Update build_and_tag.yml #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Tag | |
| on: | |
| push: | |
| branches: [main] | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| FRONTEND_IMAGE_NAME: terramino-frontend | |
| BACKEND_IMAGE_NAME: terramino-backend | |
| HCP_CLIENT_ID: ${{ secrets.HCP_CLIENT_ID }} | |
| HCP_CLIENT_SECRET: ${{ secrets.HCP_CLIENT_SECRET }} | |
| HCP_PROJECT_ID: ${{ secrets.HCP_PROJECT_ID }} | |
| HCP_ORGANIZATION_ID: ${{ secrets.HCP_ORGANIZATION_ID }} | |
| AWS_REGION: ${{ secrets.AWS_REGION }} | |
| jobs: | |
| check-files-changed: | |
| name : Check changed files | |
| runs-on: ubuntu-latest | |
| outputs: | |
| build-packer: ${{ steps.check-packer.outputs.changed }} | |
| build-container: ${{ steps.check-app.outputs.changed }} | |
| update-terraform: ${{ steps.check-terraform.changed }} | |
| manual-run: ${{ steps.manual-run.manual }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 | |
| with: | |
| fetch-depth: 2 | |
| - name: Check for Packer changes | |
| id: check-packer | |
| working-directory: .github/scripts | |
| run: ./check_files_changed.sh "shared/** image.pkr.hcl" "${{ github.event_name }}" "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | |
| - name: Check for application changes | |
| id: check-app | |
| working-directory: .github/scripts | |
| run: ./check_files_changed.sh "app/**" "${{ github.event_name }}" "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | |
| - name: Check for Terraform changes | |
| id: check-terraform | |
| working-directory: .github/scripts | |
| run: ./check_files_changed.sh "*.tf" "${{ github.event_name }}" "${{ github.event.pull_request.base.sha }}" "${{ github.sha }}" | |
| - name: Check for manual run | |
| id: manual-run | |
| run: echo "manual=${{ github.event_name == 'workflow_dispatch' }}" >> $GITHUB_ENV | |
| build-packer: | |
| name: Build AMI | |
| runs-on: ubuntu-latest | |
| needs: check-files-changed | |
| if: ${{ needs.check-files-changed.outputs.build-packer == 'true' || needs.check-files-changed.outputs.manual-run == 'true' }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@8c3f20df09ac63af7b3ae3d7c91f105f857d8497 # v4.0.0 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Setup Packer | |
| uses: hashicorp/setup-packer@main | |
| id: setup-packer | |
| - name: Packer Init | |
| run: packer init . | |
| - name: Packer Build | |
| run: PKR_VAR_region="$AWS_REGION" packer build . | |
| - name: Create and set channel | |
| working-directory: .github/scripts | |
| run: ./create_channel_version.sh nomad-consul-vault ${{ github.sha }} production | |
| build-application: | |
| name: Build Terramino images | |
| runs-on: ubuntu-latest | |
| needs: check-files-changed | |
| if: ${{ needs.check-files-changed.outputs.build-container == 'true' || needs.check-files-changed.outputs.manual-run == 'true' }} | |
| permissions: | |
| contents: write | |
| packages: write | |
| steps: | |
| - name: Set Timestamp | |
| id: timestamp | |
| run: echo "TIMESTAMP=$(date +%s)" >> $GITHUB_ENV | |
| - name: Set repository name | |
| id: set-repo | |
| run: echo "REPO=${GITHUB_REPOSITORY@L}" >> "${GITHUB_ENV}" | |
| - name: Checkout repo | |
| uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 | |
| - name: Log in to GHCR | |
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Frontend image build and push | |
| - name: Build and push frontend image | |
| id: frontend-push | |
| uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 | |
| with: | |
| context: app/ | |
| file: app/Dockerfile.frontend | |
| push: true | |
| tags: ${{ env.REGISTRY }}/${{ env.REPO }}/${{ env.FRONTEND_IMAGE_NAME }}:${{ env.TIMESTAMP }} | |
| - id: get-frontend-build-name | |
| name: Save frontend image path to file | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| imageName=${{ fromJSON(steps.frontend-push.outputs.metadata)['image.name'] }} | |
| echo "$imageName" > latest-frontend.version | |
| # Backend image build and push | |
| - name: Build and push backend image | |
| id: backend-push | |
| uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 | |
| with: | |
| context: app/ | |
| file: app/Dockerfile.backend | |
| push: true | |
| tags: ${{ env.REGISTRY }}/${{ env.REPO }}/${{ env.BACKEND_IMAGE_NAME }}:${{ env.TIMESTAMP }} | |
| - id: get-backend-build-name | |
| name: Save backend image path to file | |
| run: | | |
| imageName=${{ fromJSON(steps.backend-push.outputs.metadata)['image.name'] }} | |
| echo "$imageName" > latest-backend.version | |
| - name: Commit image files to repo | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| git config user.name "github-actions" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add latest-frontend.version latest-backend.version | |
| git commit -m "Updated frontend and backend image URIs." | |
| git push | |
| tag-release: | |
| name: Create tag | |
| runs-on: ubuntu-latest | |
| needs: [check-files-changed, build-packer, build-application] | |
| if: ${{ always() && (needs.build-packer.result == 'success' || needs.build-application.result == 'success' || needs.check-files-changed.outputs.update-terraform == 'true' || needs.check-files-changed.outputs.manual-run == 'true' ) }} | |
| permissions: | |
| contents: write | |
| packages: write | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 | |
| - name: Bump version and create tag | |
| working-directory: .github/scripts | |
| run: ./bump_and_create_tag.sh | |