Skip to content
.github/workflows/build-ecs-gradle.yml

Refactor deploy-infrastructure action to file-based usage #1

Sign in to view logs

Refactor deploy-infrastructure action to file-based usage

Refactor deploy-infrastructure action to file-based usage #1

Workflow file for this run

.github/workflows/build-ecs-gradle.yml at de8ac0e
name: 'build-ecs-gradle'
author: '1up-team'
description: 'Action to build and release Java & Gradle repositories'
inputs:
java-version:
description: 'Version number used for actions/setup-java'
required: false
default: '17'
pkg-user:
description: 'User name used to integrate with the spring-media GitHub packages for internal libs'
required: false
pkg-token:
description: 'User token used to integrate with the spring-media GitHub packages for internal libs'
required: true
gradle-cmd:
description: 'Gradle wrapper run command'
required: false
default: './gradlew --no-daemon --info clean build'
sonar-token:
description: 'Token used for triggering and uploading the static code analysis to Sonar Cloud'
required: false
snyk-token:
description: 'Token used for Snyk analysis on vulnerabilities'
required: false
up-aws-access-key-id:
description: 'AWS access key id secret used to integrate with aws-cli or docker repository'
required: true
up-aws-secret-access-key:
description: 'AWS access secret key secret used to integrate with aws-cli or docker repository'
required: true
docker-image-tag:
description: 'Docker image build tag used when pushing to the 1up AWS ECR'
required: false
default: 'b${{ github.run_number }}-${{ github.sha }}'
docker-registry:
description: 'Docker registry URL used when pushing to the 1up AWS ECR'
required: false
default: '933782373565.dkr.ecr.eu-west-1.amazonaws.com'
up-slack-webhook-url:
description: 'Slack channel webhook URL used when reporting master build status'
required: true
staging:
description: 'Release to staging environment'
required: false
default: 'false'
runs:
using: composite
steps:
- name: Setup - echo
shell: bash
run: echo -e "πŸ””\nπŸ””\nπŸ”” S E T U P \nπŸ””\nπŸ””"
- name: Setup - Validate Inputs
shell: bash
run: |
[[ "${{ inputs.pkg-token }}" ]] || { echo "input 'pkg-token' cannot be blank"; exit 1; }
[[ "${{ inputs.up-aws-access-key-id }}" ]] || { echo "input 'up-aws-access-key-id' cannot be blank"; exit 1; }
[[ "${{ inputs.up-aws-secret-access-key }}" ]] || { echo "input 'up-aws-secret-access-key' cannot be blank"; exit 1; }
[[ "${{ inputs.up-slack-webhook-url }}" ]] || { echo "input 'up-slack-webhook-url' cannot be blank"; exit 1; }
- name: ︎Setup - Checkout
uses: actions/checkout@v4
with:
show-progress: false
fetch-depth: 0
- name: ︎Setup - Java
uses: actions/setup-java@v3
with:
java-version: ${{ inputs.java-version }}
distribution: corretto
cache: gradle
- name: ︎Setup - Service Name
shell: bash
run: |
SERVICE_NAME=${GITHUB_REPOSITORY##*/1up-}
echo "Setup Service name: $SERVICE_NAME"
echo "SERVICE_NAME=$SERVICE_NAME" >> $GITHUB_ENV
- name: ︎Setup - AWS Credentials [on master]
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ inputs.up-aws-access-key-id }}
aws-secret-access-key: ${{ inputs.up-aws-secret-access-key }}
aws-region: eu-west-1
- name: ECR setup
uses: aws-actions/amazon-ecr-login@v1
- name: Build - echo
shell: bash
run: |
echo -e "πŸ””\nπŸ””\nπŸ”” B U I L D \nπŸ””\nπŸ””"
- name: Build - Gradle
shell: bash
env:
GITHUB_PKG_USER: ${{ inputs.pkg-user }}
GITHUB_PKG_TOKEN: ${{ inputs.pkg-token }}
run: |
${{ inputs.gradle-cmd }}
rm -f ~/.gradle/caches/modules-2/modules-2.lock
rm -f ~/.gradle/caches/modules-2/gc.properties
- name: Build - Gradle - Annotate Test Results
uses: EnricoMi/publish-unit-test-result-action@v2
if: ${{ !cancelled() }}
with:
junit_files: '**/test-results/**/*.xml'
comment_mode: off
- name: Build - Sonar - echo
if: inputs.sonar-token
shell: bash
run: echo -e "πŸ””\nπŸ”” S O N A R \nπŸ””"
- name: Build - Sonar - Cache
if: inputs.sonar-token
uses: actions/cache@v3
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: Build - Sonar - Analyze
if: inputs.sonar-token
env:
GITHUB_PKG_USER: ${{ inputs.pkg-user }}
GITHUB_PKG_TOKEN: ${{ inputs.pkg-token }}
GITHUB_TOKEN: ${{ inputs.pkg-token }}
SONAR_TOKEN: ${{ inputs.sonar-token }}
shell: bash
run: ./gradlew sonar --info
- name: Build - Snyk - echo
if: inputs.snyk-token && github.ref != 'refs/heads/master'
shell: bash
run: echo -e "πŸ””\nπŸ”” S N Y K \nπŸ””"
- uses: snyk/actions/setup@master
if: inputs.snyk-token && github.ref != 'refs/heads/master'
- name: Build - Snyk - Analyze
if: inputs.snyk-token && github.ref != 'refs/heads/master'
shell: bash
env:
SNYK_TOKEN: ${{ inputs.snyk-token }}
run: |
snyk code test --severity-threshold=high --fail-on=patchable
- name: Build - Docker Image - echo
shell: bash
run: echo -e "πŸ”” D O C K E R B U I L D"
- name: Build - Docker Image
shell: bash
run: |
DOCKER_IMAGE="${{ inputs.docker-registry }}/${{ env.SERVICE_NAME }}:${{ inputs.docker-image-tag }}"
docker build -t $DOCKER_IMAGE .
echo "DOCKER_IMAGE=$DOCKER_IMAGE" >> $GITHUB_ENV
- name: Release - push Docker image [on master]
if: inputs.staging == 'true' || github.ref == 'refs/heads/master'
shell: bash
run: docker push ${{ env.DOCKER_IMAGE }}
- name: Release - Terraform - echo
shell: bash
run: echo -e "πŸ”” T E R R A F O R M"
- uses: dorny/paths-filter@v2
id: infrastructure-changes
with:
filters: |
terraform:
- 'terraform/**'
- name: Release - terraform
if: steps.infrastructure-changes.outputs.terraform == 'true'
uses: spring-media/1up-github-actions/.github/workflows/actions/deploy-infrastructure.yml
with:
service-name: ${{ env.SERVICE_NAME }}
pkg-token: ${{ inputs.pkg-token }}
staging: ${{ inputs.staging }}
docker-image-tag: ${{ inputs.docker-image-tag }}
- name: Release - on staging - echo
if: inputs.staging == 'true'
shell: bash
run: echo -e "πŸ”” R E L E A S E S T A G I N G"
- name: Release - on staging
if: inputs.staging == 'true' && steps.infrastructure-changes.outputs.terraform == 'false'
uses: silinternational/ecs-deploy@master
with:
aws_access_key_cmd: --aws-access-key
aws_access_key: ${{ inputs.up-aws-access-key-id }}
aws_secret_key_cmd: --aws-secret-key
aws_secret_key: ${{ inputs.up-aws-secret-access-key }}
cluster_cmd: --cluster
cluster: up-cluster-staging
image_cmd: --image
image: ${{ env.DOCKER_IMAGE }}
region_cmd: --region
region: eu-west-1
service_name_cmd: --service-name
service_name: ${{ env.SERVICE_NAME }}
timeout_cmd: --timeout
timeout: 600
- name: Release - on production - echo
if: github.ref == 'refs/heads/master'
shell: bash
run: echo -e "πŸ””\nπŸ”” R E L E A S E P R O D \nπŸ””"
- name: Release - on production [on master]
if: github.ref == 'refs/heads/master' && steps.infrastructure-changes.outputs.terraform == 'false'
uses: silinternational/ecs-deploy@master
with:
aws_access_key_cmd: --aws-access-key
aws_access_key: ${{ inputs.up-aws-access-key-id }}
aws_secret_key_cmd: --aws-secret-key
aws_secret_key: ${{ inputs.up-aws-secret-access-key }}
cluster_cmd: --cluster
cluster: up-cluster-production
image_cmd: --image
image: ${{ env.DOCKER_IMAGE }}
region_cmd: --region
region: eu-west-1
service_name_cmd: --service-name
service_name: ${{ env.SERVICE_NAME }}
timeout_cmd: --timeout
timeout: 600
- name: Report - echo [on master]
if: github.ref == 'refs/heads/master'
shell: bash
run: echo -e "πŸ””\nπŸ””\nπŸ”” R E P O R T jos-status:$JOB_STATUS_NAME action-status:$ACTION_STATUS_NAME \nπŸ””\nπŸ””"
env:
JOB_STATUS_NAME: ${{ job.status }}
ACTION_STATUS_NAME: ${{ github.action_status }}
- name: Report - [on master]
if: ${{ !cancelled() }} && github.ref == 'refs/heads/master'
uses: spring-media/1up-github-actions/.github/workflows/actions/send-notifications.yml
with:
slack-webhook-url: ${{ inputs.up-slack-webhook-url }}
parent-job-status: ${{ github.action_status }}