Skip to content

Merge pull request #397 from NDLANO/reuse-brightcove-tokens #282

Merge pull request #397 from NDLANO/reuse-brightcove-tokens

Merge pull request #397 from NDLANO/reuse-brightcove-tokens #282

Workflow file for this run

name: 'Release: graphql-api'
on:
workflow_dispatch:
inputs: { }
push:
branches:
- master
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CI_AWS_CLIENT_ID }}
AWS_DEFAULT_REGION: eu-west-1
AWS_SECRET_ACCESS_KEY: ${{ secrets.CI_AWS_CLIENT_SECRET }}
NDLA_AWS_ECR_REPO: ${{ secrets.NDLA_AWS_ECR_REPO }}
CI_RELEASE_ROLE: ${{ secrets.CI_RELEASE_ROLE }}
CI_GITHUB_TOKEN: ${{ secrets.CI_GITHUB_TOKEN }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }}
NDLA_RELEASES: ${{ secrets.NDLA_RELEASES }}
NDLA_ENVIRONMENT: local
NDLA_HOME: ${{ github.workspace }}/ndla
NDLA_DEPLOY: ${{ github.workspace }}/ndla/deploy
COMPONENT: ${{ github.event.repository.name }}
GPG_KEY: ${{ secrets.DEPLOY_BLACKBOX_GPG_KEY_B64 }}
jobs:
release:
name: Release and push to registry
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
path: ndla/${{ github.event.repository.name }}
- uses: actions/checkout@v4
with:
repository: NDLANO/deploy
token: ${{ secrets.CI_GITHUB_TOKEN }}
path: ndla/deploy
- uses: actions/setup-python@v4
with:
python-version: '3.11'
- uses: abatilo/actions-poetry@v2
with:
poetry-version: '1.6.1'
- name: Setup ~/bin directory
run: |
mkdir -p /home/runner/bin
echo "/home/runner/bin" >> $GITHUB_PATH
- name: Login to ECR repo
run: RES=$(aws sts assume-role --role-arn $CI_RELEASE_ROLE --role-session-name github-actions-ecr-login)
AWS_ACCESS_KEY_ID=$(echo $RES | jq -r .Credentials.AccessKeyId)
AWS_SECRET_ACCESS_KEY=$(echo $RES | jq -r .Credentials.SecretAccessKey)
AWS_SESSION_TOKEN=$(echo $RES | jq -r .Credentials.SessionToken)
aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin $NDLA_AWS_ECR_REPO
- name: Login to dockerhub
run: echo $DOCKER_HUB_PASSWORD | docker login --username $DOCKER_HUB_USERNAME --password-stdin
- name: Cache pip
uses: actions/cache@v3
with:
path: ndla/deploy/.venv
key: ${{ runner.os }}-pip-${{ hashFiles('ndla/deploy/poetry.lock') }}
restore-keys: |
${{ runner.os }}-pip-
${{ runner.os }}-
- name: Install python dependencies
run: |
# Setup the virtualenv in the repo to make caching of dependencies easier
poetry config virtualenvs.create true --local
poetry config virtualenvs.in-project true --local
# Install the deps!
poetry --directory $NDLA_DEPLOY install
- name: Download blackbox
uses: actions/checkout@v4
with:
repository: StackExchange/blackbox
path: blackbox
- name: Install Blackbox and key
run: |
# Move binaries to path
sudo mv blackbox/bin/* /home/runner/bin/
echo -n "$GPG_KEY" | base64 --decode | gpg --import
- name: Install kubectl
run: |
curl -L https://storage.googleapis.com/kubernetes-release/release/v1.21.11/bin/linux/amd64/kubectl > kubectl
sudo mv kubectl /home/runner/bin/kubectl
sudo chmod +x /home/runner/bin/kubectl
mkdir -p ~/.kube
- name: Install aws-iam-authenticator
run: |
sudo curl -L https://amazon-eks.s3-us-west-2.amazonaws.com/1.12.7/2019-03-27/bin/linux/amd64/aws-iam-authenticator > aws-iam-authenticator
sudo mv aws-iam-authenticator /home/runner/bin/aws-iam-authenticator
sudo chmod +x /home/runner/bin/aws-iam-authenticator
- name: Install helm
run: |
curl -L https://get.helm.sh/helm-v3.11.3-linux-amd64.tar.gz > /tmp/helm.tar.gz
tar xvzf /tmp/helm.tar.gz -C /tmp/
sudo mv /tmp/linux-amd64/helm /home/runner/bin/
sudo chmod +x /home/runner/bin/helm
- name: Build kubernetes config
run: poetry -C $NDLA_DEPLOY run ndla env kubeconfig test
- name: Do release
shell: bash
run: poetry -C $NDLA_DEPLOY run ndla release $COMPONENT --update-chart