Merge pull request #53 from vzwingma/fix/49_validate_jwt #30
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI - native release apps | |
| # Controls when the action will run. | |
| on: | |
| # Triggers the workflow on push or pull request events but only for tags | |
| push: | |
| tags: | |
| - '*' | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| jobs: | |
| # BUILD COMMUNS | |
| build-communs: | |
| name: Build Communs | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| environment: PROD | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - name: Checkout sources | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 21 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| - name: Cache Maven packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-m2 | |
| # Update version | |
| - name: Get tag Version | |
| id: get_version | |
| run: echo VERSION=$(echo $GITHUB_REF | cut -d / -f 3 | cut -b 2- ) >> $GITHUB_OUTPUT | |
| - name: Apply version | |
| run: mvn versions:set -DnewVersion=${{ steps.get_version.outputs.VERSION }} | |
| - name: Commit version | |
| run: mvn versions:commit | |
| # Runs the Build with Maven | |
| - name: Build Communs with Maven | |
| run: mvn clean install -B --file communs/pom.xml | |
| # Publish | |
| - name: Publish to GitHub Packages Apache Maven | |
| run: mvn --batch-mode deploy -DskipTests=true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Upload SAM configurations | |
| - name: Find and Replace in Serverless Application Manager Config | |
| run: sed "s/__ENV__/PROD/g" /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/communs/src/aws-deploy/samconfig.template.toml > /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/communs/src/aws-deploy/samconfig.toml | |
| - name: Find and Replace in Serverless Application Manager | |
| run: sed -e "s/__ENV__/PROD/g" -e "s/__VERSION__/${{ steps.get_version.outputs.VERSION }}/g" -e "s/__DATABASE_URL__/${{ secrets.DATABASE_URL }}/g" -e "s/__DATABASE_NAME__/${{ secrets.DATABASE_NAME }}/g" -e "s/__APP_CONFIG_URL_IHM__/${{ vars.APP_CONFIG_URL_IHM }}/g" -e "s/__APP_CONFIG_URL_BACKENDS__/${{ vars.APP_CONFIG_URL_BACKENDS }}/g" -e "s/__OIDC_JWT_ID_APPUSERCONTENT__/${{ secrets.OIDC_JWT_ID_APPUSERCONTENT }}/g" -e "s/__QUARKUS_LOG_LEVEL__/${{ vars.QUARKUS_LOG_LEVEL }}/g" -e "s/__MONGODB_LOG_LEVEL__/${{ vars.MONGODB_LOG_LEVEL }}/g" /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/communs/src/aws-deploy/sam.native.template.yaml > /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/communs/src/aws-deploy/sam.native.yaml | |
| - uses: actions/upload-artifact@v4 | |
| name: Upload SAM Function Configuration | |
| with: | |
| name: function-sam | |
| path: /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/communs/src/aws-deploy/sam.native.yaml | |
| - uses: actions/upload-artifact@v4 | |
| name: Upload SAM Configuration | |
| with: | |
| name: sam | |
| path: /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/communs/src/aws-deploy/samconfig.toml | |
| ########################### | |
| # BUILD # | |
| ########################### | |
| # Paramétrages | |
| build-quarkus-parametrages: | |
| name: Build µS Paramétrages | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| needs: build-communs | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 21 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| # Step that does that actual cache save and restore | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| # Update version | |
| - name: Get tag Version | |
| id: get_version | |
| run: echo VERSION=$(echo $GITHUB_REF | cut -d / -f 3 | cut -b 2- ) >> $GITHUB_OUTPUT | |
| - name: Apply version | |
| run: mvn versions:set -DnewVersion=${{ steps.get_version.outputs.VERSION }} | |
| - name: Commit version | |
| run: mvn versions:commit | |
| # Runs a single command using the runners shell | |
| - name: Build Parametrage Native App with Maven | |
| run: mvn install -B -P native -Dnative -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image:24.0-jdk-22 --file parametrages/pom.xml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Upload Releases Snapshot | |
| - uses: actions/upload-artifact@v4 | |
| name: Upload Fonction serverless Paramétrages | |
| with: | |
| name: parametrages-function | |
| path: /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/parametrages/target/function.zip | |
| # Utilisateurs | |
| build-quarkus-utilisateurs: | |
| name: Build µS Utilisateurs | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| needs: build-communs | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 21 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| # Step that does that actual cache save and restore | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| # Update version | |
| - name: Get tag Version | |
| id: get_version | |
| run: echo VERSION=$(echo $GITHUB_REF | cut -d / -f 3 | cut -b 2- ) >> $GITHUB_OUTPUT | |
| - name: Apply version | |
| run: mvn versions:set -DnewVersion=${{ steps.get_version.outputs.VERSION }} | |
| - name: Commit version | |
| run: mvn versions:commit | |
| # Runs a single command using the runners shell | |
| - name: Build Utilisateurs Native App with Maven | |
| run: mvn install -B -P native -Dnative -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image:24.0-jdk-22 --file utilisateurs/pom.xml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Upload Releases Snapshot | |
| - uses: actions/upload-artifact@v4 | |
| name: Upload Fonction serverless Utilisateurs | |
| with: | |
| name: utilisateurs-function | |
| path: /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/utilisateurs/target/function.zip | |
| # Paramétrages | |
| build-quarkus-comptes: | |
| name: Build µS Comptes | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| needs: build-communs | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 21 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| # Step that does that actual cache save and restore | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| # Update version | |
| - name: Get tag Version | |
| id: get_version | |
| run: echo VERSION=$(echo $GITHUB_REF | cut -d / -f 3 | cut -b 2- ) >> $GITHUB_OUTPUT | |
| - name: Apply version | |
| run: mvn versions:set -DnewVersion=${{ steps.get_version.outputs.VERSION }} | |
| - name: Commit version | |
| run: mvn versions:commit | |
| # Runs a single command using the runners shell | |
| - name: Build Comptes Native App with Maven | |
| run: mvn install -B -P native -Dnative -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image:24.0-jdk-22 --file comptes/pom.xml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Upload Releases Snapshot | |
| - uses: actions/upload-artifact@v4 | |
| name: Upload Fonction serverless Comptes | |
| with: | |
| name: comptes-function | |
| path: /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/comptes/target/function.zip | |
| # Paramétrages | |
| build-quarkus-operations: | |
| name: Build µS Opérations | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| needs: build-communs | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: 21 | |
| distribution: 'temurin' | |
| cache: 'maven' | |
| # Step that does that actual cache save and restore | |
| - uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| # Update version | |
| - name: Get tag Version | |
| id: get_version | |
| run: echo VERSION=$(echo $GITHUB_REF | cut -d / -f 3 | cut -b 2- ) >> $GITHUB_OUTPUT | |
| - name: Apply version | |
| run: mvn versions:set -DnewVersion=${{ steps.get_version.outputs.VERSION }} | |
| - name: Commit version | |
| run: mvn versions:commit | |
| # Runs a single command using the runners shell | |
| - name: Build Opérations Native App with Maven | |
| run: mvn install -B -P native -Dnative -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image:24.0-jdk-22 --file operations/pom.xml | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Upload Releases Snapshot | |
| - uses: actions/upload-artifact@v4 | |
| name: Upload Fonction serverless Opérations | |
| with: | |
| name: operations-function | |
| path: /home/runner/work/gestion-budget-serverless/gestion-budget-serverless/operations/target/function.zip | |
| ########################### | |
| # DEPLOY # | |
| ########################### | |
| deploy-lambdas-apps: | |
| name: Deploy Lambda on PROD | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build-quarkus-parametrages | |
| - build-quarkus-utilisateurs | |
| - build-quarkus-comptes | |
| - build-quarkus-operations | |
| steps: | |
| - uses: aws-actions/setup-sam@v2 | |
| name: Configure SAM | |
| with: | |
| use-installer: true | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| name: Configure AWS Access | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: eu-west-3 | |
| - uses: actions/download-artifact@v4 | |
| id: downloadServiceParametrage | |
| name: Download Service Paramétrages | |
| with: | |
| name: parametrages-function | |
| path: parametrages | |
| - uses: actions/download-artifact@v4 | |
| id: downloadServiceUtilisateurs | |
| name: Download Service Utilisateurs | |
| with: | |
| name: utilisateurs-function | |
| path: utilisateurs | |
| - uses: actions/download-artifact@v4 | |
| id: downloadServiceComptes | |
| name: Download Service Comptes | |
| with: | |
| name: comptes-function | |
| path: comptes | |
| - uses: actions/download-artifact@v4 | |
| id: downloadServiceOperations | |
| name: Download Service Opérations | |
| with: | |
| name: operations-function | |
| path: operations | |
| - uses: actions/download-artifact@v4 | |
| id: downloadSAMFunction | |
| name: Download SAM Function | |
| with: | |
| name: function-sam | |
| - uses: actions/download-artifact@v4 | |
| id: downloadSAM | |
| name: Download SAM Config | |
| with: | |
| name: sam | |
| - name: Display structure of downloaded files | |
| run: ls -R | |
| # Build inside Docker containers | |
| - run: sam build --use-container -t sam.native.yaml --config-file samconfig.toml | |
| name: SAM Build | |
| # Prevent prompts and failure when the stack is unchanged | |
| - run: sam deploy --no-confirm-changeset --no-fail-on-empty-changeset -t sam.native.yaml --config-file samconfig.toml | |
| name: SAM Deploy | |
| # | |
| ## CLEAN GitHub Packages | |
| # | |
| clean-github-packages: | |
| name: Clean packages | |
| permissions: write-all | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/delete-package-versions@v5 | |
| with: | |
| package-name: 'io.github.vzwingma.finances.budget.serverless.communs' | |
| package-type: 'maven' | |
| min-versions-to-keep: 3 | |
| - uses: actions/delete-package-versions@v5 | |
| with: | |
| package-name: 'io.github.vzwingma.finances.budget.serverless.services' | |
| package-type: 'maven' | |
| min-versions-to-keep: 3 | |
| - uses: actions/delete-package-versions@v5 | |
| with: | |
| package-name: 'io.github.vzwingma.finances.budget.serverless.utilisateurs' | |
| package-type: 'maven' | |
| min-versions-to-keep: 3 | |
| - uses: actions/delete-package-versions@v5 | |
| with: | |
| package-name: 'io.github.vzwingma.finances.budget.serverless.parametrages' | |
| package-type: 'maven' | |
| min-versions-to-keep: 3 | |
| - uses: actions/delete-package-versions@v5 | |
| with: | |
| package-name: 'io.github.vzwingma.finances.budget.serverless.comptes' | |
| package-type: 'maven' | |
| min-versions-to-keep: 3 | |
| - uses: actions/delete-package-versions@v5 | |
| with: | |
| package-name: 'io.github.vzwingma.finances.budget.serverless.operations' | |
| package-type: 'maven' | |
| min-versions-to-keep: 3 |