Update postgres Docker tag to v17 #2582
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build and deploy staging | |
on: | |
pull_request: | |
paths-ignore: | |
- 'CHANGELOG.md' | |
- 'README.md' | |
- 'yarn.lock' | |
branches: [master] | |
types: | |
- opened | |
- reopened | |
- synchronize | |
- ready_for_review | |
- unlocked | |
jobs: | |
build: | |
if: github.event.pull_request.draft == false | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
# - name: Check if there are gem updates | |
# id: gem-updates-check | |
# uses: tj-actions/changed-files@aae164d51be780a235cdeea89752bbacbbfee3c3 | |
# with: | |
# files: | | |
# Gemfile | |
# Gemfile.lock | |
# - name: Login to container registry | |
# env: | |
# PASSWORD: ${{ secrets.GHCR }} | |
# run: | | |
# echo $PASSWORD | docker login ghcr.io -u eisbot --password-stdin | |
# - name: No changes in gems | |
# # feature branch has no changes in gems | |
# if: steps.gem-updates-check.outputs.any_changed == 'false' | |
# run: | | |
# echo "DOCKERFILE=Dockerfile.preinstalled_gems" >> $GITHUB_ENV | |
# - name: Gems are changed | |
# # feature branch has new/updated gems | |
# if: steps.gem-updates-check.outputs.any_changed == 'true' | |
# run: | | |
# echo "DOCKERFILE=Dockerfile.generic" >> $GITHUB_ENV | |
# - name: Set image tag | |
# run: | | |
# SHORT_SHA=$(echo $GITHUB_SHA | cut -c 1-7) #pr-s test commit of merged state | |
# echo "TAG=ghcr.io/internetee/registry:RC-$SHORT_SHA" >> $GITHUB_ENV | |
# echo "PROXY_TAG=ghcr.io/internetee/registry:PROXY-RC-$SHORT_SHA" >> $GITHUB_ENV | |
# echo "SHORT_TAG=RC-$SHORT_SHA" >> $GITHUB_ENV | |
# - name: Get pull request reference number | |
# run: | | |
# echo "$GITHUB_REF" | |
# echo "PR_REF=$(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number')" >> $GITHUB_ENV | |
# echo $(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number') | |
# - name: Set EPP port | |
# run: echo "EPP_PORT=${PR_REF:(-3)}" >> $GITHUB_ENV | |
# - name: Set config files for build | |
# env: | |
# ST_APP: ${{ secrets.ST_APPLICATION_YML}} | |
# run: | | |
# mkdir log | |
# echo $ST_APP | base64 -di > config/application.yml | |
# cp config/database.yml.sample config/database.yml | |
# ls -l config/ | |
# - name: Build registry image | |
# env: | |
# KEY_BASE: ${{ secrets.KEY_BASE}} | |
# run: | | |
# docker build -t $TAG --build-arg RAILS_ENV=staging --build-arg SECRET_KEY_BASE="$KEY_BASE" -f $DOCKERFILE . | |
# - name: Clone epp_proxy project | |
# run: | | |
# git clone https://github.com/internetee/epp_proxy.git | |
# - name: Configurate proxy build | |
# run: | | |
# cd epp_proxy/ | |
# sed -i -e 's/LABEL org.opencontainers.image.source=https:\/\/github.com\/internetee\/epp_proxy/LABEL org.opencontainers.image.source=https:\/\/github.com\/internetee\/registry/' Dockerfile.release | |
# echo "EXPOSE 700" >> Dockerfile.release | |
# cd config/ | |
# sed -i -e 's/{insecure, false},/%% {insecure, false},/' sys.config | |
# sed -i -e 's/{epp_session_url, "https:\/\/registry.test\/epp\/session\/"},/{epp_session_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/session\/"},/' sys.config | |
# sed -i -e 's/{epp_command_url, "https:\/\/registry.test\/epp\/command\/"},/{epp_command_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/command\/"},/' sys.config | |
# sed -i -e 's/{epp_error_url, "https:\/\/registry.test\/epp\/error\/"},/{epp_error_url, "http:\/\/st-'$PR_REF'-epp.epp.svc.cluster.local\/epp\/error\/"},/' sys.config | |
# sed -i -e 's/{cacertfile_path, "\/opt\/shared\/ca\/certs\/ca.crt.pem"},/{cacertfile_path, "\/opt\/shared\/ca\/certs\/ca.crt"},/' sys.config | |
# sed -i -e 's/{certfile_path, "\/opt\/shared\/ca\/certs\/cert.pem"},/{certfile_path, "\/opt\/shared\/ca\/certs\/tls.crt"},/' sys.config | |
# sed -i -e 's/{keyfile_path, "\/opt\/shared\/ca\/certs\/key.pem"},/{keyfile_path, "\/opt\/shared\/ca\/certs\/tls.key"}]},/' sys.config | |
# sed -i -e 's/{crlfile_path, "\/opt\/shared\/ca\/certs\/key.pem"}]},//' sys.config | |
# - name: Build proxy image | |
# run: | | |
# cd epp_proxy | |
# docker build -t $PROXY_TAG -f Dockerfile.release . | |
# - name: Push Docker image to gh container registry | |
# run: | | |
# docker push $TAG | |
# docker push $PROXY_TAG | |
# - name: Get repo name | |
# run: | | |
# OIFS=$IFS | |
# IFS='/' | |
# read -a parts <<< "$GITHUB_REPOSITORY" | |
# IFS=OIFS | |
# echo "REPO=${parts[1]}" >> $GITHUB_ENV | |
# - name: Set deploy config | |
# env: | |
# OVPN: ${{ secrets.OVPN }} | |
# VPN_PWD: ${{ secrets.VPN_PWD }} | |
# P12: ${{ secrets.P12 }} | |
# K_CONFIG: ${{ secrets.KUBE_CONFIG }} | |
# SSH_KEY: ${{ secrets.EISBOT_SSH_KEY }} | |
# EPPROXY_CONF: ${{ secrets.EPPROXY_CONF }} | |
# run: | | |
# echo $VPN_PWD | base64 -di > client.pwd | |
# chmod 0600 client.pwd | |
# echo $OVPN | base64 -di > config.ovpn | |
# echo $P12 | base64 -di > cert.p12 | |
# mkdir -p ~/.ssh | |
# echo $SSH_KEY | base64 -di > ~/.ssh/key | |
# chmod 0600 ~/.ssh/key | |
# mkdir -p $REPO/$PR_REF | |
# cd $REPO/$PR_REF | |
# echo "$SHORT_SHA" > TAG | |
# echo $K_CONFIG | base64 -di > kubeconfig | |
# chmod 0600 kubeconfig | |
# # - name: Install Open VPN | |
# run: | | |
# sudo apt-get update | |
# sudo apt-get install openvpn | |
# - name: Deploy from remote server | |
# timeout-minutes: 5 | |
# env: | |
# TOKEN: ${{ secrets.CLOUD_TOKEN }} | |
# run: | | |
# sudo openvpn --config config.ovpn --askpass client.pwd --auth-nocache --daemon& | |
# sleep 15 | |
# ping -c 1 192.168.99.12 | |
# eval `ssh-agent` | |
# touch ~/.ssh/known_hosts | |
# ssh-add ~/.ssh/key | |
# ssh-keyscan 192.168.99.12 > ~/.ssh/known_hosts | |
# rsync -av "$REPO" runner@192.168.99.12:/home/runner/ | |
# ssh -T runner@192.168.99.12 << EOSSH | |
# bash | |
# cd "$REPO"/"$PR_REF" | |
# export KUBECONFIG=./kubeconfig | |
# helm repo add eisrepo https://internetee.github.io/helm-charts/ | |
# helm repo update | |
# helm upgrade --install reg-admin-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF" eisrepo/registry-admin -n reg-admin | |
# helm upgrade --install epp-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF",epp.proxy.enabled=true eisrepo/registry-epp -n epp | |
# helm upgrade --install reg-api-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF" eisrepo/registry-api -n reg-api | |
# TOKEN=${{ secrets.CLOUD_TOKEN }} python3 ../../portOpener.py "$PR_REF" add | |
# rm kubeconfig | |
# echo "Setting up URLs" | |
# echo "server obs.tld.ee | |
# zone pilv.tld.ee | |
# update add reg-admin-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee. | |
# update add repp-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee. | |
# update add reg-api-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee. | |
# send | |
# " | nsupdate -k ~/Kgh-runner.infra.tld.ee.+165+27011.key | |
# if [ "$?" -eq "0" ]; then | |
# echo "CNAME updates were successful" | |
# else | |
# echo "CNAME updates failed" | |
# fi | |
# EOSSH | |
# - name: Notify developers | |
# timeout-minutes: 1 | |
# env: | |
# NOTIFICATION_URL: ${{ secrets.NOTIFICATION_URL}} | |
# run: | | |
# curl -i -X POST --data-urlencode 'payload={ | |
# "text": "\n##### A pull request from ['${{ github.head_ref }}'](https://github.com/internetee/registry/pull/'$PR_REF') to master has been deployed :tada:\n | |
# |Service | :net: | | |
# |:------------|:---------------------------------------:| | |
# | **Admin** | https://reg-admin-'$PR_REF'.pilv.tld.ee | | |
# | **repp** | https://repp-'$PR_REF'.pilv.tld.ee | | |
# | **API** | https://reg-api-'$PR_REF'.pilv.tld.ee | | |
# | **EPP** | riigi.pilv.tld.ee on port '$EPP_PORT' | | |
# Please note that the API is only accessible from Riigipilv. | |
# " | |
# }' $NOTIFICATION_URL |