/workflows/build-and-deploy.yml | 73 +++++++++++++++++++++++ .github/workflows/deploy-staging.yml | 6 +- 3 files changed, 74 insertions(+), 64 deletions(-) delete mode 100644 .github/actions/buildAndDeploy/action.yml create mode 100644 .github/workflows/build-and-deploy.yml diff --git a/.github/actions/buildAndDeploy/action.yml b/.github/actions/buildAndDeploy/action.yml deleted file mode 100644 index b16f99a..0000000 --- a/.github/actions/buildAndDeploy/action.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: Create and publish a Docker image - -inputs: - jelastic_env: - description: 'Jelastic environment name' - required: true - image_name: - description: 'Name for image' - required: false - default: ${{ github.repository }} - -runs: - using: "composite" - steps: - - name: Checkout repository - uses: actions/checkout@v4 - # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. - - name: Log in to the Container registry - uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 - with: - images: ghcr.io/${{ inputs.image_name }} - tags: | - type=ref,event=branch - type=ref,event=pr - type=ref,event=tag - type=sha - type=sha,prefix={{branch}}- - - # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. - # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. - # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. - - name: Build and push Docker image - id: push - uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 - with: - context: . - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)." - # - name: Generate artifact attestation - # uses: actions/attest-build-provenance@v1 - # with: - # subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} - # subject-digest: ${{ steps.push.outputs.digest }} - # push-to-registry: true - - name: Redeploy containers - run: | - sudo apt-get install curl -y - curl https://app.jpc.infomaniak.com/1.0/environment/control/rest/redeploycontainersbygroup?envName=${{inputs.jelastic_env}}\&session=${{secrets.JELASTIC_ACCESS_TOKEN}}\&tag=${{steps.meta.outputs.tags[0]}}\&nodeGroup=cp \ No newline at end of file diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml new file mode 100644 index 0000000..3c0679d --- /dev/null +++ b/.github/workflows/build-and-deploy.yml @@ -0,0 +1,73 @@ +name: Create and publish a Docker image +on: + workflow_call: + inputs: + jelastic_env: + description: 'Jelastic environment name' + required: true + image_name: + description: 'Name for image' + required: false + default: ${{ github.repository }} + secrets: + jelastic_access_token: + required: true + shopify_api_key: + required: true + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + env: + SHOPIFY_API_KEY: ${{ secrets.shopify_api_key }} + permissions: + contents: read + packages: write + attestations: write + id-token: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. + - name: Log in to the Container registry + uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + with: + images: ghcr.io/${{ inputs.image_name }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=ref,event=tag + type=sha + type=sha,prefix={{branch}}- + + # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. + # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. + # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. + - name: Build and push Docker image + id: push + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)." + # - name: Generate artifact attestation + # uses: actions/attest-build-provenance@v1 + # with: + # subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} + # subject-digest: ${{ steps.push.outputs.digest }} + # push-to-registry: true + - name: Redeploy containers + run: | + sudo apt-get install curl -y + curl https://app.jpc.infomaniak.com/1.0/environment/control/rest/redeploycontainersbygroup?envName=${{inputs.jelastic_env}}\&session=${{secrets.jelastic_access_token}}\&tag=${{steps.meta.outputs.tags[0]}}\&nodeGroup=cp \ No newline at end of file diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml index 4298002..3be527f 100644 --- a/.github/workflows/deploy-staging.yml +++ b/.github/workflows/deploy-staging.yml @@ -5,12 +5,8 @@ on: push: branches: ['jelastic'] -env: - JELASTIC_ENV: fdc-producer-staging - jobs: build-and-push-image: - runs-on: ubuntu-latest env: SHOPIFY_API_KEY: ${{ secrets.SHOPIFY_API_KEY }} permissions: @@ -20,7 +16,7 @@ jobs: id-token: write steps: - name: build and deploy - uses: ./.github/actions/buildAndDeploy + uses: ./build-and-deploy with: jelastic_env: env-0105831 secrets: inherit From 32429c9460aeeef6ed615e084ee29f0793978342 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Thu, 4 Jul 2024 11:16:17 +0100 Subject: [PATCH 12/27] try a reusable workflow --- .github/workflows/deploy-staging.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml index 3be527f..fdea6a6 100644 --- a/.github/workflows/deploy-staging.yml +++ b/.github/workflows/deploy-staging.yml @@ -14,9 +14,7 @@ jobs: packages: write attestations: write id-token: write - steps: - - name: build and deploy - uses: ./build-and-deploy + uses: ./build-and-deploy with: jelastic_env: env-0105831 secrets: inherit From 8762acf92fe24fff80a99f5908bc63e5a7cea002 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Thu, 4 Jul 2024 11:24:40 +0100 Subject: [PATCH 13/27] try a reusable workflow --- .github/workflows/deploy-staging.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml index fdea6a6..d069391 100644 --- a/.github/workflows/deploy-staging.yml +++ b/.github/workflows/deploy-staging.yml @@ -14,8 +14,8 @@ jobs: packages: write attestations: write id-token: write - uses: ./build-and-deploy - with: - jelastic_env: env-0105831 - secrets: inherit + uses: ./build-and-deploy.yml + with: + jelastic_env: env-0105831 + secrets: inherit \ No newline at end of file From 7a438f9240b9b1e7aecfb13447758efe7fa63135 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Thu, 4 Jul 2024 11:26:29 +0100 Subject: [PATCH 14/27] try a reusable workflow --- .github/workflows/deploy-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml index d069391..fd8d790 100644 --- a/.github/workflows/deploy-staging.yml +++ b/.github/workflows/deploy-staging.yml @@ -14,7 +14,7 @@ jobs: packages: write attestations: write id-token: write - uses: ./build-and-deploy.yml + uses: ./.github/workflows/build-and-deploy.yml with: jelastic_env: env-0105831 secrets: inherit From 73d26bfc239b0edc91b73f717c58c4736d696175 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Thu, 4 Jul 2024 11:30:44 +0100 Subject: [PATCH 15/27] try a reusable workflow --- .github/workflows/deploy-staging.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml index fd8d790..2178ea8 100644 --- a/.github/workflows/deploy-staging.yml +++ b/.github/workflows/deploy-staging.yml @@ -7,13 +7,6 @@ on: jobs: build-and-push-image: - env: - SHOPIFY_API_KEY: ${{ secrets.SHOPIFY_API_KEY }} - permissions: - contents: read - packages: write - attestations: write - id-token: write uses: ./.github/workflows/build-and-deploy.yml with: jelastic_env: env-0105831 From 1d4071f3181cfce5bf13490debb9d2f31066f0a0 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Thu, 4 Jul 2024 11:34:54 +0100 Subject: [PATCH 16/27] try a reusable workflow --- .github/workflows/build-and-deploy.yml | 7 ++----- .github/workflows/deploy-staging.yml | 5 +++++ 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 3c0679d..e2db632 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -5,10 +5,12 @@ on: jelastic_env: description: 'Jelastic environment name' required: true + type: string image_name: description: 'Name for image' required: false default: ${{ github.repository }} + type: string secrets: jelastic_access_token: required: true @@ -20,11 +22,6 @@ jobs: runs-on: ubuntu-latest env: SHOPIFY_API_KEY: ${{ secrets.shopify_api_key }} - permissions: - contents: read - packages: write - attestations: write - id-token: write steps: - name: Checkout repository uses: actions/checkout@v4 diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml index 2178ea8..06f6835 100644 --- a/.github/workflows/deploy-staging.yml +++ b/.github/workflows/deploy-staging.yml @@ -7,6 +7,11 @@ on: jobs: build-and-push-image: + permissions: + contents: read + packages: write + attestations: write + id-token: write uses: ./.github/workflows/build-and-deploy.yml with: jelastic_env: env-0105831 From bece30ba7270f60ea24cadeba47ad5243aa7b674 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Thu, 4 Jul 2024 11:37:35 +0100 Subject: [PATCH 17/27] try a reusable workflow --- .github/workflows/deploy-staging.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml index 06f6835..557c752 100644 --- a/.github/workflows/deploy-staging.yml +++ b/.github/workflows/deploy-staging.yml @@ -1,4 +1,3 @@ -# name: Create and publish a Docker image on: @@ -7,7 +6,7 @@ on: jobs: build-and-push-image: - permissions: + permissions: contents: read packages: write attestations: write From 024869c502f71bc58b05daa4a041819fcdb24137 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Thu, 4 Jul 2024 11:47:21 +0100 Subject: [PATCH 18/27] try and fix shopify api key --- .github/workflows/build-and-deploy.yml | 2 ++ Dockerfile | 3 +++ 2 files changed, 5 insertions(+) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index e2db632..eceaed8 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -54,6 +54,8 @@ jobs: with: context: . push: true + build-args: | + SHOPIFY_API_KEY=${{ secrets.shopify_api_key }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} diff --git a/Dockerfile b/Dockerfile index 3177dbc..66d7b71 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,8 @@ FROM node:18-alpine +ARG SHOPIFY_API_KEY +ENV SHOPIFY_API_KEY=$SHOPIFY_API_KEY + EXPOSE 8081 WORKDIR /app COPY web . From c6e6e0c3e86730bd6893b4eec741bf836f26589a Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Thu, 4 Jul 2024 12:10:30 +0100 Subject: [PATCH 19/27] change brnach --- .github/workflows/deploy-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml index 557c752..ee947e8 100644 --- a/.github/workflows/deploy-staging.yml +++ b/.github/workflows/deploy-staging.yml @@ -2,7 +2,7 @@ name: Create and publish a Docker image on: push: - branches: ['jelastic'] + branches: ['staging'] jobs: build-and-push-image: From 6d1c204e8e76483e9b0ba1eacc5ea19b6fe48391 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Thu, 4 Jul 2024 12:44:24 +0100 Subject: [PATCH 20/27] try and fix tag --- .github/workflows/build-and-deploy.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index eceaed8..48b4554 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -39,10 +39,6 @@ jobs: with: images: ghcr.io/${{ inputs.image_name }} tags: | - type=ref,event=branch - type=ref,event=pr - type=ref,event=tag - type=sha type=sha,prefix={{branch}}- # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. @@ -69,4 +65,4 @@ jobs: - name: Redeploy containers run: | sudo apt-get install curl -y - curl https://app.jpc.infomaniak.com/1.0/environment/control/rest/redeploycontainersbygroup?envName=${{inputs.jelastic_env}}\&session=${{secrets.jelastic_access_token}}\&tag=${{steps.meta.outputs.tags[0]}}\&nodeGroup=cp \ No newline at end of file + curl https://app.jpc.infomaniak.com/1.0/environment/control/rest/redeploycontainersbygroup?envName=${{inputs.jelastic_env}}\&session=${{secrets.jelastic_access_token}}\&tag=${{steps.meta.outputs.tags}}\&nodeGroup=cp \ No newline at end of file From 37c51c70854d9e1691ea2d176e72a7d0ebf48915 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Thu, 4 Jul 2024 12:45:17 +0100 Subject: [PATCH 21/27] try and fix tag --- .github/workflows/deploy-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml index ee947e8..557c752 100644 --- a/.github/workflows/deploy-staging.yml +++ b/.github/workflows/deploy-staging.yml @@ -2,7 +2,7 @@ name: Create and publish a Docker image on: push: - branches: ['staging'] + branches: ['jelastic'] jobs: build-and-push-image: From d7679e847755d37e37c7f30121a8106427b0400c Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Thu, 4 Jul 2024 13:02:51 +0100 Subject: [PATCH 22/27] trying to fix deployment --- .github/workflows/build-and-deploy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 48b4554..06b50e0 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -37,7 +37,6 @@ jobs: id: meta uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 with: - images: ghcr.io/${{ inputs.image_name }} tags: | type=sha,prefix={{branch}}- From fd4f748885327e7e015f8c92a3c3441efe6f4c15 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Thu, 4 Jul 2024 13:05:05 +0100 Subject: [PATCH 23/27] trying to fix deployment --- .github/workflows/build-and-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 06b50e0..f96fa2b 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -45,7 +45,7 @@ jobs: # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. - name: Build and push Docker image id: push - uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 + uses: docker/build-push-action@v5 with: context: . push: true From 9fabaf47739cb35d4fff2d176cc3c48ab1370382 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Thu, 4 Jul 2024 13:06:27 +0100 Subject: [PATCH 24/27] trying to fix deployment --- .github/workflows/build-and-deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index f96fa2b..f24ac82 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -35,7 +35,7 @@ jobs: # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 + uses: docker/metadata-action@v5 with: tags: | type=sha,prefix={{branch}}- @@ -45,7 +45,7 @@ jobs: # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. - name: Build and push Docker image id: push - uses: docker/build-push-action@v5 + uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 with: context: . push: true From 62a9b001e9a6822db468890f680eaf3eb117b39c Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Thu, 4 Jul 2024 13:12:02 +0100 Subject: [PATCH 25/27] trying to fix deployment --- .github/workflows/build-and-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index f24ac82..30160f3 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -51,7 +51,7 @@ jobs: push: true build-args: | SHOPIFY_API_KEY=${{ secrets.shopify_api_key }} - tags: ${{ steps.meta.outputs.tags }} + tags: ghcr.io/yalla-coop/${{ inputs.image_name }}:${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)." From 6e19503564fc0c70ef2991a17c6ff44ff80d5bf7 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Thu, 4 Jul 2024 13:14:49 +0100 Subject: [PATCH 26/27] trying to fix deployment --- .github/workflows/build-and-deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 30160f3..2166d16 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -51,7 +51,7 @@ jobs: push: true build-args: | SHOPIFY_API_KEY=${{ secrets.shopify_api_key }} - tags: ghcr.io/yalla-coop/${{ inputs.image_name }}:${{ steps.meta.outputs.tags }} + tags: ghcr.io/${{ inputs.image_name }}:${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} # This step generates an artifact attestation for the image, which is an unforgeable statement about where and how it was built. It increases supply chain security for people who consume the image. For more information, see "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)." From 7cfd51d0afac00f60a9e10e47c2da267202fef72 Mon Sep 17 00:00:00 2001 From: Alex Luker Date: Thu, 4 Jul 2024 13:20:10 +0100 Subject: [PATCH 27/27] trying to fix deployment --- .github/workflows/deploy-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-staging.yml b/.github/workflows/deploy-staging.yml index 557c752..ee947e8 100644 --- a/.github/workflows/deploy-staging.yml +++ b/.github/workflows/deploy-staging.yml @@ -2,7 +2,7 @@ name: Create and publish a Docker image on: push: - branches: ['jelastic'] + branches: ['staging'] jobs: build-and-push-image: