Dagger CI Workflow #1105
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Dagger CI Workflow | |
on: | |
# repository_dispatch: | |
# types: [test-success] | |
# paths-ignore: | |
# - '.github/**' | |
# - 'auth/**' | |
workflow_dispatch: # manually triggered | |
env: | |
# Dagger | |
DAGGER_PLAN: cue.mod/pkg/github.com/3box/pipeline-tools/ci/plans/cas.cue | |
STATUS_PLAN: cue.mod/pkg/github.com/3box/pipeline-tools/ci/plans/status.cue | |
DAGGER_LOG_FORMAT: "plain" | |
# Secrets | |
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
# Miscellaneous | |
RUN_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
STATUS_URL: "https://api.github.com/repos/ceramicnetwork/ceramic-anchor-service/statuses/${{ github.event.client_payload.sha || github.sha }}" | |
BRANCH: ${{ github.event.client_payload.branch || github.ref_name }} | |
SHA: ${{ github.event.client_payload.sha || github.sha }} | |
jobs: | |
image: | |
name: Verify and publish Docker image | |
runs-on: ubuntu-latest | |
steps: | |
- | |
name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
# Use specified SHA, otherwise use the branch | |
ref: ${{ github.event.client_payload.sha || env.BRANCH }} | |
- | |
name: Install Dagger | |
uses: dagger/dagger-for-github@v3 | |
with: | |
install-only: true | |
version: "0.2.36" | |
- | |
name: Setup Dagger | |
run: | | |
dagger project init | |
dagger project update | |
dagger project update "github.com/3box/pipeline-tools/ci" | |
- | |
name: Set commit status "pending" | |
run: dagger do pending -p ${{ env.STATUS_PLAN }} | |
- | |
name: Set sha tag | |
run: | | |
SHA_TAG=$(echo ${{ env.SHA }} | head -c 12) | |
echo "SHA_TAG=$SHA_TAG" >> $GITHUB_ENV | |
- | |
name: Set main branch tag | |
if: ${{ env.BRANCH == 'main' }} | |
run: | | |
echo "ENV_TAG=prod" >> $GITHUB_ENV | |
- | |
name: Set rc branch tag | |
if: ${{ env.BRANCH == 'release-candidate' }} | |
run: | | |
echo "ENV_TAG=tnet" >> $GITHUB_ENV | |
- | |
name: Set develop branch tag | |
if: ${{ env.BRANCH == 'develop' || env.ENV_TAG == '' }} | |
run: | | |
echo "ENV_TAG=dev" >> $GITHUB_ENV | |
- | |
name: Verify Docker image | |
run: dagger do verify -p ${{ env.DAGGER_PLAN }} | |
- | |
name: Set publish flag | |
if: ${{ env.BRANCH == 'main' || env.BRANCH == 'release-candidate' || env.BRANCH == 'develop' }} | |
run: echo "PUBLISH=true" >> $GITHUB_ENV | |
- | |
name: Push private Docker image | |
if: ${{ env.PUBLISH == 'true' }} | |
run: dagger do push -w "actions:push:\"${{ env.AWS_REGION }}\":\"${{ env.ENV_TAG }}\":\"${{ env.BRANCH }}\":\"${{ env.SHA }}\":\"${{ env.SHA_TAG }}\":_" -p ${{ env.DAGGER_PLAN }} | |
- | |
name: Login to public ECR | |
uses: docker/login-action@v2 | |
with: | |
registry: public.ecr.aws | |
username: ${{ env.AWS_ACCESS_KEY_ID }} | |
password: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
env: | |
AWS_REGION: us-east-1 | |
- | |
name: Push public Docker image | |
run: | | |
docker buildx build --load --target base -t 3box/cas . | |
docker tag 3box/cas:latest public.ecr.aws/r5b3e0r5/3box/cas:latest | |
docker push public.ecr.aws/r5b3e0r5/3box/cas:latest | |
- | |
name: Create deployment job | |
if: ${{ env.PUBLISH == 'true' }} | |
run: dagger do -l error deploy -w "actions:deploy:\"${{ env.AWS_REGION }}\":\"${{ env.ENV_TAG }}\":latest:\"${{ env.SHA_TAG }}\":_" -p ${{ env.DAGGER_PLAN }} | |
- | |
name: Set commit status "success" | |
run: dagger do success -p ${{ env.STATUS_PLAN }} | |
- | |
name: Set commit status "failure" | |
if: ${{ failure() }} | |
run: dagger do failure -p ${{ env.STATUS_PLAN }} |