name: Docker Hub Workflow on: workflow_dispatch: push: branches: - 'main' tags: - 'v*' pull_request: branches: - 'main' env: DOCKER_USER: 1001:127 jobs: build-and-push-backend: runs-on: ubuntu-latest steps: - uses: actions/create-github-app-token@v1 id: app-token with: app-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.PRIVATE_KEY }} owner: ${{ github.repository_owner }} repositories: "people,secrets" - name: Checkout repository uses: actions/checkout@v2 with: submodules: recursive token: ${{ steps.app-token.outputs.token }} - name: Docker meta id: meta uses: docker/metadata-action@v5 with: images: lasuite/people-backend - name: Load sops secrets uses: rouja/actions-sops@main with: secret-file: .github/workflows/secrets/numerique-gouv/people/secrets.enc.env age-key: ${{ secrets.SOPS_PRIVATE }} - name: Login to DockerHub if: github.event_name != 'pull_request' run: echo "$DOCKER_HUB_PASSWORD" | docker login -u "$DOCKER_HUB_USER" --password-stdin - name: Build and push uses: docker/build-push-action@v5 with: context: . target: backend-production build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-and-push-frontend: runs-on: ubuntu-latest steps: - uses: actions/create-github-app-token@v1 id: app-token with: app-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.PRIVATE_KEY }} owner: ${{ github.repository_owner }} repositories: "people,secrets" - name: Checkout repository uses: actions/checkout@v2 with: submodules: recursive token: ${{ steps.app-token.outputs.token }} - name: Docker meta id: meta uses: docker/metadata-action@v5 with: images: lasuite/people-frontend - name: Load sops secrets uses: rouja/actions-sops@main with: secret-file: .github/workflows/secrets.enc.env age-key: ${{ secrets.SOPS_PRIVATE }} - name: Login to DockerHub if: github.event_name != 'pull_request' run: echo "$DOCKER_HUB_PASSWORD" | docker login -u "$DOCKER_HUB_USER" --password-stdin - name: Build and push uses: docker/build-push-action@v5 with: context: . target: frontend-production build-args: DOCKER_USER=${{ env.DOCKER_USER }}:-1000 push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} notify-argocd: needs: - build-and-push-frontend - build-and-push-backend runs-on: ubuntu-latest if: github.event_name != 'pull_request' steps: - uses: actions/create-github-app-token@v1 id: app-token with: app-id: ${{ secrets.APP_ID }} private-key: ${{ secrets.PRIVATE_KEY }} owner: ${{ github.repository_owner }} repositories: "people,secrets" - name: Checkout repository uses: actions/checkout@v2 with: submodules: recursive token: ${{ steps.app-token.outputs.token }} - name: Load sops secrets uses: rouja/actions-sops@main with: secret-file: .github/workflows/secrets/numerique-gouv/people/secrets.enc.env age-key: ${{ secrets.SOPS_PRIVATE }} - name: Call argocd github webhook run: | data='{"ref": "'$GITHUB_REF'","repository": {"html_url":"'$GITHUB_SERVER_URL'/'$GITHUB_REPOSITORY'"}}' sig=$(echo -n ${data} | openssl dgst -sha1 -hmac ''${ARGOCD_WEBHOOK_SECRET}'' | awk '{print "X-Hub-Signature: sha1="$2}') curl -X POST -H 'X-GitHub-Event:push' -H "Content-Type: application/json" -H "${sig}" --data "${data}" $ARGOCD_WEBHOOK_URL