diff --git a/.github/workflows/docker-hub.yml b/.github/workflows/docker-hub.yml new file mode 100644 index 00000000..9d0c1e24 --- /dev/null +++ b/.github/workflows/docker-hub.yml @@ -0,0 +1,104 @@ +name: Docker Hub Workflow + +on: + workflow_dispatch: + push: + branches: + - 'main' + tags: + - 'v*' + pull_request: + branches: + - 'main' + +env: + DOCKER_USER: 1001:127 + +jobs: + build-and-push-backend: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: lasuite/impress-backend + - + name: Load sops secrets + uses: rouja/actions-sops@main + with: + secret-file: .github/workflows/secrets.enc.env + age-key: ${{ secrets.SOPS_PRIVATE }} + - + name: Login to DockerHub + if: github.event_name != 'pull_request' + run: echo "$DOCKER_HUB_PASSWORD" | docker login -u "$DOCKER_HUB_USER" --password-stdin + - + name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + target: backend-production + build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000 + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + build-and-push-frontend: + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: lasuite/impress-frontend + - + name: Load sops secrets + uses: rouja/actions-sops@main + with: + secret-file: .github/workflows/secrets.enc.env + age-key: ${{ secrets.SOPS_PRIVATE }} + - + name: Login to DockerHub + if: github.event_name != 'pull_request' + run: echo "$DOCKER_HUB_PASSWORD" | docker login -u "$DOCKER_HUB_USER" --password-stdin + - + name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + target: frontend-production + build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000 + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + notify-argocd: + needs: + - build-and-push-frontend + - build-and-push-backend + runs-on: ubuntu-latest + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Load sops secrets + uses: rouja/actions-sops@main + with: + secret-file: .github/workflows/secrets.enc.env + age-key: ${{ secrets.SOPS_PRIVATE }} + - + name: Call argocd github webhook + run: | + data='{"ref": "'$GITHUB_REF'","repository": {"html_url":"'$GITHUB_SERVER_URL'/'$GITHUB_REPOSITORY'"}}' + sig=$(echo -n ${data} | openssl dgst -sha1 -hmac ''${ARGOCD_WEBHOOK_SECRET}'' | awk '{print "X-Hub-Signature: sha1="$2}') + curl -X POST -H 'X-GitHub-Event:push' -H "Content-Type: application/json" -H "${sig}" --data "${data}" $ARGOCD_WEBHOOK_URL diff --git a/.github/workflows/impress.yml b/.github/workflows/impress.yml index 99e4abd7..655dccc2 100644 --- a/.github/workflows/impress.yml +++ b/.github/workflows/impress.yml @@ -72,21 +72,6 @@ jobs: - name: Build mails run: yarn build - build-docker: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - name: Generate a version.json file describing app release - run: | - printf '{"commit":"${{ github.sha }}","version":"${{ github.ref }}","source":"https://github.com/${{ github.repository_owner }}/${{ github.repository }}","build":"${{ github.run_id }}"}\n' > src/backend/impress/version.json - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - name: Build production image - run: docker build -t impress:${{ github.sha }} --target production . - - name: Check built image availability - run: docker images "impress:${{ github.sha }}*" - lint-back: runs-on: ubuntu-latest defaults: @@ -212,39 +197,3 @@ jobs: crowdin/cli:3.16.0 \ crowdin upload sources -c /app/crowdin/config.yml - hub: - runs-on: ubuntu-latest - if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - name: Generate a version.json file describing app release - run: | - printf '{"commit":"${{ github.sha }}","version":"${{ github.ref }}","source":"https://github.com/${{ github.repository_owner }}/${{ github.repository }}","build":"${{ github.run_id }}"}\n' > src/backend/impress/version.json - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - name: Build production image - run: docker build -t impress:${{ github.sha }} --target production . - - name: Check built images availability - run: docker images "impress:${{ github.sha }}*" - - name: Login to DockerHub - run: echo "${{ secrets.DOCKER_HUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_HUB_USER }}" --password-stdin - - name: Tag images - run: | - DOCKER_TAG=$([[ -z "${{ github.event.ref }}" ]] && echo "${{ github.event.ref }}" || echo "${{ github.event.ref }}" | sed 's/^v//') - RELEASE_TYPE=$([[ -z "${{ github.event.ref }}" ]] && echo "branch" || echo "tag ") - echo "DOCKER_TAG: ${DOCKER_TAG} (Git ${RELEASE_TYPE}${{ github.event.ref }})" - docker tag impress:${{ github.sha }} numerique-gouv/impress:${DOCKER_TAG} - if [[ -n "${{ github.event.ref }}" ]]; then - docker tag impress:${{ github.sha }} numerique-gouv/impress:latest - fi - docker images | grep -E "^numerique-gouv/impress\s*(${DOCKER_TAG}.*|latest|main)" - - name: impress images - run: | - DOCKER_TAG=$([[ -z "${{ github.event.ref }}" ]] && echo "${{ github.event.ref }}" || echo "${{ github.event.ref }}" | sed 's/^v//') - RELEASE_TYPE=$([[ -z "${{ github.event.ref }}" ]] && echo "branch" || echo "tag ") - echo "DOCKER_TAG: ${DOCKER_TAG} (Git ${RELEASE_TYPE}${{ github.event.ref }})" - docker push numerique-gouv/impress:${DOCKER_TAG} - if [[ -n "${{ github.event.ref }}" ]]; then - docker push numerique-gouv/impress:latest - fi