Infra: Fix permissions for checkout (#28) #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Main: Build & deploy" | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [ "main" ] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: # TODO remove when public | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| token: ${{ github.token }} # TODO remove when public | |
| - name: Set up JDK | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'zulu' | |
| cache: 'maven' | |
| - name: Build | |
| id: build | |
| run: | | |
| ./mvnw -B -ntp versions:set -DnewVersion=$GITHUB_SHA | |
| ./mvnw -V -B -ntp clean package -Pprod -DskipTests | |
| export VERSION=$(./mvnw -q -Dexec.executable=echo -Dexec.args='${project.version}' --non-recursive exec:exec) | |
| echo "version=${VERSION}" >> $GITHUB_OUTPUT | |
| ################# | |
| # # | |
| # Docker images # | |
| # # | |
| ################# | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Cache Docker layers | |
| uses: actions/cache@v3 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Build and push | |
| if: false # TODO fix for github images | |
| id: docker_build_and_push | |
| uses: docker/build-push-action@v4 | |
| with: | |
| builder: ${{ steps.buildx.outputs.name }} | |
| context: kafka-ui-api | |
| platforms: linux/amd64,linux/arm64 | |
| provenance: false | |
| push: true | |
| tags: | | |
| ghcr.io/kafbat/kafka-ui:${{ steps.build.outputs.version }} | |
| ghcr.io/kafbat/kafka-ui:main | |
| build-args: | | |
| JAR_FILE=kafka-ui-api-${{ steps.build.outputs.version }}.jar | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| ################################# | |
| # # | |
| # Main image digest update # | |
| # # | |
| ################################# | |
| - name: update-master-deployment | |
| if: false # TODO remove after infra fix | |
| run: | | |
| git clone https://infra-tech:${{ secrets.INFRA_USER_ACCESS_TOKEN }}@github.com/kafbat/ui-infra.git --branch main | |
| cd kafka-ui-infra/aws-infrastructure4eks/argocd/scripts | |
| echo "Image digest is:${{ steps.docker_build_and_push.outputs.digest }}" | |
| ./kafka-ui-update-master-digest.sh ${{ steps.docker_build_and_push.outputs.digest }} | |
| git config --global user.email "infra@kafbat.io" | |
| git config --global user.name "infra-tech" | |
| git add ../kafka-ui/* | |
| git commit -m "updated master image digest: ${{ steps.docker_build_and_push.outputs.digest }}" && git push |