From 22f27496373ca197005ed4c3d58025692a8ed4e6 Mon Sep 17 00:00:00 2001 From: William Hearn Date: Sun, 16 Aug 2020 11:22:38 -0400 Subject: [PATCH] feat(ci): Automate build and publish --- .github/workflows/build.yml | 38 ++++++++++++++++++++++ .github/workflows/publish.yml | 60 +++++++++++++++++++++++++++++++++++ deploy/deploy.yaml | 2 +- 3 files changed, 99 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 00000000..c33d1d7b --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,38 @@ +# This workflow will build a docker container, publish it to Azure Container Registry, and deploy it to Azure Kubernetes Service using a helm chart. +# +# https://github.com/Azure/actions-workflow-samples/tree/master/Kubernetes +# +# To configure this workflow: +# +# 1. Set up the following secrets in your workspace: +# a. REGISTRY_USERNAME with ACR username +# b. REGISTRY_PASSWORD with ACR Password +# c. AZURE_CREDENTIALS with the output of `az ad sp create-for-rbac --sdk-auth` +# +# 2. Change the values for the REGISTRY_NAME, CLUSTER_NAME, CLUSTER_RESOURCE_GROUP and NAMESPACE environment variables (below). +name: build +on: [pull_request] + +# Environment variables available to all jobs and steps in this workflow +env: + REGISTRY_NAME: k8scc01covidacr + CLUSTER_NAME: k8s-cancentral-02-covid-aks + CLUSTER_RESOURCE_GROUP: k8s-cancentral-01-covid-aks + NAMESPACE: web + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + + # Container build + - run: | + docker build -f Dockerfile -t ${{ env.REGISTRY_NAME }}.azurecr.io/jupyter-apis:${{ github.sha }} . + + # Scan image for vulnerabilities + - uses: Azure/container-scan@v0 + with: + image-name: ${{ env.REGISTRY_NAME }}.azurecr.io/jupyter-apis:${{ github.sha }} + severity-threshold: CRITICAL + run-quality-checks: false diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..728063d3 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,60 @@ +# This workflow will build a docker container, publish it to Azure Container Registry, and deploy it to Azure Kubernetes Service using a helm chart. +# +# https://github.com/Azure/actions-workflow-samples/tree/master/Kubernetes +# +# To configure this workflow: +# +# 1. Set up the following secrets in your workspace: +# a. REGISTRY_USERNAME with ACR username +# b. REGISTRY_PASSWORD with ACR Password +# c. AZURE_CREDENTIALS with the output of `az ad sp create-for-rbac --sdk-auth` +# +# 2. Change the values for the REGISTRY_NAME, CLUSTER_NAME, CLUSTER_RESOURCE_GROUP and NAMESPACE environment variables (below). +name: publish +on: + push: + branches: + - master + +# Environment variables available to all jobs and steps in this workflow +env: + REGISTRY_NAME: k8scc01covidacr + CLUSTER_NAME: k8s-cancentral-02-covid-aks + CLUSTER_RESOURCE_GROUP: k8s-cancentral-01-covid-aks + NAMESPACE: web + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@master + + # Connect to Azure Container registry (ACR) + - uses: azure/docker-login@v1 + with: + login-server: ${{ env.REGISTRY_NAME }}.azurecr.io + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} + + # Container build and push to a Azure Container registry (ACR) + - run: | + docker build -f Dockerfile -t ${{ env.REGISTRY_NAME }}.azurecr.io/jupyter-apis:${{ github.sha }} . + docker push ${{ env.REGISTRY_NAME }}.azurecr.io/jupyter-apis:${{ github.sha }} + + # Scan image for vulnerabilities + - uses: Azure/container-scan@v0 + with: + image-name: ${{ env.REGISTRY_NAME }}.azurecr.io/jupyter-apis:${{ github.sha }} + severity-threshold: CRITICAL + run-quality-checks: false + + # Prepare to deploy the image + - run: | + sed -i -E 's/[0-9a-f]{40}/${{ github.sha }}/g' deploy/deploy.yaml + + # Deploy to Kubernetes + - name: kubectl + uses: statcan/actions/kubectl@master + with: + kubeconfig: ${{ secrets.KUBECONFIG }} + args: apply -f deploy/deploy.yaml diff --git a/deploy/deploy.yaml b/deploy/deploy.yaml index c1e9a0d1..6d51ab6d 100644 --- a/deploy/deploy.yaml +++ b/deploy/deploy.yaml @@ -21,7 +21,7 @@ spec: app.kubernetes.io/name: jupyter-apis spec: containers: - - image: zachomedia/jupyter-apis:latest + - image: k8scc01covidacr.azurecr.io/jupyter-apis:c6280e40c11618c3908449d92f2f67d4e6b17ecc imagePullPolicy: Always name: jupyter-web-app ports: