move pr deployment cluster hostname to secrets #3212
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Push Image | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
# have the ability to trigger this workflow manually | |
workflow_dispatch: | |
jobs: | |
build: | |
name: Build and push image | |
runs-on: ubuntu-20.04 | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Tag Name | |
id: tag_name | |
run: | | |
if [ "${{ github.event_name }}" == "pull_request" ]; then | |
echo "IMAGE_TAGS=pr-${{ github.event.pull_request.number }}.$(date +'%Y%m%d%H%M') pr-${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT | |
echo "LABEL quay.expires-after=3d" >> ./wisdom-service.Containerfile # tag expires in 3 days | |
elif [ "${{ github.event_name }}" == "workflow_dispatch" ]; then | |
echo "IMAGE_TAGS=${{ github.ref_name }}-$( git rev-parse --short HEAD ).$(date +'%Y%m%d%H%M')" >> $GITHUB_OUTPUT | |
else | |
echo "IMAGE_TAGS=latest $(cat ./.version).$(date +'%Y%m%d%H%M')" >> $GITHUB_OUTPUT | |
fi | |
echo "sha-short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
echo "sha-long=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
- name: Retrieve ari knowledge base from s3 | |
run: | | |
aws s3 cp --only-show-errors --recursive ${KB_ARI_PATH}/data ari/kb/data | |
aws s3 cp --only-show-errors --recursive ${KB_ARI_PATH}/rules ari/kb/rules | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: us-east-1 | |
KB_ARI_PATH: ${{ secrets.KB_ARI_PATH }} | |
- name: Free space on build machine | |
run: | | |
rm -rf /opt/hostedtoolcache/Java* | |
rm -rf /opt/hostedtoolcache/Ruby* | |
rm -rf /opt/hostedtoolcache/Go* | |
rm -rf /opt/hostedtoolcache/node* | |
sudo rm -rf /usr/local/lib/android | |
sudo rm -rf /usr/share/dotnet | |
- name: Remove the pre-cached Docker images | |
run: docker image prune --all --force | |
- name: Build Image | |
id: build-image | |
uses: redhat-actions/buildah-build@v2 | |
with: | |
image: wisdom-service | |
tags: ${{ steps.tag_name.outputs.IMAGE_TAGS }} | |
containerfiles: | | |
./wisdom-service.Containerfile | |
labels: | | |
sha-short=${{ steps.tag_name.outputs.sha-short }} | |
sha-long=${{ steps.tag_name.outputs.sha-long }} | |
build-args: | | |
IMAGE_TAGS=${{ steps.tag_name.outputs.IMAGE_TAGS }} | |
GIT_COMMIT=${{ steps.tag_name.outputs.sha-long }} | |
extra-args: | | |
--target=production | |
--ulimit nofile=4096 | |
- name: Scan Malware | |
# Do not scan malware in PR builds | |
if: ${{ github.event_name == 'push' }} | |
run: | | |
id=$(podman create $CLAMAV_DB_IMAGE) | |
podman cp $id:$CLAMAV_DB_DIR clamav-db | |
podman rm -v $id | |
podman build -f ./wisdom-service-clamav.Containerfile -t wisdom-service-clamav . | |
echo '```' > clamav.md | |
podman run -t wisdom-service-clamav | tee -a clamav.md | |
echo '```' >> clamav.md | |
env: | |
CLAMAV_DB_IMAGE: quay.io/redhat-appstudio/clamav-db:latest | |
CLAMAV_DB_DIR: /var/lib/clamav | |
- name: Get Comment Body | |
id: get-comment-body | |
# https://github.com/marketplace/actions/commit-comment#setting-the-comment-body-from-a-file | |
if: ${{ github.event_name == 'push' }} | |
run: | | |
body="$(cat clamav.md)" | |
delimiter="$(openssl rand -hex 8)" | |
echo "body<<$delimiter" >> $GITHUB_OUTPUT | |
echo "$body" >> $GITHUB_OUTPUT | |
echo "$delimiter" >> $GITHUB_OUTPUT | |
- name: Add Malware Scanning Commit Comment | |
if: ${{ github.event_name == 'push' }} | |
uses: peter-evans/commit-comment@v2 | |
with: | |
body: ${{ steps.get-comment-body.outputs.body }} | |
- name: Push To quay.io | |
id: push-to-quay | |
uses: redhat-actions/push-to-registry@v2 | |
with: | |
image: ${{ steps.build-image.outputs.image }} | |
tags: ${{ steps.build-image.outputs.tags }} | |
registry: quay.io/ansible | |
username: ${{ secrets.QUAY_USER }} | |
password: ${{ secrets.QUAY_TOKEN }} | |
- name: Print image url | |
run: echo "Image pushed to ${{ steps.push-to-quay.outputs.registry-paths }}" | |
- name: Report to slack | |
id: slack | |
uses: slackapi/slack-github-action@v1.23.0 | |
with: | |
# For posting a rich message using Block Kit | |
payload: | | |
{ | |
"text": "wisdom service image build result: ${{ job.status }}\nimage tag: ${{ steps.build-image.outputs.tags }}\nlink to action: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
} | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | |
if: ${{ always() }} |