Merge pull request #860 from hl7au/feature/cicd

Add base cicd workflows
hl7au · Aug 2, 2024 · 7256d2a · 7256d2a
2 parents 38a9f49 + 53d5a48
commit 7256d2a
Show file tree

Hide file tree

Showing 3 changed files with 204 additions and 0 deletions.
diff --git a/.github/workflows/master_ci_build.yml b/.github/workflows/master_ci_build.yml
@@ -0,0 +1,77 @@
+name: Au Base IG Profiles ci build
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - "**"
+
+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: read  # This is required for actions/checkout
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    container: hl7fhir/ig-publisher-base    # use ig publisher base image https://hub.docker.com/r/hl7fhir/ig-publisher-base
+    steps:
+    # to save load time can build custom image with dependencies and push to docker hub
+    - name: install aws cli
+      run: |
+        curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+        unzip -q awscliv2.zip
+        ./aws/install
+
+    - name: Extract branch name
+      shell: bash
+      run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
+      id: extract_branch
+
+
+    - name: Configure AWS credentials from GitHub OIDC
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: arn:aws:iam::966489602583:role/ghactions_publications_oidc
+        aws-region: ap-southeast-2
+
+    - name: Checkout AU base Repository
+      uses: actions/checkout@v4
+      with:
+        repository: hl7au/au-fhir-base
+
+    - name: Update Publisher
+      run: |
+        echo "Updating Publisher"
+        ./_updatePublisher.sh -f -y
+
+    # - name: Basic Publisher build
+    #   run: |
+    #     _genonce.sh
+
+    - name: Run AutoIG Publisher build
+      run: java -jar input-cache/publisher.jar -ig ig.ini -auto-ig-build -target https://build.fhir.org.au/ig/hl7au/au-fhir-base/branches/${{ steps.extract_branch.outputs.branch }}/
+
+    - name: List directories
+      run:  |
+        find . -type d
+
+    # - name: Upload Artifact
+    #   uses: actions/upload-artifact@v3
+    #   with:
+    #     name: ig-output
+    #     path: output/full-ig.zip
+
+    # - name: 📂 Sync files # ftp is incredibly slow > 30 min sometimes, costing compute and efficency 
+    #   uses: SamKirkland/[email protected]
+    #   with:
+    #     server: ${{secrets.BUILD_SERVER}} # change to be env variable to support multiple environments later on
+    #     username: ${{ secrets.FTP_USER }}
+    #     password: ${{ secrets.FTP_PASSWORD }}
+    #     local-dir: aubase/output/
+    #     server-dir: /ig/hl7au/au-fhir-base/branches/${{ github.ref }}/gopublish/
+    #     dry-run: true
+
+    - name: Upload artifacts to S3
+      run: aws s3 cp output/ s3://hl7au-fhir-ig/ci/base/${{ steps.extract_branch.outputs.branch }}/ --recursive --only-show-errors
diff --git a/.github/workflows/profile_tag_trigger_publication.yml b/.github/workflows/profile_tag_trigger_publication.yml
@@ -0,0 +1,103 @@
+name: Au base IG Profiles publish->go-publish
+
+on:
+  push:
+    tags:
+      - '**'
+
+
+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: read  # This is required for actions/checkout
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    container: hl7fhir/ig-publisher-base    # use ig publisher base image https://hub.docker.com/r/hl7fhir/ig-publisher-base
+    steps:
+
+    # to save load time can build custom image with dependencies and push to docker hub
+    - name: install aws cli
+      run: |
+        curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+        unzip -q awscliv2.zip
+        ./aws/install
+    
+    - name: Get the tag name
+      id: get_tag
+      run: echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/}"
+
+    - name: Checkout Publications Repository
+      uses: actions/checkout@v4
+      with:
+        repository: hl7au/publications
+
+    - name: Configure AWS credentials from GitHub OIDC
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        role-to-assume: arn:aws:iam::966489602583:role/ghactions_publications_oidc
+        aws-region: ap-southeast-2
+
+    - name: Checkout AU base Repository
+      uses: actions/checkout@v4
+      with:
+        repository: hl7au/au-fhir-base
+        path: hl7au/au-fhir-base
+        ref: ${{ steps.get_tag.outputs.tag }} # explicit, not usually since the default is to checkout the initiating commit
+
+    - name: Checkout IG History Template Repository
+      uses: actions/checkout@v4
+      with:
+        repository: HL7/fhir-ig-history-template
+        path: fhir-history
+
+    - name: Checkout IG Registry Repository
+      uses: actions/checkout@v4
+      with:
+        repository: hl7au/ig-registry
+        path: ig-registry
+
+    - name: Update Publisher
+      run: |
+        echo "Updating Publisher"
+        ./_updatePublisher.sh -f -y
+
+          
+    - name: Basic Publish for Aubase
+      run: |
+          echo "Generating Publish for  Aubase IG..."
+          java -jar input-cache/publisher.jar -ig hl7au/au-fhir-base/ig.ini
+
+    - name: Create directories
+      run: |
+        mkdir -p webroot/fhir/base
+
+    - name: Download package-list.json
+      run: |
+        rm -rf hl7au/au-fhir-base/package-list.json
+        URL="https://hl7.org.au/fhir"
+        FULL_URL="$URL/package-list.json"
+        
+        curl --output webroot/fhir/package-list.json --url $FULL_URL
+        curl --output webroot/fhir/base/package-list.json --url $FULL_URL
+
+    - name: Download package-feed.xml
+      run: |
+        curl --output webroot/fhir/package-feed.xml --url https://hl7.org.au/fhir/package-feed.xml
+
+    - name: Download publication-feed.xml
+      run: |
+        curl --output webroot/fhir/publication-feed.xml --url https://hl7.org.au/fhir/publication-feed.xml
+
+    - name: Generate Package Registry
+      run: |
+        java -jar input-cache/publisher.jar -generate-package-registry webroot
+
+    - name: Run Aubase Go Publisher build
+      run:  java -jar ./input-cache/publisher.jar -go-publish -source ./hl7au/au-fhir-base -web ./webroot -history ./fhir-history -registry ./ig-registry/fhir-ig-list.json -templates ./templates -tx https://txreg.azurewebsites.net/txdev
+
+    - name: Upload Base webroot to S3
+      run: aws s3 cp ./webroot/fhir/base s3://hl7au-fhir-ig/fhir/ --recursive --only-show-errors #/${{ steps.get_tag.outputs.tag }}
+
+    - name: Upload Base output to S3
+      run: aws s3 cp ./hl7au/au-fhir-base/output s3://hl7au-fhir-ig/fhir/output --recursive --only-show-errors #/${{ steps.get_tag.outputs.tag }}
diff --git a/.github/workflows/remote_tag_trigger_publication.yml b/.github/workflows/remote_tag_trigger_publication.yml
@@ -0,0 +1,24 @@
+name: Dispatch Event from au-fhir-base to publications repo
+
+on:
+  push:
+    tags:
+      - '**'
+
+jobs:
+  dispatch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get the tag name
+        id: get_tag
+        run: echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/}"
+
+      - name: Trigger publications repository
+        env:
+          GH_PAT: ${{ secrets.GH_PAT }}
+        run: |
+          curl -X POST \
+          -H "Authorization: token $GH_PAT" \
+          -H "Accept: application/vnd.github.v3+json" \
+          https://api.github.com/repos/hl7au/publications/dispatches \
+          -d '{"event_type":"tag_created","client_payload":{"repository":"au-fhir-base","tag":"${{ steps.get_tag.outputs.tag }}"}}'