Skip to content

Merge pull request #506 from eduvic-mozilla/feat/IAM-1296 #141

Merge pull request #506 from eduvic-mozilla/feat/IAM-1296

Merge pull request #506 from eduvic-mozilla/feat/IAM-1296 #141

Workflow file for this run

name: Build and Deploy SSO Dashboard
on:
workflow_dispatch:
push:
branches:
- 'master'
permissions:
contents: 'read'
id-token: 'write'
env:
APP: sso-dashboard
GAR_LOCATION: us-east1
PROJECT_ID: iam-auth0
REGION: us-east1
CHANNEL_IDS: C05AMLCL4JX
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN}}
jobs:
init:
name: Init
runs-on: ubuntu-latest
outputs:
release_name: ${{ steps.release_name.outputs.release_name }}
docker_tag: ${{ steps.docker_tag.outputs.docker_tag }}
slack_ts: ${{ steps.slack_ts.outputs.slack_ts }}
steps:
- name: 'Checkout'
uses: 'actions/checkout@v4'
- name: 'Create release name'
id: release_name
run: echo "RELEASE_NAME=${{ env.APP }}-${GITHUB_SHA::7}-${GITHUB_RUN_NUMBER}-${GITHUB_RUN_ATTEMPT}" >> "$GITHUB_OUTPUT"
- name: 'Create docker tag'
id: docker_tag
run: echo "DOCKER_TAG=${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.APP }}/${{ env.APP }}:${{ github.sha }}" >> "$GITHUB_OUTPUT"
- name: Send initial slack notification
uses: slackapi/[email protected]
id: slack
with:
channel-id: ${{ env.CHANNEL_IDS }}
payload-file-path: ".github/workflows/payload-slack-content.json"
env:
STATUS_COLOR: dbab09
STATUS_TITLE: Starting Deployment Pipeline
STATUS_VALUE: ':link-run: *Running*'
- name: Output slack ts
id: slack_ts
run: echo "SLACK_TS=${{ steps.slack.outputs.ts }}" >> "$GITHUB_OUTPUT"
lint:
name: Linting / Unit Testing
needs: init
runs-on: ubuntu-latest
env:
RELEASE_NAME: ${{needs.init.outputs.release_name}}
steps:
- name: 'Checkout'
uses: 'actions/checkout@v4'
- name: Update slack notification
uses: slackapi/[email protected]
with:
update-ts: ${{ needs.init.outputs.slack_ts }}
channel-id: ${{ env.CHANNEL_IDS }}
payload-file-path: ".github/workflows/payload-slack-content.json"
env:
STATUS_COLOR: dbab09
STATUS_TITLE: Linting/Unittesting
STATUS_VALUE: ':link-run: *Running*'
- name: Install tox
run: pip install tox
- name: Running Tox
run: tox
build:
name: Building
needs: [ init, lint ]
runs-on: ubuntu-latest
environment: production
env:
RELEASE_NAME: ${{needs.init.outputs.release_name}}
DOCKER_TAG: ${{needs.init.outputs.docker_tag}}
steps:
- name: 'Checkout'
uses: 'actions/checkout@v4'
- name: Update slack notification
uses: slackapi/[email protected]
with:
update-ts: ${{ needs.init.outputs.slack_ts }}
channel-id: ${{ env.CHANNEL_IDS }}
payload-file-path: ".github/workflows/payload-slack-content.json"
env:
STATUS_COLOR: dbab09
STATUS_TITLE: Building Docker Image
STATUS_VALUE: ':link-run: *Running*'
- name: 'Google auth'
id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
- name: 'Docker auth'
run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev --quiet
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build and push Docker image with buildx
uses: docker/build-push-action@v4
with:
context: .
push: true
build-args: RELEASE_NAME=${{ env.RELEASE_NAME }}
tags: "${{ env.DOCKER_TAG }}"
cache-from: type=gha
cache-to: type=gha,mode=max
validate:
name: Validating
needs: [ init, lint, build ]
runs-on: ubuntu-latest
environment: production
env:
RELEASE_NAME: ${{needs.init.outputs.release_name}}
DOCKER_TAG: ${{needs.init.outputs.docker_tag}}
steps:
- name: 'Checkout'
uses: 'actions/checkout@v4'
- name: Update slack notification
uses: slackapi/[email protected]
with:
update-ts: ${{ needs.init.outputs.slack_ts }}
channel-id: ${{ env.CHANNEL_IDS }}
payload-file-path: ".github/workflows/payload-slack-content.json"
env:
STATUS_COLOR: dbab09
STATUS_TITLE: Validating Image
STATUS_VALUE: ':link-run: *Running*'
- name: 'Google auth'
id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
- name: 'Docker auth'
run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev
- name: Pull Docker image
run: docker pull "${{ env.DOCKER_TAG }}"
- name: Run validate docker image
uses: addnab/docker-run-action@v3
with:
image: "${{ env.DOCKER_TAG }}"
run: echo "TODO Add docker validation checks"
deploy:
name: Sending to Cloud Deploy
needs: [ init, lint, build, validate ]
runs-on: ubuntu-latest
environment: production
env:
RELEASE_NAME: ${{needs.init.outputs.release_name}}
DOCKER_TAG: ${{needs.init.outputs.docker_tag}}
steps:
- name: 'Checkout'
uses: 'actions/[email protected]'
- name: Update slack notification
uses: slackapi/[email protected]
with:
update-ts: ${{ needs.init.outputs.slack_ts }}
channel-id: ${{ env.CHANNEL_IDS }}
payload-file-path: ".github/workflows/payload-slack-content.json"
env:
STATUS_COLOR: dbab09
STATUS_TITLE: Sending to Cloud Deploy
STATUS_VALUE: ':link-run: *Running*'
- name: 'Google auth'
id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
workload_identity_provider: '${{ secrets.WIF_PROVIDER }}'
service_account: '${{ secrets.WIF_SERVICE_ACCOUNT }}'
- name: 'Render cloud deploy config manifests from templates'
run: for template in $(ls clouddeploy/*.template.yaml); do envsubst < ${template} > ${template%%.*}.yaml ; done
- name: 'Create Cloud Deploy release'
uses: 'google-github-actions/create-cloud-deploy-release@v0'
with:
delivery_pipeline: '${{ env.APP }}'
name: '${{ env.RELEASE_NAME }}'
region: '${{ env.REGION }}'
description: '${{ env.GITHUB_COMMIT_MSG }}'
skaffold_file: 'clouddeploy/skaffold.yaml'
images: 'app=${{ env.DOCKER_TAG }}'
final:
name: Finalize Notifications
needs: [ init, lint, build, validate, deploy ]
runs-on: ubuntu-latest
if: always()
env:
RELEASE_NAME: ${{needs.init.outputs.release_name}}
steps:
- name: 'Checkout'
uses: 'actions/checkout@v4'
- name: Update slack deployment complete
if: needs.deploy.result == 'success'
uses: slackapi/[email protected]
with:
update-ts: ${{ needs.init.outputs.slack_ts }}
channel-id: ${{ env.CHANNEL_IDS }}
payload-file-path: ".github/workflows/payload-slack-content.json"
env:
STATUS_COLOR: 28a745
STATUS_TITLE: Building and Deploy
STATUS_VALUE: ':link-zelda: *Completed*'
- name: Update slack deployment ready for promotion
if: needs.deploy.result == 'success'
uses: slackapi/[email protected]
with:
channel-id: ${{ env.CHANNEL_IDS }}
payload-file-path: ".github/workflows/payload-slack-deploy.json"
- name: Update slack deployment failed
if: needs.lint.result == 'failure' || needs.build.result == 'failure' || needs.validate.result == 'failure' || needs.deploy.result == 'failure'
uses: slackapi/[email protected]
with:
update-ts: ${{ needs.init.outputs.slack_ts }}
channel-id: ${{ env.CHANNEL_IDS }}
payload-file-path: ".github/workflows/payload-slack-content.json"
env:
STATUS_COLOR: d81313
STATUS_TITLE: Building and Deploy
STATUS_VALUE: ':skull_and_crossbones: *Failed*'