From 7bbbc3c66f8662cd7bba97e1d3ec7bdfd37b1399 Mon Sep 17 00:00:00 2001 From: Kyle Pettigrew Date: Wed, 24 Jul 2024 17:21:36 +1000 Subject: [PATCH 1/9] add base cicd workflows --- .github/workflows/master_ci_build.yml | 77 ++++++++++++ .../profile_tag_trigger_publication.yml | 119 ++++++++++++++++++ .../remote_tag_trigger_publication.yml | 24 ++++ 3 files changed, 220 insertions(+) create mode 100644 .github/workflows/master_ci_build.yml create mode 100644 .github/workflows/profile_tag_trigger_publication.yml create mode 100644 .github/workflows/remote_tag_trigger_publication.yml diff --git a/.github/workflows/master_ci_build.yml b/.github/workflows/master_ci_build.yml new file mode 100644 index 00000000..588c5270 --- /dev/null +++ b/.github/workflows/master_ci_build.yml @@ -0,0 +1,77 @@ +name: Au Base IG Profiles ci build + +on: + push: + branches: + - master + pull_request: + branches: + - "**" + +permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + +jobs: + build: + runs-on: ubuntu-latest + container: hl7fhir/ig-publisher-base # use ig publisher base image https://hub.docker.com/r/hl7fhir/ig-publisher-base + steps: + # to save load time can build custom image with dependencies and push to docker hub + - name: install aws cli + run: | + curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" + unzip -q awscliv2.zip + ./aws/install + + - name: Extract branch name + shell: bash + run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT + id: extract_branch + + + - name: Configure AWS credentials from GitHub OIDC + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: arn:aws:iam::966489602583:role/ghactions_publications_oidc + aws-region: ap-southeast-2 + + - name: Checkout AU base Repository + uses: actions/checkout@v4 + with: + repository: hl7au/au-fhir-base + + - name: Update Publisher + run: | + echo "Updating Publisher" + ./_updatePublisher.sh -f -y + + # - name: Basic Publisher build + # run: | + # _genonce.sh + + - name: Run AutoIG Publisher build + run: java -jar input-cache/publisher.jar -ig ig.ini -auto-ig-build -target https://build.fhir.org.au/ig/hl7au/au-fhir-base/branches/${{ steps.extract_branch.outputs.branch }}/ + + - name: List directories + run: | + find . -type d + + # - name: Upload Artifact + # uses: actions/upload-artifact@v3 + # with: + # name: ig-output + # path: output/full-ig.zip + + # - name: 📂 Sync files # ftp is incredibly slow > 30 min sometimes, costing compute and efficency + # uses: SamKirkland/FTP-Deploy-Action@v4.3.4 + # with: + # server: ${{secrets.BUILD_SERVER}} # change to be env variable to support multiple environments later on + # username: ${{ secrets.FTP_USER }} + # password: ${{ secrets.FTP_PASSWORD }} + # local-dir: aubase/output/ + # server-dir: /ig/hl7au/au-fhir-base/branches/${{ github.ref }}/gopublish/ + # dry-run: true + + - name: Upload artifacts to S3 + run: aws s3 cp output/ s3://hl7au-fhir-ig/base-ci/${{ steps.extract_branch.outputs.branch }}/ --recursive --only-show-errors \ No newline at end of file diff --git a/.github/workflows/profile_tag_trigger_publication.yml b/.github/workflows/profile_tag_trigger_publication.yml new file mode 100644 index 00000000..9ba340d6 --- /dev/null +++ b/.github/workflows/profile_tag_trigger_publication.yml @@ -0,0 +1,119 @@ +name: Au base IG Profiles publish->go-publish + +on: + push: + tags: + - '**' + + +permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + +jobs: + build: + runs-on: ubuntu-latest + container: hl7fhir/ig-publisher-base # use ig publisher base image https://hub.docker.com/r/hl7fhir/ig-publisher-base + steps: + + # to save load time can build custom image with dependencies and push to docker hub + - name: install aws cli + run: | + curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" + unzip -q awscliv2.zip + ./aws/install + + - name: Get the tag name + id: get_tag + run: echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/}" + + - name: Checkout Publications Repository + uses: actions/checkout@v4 + with: + repository: hl7au/publications + + - name: Configure AWS credentials from GitHub OIDC + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: arn:aws:iam::966489602583:role/ghactions_publications_oidc + aws-region: ap-southeast-2 + + - name: Checkout AU base Repository + uses: actions/checkout@v4 + with: + repository: hl7au/au-fhir-base + path: hl7au/au-fhir-base + + - name: Checkout IG History Template Repository + uses: actions/checkout@v4 + with: + repository: HL7/fhir-ig-history-template + path: fhir-history + + - name: Checkout IG Registry Repository + uses: actions/checkout@v4 + with: + repository: hl7au/ig-registry + path: ig-registry + + - name: Update Publisher + run: | + echo "Updating Publisher" + ./_updatePublisher.sh -f -y + + + - name: Basic Publish for Aubase + run: | + echo "Generating Publish for Aubase IG..." + java -jar input-cache/publisher.jar -ig hl7au/au-fhir-base/ig.ini + + - name: Create directories + run: | + mkdir -p webroot/fhir/base + + - name: Download package-list.json + run: | + rm -rf hl7au/au-fhir-${{matrix.project}}/package-list.json + URL="https://hl7.org.au/fhir" + FULL_URL="$URL/package-list.json" + + curl --output webroot/fhir/package-list.json --url $FULL_URL + curl --output webroot/fhir/base/package-list.json --url $FULL_URL + + - name: Download package-feed.xml + run: | + curl --output webroot/fhir/package-feed.xml --url https://hl7.org.au/fhir/package-feed.xml + + - name: Download publication-feed.xml + run: | + curl --output webroot/fhir/publication-feed.xml --url https://hl7.org.au/fhir/publication-feed.xml + + - name: Generate Package Registry + run: | + java -jar input-cache/publisher.jar -generate-package-registry webroot + + - name: Run Aubase Go Publisher build + run: java -jar ./input-cache/publisher.jar -go-publish -source ./hl7au/au-fhir-base -web ./webroot -history ./fhir-history -registry ./ig-registry/fhir-ig-list.json -templates ./templates -tx https://txreg.azurewebsites.net/txdev + + - name: List directories + run: | + find . -type d + + # - name: Upload Artifact + # uses: actions/upload-artifact@v3 + # with: + # name: publish-output + # path: webroot/fhir/base + + # - name: 📂 Sync files # ftp is incredibly slow > 30 min sometimes, costing compute and efficency + # uses: SamKirkland/FTP-Deploy-Action@v4.3.4 + # with: + # server: ${{secrets.BUILD_SERVER}} # change to be env variable to support multiple environments later on + # username: ${{ secrets.FTP_USER }} + # password: ${{ secrets.FTP_PASSWORD }} + # local-dir: aubase/output/ + # server-dir: /ig/hl7au/au-fhir-base/branches/${{ github.ref }}/gopublish/ + # dry-run: true + + - name: Upload artifacts to S3 + run: aws s3 cp ./webroot/fhir/base s3://hl7au-fhir-ig/fhir/ --recursive --only-show-errors #/${{ steps.get_tag.outputs.tag }} \ No newline at end of file diff --git a/.github/workflows/remote_tag_trigger_publication.yml b/.github/workflows/remote_tag_trigger_publication.yml new file mode 100644 index 00000000..5a07ba93 --- /dev/null +++ b/.github/workflows/remote_tag_trigger_publication.yml @@ -0,0 +1,24 @@ +name: Dispatch Event from au-fhir-base to publications repo + +on: + push: + tags: + - '**' + +jobs: + dispatch: + runs-on: ubuntu-latest + steps: + - name: Get the tag name + id: get_tag + run: echo "##[set-output name=tag;]${GITHUB_REF#refs/tags/}" + + - name: Trigger publications repository + env: + GH_PAT: ${{ secrets.GH_PAT }} + run: | + curl -X POST \ + -H "Authorization: token $GH_PAT" \ + -H "Accept: application/vnd.github.v3+json" \ + https://api.github.com/repos/hl7au/publications/dispatches \ + -d '{"event_type":"tag_created","client_payload":{"repository":"au-fhir-base","tag":"${{ steps.get_tag.outputs.tag }}"}}' From ebe1bd87da07314d21c6d3fc03d9cd3ed8e03dee Mon Sep 17 00:00:00 2001 From: Kyle Pettigrew Date: Wed, 24 Jul 2024 17:21:36 +1000 Subject: [PATCH 2/9] alternate package list location --- .github/workflows/profile_tag_trigger_publication.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/profile_tag_trigger_publication.yml b/.github/workflows/profile_tag_trigger_publication.yml index 9ba340d6..5dc651fc 100644 --- a/.github/workflows/profile_tag_trigger_publication.yml +++ b/.github/workflows/profile_tag_trigger_publication.yml @@ -77,7 +77,6 @@ jobs: URL="https://hl7.org.au/fhir" FULL_URL="$URL/package-list.json" - curl --output webroot/fhir/package-list.json --url $FULL_URL curl --output webroot/fhir/base/package-list.json --url $FULL_URL - name: Download package-feed.xml From 35cf91af83d85d5885a344e896a9e86ed8396d6d Mon Sep 17 00:00:00 2001 From: Kyle Pettigrew Date: Wed, 24 Jul 2024 17:21:36 +1000 Subject: [PATCH 3/9] remove matrix reference --- .github/workflows/profile_tag_trigger_publication.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/profile_tag_trigger_publication.yml b/.github/workflows/profile_tag_trigger_publication.yml index 5dc651fc..2fdcb08e 100644 --- a/.github/workflows/profile_tag_trigger_publication.yml +++ b/.github/workflows/profile_tag_trigger_publication.yml @@ -73,10 +73,11 @@ jobs: - name: Download package-list.json run: | - rm -rf hl7au/au-fhir-${{matrix.project}}/package-list.json + rm -rf hl7au/au-fhir-base/package-list.json URL="https://hl7.org.au/fhir" FULL_URL="$URL/package-list.json" + curl --output webroot/fhir/package-list.json --url $FULL_URL curl --output webroot/fhir/base/package-list.json --url $FULL_URL - name: Download package-feed.xml From b479d32e3486fa01b78f195bfec88100634f6bc9 Mon Sep 17 00:00:00 2001 From: Kyle Pettigrew Date: Wed, 24 Jul 2024 17:21:36 +1000 Subject: [PATCH 4/9] base profile does not need subfolder --- .github/workflows/profile_tag_trigger_publication.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/profile_tag_trigger_publication.yml b/.github/workflows/profile_tag_trigger_publication.yml index 2fdcb08e..b173cf46 100644 --- a/.github/workflows/profile_tag_trigger_publication.yml +++ b/.github/workflows/profile_tag_trigger_publication.yml @@ -69,7 +69,7 @@ jobs: - name: Create directories run: | - mkdir -p webroot/fhir/base + mkdir -p webroot/fhir - name: Download package-list.json run: | @@ -116,4 +116,4 @@ jobs: # dry-run: true - name: Upload artifacts to S3 - run: aws s3 cp ./webroot/fhir/base s3://hl7au-fhir-ig/fhir/ --recursive --only-show-errors #/${{ steps.get_tag.outputs.tag }} \ No newline at end of file + run: aws s3 cp ./webroot/fhir s3://hl7au-fhir-ig/fhir/ --recursive --only-show-errors #/${{ steps.get_tag.outputs.tag }} \ No newline at end of file From b1549a61e6e65eb64824815251b8502c6c935257 Mon Sep 17 00:00:00 2001 From: Kyle Pettigrew Date: Wed, 24 Jul 2024 17:21:36 +1000 Subject: [PATCH 5/9] typo --- .github/workflows/profile_tag_trigger_publication.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/profile_tag_trigger_publication.yml b/.github/workflows/profile_tag_trigger_publication.yml index b173cf46..22db14a8 100644 --- a/.github/workflows/profile_tag_trigger_publication.yml +++ b/.github/workflows/profile_tag_trigger_publication.yml @@ -78,7 +78,6 @@ jobs: FULL_URL="$URL/package-list.json" curl --output webroot/fhir/package-list.json --url $FULL_URL - curl --output webroot/fhir/base/package-list.json --url $FULL_URL - name: Download package-feed.xml run: | From f91f17fef273b6a1e02b2cc9554a3099c800137b Mon Sep 17 00:00:00 2001 From: Kyle Pettigrew Date: Wed, 24 Jul 2024 17:21:36 +1000 Subject: [PATCH 6/9] create package list everywhere? --- .github/workflows/profile_tag_trigger_publication.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/profile_tag_trigger_publication.yml b/.github/workflows/profile_tag_trigger_publication.yml index 22db14a8..a15926da 100644 --- a/.github/workflows/profile_tag_trigger_publication.yml +++ b/.github/workflows/profile_tag_trigger_publication.yml @@ -69,7 +69,7 @@ jobs: - name: Create directories run: | - mkdir -p webroot/fhir + mkdir -p webroot/fhir/base - name: Download package-list.json run: | @@ -78,6 +78,7 @@ jobs: FULL_URL="$URL/package-list.json" curl --output webroot/fhir/package-list.json --url $FULL_URL + curl --output webroot/fhir/base/package-list.json --url $FULL_URL - name: Download package-feed.xml run: | From e93d7e7d92f3c6af580bb684e2ca471d485d864d Mon Sep 17 00:00:00 2001 From: Kyle Pettigrew Date: Thu, 25 Jul 2024 10:31:51 +1000 Subject: [PATCH 7/9] destination folder update --- .github/workflows/master_ci_build.yml | 2 +- .github/workflows/profile_tag_trigger_publication.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/master_ci_build.yml b/.github/workflows/master_ci_build.yml index 588c5270..764ecdd8 100644 --- a/.github/workflows/master_ci_build.yml +++ b/.github/workflows/master_ci_build.yml @@ -74,4 +74,4 @@ jobs: # dry-run: true - name: Upload artifacts to S3 - run: aws s3 cp output/ s3://hl7au-fhir-ig/base-ci/${{ steps.extract_branch.outputs.branch }}/ --recursive --only-show-errors \ No newline at end of file + run: aws s3 cp output/ s3://hl7au-fhir-ig/ci/base/${{ steps.extract_branch.outputs.branch }}/ --recursive --only-show-errors \ No newline at end of file diff --git a/.github/workflows/profile_tag_trigger_publication.yml b/.github/workflows/profile_tag_trigger_publication.yml index a15926da..2fdcb08e 100644 --- a/.github/workflows/profile_tag_trigger_publication.yml +++ b/.github/workflows/profile_tag_trigger_publication.yml @@ -116,4 +116,4 @@ jobs: # dry-run: true - name: Upload artifacts to S3 - run: aws s3 cp ./webroot/fhir s3://hl7au-fhir-ig/fhir/ --recursive --only-show-errors #/${{ steps.get_tag.outputs.tag }} \ No newline at end of file + run: aws s3 cp ./webroot/fhir/base s3://hl7au-fhir-ig/fhir/ --recursive --only-show-errors #/${{ steps.get_tag.outputs.tag }} \ No newline at end of file From c19ca3e8e3f2f1a7796f9a37dbcd3c31cc7de7fb Mon Sep 17 00:00:00 2001 From: Kyle Pettigrew Date: Thu, 25 Jul 2024 11:21:08 +1000 Subject: [PATCH 8/9] force tag checkout --- .../profile_tag_trigger_publication.yml | 21 +------------------ 1 file changed, 1 insertion(+), 20 deletions(-) diff --git a/.github/workflows/profile_tag_trigger_publication.yml b/.github/workflows/profile_tag_trigger_publication.yml index 2fdcb08e..3a477fa9 100644 --- a/.github/workflows/profile_tag_trigger_publication.yml +++ b/.github/workflows/profile_tag_trigger_publication.yml @@ -43,6 +43,7 @@ jobs: with: repository: hl7au/au-fhir-base path: hl7au/au-fhir-base + ref: ${{ steps.get_tag.outputs.tag }} - name: Checkout IG History Template Repository uses: actions/checkout@v4 @@ -95,25 +96,5 @@ jobs: - name: Run Aubase Go Publisher build run: java -jar ./input-cache/publisher.jar -go-publish -source ./hl7au/au-fhir-base -web ./webroot -history ./fhir-history -registry ./ig-registry/fhir-ig-list.json -templates ./templates -tx https://txreg.azurewebsites.net/txdev - - name: List directories - run: | - find . -type d - - # - name: Upload Artifact - # uses: actions/upload-artifact@v3 - # with: - # name: publish-output - # path: webroot/fhir/base - - # - name: 📂 Sync files # ftp is incredibly slow > 30 min sometimes, costing compute and efficency - # uses: SamKirkland/FTP-Deploy-Action@v4.3.4 - # with: - # server: ${{secrets.BUILD_SERVER}} # change to be env variable to support multiple environments later on - # username: ${{ secrets.FTP_USER }} - # password: ${{ secrets.FTP_PASSWORD }} - # local-dir: aubase/output/ - # server-dir: /ig/hl7au/au-fhir-base/branches/${{ github.ref }}/gopublish/ - # dry-run: true - - name: Upload artifacts to S3 run: aws s3 cp ./webroot/fhir/base s3://hl7au-fhir-ig/fhir/ --recursive --only-show-errors #/${{ steps.get_tag.outputs.tag }} \ No newline at end of file From 53d5a489869c04bdb1c969bb4cef8a7bb01826f1 Mon Sep 17 00:00:00 2001 From: Kyle Pettigrew Date: Thu, 25 Jul 2024 12:04:08 +1000 Subject: [PATCH 9/9] upload the output folder too --- .github/workflows/profile_tag_trigger_publication.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/profile_tag_trigger_publication.yml b/.github/workflows/profile_tag_trigger_publication.yml index 3a477fa9..4f1f6a7a 100644 --- a/.github/workflows/profile_tag_trigger_publication.yml +++ b/.github/workflows/profile_tag_trigger_publication.yml @@ -43,7 +43,7 @@ jobs: with: repository: hl7au/au-fhir-base path: hl7au/au-fhir-base - ref: ${{ steps.get_tag.outputs.tag }} + ref: ${{ steps.get_tag.outputs.tag }} # explicit, not usually since the default is to checkout the initiating commit - name: Checkout IG History Template Repository uses: actions/checkout@v4 @@ -96,5 +96,8 @@ jobs: - name: Run Aubase Go Publisher build run: java -jar ./input-cache/publisher.jar -go-publish -source ./hl7au/au-fhir-base -web ./webroot -history ./fhir-history -registry ./ig-registry/fhir-ig-list.json -templates ./templates -tx https://txreg.azurewebsites.net/txdev - - name: Upload artifacts to S3 - run: aws s3 cp ./webroot/fhir/base s3://hl7au-fhir-ig/fhir/ --recursive --only-show-errors #/${{ steps.get_tag.outputs.tag }} \ No newline at end of file + - name: Upload Base webroot to S3 + run: aws s3 cp ./webroot/fhir/base s3://hl7au-fhir-ig/fhir/ --recursive --only-show-errors #/${{ steps.get_tag.outputs.tag }} + + - name: Upload Base output to S3 + run: aws s3 cp ./hl7au/au-fhir-base/output s3://hl7au-fhir-ig/fhir/output --recursive --only-show-errors #/${{ steps.get_tag.outputs.tag }} \ No newline at end of file