pin skyportal to 7f7f2ef28e91d6d1004f2aa2e51daa4a022dc186 #826
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Docker image, push to gcr.io, deploy to staging | |
| on: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| PROJECT_ID: ${{ secrets.GKE_PROJECT }} | |
| GKE_CLUSTER: fritz-staging | |
| GKE_ZONE: us-west2-a | |
| IMAGE: fritz | |
| jobs: | |
| build-publish-deploy: | |
| name: Setup, Build, Publish | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 45 | |
| steps: | |
| - uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cache | |
| ~/.local | |
| ~/.npm | |
| key: ${{ runner.os }}-${{ hashFiles('**/lockfiles') }} | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| fetch-depth: 0 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.10' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| - id: 'auth' | |
| uses: 'google-github-actions/auth@v0' | |
| with: | |
| credentials_json: ${{ secrets.GKE_SA_KEY }} | |
| - name: Setup gcloud cli | |
| uses: google-github-actions/setup-gcloud@v1 | |
| with: | |
| version: "369.0.0" | |
| project_id: ${{ secrets.GKE_PROJECT }} | |
| # Configure Docker to use the gcloud command-line tool as a credential | |
| # helper for authentication | |
| - name: Set up docker credentials | |
| run: |- | |
| gcloud --quiet auth configure-docker | |
| # Get the GKE credentials so we can deploy to the cluster | |
| # - name: Get Google Kubernetes Engine credentials | |
| # run: |- | |
| # gcloud container clusters get-credentials "$GKE_CLUSTER" --zone "$GKE_ZONE" | |
| - name: Get Google Kubernetes Engine credentials | |
| uses: 'google-github-actions/get-gke-credentials@v1' | |
| with: | |
| cluster_name: fritz-staging | |
| location: us-west2-a | |
| # # Will use this, once the official Docker action introduces caching | |
| # - name: Build and push image | |
| # uses: docker/build-push-action@v1 | |
| # with: | |
| # registry: gcr.io | |
| # repository: $PROJECT_ID/$IMAGE | |
| # tags: $GITHUB_SHA | |
| - name: Build | |
| run: |- | |
| cp fritz.defaults.yaml fritz.yaml | |
| ./fritz build \ | |
| --no-kowalski \ | |
| --skyportal-tag="gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA" | |
| # Push the Docker image to Google Container Registry | |
| - name: Publish | |
| run: |- | |
| docker push "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA" | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: "fritz-marshal/fritz-deploy" | |
| path: "fritz-deploy" | |
| ssh-key: ${{ secrets.CI_FRITZ_DEPLOY_DEPLOY_KEY }} | |
| - name: Set up SOPS | |
| run: |- | |
| SOPS_VER=3.5.0 | |
| CACHED_DOWNLOAD_DIR=~/.local/downloads | |
| FILENAME=sops-v${SOPS_VER}.linux | |
| SOPS_BINARY=~/.local/bin/sops | |
| if [[ ! -f ${CACHED_DOWNLOAD_DIR=}/${FILENAME} ]]; then | |
| wget https://github.com/mozilla/sops/releases/download/v${SOPS_VER}/${FILENAME} --quiet --directory-prefix=${CACHED_DOWNLOAD_DIR} --no-clobber | |
| fi | |
| mkdir -p ~/.local/bin | |
| cp ${CACHED_DOWNLOAD_DIR}/${FILENAME} ${SOPS_BINARY} | |
| chmod u+x ${SOPS_BINARY} | |
| ${SOPS_BINARY} --version | |
| - name: Deploy | |
| run: |- | |
| cd fritz-deploy | |
| export PATH=$PATH:~/.local/bin | |
| ./deploy.py --staging --tag=$GITHUB_SHA |