Skip to content

Add option to not require a JWT #59

Add option to not require a JWT

Add option to not require a JWT #59

# This workflow will build and push a new container image to Amazon ECR,
# and then will deploy a new task definition to Amazon ECS, when a release is created
#
# To use this workflow, you will need to complete the following set-up steps:
#
# 1. Create an ECR repository to store your images.
# For example: `aws ecr create-repository --repository-name ibmstocktrader/portfolio --region us-east-2`.
# Replace the value of `ECR_REPOSITORY` in the workflow below with your repository's name.
# Replace the value of `aws-region` in the workflow below with your repository's region.
#
# 2. Create an ECS task definition, an ECS cluster, and an ECS service.
# For example, follow the Getting Started guide on the ECS console:
# https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun
# Replace the values for `service` and `cluster` in the workflow below with your service and cluster names.
#
# 3. Store your ECS task definition as a JSON file in your repository.
# The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`.
# Replace the value of `task-definition` in the workflow below with your JSON file's name.
# Replace the value of `container-name` in the workflow below with the name of the container
# in the `containerDefinitions` section of the task definition.
#
# 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
# See the documentation for each action used below for the recommended IAM policies for this IAM user,
# and best practices on handling the access key credentials.
name: Build, Push to Amazon ECR, Gitops
on:
push:
branches:
- master
paths-ignore:
- '.github/**'
release:
types: [created]
# Environment variables available to all jobs and steps in this workflow
env:
# EDIT secrets with with your registry path, and apikey
# REGISTRY_NAMESPACE: ${{ secrets.REGISTRY_NAMESPACE }}
# EDIT with your registry username.
# IMAGE_NAME: portfolio
GITHUB_SHA: ${{ github.sha }}
# GITOPS_REPO: IBMStockTrader/stocktrader-gitops
# GITOPS_DIR: application
# GITOPS_USERNAME: ${{ secrets.GITOPS_USERNAME }}
# GITOPS_TOKEN: ${{ secrets.GITOPS_TOKEN }}
jobs:
setup-build-publish-deploy:
name: Setup, Build, Publish Deploy
runs-on: ubuntu-latest
environment: production
steps:
- name: Checkout
uses: actions/checkout@v2
# Setup java
- name: Setup Java
uses: actions/setup-java@v1
with:
java-version: 17
# Build and package app
- name: Build and package app
id: unit-test
run: |
mvn clean package
# verify
# cat target/failsafe-reports/failsafe-summary.xml
# grep -q "<failures>0</failures>" target/failsafe-reports/failsafe-summary.xml
# code=$?
# echo "ret: $code"
# if [[ $code -eq 0 ]]; then
# echo "success"
# echo '::set-output name=unit-test-result::success'
# else
# echo "failed"
# echo '::set-output name=unit-test-result::failed'
# fi
echo '::set-output name=unit-test-result::success'
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-2
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ibmstocktrader/portfolio
IMAGE_TAG: ${{ github.sha }}
run: |
# Build a docker container and
# push it to ECR so that it can
# be deployed to ECS.
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG \
--build-arg GITHUB_SHA="$GITHUB_SHA" \
--build-arg GITHUB_REF="$GITHUB_REF" .
# Do an image scan
# push the image to ECR
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
update-gitops-repo:
name: Publish image updates to gitops repo
runs-on: ubuntu-latest
needs: [setup-build-publish-deploy]
steps:
# Checkout gitops repo
- name: Checkout gitops repo
uses: actions/checkout@v2
with:
repository: ${{env.GITOPS_REPO}}
path: gitops
token: ${{secrets.GITOPS_TOKEN}}
# Update application
- name: Upate application
run: |
set -x
set +e
ls -la
ls -la gitops
cd gitops
## update manifests to new image and tag
APP_IMAGE="$ECR_REGISTRY/$ECR_REPOSITORY"
VERSION="$GITHUB_SHA"
echo "image-registry-path: ${{needs.setup-build-publish-deploy.image-registry-path}}"
echo "${APP_IMAGE}"
echo "${VERSION}"
echo "print yq version"
yq --version
# yq w -i "${GITOPS_DIR}/stocktrader-aws-eks-cr.yml" spec.portfolio.image.repository "${APP_IMAGE}"
yq e ".spec.portfolio.image.repository = \"$APP_IMAGE\"" -i "${GITOPS_DIR}/stocktrader-aws-eks-cr.yml"
# yq w -i "${GITOPS_DIR}/stocktrader-aws-eks-cr.yml" spec.portfolio.image.tag "${VERSION}"
yq e ".spec.portfolio.image.tag = \"$VERSION\"" -i "${GITOPS_DIR}/stocktrader-aws-eks-cr.yml"
cat "${GITOPS_DIR}/stocktrader-aws-eks-cr.yml"
if [[ $(git status -s | wc -l) -eq 0 ]]; then
echo "No changes"
exit 0
fi
git add "${GITOPS_DIR}/"
git config --global user.name 'GH Actions'
git config --global user.email '[email protected]'
git commit -am "Updates ${APP_NAME} to ${VERSION}"
git push https://$GITOPS_USERNAME:[email protected]/$GITOPS_REPO