diff --git a/.github/workflows/actions/azure-login/action.yml b/.github/workflows/actions/azure-login/action.yml new file mode 100644 index 000000000..e92942e40 --- /dev/null +++ b/.github/workflows/actions/azure-login/action.yml @@ -0,0 +1,40 @@ +name: AKS and ACS login +description: Logs in to Azure subscription and Azure Container Registry +inputs: + AZURE_CLIENT_ID_OIDC: + description: 'Azure Client ID OIDC' + required: true + AZURE_TENANT_ID: + description: 'Azure Tenant ID' + required: true + AZURE_SUBSCRIPTION_ID: + description: 'Azure Subscription ID' + required: true + AZURE_CLIENT_ID: + description: 'Azure Client ID' + required: true + AZURE_CLIENT_SECRET: + description: 'Azure Client Secret' + required: true +runs: + using: composite + steps: + - name: Login to our Azure subscription. + uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 + with: + client-id: ${{ inputs.AZURE_CLIENT_ID_OIDC }} + tenant-id: ${{ inputs.AZURE_TENANT_ID }} + subscription-id: ${{ inputs.AZURE_SUBSCRIPTION_ID }} + + - name: Login to Azure Container Registry + uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 + with: + registry: adoptopenjdkacr.azurecr.io + username: ${{ inputs.AZURE_CLIENT_ID }} + password: ${{ inputs.AZURE_CLIENT_SECRET }} + + - name: Set the target Azure Kubernetes Service (AKS) cluster. + uses: azure/aks-set-context@4edaee69f820359371ee8bc85189ac03a21d3a58 # v3.2 + with: + resource-group: adopt-api + cluster-name: aksff92 diff --git a/.github/workflows/actions/do-login/action.yml b/.github/workflows/actions/do-login/action.yml new file mode 100644 index 000000000..a401ec72f --- /dev/null +++ b/.github/workflows/actions/do-login/action.yml @@ -0,0 +1,16 @@ +name: DigitalOcean Login +description: Logs in to DigitalOcean +inputs: + DIGITALOCEAN_ACCESS_TOKEN: + description: 'DigitalOcean access token' + required: true +runs: + using: composite + steps: + - name: Login to DigitalOcean + uses: digitalocean/action-doctl@cf10ddb4467f6fb84c01f7cc5f099cec71eabc93 # v2.4.1 + with: + token: ${{ inputs.DIGITALOCEAN_ACCESS_TOKEN }} + + - name: Set the target Azure Kubernetes Service (AKS) cluster. + run: doctl kubernetes cluster kubeconfig save k8s-1-27-4-do-0-blr1-1693486270021 diff --git a/.github/workflows/actions/docker-build/action.yml b/.github/workflows/actions/docker-build/action.yml new file mode 100644 index 000000000..d17ed5eba --- /dev/null +++ b/.github/workflows/actions/docker-build/action.yml @@ -0,0 +1,19 @@ +name: Docker Build +description: Build and push Docker images to Azure Container Registry +inputs: + DOCKER_REPO: + description: 'Docker repository' + required: true + BUILD_ARGS: + description: 'Build arguments' + required: false +runs: + using: composite + steps: + - name: Build container image and push to Azure + uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4.2.1 + with: + file: ./deploy/Dockerfile + tags: ${{ inputs.DOCKER_REPO }}:latest + build-args: ${{ inputs.BUILD_ARGS }} + push: true diff --git a/.github/workflows/actions/kubectl-redeploy/action.yml b/.github/workflows/actions/kubectl-redeploy/action.yml new file mode 100644 index 000000000..4d77952ee --- /dev/null +++ b/.github/workflows/actions/kubectl-redeploy/action.yml @@ -0,0 +1,14 @@ +name: Kubernetes Rollout Restart +description: Redeploy frontend and updater +inputs: + NAMESPACE: + description: 'Kubernetes namespace' + required: true +runs: + using: composite + steps: + - name: Redeploy updater-api + run: kubectl config set-context --current --namespace=${{ inputs.NAMESPACE }} && kubectl rollout restart deployment updater-api + + - name: Redeploy frontend-service + run: kubectl config set-context --current --namespace=${{ inputs.NAMESPACE }} && kubectl rollout restart deployment frontend-service diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml deleted file mode 100644 index 1a3f89210..000000000 --- a/.github/workflows/build-docker.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: Docker Build - -on: - workflow_dispatch: - push: - branches: [ main, production ] - -permissions: - id-token: write - contents: read - -jobs: - docker-build: - if: startsWith(github.repository, 'adoptium/') - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - - - name: Login to our Azure subscription. - uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 - with: - client-id: ${{ secrets.AZURE_CLIENT_ID_OIDC }} - tenant-id: ${{ secrets.AZURE_TENANT_ID }} - subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} - - - name: Login to Azure Container Registry - uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0 - with: - registry: adoptopenjdkacr.azurecr.io - username: ${{ secrets.AZURE_CLIENT_ID }} - password: ${{ secrets.AZURE_CLIENT_SECRET }} - - - name: Detect Branch - run: | - case ${GITHUB_REF##*/} in - production) echo "NAMESPACE=api" >> $GITHUB_ENV ;; - *) echo "NAMESPACE=api-staging" >> $GITHUB_ENV ;; - esac - - - name: Build container image and push to Azure - uses: docker/build-push-action@0a97817b6ade9f46837855d676c4cca3a2471fc9 # v4.2.1 - with: - file: ./deploy/Dockerfile - tags: adoptopenjdkacr.azurecr.io/adoptopenjdk-${{ env.NAMESPACE }}:latest - push: true - - - name: Set the target Azure Kubernetes Service (AKS) cluster. - uses: azure/aks-set-context@4edaee69f820359371ee8bc85189ac03a21d3a58 # v3.2 - with: - resource-group: adopt-api - cluster-name: aksff92 - - - name: Redeploy updater-api - run: kubectl config set-context --current --namespace=${{ env.NAMESPACE }} && kubectl rollout restart deployment updater-api - - - name: Redeploy frontend-service - run: kubectl config set-context --current --namespace=${{ env.NAMESPACE }} && kubectl rollout restart deployment frontend-service diff --git a/.github/workflows/deploy-adoptium.yml b/.github/workflows/deploy-adoptium.yml new file mode 100644 index 000000000..ed33e8210 --- /dev/null +++ b/.github/workflows/deploy-adoptium.yml @@ -0,0 +1,43 @@ +name: Docker Build (Adoptium) + +on: + workflow_dispatch: + push: + branches: [ main, production ] + +permissions: + id-token: write + contents: read + +jobs: + docker-build: + if: startsWith(github.repository, 'adoptium/') + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + + - name: Login to Azure + uses: ./.github/actions/azure-login + with: + AZURE_CLIENT_ID_OIDC: ${{ secrets.AZURE_CLIENT_ID_OIDC }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_OIDC }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + + - name: Detect Branch + run: | + case ${GITHUB_REF##*/} in + production) echo "NAMESPACE=api" >> $GITHUB_ENV ;; + *) echo "NAMESPACE=api-staging" >> $GITHUB_ENV ;; + esac + + - name: Build container image and push to Azure + uses: ././github/actions/docker-build + with: + DOCKER_REPO: adoptopenjdkacr.azurecr.io/adoptopenjdk-${{ env.NAMESPACE }} + + - name: Redeploy Kubernetes Updater and Frontend + uses: ./.github/actions/kubectl-redeploy + with: + NAMESPACE: ${{ env.NAMESPACE }} diff --git a/.github/workflows/deploy-adoptopenjdk.yml b/.github/workflows/deploy-adoptopenjdk.yml new file mode 100644 index 000000000..e9936131f --- /dev/null +++ b/.github/workflows/deploy-adoptopenjdk.yml @@ -0,0 +1,56 @@ +name: Docker Build (AdoptOpenJDK) + +on: + workflow_dispatch: + push: + branches: [ main, production ] + +permissions: + id-token: write + contents: read + +jobs: + docker-build: + if: startsWith(github.repository, 'adoptium/') + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + + - name: Login to Azure + uses: ./.github/actions/azure-login + with: + AZURE_CLIENT_ID_OIDC: ${{ secrets.AZURE_CLIENT_ID_OIDC }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID_OIDC }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }} + + - name: Detect Branch + run: | + case ${GITHUB_REF##*/} in + production) echo "NAMESPACE=adoptopenjdk-alt" >> $GITHUB_ENV ;; + *) echo "NAMESPACE=adoptopenjdk-alt-staging" >> $GITHUB_ENV ;; + esac + + - name: Build container image and push to Azure + uses: ././github/actions/docker-build + with: + DOCKER_REPO: adoptopenjdkacr.azurecr.io/azure-${{ env.NAMESPACE }} + BUILD_ARGS: MAVEN_FLAGS="-Padoptopenjdk,-adoptium" + + - name: Redeploy Kubernetes Updater and Frontend + uses: ./.github/actions/kubectl-redeploy + with: + NAMESPACE: ${{ env.NAMESPACE }} + + # if the branch is production, redeploy the k8s service on digitalocean too + - name: Login to DigitalOcean + uses: ././github/actions/do-login + with: + token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} + + - name: Redeploy Kubernetes Updater and Frontend + if: startsWith(github.ref, 'refs/heads/production') + uses: ./.github/actions/kubectl-redeploy + with: + NAMESPACE: adoptopenjdk-do diff --git a/deploy/Dockerfile b/deploy/Dockerfile index 1498012d0..5b7084877 100644 --- a/deploy/Dockerfile +++ b/deploy/Dockerfile @@ -1,6 +1,8 @@ FROM eclipse-temurin:17 # BUILDS FOR ADOPTIUM, NOT ADOPTOPENJDK +ARG MAVEN_FLAGS="-Padoptium,-adoptopenjdk" +ENV MAVEN_FLAGS=$MAVEN_FLAGS ARG REPOSITORY="https://github.com/adoptium/api.adoptium.net.git" ENV REPOSITORY=$REPOSITORY @@ -25,7 +27,7 @@ RUN chown -R api: /tmp/build USER api -RUN ./mvnw clean install -Padoptium,-adoptopenjdk && \ +RUN ./mvnw clean install $MAVEN_FLAGS && \ cp adoptium-updater-parent/adoptium-api-v3-updater/target/adoptium-api-v3-updater-*-jar-with-dependencies.jar /home/api/deployment/updater.jar && \ cp -r adoptium-frontend-parent/adoptium-api-v3-frontend/target/quarkus-app/* /home/api/deployment/ && \ mv /home/api/deployment/quarkus-run.jar /home/api/deployment/frontend.jar && \