Merge branch 'master' into arm #767

Workflow file for this run

.github/workflows/deploy_qa.yml at 28a2ced

	name: "Deploy Update to QA Server"

	on:
	push:
	branches: [arm, master]

	permissions:
	contents: read

	jobs:
	build:
	strategy:
	matrix:
	component: [frontend, backend, maintenance, database]

	runs-on: ubuntu-22.04
	outputs:
	image_tag: ${{ steps.build_combine.outputs.image_tag }}
	steps:
	# See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
	# configuring harden-runner and identifying allowed endpoints.
	- name: Harden Runner
	uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
	with:
	disable-sudo: true
	egress-policy: block
	allowed-endpoints: >
	*.actions.githubusercontent.com:443
	*.cloudfront.net:443
	*.data.mcr.microsoft.com:443
	${{ secrets.AWS_ACCOUNT }}.dkr.ecr.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com
	api.ecr.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443
	api.github.com:443
	api.nuget.org:443
	archive.ubuntu.com:80
	auth.docker.io:443
	codecov.io:443
	dc.services.visualstudio.com:443
	deb.debian.org:80
	docker.io:443
	dotnetcli.azureedge.net:443
	files.pythonhosted.org:443
	github.com:443
	mcr.microsoft.com:443
	ports.ubuntu.com:80
	production.cloudflare.docker.com:443
	public.ecr.aws:443
	pypi.org:443
	registry-1.docker.io:443
	registry.npmjs.org:443
	security.debian.org:80
	security.ubuntu.com:80
	storage.googleapis.com:443
	sts.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443
	uploader.codecov.io:443
	- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	with:
	fetch-depth: 0
	- name: Build The Combine
	id: build_combine
	uses: ./.github/actions/combine-build
	with:
	image_registry: ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com
	aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws_default_region: ${{ secrets.AWS_DEFAULT_REGION }}
	build_component: ${{ matrix.component }}
	clean_ecr_repo:
	needs: build
	runs-on: ubuntu-22.04
	steps:
	# See https://docs.stepsecurity.io/harden-runner/getting-started/ for instructions on
	# configuring harden-runner and identifying allowed endpoints.
	- name: Harden Runner
	uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
	with:
	disable-sudo: true
	egress-policy: block
	allowed-endpoints: >
	*.actions.githubusercontent.com:443
	api.ecr.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443
	github.com:443
	sts.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com:443
	- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
	- name: Remove old AWS ECR images
	# Remove all images for previous version numbers.
	# Example: for tag beginning with v1.2.5-, remove all images with tag v1.2.4-*
	# Example: for tag beginning with v2.4.0-, remove all images with tag v2.3.*
	run: \|
	TAG=${{ needs.build.outputs.image_tag }}
	if [[ $TAG =~ ^v([0-9]+)\.([0-9]+)\.([0-9]+)-.* ]]; then
	VA=${BASH_REMATCH[1]}; VB=${BASH_REMATCH[2]}; VC=${BASH_REMATCH[3]}
	if [[ $VC > 0 ]]; then REM="v${VA}\.${VB}\.$((VC - 1))-.*"
	elif [[ $VB > 0 ]]; then REM="v${VA}\.$((VB - 1))\..*"
	else REM="v$((VA - 1))\..*"; fi
	scripts/clean_aws_repo.py combine_frontend combine_backend combine_maint combine_database --remove "${REM}" --verbose
	fi
	deploy_update:
	needs: build
	# Only push to the QA server when built on the master branch
	if: ${{ github.ref_name == 'master' }}
	runs-on: [self-hosted, thecombine]
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
	with:
	egress-policy: audit

	- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
	- name: Deploy The Combine Update
	uses: ./.github/actions/combine-deploy-update
	with:
	image_registry: ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.${{ secrets.AWS_DEFAULT_REGION }}.amazonaws.com
	image_tag: ${{ needs.build.outputs.image_tag }}
	kube_context: ${{ secrets.LTOPS_K8S_STAGING_CONTEXT }}
	kubectl_version: ${{ vars.KUBECTL_VERSION }}
	update_cert_proxy: false

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge branch 'master' into arm #767

Workflow file

Merge branch 'master' into arm #767

Jobs

Run details

Workflow file for this run