Merge pull request #6410 from emilghittasv/playwright-coverage-expansion #151
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and push a Docker image | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - dev | |
| tags: | |
| - '*' | |
| workflow_dispatch: | |
| inputs: | |
| ref: | |
| description: 'ref to be deployed (e.g. "refs/heads/main", "v1.0.0", "2c0472cf")' | |
| type: string | |
| required: true | |
| default: refs/heads/dev | |
| env: | |
| APP: sumo | |
| APPLICATION_REPOSITORY: mozilla/kitsune | |
| IMAGE_NAME: kitsune | |
| GAR_LOCATION: us | |
| GCP_PROJECT_ID: moz-fx-sumo-prod | |
| GAR_REPOSITORY: sumo-prod | |
| REF_ID: ${{ github.ref }} | |
| jobs: | |
| build: | |
| permissions: | |
| contents: read | |
| deployments: write | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| outputs: | |
| deployment_env: ${{ env.DEPLOYMENT_ENV }} | |
| deployment_realm: ${{ env.DEPLOYMENT_REALM }} | |
| image_tag: ${{ env.TAG }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create version.json | |
| run: | | |
| # create a version.json per | |
| # https://github.com/mozilla-services/Dockerflow/blob/master/docs/version_object.md | |
| printf '{"commit":"%s","version":"%s","source":"%s","build":"%s"}\n' \ | |
| "$GITHUB_SHA" \ | |
| "$GITHUB_REF_NAME" \ | |
| "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \ | |
| "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" > version.json | |
| - id: checkout_application_repo | |
| name: checkout application repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| ref: ${{ env.REF_ID }} | |
| - id: dev_image_tag | |
| name: Set Docker dev image tag for updates of the DEV branch | |
| if: github.ref == 'refs/heads/dev' | |
| run: | | |
| echo TAG="dev-$(git describe --tags --abbrev=7)" >> "$GITHUB_ENV" | |
| # Updates to the main branch are deployed to stage. | |
| echo DEPLOYMENT_ENV=dev >> "$GITHUB_ENV" | |
| echo DEPLOYMENT_REALM=nonprod >> "$GITHUB_ENV" | |
| - id: stage_image_tag | |
| name: Set Docker stage image tag for updates of the main branch | |
| if: github.ref == 'refs/heads/main' | |
| run: | | |
| echo TAG="$(git describe --tags --abbrev=7)" >> "$GITHUB_ENV" | |
| # Updates to the main branch are deployed to stage. | |
| echo DEPLOYMENT_ENV=stage >> "$GITHUB_ENV" | |
| echo DEPLOYMENT_REALM=nonprod >> "$GITHUB_ENV" | |
| - id: prod_image_tag | |
| name: Set Docker prod image tag to the git tag for tagged builds | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: | | |
| echo TAG="$(git describe --tags --abbrev=7)" >> "$GITHUB_ENV" | |
| # Version tags are deployed to prod. | |
| echo DEPLOYMENT_ENV=prod >> "$GITHUB_ENV" | |
| echo DEPLOYMENT_REALM=prod >> "$GITHUB_ENV" | |
| - uses: docker/setup-buildx-action@v3 | |
| - id: gcp_auth | |
| name: GCP authentication | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: access_token | |
| service_account: artifact-writer@${{ env.GCP_PROJECT_ID }}.iam.gserviceaccount.com | |
| workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }} | |
| - id: docker_login | |
| name: Log in to the container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.GAR_LOCATION }}-docker.pkg.dev | |
| username: oauth2accesstoken | |
| password: ${{ steps.gcp_auth.outputs.access_token }} | |
| - id: build_and_push | |
| name: Build and push image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| tags: | | |
| ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.TAG }} | |
| push: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| upload-static-assets: | |
| name: upload static assets | |
| environment: ${{ needs.build.outputs.deployment_env }} | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - id: gcp_auth | |
| name: gcp auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: access_token | |
| service_account: deploy-${{ needs.build.outputs.deployment_env }}@moz-fx-sumo-${{ needs.build.outputs.deployment_realm }}.iam.gserviceaccount.com | |
| workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }} | |
| - id: docker_login | |
| name: docker login | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.GAR_LOCATION }}-docker.pkg.dev | |
| username: oauth2accesstoken | |
| password: ${{ steps.gcp_auth.outputs.access_token }} | |
| - id: setup-gcloud | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - id: upload-assets | |
| name: upload static assets | |
| run: |- | |
| TMP_DIR=static-upload | |
| TMP_DIR_HASHED=static-upload-hashed | |
| docker create --name tmp $GAR_LOCATION-docker.pkg.dev/$GCP_PROJECT_ID/$GAR_REPOSITORY/$IMAGE_NAME:${{ needs.build.outputs.image_tag }} | |
| mkdir -p ./$TMP_DIR ./$TMP_DIR_HASHED | |
| docker cp tmp:/app/static/. ./$TMP_DIR/ | |
| find $TMP_DIR -maxdepth 1 -type f -regextype sed -regex ".*\.[0-9a-f]\{16\}\..*" -exec mv -t $TMP_DIR_HASHED {} + | |
| gsutil -m rsync -r ./$TMP_DIR_HASHED/ gs://$APP-${{ needs.build.outputs.deployment_realm }}-${{ needs.build.outputs.deployment_env }}-assets-bucket/static/ | |
| gsutil -m rsync -r ./$TMP_DIR/ gs://$APP-${{ needs.build.outputs.deployment_realm }}-${{ needs.build.outputs.deployment_env }}-assets-bucket/static/ | |
| docker rm tmp |