-
Notifications
You must be signed in to change notification settings - Fork 11
195 lines (181 loc) · 7.38 KB
/
build-staging.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
---
name: build staging
# Actions that take place after every commit the 'staging' branch.
# Here every commit is built, tagged (as 'latest' or with the tag) and tested.
# We ignore any production-like tags in this workflow.
#
# If a DOCKERHUB_USERNAME secret is defined the image is pushed.
#
# Actions also run on a schedule - the container is built, tested,
# pushed and deployed (if the relevant secrets are set) based on
# a defined schedule.
# ---------------
# Control secrets
# ---------------
#
# At the GitHub 'organisation' or 'project' level you are expected to
# have the following GitHub 'Repository Secrets' defined
# (i.e. via 'Settings -> Secrets'): -
#
# BE_NAMESPACE optional - default xchem
# FE_IMAGE_TAG optional - default latest
# FE_NAMESPACE optional - default xchem
# STACK_BRANCH optional - default master
# STACK_GITHUB_NAMESPACE optional - default xchem
# STACK_NAMESPACE optional - default xchem
#
# DOCKERHUB_USERNAME optional
# DOCKERHUB_TOKEN optional - required if DOCKERHUB_USERNAME
#
# TRIGGER_DOWNSTREAM optional - set to 'yes'
# to trigger downstream projects
#
# STACK_USER optional - set if triggering
# STACK_USER_TOKEN optional - set if triggering
#
# -----------
# Environment (GitHub Environments)
# -----------
#
# (none)
on:
push:
branches:
- 'staging'
tags-ignore:
# Ignore any production-grade tags (i.e. "2022.1" or "1.0.0"),
# they're reserved for the production branch. Here
# we expect a non-production tag, i.e. "2022.1-rc.1" or "1.0.0-rc.1"
- '[0-9]+.[0-9]+'
- '[0-9]+.[0-9]+.[0-9]+'
schedule:
# Build every Sunday (0) at 4:30pm
- cron: '30 16 * * 0'
env:
# The following 'defaults' are used in the 'Initialise workflow variables' step,
# which creates 'outputs' for use in steps and jobs that follow it.
# The values set here are used unless a matching secret is found.
# Secrets are the way users dynamically control the behaviour of this Action.
#
# For Jobs conditional on the presence of a secret see this Gist...
# https://gist.github.com/jonico/24ffebee6d2fa2e679389fac8aef50a3
BE_NAMESPACE: xchem
FE_IMAGE_TAG: latest
FE_NAMESPACE: xchem
STACK_BRANCH: master
STACK_GITHUB_NAMESPACE: xchem
STACK_NAMESPACE: xchem
jobs:
build:
runs-on: ubuntu-latest
outputs:
push: ${{ steps.vars.outputs.push }}
tag: ${{ steps.vars.outputs.tag }}
trigger: ${{ steps.vars.outputs.trigger }}
steps:
- name: Inject slug/short variables
uses: rlespinasse/[email protected]
- name: Initialise workflow variables
id: vars
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
TRIGGER_DOWNSTREAM: ${{ secrets.TRIGGER_DOWNSTREAM }}
run: |
# BE_NAMESPACE
BE_NAMESPACE="${{ env.BE_NAMESPACE }}"
if [ -n "${{ secrets.BE_NAMESPACE }}" ]; then BE_NAMESPACE="${{ secrets.BE_NAMESPACE }}"; fi
echo BE_NAMESPACE=${BE_NAMESPACE}
echo "BE_NAMESPACE=${BE_NAMESPACE}" >> $GITHUB_OUTPUT
# FE_IMAGE_TAG
FE_IMAGE_TAG="${{ env.FE_IMAGE_TAG }}"
if [ -n "${{ secrets.FE_IMAGE_TAG }}" ]; then FE_IMAGE_TAG="${{ secrets.FE_IMAGE_TAG }}"; fi
echo FE_IMAGE_TAG=${FE_IMAGE_TAG}
echo "FE_IMAGE_TAG=${FE_IMAGE_TAG}" >> $GITHUB_OUTPUT
# FE_NAMESPACE
FE_NAMESPACE="${{ env.FE_NAMESPACE }}"
if [ -n "${{ secrets.FE_NAMESPACE }}" ]; then FE_NAMESPACE="${{ secrets.FE_NAMESPACE }}"; fi
echo FE_NAMESPACE=${FE_NAMESPACE}
echo "FE_NAMESPACE=${FE_NAMESPACE}" >> $GITHUB_OUTPUT
# STACK_BRANCH
STACK_BRANCH="${{ env.STACK_BRANCH }}"
if [ -n "${{ secrets.STACK_BRANCH }}" ]; then STACK_BRANCH="${{ secrets.STACK_BRANCH }}"; fi
echo STACK_BRANCH=${STACK_BRANCH}
echo "STACK_BRANCH=${STACK_BRANCH}" >> $GITHUB_OUTPUT
# STACK_GITHUB_NAMESPACE
STACK_GITHUB_NAMESPACE="${{ env.STACK_GITHUB_NAMESPACE }}"
if [ -n "${{ secrets.STACK_GITHUB_NAMESPACE }}" ]; then STACK_GITHUB_NAMESPACE="${{ secrets.STACK_GITHUB_NAMESPACE }}"; fi
echo STACK_GITHUB_NAMESPACE=${STACK_GITHUB_NAMESPACE}
echo "STACK_GITHUB_NAMESPACE=${STACK_GITHUB_NAMESPACE}" >> $GITHUB_OUTPUT
# STACK_NAMESPACE
STACK_NAMESPACE="${{ env.STACK_NAMESPACE }}"
if [ -n "${{ secrets.STACK_NAMESPACE }}" ]; then STACK_NAMESPACE="${{ secrets.STACK_NAMESPACE }}"; fi
echo STACK_NAMESPACE=${STACK_NAMESPACE}
echo "STACK_NAMESPACE=${STACK_NAMESPACE}" >> $GITHUB_OUTPUT
# What image tag are we using? 'latest' (if not tagged) or a GitHub tag?
TAG="latest"
if [[ "${{ github.ref }}" =~ ^refs/tags/ ]]; then TAG="${{ env.GITHUB_REF_SLUG }}"; fi
echo tag=${TAG}
echo "tag=${TAG}" >> $GITHUB_OUTPUT
# Do we push, i.e. is DOCKERHUB_USERNAME defined?
echo push=${{ env.DOCKERHUB_USERNAME != '' }}
echo "push=${{ env.DOCKERHUB_USERNAME != '' }}" >> $GITHUB_OUTPUT
# Do we trigger downstream, i.e. is TRIGGER_DOWNSTREAM 'yes'?
echo trigger=${{ env.TRIGGER_DOWNSTREAM == 'yes' }}
echo "trigger=${{ env.TRIGGER_DOWNSTREAM == 'yes' }}" >> $GITHUB_OUTPUT
- name: Checkout
uses: actions/checkout@v3
- name: Lint Dockerfile
uses: hadolint/[email protected]
with:
dockerfile: Dockerfile
- name: Set up Python
uses: actions/setup-python@v3
with:
python-version: '3.11'
- name: Compile requirements.txt
run: |
pip install --upgrade pip
pip install poetry==1.7.0
poetry export --without-hashes --without dev --output requirements.txt
- name: Docker build
uses: docker/build-push-action@v4
with:
context: .
tags: ${{ steps.vars.outputs.BE_NAMESPACE }}/fragalysis-backend:${{ steps.vars.outputs.tag }}
# - name: Test
# run: >
# docker-compose -f docker-compose.test.yml up
# --build
# --exit-code-from tests
# --abort-on-container-exit
# env:
# BE_NAMESPACE: ${{ steps.vars.outputs.BE_NAMESPACE }}
# BE_TAG: ${{ steps.vars.outputs.tag }}
- name: Login to DockerHub
if: steps.vars.outputs.push == 'true'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Push
if: steps.vars.outputs.push == 'true'
run: docker push ${{ steps.vars.outputs.BE_NAMESPACE }}/fragalysis-backend:${{ steps.vars.outputs.tag }}
# Trigger the stack build for every non-scheduled (staging) build.
- name: Trigger stack
if: |
steps.vars.outputs.trigger == 'true' &&
github.event_name != 'schedule'
uses: informaticsmatters/trigger-ci-action@v1
with:
ci-owner: ${{ steps.vars.outputs.STACK_GITHUB_NAMESPACE }}
ci-repository: fragalysis-stack
ci-name: build main
ci-ref: refs/heads/${{ steps.vars.outputs.STACK_BRANCH }}
ci-inputs: >-
be_namespace=${{ steps.vars.outputs.BE_NAMESPACE }}
be_image_tag=${{ steps.vars.outputs.TAG }}
fe_namespace=${{ steps.vars.outputs.FE_NAMESPACE }}
fe_image_tag=${{ steps.vars.outputs.FE_IMAGE_TAG }}
stack_namespace=${{ steps.vars.outputs.STACK_NAMESPACE }}
ci-user: ${{ secrets.STACK_USER }}
ci-user-token: ${{ secrets.STACK_USER_TOKEN }}