This repository has been archived by the owner on Jan 13, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 18
228 lines (179 loc) · 6.58 KB
/
dockerCI.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
name: Docker Image Build
on:
pull_request:
types: [opened, reopened, synchronize, closed]
branches:
- main
paths-ignore:
- 'docs/**'
- '.devcontainer/**'
- '**.md'
- 'TestFiles/**'
push:
branches:
- main
paths-ignore:
- 'docs/**'
- '.devcontainer/**'
- '**.md'
- 'TestFiles/**'
tags:
- v*
jobs:
build:
runs-on: ubuntu-latest
env:
# copy the config value to environment variables
# do not copy the actual secrets!
KEYVAULT_NAME: ${{ secrets.KEYVAULT_NAME }}
DOCKER_REPO: ${{ secrets.DOCKER_REPO }}
ACR_REPO: ${{ secrets.ACR_REPO }}
ACR_IMAGE: ${{ secrets.ACR_IMAGE }}
ACR_REG: ${{ secrets.ACR_REG }}
# These are used in if: conditions
AZURE_SET: false
DOCKER_SET: false
ACR_SET: false
steps:
- uses: actions/checkout@v2
- name: Set conditions
run: |
# check that all Azure secrets are set
if [[ "${{ secrets.SERVICE_PRINCIPAL_SECRET }}" != "" && "${{ secrets.TENANT }}" != "" && "${{ secrets.SERVICE_PRINCIPAL }}" != "" && "${{ secrets.KEYVAULT_NAME }}" != "" ]];
then
echo "AZURE_SET=true" >> $GITHUB_ENV
fi
# check that all Docker secrets are set
if [[ "${{ secrets.DOCKER_PAT }}" != "" && "${{ secrets.DOCKER_REPO }}" != "" && "${{ secrets.DOCKER_USER }}" != "" ]];
then
echo "DOCKER_SET=true" >> $GITHUB_ENV
fi
# check that all ACR secrets are set
if [[ "${{ secrets.ACR_REG }}" != "" && "${{ secrets.ACR_REPO }}" != "" && "${{ secrets.ACR_IMAGE }}" != "" ]];
then
echo "ACR_SET=true" >> $GITHUB_ENV
fi
- name: PR Closed
if: ${{ github.event_name == 'pull_request' && github.event.action == 'closed' && ! github.event.pull_request.merged }}
run: |
# handle PR Closed event by building / pushing main branch
# checkout parent branch (usually "main")
git config pull.ff only
git fetch --all
git checkout ${{ github.base_ref }}
git pull
- name: PR Merged
if: ${{ github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged }}
run: |
# Do not build on PR Merged
# Skip remaining steps
echo "AZURE_SET=false" >> $GITHUB_ENV
echo "DOCKER_SET=false" >> $GITHUB_ENV
echo "ACR_SET=false" >> $GITHUB_ENV
- name: Validate Azure Access
if: ${{ env.AZURE_SET == 'true' }}
run: |
# login to Azure
az login --service-principal -u ${{ secrets.SERVICE_PRINCIPAL }} --tenant ${{ secrets.TENANT }} -p ${{ secrets.SERVICE_PRINCIPAL_SECRET }}
# verify SP has access to Key Vault
az keyvault secret show --name CosmosDatabase --vault-name ${{ secrets.KEYVAULT_NAME }}
- name: Docker Login
if: ${{ env.DOCKER_SET == 'true' }}
run: |
# login to dockerhub
echo "${{ secrets.DOCKER_PAT }}" | docker login -u ${{ secrets.DOCKER_USER }} --password-stdin
- name: Docker Pull Test
if: ${{ env.AZURE_SET == 'true' || env.DOCKER_SET == 'true' || env.ACR_SET == 'true' }}
run: |
# Pull the latest image if needed
# This doesn't have to be a separate step, but makes the output easier to read and debug
docker pull mcr.microsoft.com/dotnet/core/sdk:3.1
- name: Docker Build Test
if: ${{ env.AZURE_SET == 'true' }}
run: |
# build test image
docker build . -t test --target test
- name: Install WebV
if: ${{ env.AZURE_SET == 'true' }}
run: |
dotnet tool install -g webvalidate
- name: Start helium container
if: ${{ env.AZURE_SET == 'true' }}
run: |
# run the app
docker run -d --name hcs -p 4120:4120 --env KEYVAULT_NAME=$KEYVAULT_NAME --env AUTH_TYPE=CLI -v ~/.azure:/root/.azure test
echo "Waiting for web server to start and run initial tests ..."
sleep 25
- name: Run WebV
if: ${{ env.AZURE_SET == 'true' }}
run: |
# run web validation test
# fail on any validation errors
cd TestFiles
webv -s localhost:4120 --max-errors 1 -f baseline.json
cd ..
- name: Display coverage results
if: ${{ env.AZURE_SET == 'true' }}
run: |
# wait for helium to shutdown
sleep 15
# display the results
docker logs hcs | tail -n 24
- name: Display full test results
if: ${{ env.AZURE_SET == 'true' }}
run: |
# display the results
docker logs hcs
- name: Docker Pull Release
if: ${{ env.DOCKER_SET == 'true' || env.ACR_SET == 'true' }}
run: |
# Pull the latest image if needed
docker pull mcr.microsoft.com/dotnet/core/aspnet:3.1-alpine
- name: Docker Build Release
if: ${{ env.DOCKER_SET == 'true' || env.ACR_SET == 'true' }}
run: |
# build image
if [[ "${{ github.ref }}" == "refs/tags/"* ]]
then
docker build . -t helium --build-arg TAG=true
else
docker build . -t helium
fi
- name: Docker Tag and Push
if: ${{ env.DOCKER_SET == 'true' }}
run: |
# tag the repo with :beta
docker tag helium $DOCKER_REPO:beta
# Tag image based on repo tag if a github label
if [[ "${{ github.ref }}" == "refs/tags/"* ]]
then
# Strip git ref prefix from version
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,' | sed -e 's/^v//')
# tag the image with :version and :stable
docker tag helium $DOCKER_REPO:$VERSION
docker tag helium $DOCKER_REPO:stable
fi
# Push to the repo
docker push -a $DOCKER_REPO
- name: ACR Push
if: ${{ env.ACR_SET == 'true' && env.AZURE_SET == 'true' }}
run: |
# login to acr
az acr login -n $ACR_REG
# build the complete image name
ACR_IMAGE=$ACR_REG.azurecr.io/$ACR_REPO/$ACR_IMAGE
# build release image
docker tag helium $ACR_IMAGE:beta
# Tag image based on repo tag if a github label
if [[ "${{ github.ref }}" == "refs/tags/"* ]]
then
# Strip git ref prefix from version
VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
# Strip "v" prefix from tag name
VERSION=$(echo $VERSION | sed -e 's/^v//')
# tag the image with :version and :stable
docker tag helium $ACR_IMAGE:$VERSION
docker tag helium $ACR_IMAGE:stable
fi
# push the repo
docker push -a $ACR_IMAGE