trigger br_cnj_improbidade_administrativa #27
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CD | |
on: | |
pull_request: | |
types: [closed] | |
env: | |
GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} | |
GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }} | |
GH_PAT: ${{ secrets.GH_PAT }} | |
GKE_CLUSTER: ${{ secrets.GKE_CLUSTER }} | |
GKE_REGION: ${{ secrets.GKE_REGION }} | |
BASEDOSDADOS_CONFIG: ${{ secrets.BASEDOSDADOS_CONFIG }} | |
BASEDOSDADOS_CREDENTIALS_PROD: ${{ secrets.BASEDOSDADOS_CREDENTIALS_PROD }} | |
BASEDOSDADOS_CREDENTIALS_STAGING: ${{ secrets.BASEDOSDADOS_CREDENTIALS_STAGING }} | |
IMAGE_NAME: ghcr.io/basedosdados/queries-basedosdados | |
jobs: | |
build-container: | |
if: | | |
github.event.pull_request.merged == true | |
&& github.event.pull_request.base.ref == 'main' | |
name: Deployment | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Google Cloud CLI | |
uses: google-github-actions/[email protected] | |
with: | |
service_account_key: ${{ secrets.GCP_SA_KEY }} | |
project_id: ${{ secrets.GCP_PROJECT_ID }} | |
export_default_credentials: true | |
- name: Get GKE credentials | |
uses: google-github-actions/[email protected] | |
with: | |
cluster_name: ${{ env.GKE_CLUSTER }} | |
location: ${{ env.GKE_REGION }} | |
credentials: ${{ secrets.GCP_SA_KEY }} | |
- name: Build and publish image | |
run: | | |
docker build -t $IMAGE_NAME:$GITHUB_SHA . | |
echo $GH_PAT | docker login ghcr.io -u gabriel-milan --password-stdin | |
docker push $IMAGE_NAME:$GITHUB_SHA | |
- name: Set up Kustomize | |
run: |- | |
curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64 | |
chmod u+x ./kustomize | |
- name: Deploy | |
run: |- | |
./kustomize edit set image gcr.io/PROJECT_ID/IMAGE_DBT:TAG=$IMAGE_NAME:$GITHUB_SHA | |
./kustomize build . | kubectl apply -n prefect-agent-basedosdados -f - | |
kubectl rollout status -w -n prefect-agent-basedosdados deployment/dbt-rpc-dev | |
kubectl rollout status -w -n prefect-agent-basedosdados deployment/dbt-rpc-prod | |
table-approve: | |
if: contains(github.event.pull_request.labels.*.name, 'table-approve') | |
needs: build-container | |
name: Table approve | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Get all changed files using a comma separator | |
id: changed-files | |
uses: tj-actions/changed-files@v35 | |
with: | |
separator: ',' | |
- name: Set up poetry | |
run: pipx install poetry | |
- name: Set up python | |
uses: actions/setup-python@v4 | |
with: | |
cache: poetry | |
python-version: '3.9' | |
- name: Install requirements | |
run: poetry install --only=dev | |
- name: Run script for approving table | |
run: | | |
poetry run python .github/workflows/scripts/table_approve.py --modified-files ${{ steps.changed-files.outputs.all_modified_files }} --graphql-url ${{ secrets.BACKEND_GRAPHQL_URL }} --source-bucket-name ${{ secrets.SOURCE_BUCKET_NAME }} --destination-bucket-name ${{ secrets.DESTINATION_BUCKET_NAME }} --backup-bucket-name ${{ secrets.BACKUP_BUCKET_NAME }} --prefect-backend-token ${{ secrets.PREFECT_BACKEND_TOKEN }} --materialization-mode ${{ secrets.MATERIALIZATION_MODE }} --materialization-label ${{ secrets.MATERIALIZATION_LABEL }} | |
change-metadata-status: | |
needs: table-approve | |
name: Change metadata status to "production" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Get all changed files using a comma separator | |
id: changed-files | |
uses: tj-actions/changed-files@v35 | |
with: | |
separator: ',' | |
- name: Set up poetry | |
run: pipx install poetry | |
- name: Set up python | |
uses: actions/setup-python@v4 | |
with: | |
cache: poetry | |
python-version: '3.9' | |
- name: Install requirements | |
run: poetry install --only=dev | |
- name: Run script for changing metadata status | |
run: |- | |
python .github/workflows/scripts/change_metadata_status.py --modified-files ${{ steps.changed-files.outputs.all_modified_files }} --graphql-url ${{ secrets.BACKEND_GRAPHQL_URL }} --status published --email ${{ secrets.BACKEND_EMAIL }} --password ${{ secrets.BACKEND_PASSWORD }} |