Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CORE-2204 Add workflow examples for Python #184

Merged
merged 1 commit into from
Dec 21, 2024
Merged

CORE-2204 Add workflow examples for Python #184

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
245 changes: 245 additions & 0 deletions .github/workflows/example-build-deploy-python-google.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,245 @@
name: Build and Deploy Python to Kubernetes on Google Cloud

on:
push:
branches: [trunk]
## Adding a path filter will only trigger the workflow if the files in the path are modified.
## This is very useful if you have a monorepo structure.
## See https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore for more information.
##
# paths:
# - 'applications/my-app/**'
##
# pull_request:
# branches: [trunk]

env:
SYSTEM_NAME: 'core'
APPLICATION_NAME: 'demo-api-python'
PROJECT_FILE: 'applications/demo-api-python/uv.lock'
HELM_VALUES_FILE: '.github/deploy/values-demo-api-python.yml'

jobs:
analyze:
name: Analyze
runs-on: elvia-runner
permissions:
actions: read
contents: read
security-events: write
# Limits the number of concurrent runs of this job to one, and cancels any in progress.
concurrency:
group: '${{ github.workflow }}-${{ github.ref }}-analyze'
cancel-in-progress: true
steps:
# START REMOVE FROM EXAMPLE
- name: Get GitHub App token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.GH_APP_ID }}
owner: ${{ github.repository_owner }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
repositories: 'core'

- name: Checkout core repository
uses: actions/checkout@v4
id: checkout
with:
repository: '3lvia/core'
token: ${{ steps.app-token.outputs.token }}
# END REMOVE FROM EXAMPLE
- uses: 3lvia/core-github-actions-templates/analyze@trunk
with:
# This can be set to a more specific path if you want to analyze only a part of the repository.
working-directory: '.'
language: 'python'
# START REMOVE FROM EXAMPLE
checkout: 'false'
upload-results: 'false'
# END REMOVE FROM EXAMPLE

build-scan:
name: Build and Scan
runs-on: elvia-runner
permissions:
actions: read
contents: write
id-token: write
pull-requests: write
security-events: write
# Limits the number of concurrent runs of this job to one, and cancels any in progress.
concurrency:
group: '${{ github.workflow }}-${{ github.ref }}-build-scan'
cancel-in-progress: true
environment: build
steps:
# START REMOVE FROM EXAMPLE
- name: Get GitHub App token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.GH_APP_ID }}
owner: ${{ github.repository_owner }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
repositories: 'core'

- name: Checkout core repository
uses: actions/checkout@v4
with:
repository: '3lvia/core'
token: ${{ steps.app-token.outputs.token }}
# END REMOVE FROM EXAMPLE
- uses: 3lvia/core-github-actions-templates/build@trunk
with:
name: ${{ env.APPLICATION_NAME }}
namespace: ${{ env.SYSTEM_NAME }}
project-file: ${{ env.PROJECT_FILE }}
trivy-upload-report: 'false'
trivy-post-comment: 'true'
AZURE_CLIENT_ID: ${{ vars.ACR_CLIENT_ID }}
# START REMOVE FROM EXAMPLE
checkout: 'false'
# END REMOVE FROM EXAMPLE

deploy-dev:
name: Deploy Dev
# Require all jobs below to be successful before running this job.
# Any of these can be commented out or removed if you want to deploy anyway.
needs:
- build-scan
- analyze
runs-on: elvia-runner
permissions:
contents: read
id-token: write
# Limits the number of concurrent runs of this job to one, but DOES NOT cancel any in progress.
concurrency:
group: '${{ github.workflow }}-${{ github.ref }}-deploy-dev'
environment: dev
steps:
# START REMOVE FROM EXAMPLE
- name: Get GitHub App token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.GH_APP_ID }}
owner: ${{ github.repository_owner }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
repositories: 'core'

- name: Checkout core repository
uses: actions/checkout@v4
with:
repository: '3lvia/core'
token: ${{ steps.app-token.outputs.token }}
# END REMOVE FROM EXAMPLE
- uses: 3lvia/core-github-actions-templates/deploy@trunk
with:
name: ${{ env.APPLICATION_NAME }}
namespace: ${{ env.SYSTEM_NAME }}
environment: 'dev'
helm-values-file: ${{ env.HELM_VALUES_FILE }}
runtime-cloud-provider: 'GKE'
# Will post to the Slack channel of your system if the deployment fails.
# Can be commented out if you don't want this.
slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }}
GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }}
# START REMOVE FROM EXAMPLE
checkout: 'false'
# END REMOVE FROM EXAMPLE

deploy-test:
name: Deploy Test
# Only deploy to test after dev
needs: [deploy-dev]
runs-on: elvia-runner
permissions:
contents: read
id-token: write
# Limits the number of concurrent runs of this job to one, but DOES NOT cancel any in progress.
concurrency:
group: '${{ github.workflow }}-${{ github.ref }}-deploy-test'
environment: test
# Only on push to trunk
if: github.ref == 'refs/heads/trunk'
steps:
# START REMOVE FROM EXAMPLE
- name: Get GitHub App token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.GH_APP_ID }}
owner: ${{ github.repository_owner }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
repositories: 'core'

- name: Checkout core repository
uses: actions/checkout@v4
with:
repository: '3lvia/core'
token: ${{ steps.app-token.outputs.token }}
# END REMOVE FROM EXAMPLE
- uses: 3lvia/core-github-actions-templates/deploy@trunk
with:
name: ${{ env.APPLICATION_NAME }}
namespace: ${{ env.SYSTEM_NAME }}
environment: 'test'
helm-values-file: ${{ env.HELM_VALUES_FILE }}
runtime-cloud-provider: 'GKE'
# Will post to the Slack channel of your system if the deployment fails.
# Can be commented out if you don't want this.
slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }}
GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }}
# START REMOVE FROM EXAMPLE
checkout: 'false'
# END REMOVE FROM EXAMPLE

deploy-prod:
name: Deploy Prod
# Only deploy to prod after test
needs: [deploy-test]
runs-on: elvia-runner
permissions:
contents: read
id-token: write
# Limits the number of concurrent runs of this job to one, but DOES NOT cancel any in progress.
concurrency:
group: '${{ github.workflow }}-${{ github.ref }}-deploy-prod'
environment: prod
# Only on push to trunk
if: github.ref == 'refs/heads/trunk'
steps:
# START REMOVE FROM EXAMPLE
- name: Get GitHub App token
uses: actions/create-github-app-token@v1
id: app-token
with:
app-id: ${{ vars.GH_APP_ID }}
owner: ${{ github.repository_owner }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
repositories: 'core'

- name: Checkout core repository
uses: actions/checkout@v4
with:
repository: '3lvia/core'
token: ${{ steps.app-token.outputs.token }}
# END REMOVE FROM EXAMPLE
- uses: 3lvia/core-github-actions-templates/deploy@trunk
with:
name: ${{ env.APPLICATION_NAME }}
namespace: ${{ env.SYSTEM_NAME }}
environment: 'prod'
helm-values-file: ${{ env.HELM_VALUES_FILE }}
runtime-cloud-provider: 'GKE'
# Will post to the Slack channel of your system if the deployment fails.
# Can be commented out if you don't want this.
slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }}
GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }}
# START REMOVE FROM EXAMPLE
checkout: 'false'
# END REMOVE FROM EXAMPLE
Loading