Skip to content
.github/workflows/aws-cloud-deploy.yml

AWS - option to disable x86 or arm build #7

Sign in to view logs

AWS - option to disable x86 or arm build

AWS - option to disable x86 or arm build #7

Workflow file for this run

.github/workflows/aws-cloud-deploy.yml at 6cadd06
name: 'Brightspot AWS Deploy'
on:
workflow_call:
inputs:
war-artifact-name:
description: 'Name of GitHub Actions artifact containing the WAR file'
type: string
default: 'brightspot-build'
publish-brightspot-version:
description: 'Whether to publish the calculated Brightspot version to Ops Desk'
type: boolean
default: true
region:
description: 'Region project is deployed to'
required: true
type: string
project:
description: 'Shortname for project'
required: true
type: string
repository:
description: 'Repository name. This overrides the default which is ${project}/${project}'
required: false
type: string
deploy-s3:
description: 'Deploy to S3 in addition to the container build'
required: false
default: false
type: boolean
deploy-bucket:
description: 'S3 bucket to deploy to'
required: false
type: string
deploy-bucket-prefix:
description: 'Directory prefix within the S3 bucket'
required: false
type: string
build-arm-container:
description: 'Build ARM container'
required: false
default: true
type: boolean
build-x86-container:
description: 'Build X86 container'
required: false
default: true
type: boolean
deploy-container:
description: 'Deploy to container build'
required: false
default: true
type: boolean
dockerfile-directory:
description: 'Directory containing Dockerfile for deploy. Defaults to etc/container'
required: false
type: string
default: 'etc/container'
runs-on:
description: Platform to execute on
type: string
default: ubuntu-20.04-4core
runs-on-arm:
description: Platform to execute on
type: string
default: ubuntu-22.04-arm64-4core
secrets:
AWS_ACCESS_KEY_ID:
required: false
AWS_SECRET_ACCESS_KEY:
required: false
AWS_SESSION_TOKEN:
required: false
CLOUD_AWS_ACCESS_KEY_ID:
required: false
CLOUD_AWS_SECRET_ACCESS_KEY:
required: false
CLOUD_AWS_SESSION_TOKEN:
required: false
OPSDESK_API_CLIENT_ID:
required: false
OPSDESK_API_SECRET:
required: false
jobs:
build-x86-container:
if: ${{ inputs.build-x86-container }}
name: "Build x86 Contaner"
runs-on: ${{ inputs.runs-on }}
env:
aws_access_secret: ${{ secrets.AWS_ACCESS_KEY_ID }}
cloud_aws_access_secret: ${{ secrets.CLOUD_AWS_ACCESS_KEY_ID }}
opsdesk_api_client_id: ${{ secrets.OPSDESK_API_CLIENT_ID }}
# Map the job outputs to step outputs
outputs:
container-build-tag: ${{ steps.build-container.outputs.container-build-tag }}
container-version-tag: ${{ steps.build-container.outputs.container-version-tag }}
caller-sha: ${{ steps.workflows-version.outputs.caller-sha }}
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: ${{ inputs.war-artifact-name }}
path: brightspot-build
- name: Get workflow reference
id: workflow-version
run: |
sha=$(curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }} | jq -r '.referenced_workflows[] | select(.path|contains("aws-cloud-deploy")) | .sha')
echo "caller-sha=$sha" >> $GITHUB_OUTPUT
- uses: actions/checkout@v4
with:
repository: perfectsense/brightspot-github-actions-workflows
ref: ${{ steps.workflow-version.outputs.caller-sha }}
path: ./brightspot
- name: Get Tag Version
shell: bash
run: |
echo "GITHUB_ACTIONS_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
echo "GITHUB_ACTIONS_PULL_REQUEST=${{ github.event.pull_request.number }}" >> $GITHUB_ENV
- name: Deploy to S3
if: ${{ inputs.deploy-s3 && env.aws_access_secret != '' }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
AWS_DEFAULT_REGION: ${{ inputs.region }}
DEPLOY_BUCKET: ${{ inputs.deploy-bucket }}
DEPLOY_BUCKET_PREFIX: ${{ inputs.deploy-bucket-prefix }}
DEPLOY_SOURCE_DIR: brightspot-build
shell: bash
run: ./brightspot/aws/aws-s3-deploy.sh
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
if: ${{ inputs.deploy-container && env.cloud_aws_access_secret != '' }}
with:
aws-access-key-id: ${{ secrets.CLOUD_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.CLOUD_AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.CLOUD_AWS_SESSION_TOKEN}}
aws-region: ${{ inputs.region }}
- name: ECR
if: ${{ inputs.deploy-container && env.cloud_aws_access_secret != '' }}
run: |
echo "Project ECR - ${{ vars.PROJECT_AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.region }}.amazonaws.com"
echo "Brightspot Cloud ECR - ${{ vars.CLOUD_AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.region }}.amazonaws.com"
- name: Login to project ECR
uses: docker/login-action@v3
if: ${{ inputs.deploy-container && env.cloud_aws_access_secret != '' }}
with:
registry: ${{ vars.PROJECT_AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.region }}.amazonaws.com
- name: Login to Brightspot Cloud ECR
uses: docker/login-action@v3
if: ${{ inputs.deploy-container && env.cloud_aws_access_secret != '' }}
with:
registry: ${{ vars.CLOUD_AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.region }}.amazonaws.com
- name: Build Container
id: build-container
if: ${{ inputs.deploy-container && env.cloud_aws_access_secret != '' }}
shell: bash
run: |
version=""
build=""
echo "GITHUB_ACTIONS_TAG ${GITHUB_ACTIONS_TAG}"
echo "GITHUB_ACTIONS_PULL_REQUEST ${GITHUB_ACTIONS_PULL_REQUEST}"
if [[ ! -z "$GITHUB_ACTIONS_PULL_REQUEST" && "$GITHUB_ACTIONS_PULL_REQUEST" != "" ]]; then
version="pullrequest-$GITHUB_ACTIONS_PULL_REQUEST"
build=pullrequest-$GITHUB_ACTIONS_PULL_REQUEST-build$GITHUB_RUN_NUMBER
elif [[ "$GITHUB_ACTIONS_TAG" =~ ^v[0-9]+\. ]]; then
echo "GITHUB_ACTIONS_TAG ${GITHUB_ACTIONS_TAG}"
version=release-${GITHUB_ACTIONS_TAG/v/}
build=release-${GITHUB_ACTIONS_TAG/v/}
else
COMMIT_COUNT=$(git rev-list --count HEAD)
COMMIT_SHA=$(git rev-parse --short=6 HEAD)
build=development-$(git describe --all | sed 's/heads\///' | sed 's/\//-/g')
build+=-build$GITHUB_RUN_NUMBER
version=development-$(git describe --all | sed 's/heads\///' | sed 's/\//-/g')
fi
cp brightspot-build/*.war ${{ inputs.dockerfile-directory }}/web.war
cd ${{ inputs.dockerfile-directory }}
PROJECT="${{ inputs.project }}"
REPOSITORY="${{ inputs.repository }}"
if [ -z ${REPOSITORY} ]; then
REPOSITORY="$PROJECT/$PROJECT"
fi
REGISTRY="${{ vars.PROJECT_AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.region }}.amazonaws.com"
BUILD_TAG="$REGISTRY/$REPOSITORY:$build-X64"
VERSION_TAG="$REGISTRY/$REPOSITORY:$version-X64"
docker buildx build --push --build-arg WAR_ARTIFACT=web.war -t $VERSION_TAG -t $BUILD_TAG -f Dockerfile --metadata-file docker-metadata.json .
echo "container-build-tag=$(echo $BUILD_TAG)" >> $GITHUB_OUTPUT
echo "container-version-tag=$(echo $VERSION_TAG)" >> $GITHUB_OUTPUT
- uses: actions/download-artifact@v4
if: ${{ inputs.publish-brightspot-version }}
with:
name: brightspot-version
path: brightspot-version
- name: Upload Brightspot version
if: ${{ inputs.publish-brightspot-version && inputs.deploy-container && env.cloud_aws_access_secret != '' && env.opsdesk_api_client_id != '' }}
run: ./brightspot/analysis/opsdesk-post.sh brightspot-version/brightspot-version.txt ./${{ inputs.dockerfile-directory }}/docker-metadata.json ${{ secrets.OPSDESK_API_CLIENT_ID }} ${{ secrets.OPSDESK_API_SECRET }}
shell: bash
build-arm-container:
name: "Build ARM Contaner"
if: ${{ inputs.build-arm-container }}
runs-on: ${{ inputs.runs-on-arm }}
env:
aws_access_secret: ${{ secrets.AWS_ACCESS_KEY_ID }}
cloud_aws_access_secret: ${{ secrets.CLOUD_AWS_ACCESS_KEY_ID }}
opsdesk_api_client_id: ${{ secrets.OPSDESK_API_CLIENT_ID }}
# Map the job outputs to step outputs
outputs:
container-build-tag: ${{ steps.build-container.outputs.container-build-tag }}
container-version-tag: ${{ steps.build-container.outputs.container-version-tag }}
caller-sha: ${{ steps.workflows-version.outputs.caller-sha }}
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: ${{ inputs.war-artifact-name }}
path: brightspot-build
- name: Get workflow reference
id: workflow-version
run: |
sha=$(curl -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }} | jq -r '.referenced_workflows[] | select(.path|contains("aws-cloud-deploy")) | .sha')
echo "caller-sha=$sha" >> $GITHUB_OUTPUT
- uses: actions/checkout@v4
with:
repository: perfectsense/brightspot-github-actions-workflows
ref: ${{ steps.workflow-version.outputs.caller-sha }}
path: ./brightspot
- name: Get Tag Version
shell: bash
run: |
echo "GITHUB_ACTIONS_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
echo "GITHUB_ACTIONS_PULL_REQUEST=${{ github.event.pull_request.number }}" >> $GITHUB_ENV
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
if: ${{ inputs.deploy-container && env.cloud_aws_access_secret != '' }}
with:
aws-access-key-id: ${{ secrets.CLOUD_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.CLOUD_AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.CLOUD_AWS_SESSION_TOKEN}}
aws-region: ${{ inputs.region }}
- name: ECR
if: ${{ inputs.deploy-container && env.cloud_aws_access_secret != '' }}
run: |
echo "Project ECR - ${{ vars.PROJECT_AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.region }}.amazonaws.com"
echo "Brightspot Cloud ECR - ${{ vars.CLOUD_AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.region }}.amazonaws.com"
- name: Login to project ECR
uses: docker/login-action@v3
if: ${{ inputs.deploy-container && env.cloud_aws_access_secret != '' }}
with:
registry: ${{ vars.PROJECT_AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.region }}.amazonaws.com
- name: Login to Brightspot Cloud ECR
uses: docker/login-action@v3
if: ${{ inputs.deploy-container && env.cloud_aws_access_secret != '' }}
with:
registry: ${{ vars.CLOUD_AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.region }}.amazonaws.com
- name: Build Container
id: build-container
if: ${{ inputs.deploy-container && env.cloud_aws_access_secret != '' }}
shell: bash
run: |
version=""
build=""
echo "GITHUB_ACTIONS_TAG ${GITHUB_ACTIONS_TAG}"
echo "GITHUB_ACTIONS_PULL_REQUEST ${GITHUB_ACTIONS_PULL_REQUEST}"
if [[ ! -z "$GITHUB_ACTIONS_PULL_REQUEST" && "$GITHUB_ACTIONS_PULL_REQUEST" != "" ]]; then
version="pullrequest-$GITHUB_ACTIONS_PULL_REQUEST"
build=pullrequest-$GITHUB_ACTIONS_PULL_REQUEST-build$GITHUB_RUN_NUMBER
elif [[ "$GITHUB_ACTIONS_TAG" =~ ^v[0-9]+\. ]]; then
echo "GITHUB_ACTIONS_TAG ${GITHUB_ACTIONS_TAG}"
version=release-${GITHUB_ACTIONS_TAG/v/}
build=release-${GITHUB_ACTIONS_TAG/v/}
else
COMMIT_COUNT=$(git rev-list --count HEAD)
COMMIT_SHA=$(git rev-parse --short=6 HEAD)
build=development-$(git describe --all | sed 's/heads\///' | sed 's/\//-/g')
build+=-build$GITHUB_RUN_NUMBER
version=development-$(git describe --all | sed 's/heads\///' | sed 's/\//-/g')
fi
cp brightspot-build/*.war ${{ inputs.dockerfile-directory }}/web.war
cd ${{ inputs.dockerfile-directory }}
PROJECT="${{ inputs.project }}"
REPOSITORY="${{ inputs.repository }}"
if [ -z ${REPOSITORY} ]; then
REPOSITORY="$PROJECT/$PROJECT"
fi
REGISTRY="${{ vars.PROJECT_AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.region }}.amazonaws.com"
BUILD_TAG="$REGISTRY/$REPOSITORY:$build-ARM64"
VERSION_TAG="$REGISTRY/$REPOSITORY:$version-ARM64"
docker buildx build --platform=linux/arm64 --push --build-arg WAR_ARTIFACT=web.war -t $VERSION_TAG -t $BUILD_TAG -f Dockerfile --metadata-file docker-metadata.json .
echo "container-build-tag=$(echo $BUILD_TAG)" >> $GITHUB_OUTPUT
echo "container-version-tag=$(echo $VERSION_TAG)" >> $GITHUB_OUTPUT
- uses: actions/download-artifact@v4
if: ${{ inputs.publish-brightspot-version }}
with:
name: brightspot-version
path: brightspot-version
- name: Upload Brightspot version
if: ${{ inputs.publish-brightspot-version && inputs.deploy-container && env.cloud_aws_access_secret != '' && env.opsdesk_api_client_id != '' }}
run: ./brightspot/analysis/opsdesk-post.sh brightspot-version/brightspot-version.txt ./${{ inputs.dockerfile-directory }}/docker-metadata.json ${{ secrets.OPSDESK_API_CLIENT_ID }} ${{ secrets.OPSDESK_API_SECRET }}
shell: bash
build-aws-image-manifest:
name: "Build Contaner Manifest"
if: ${{ inputs.deploy-container && (inputs.build-arm-container || inputs.build-x86-container) }}
runs-on: ubuntu-20.04
env:
aws_access_secret: ${{ secrets.AWS_ACCESS_KEY_ID }}
cloud_aws_access_secret: ${{ secrets.CLOUD_AWS_ACCESS_KEY_ID }}
opsdesk_api_client_id: ${{ secrets.OPSDESK_API_CLIENT_ID }}
# Map the job outputs to step outputs
outputs:
container-build-tag: ${{ steps.tag-container.outputs.container-build-tag }}
container-version-tag: ${{ steps.tag-container.outputs.container-version-tag }}
if: ${{ always() }}

Check failure on line 371 in .github/workflows/aws-cloud-deploy.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/aws-cloud-deploy.yml

Invalid workflow file 

You have an error in your yaml syntax on line 371
needs: [build-x86-container, build-arm-container]
strategy:
matrix:
jdk_version: [jdk11]
steps:
- uses: actions/checkout@v4
- name: Get Tag Version
shell: bash
run: |
echo "GITHUB_ACTIONS_TAG=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
echo "GITHUB_ACTIONS_PULL_REQUEST=${{ github.event.pull_request.number }}" >> $GITHUB_ENV
- name: Get Container Version
id: tag-container
shell: bash
run: |
version=""
build=""
echo "GITHUB_ACTIONS_TAG ${GITHUB_ACTIONS_TAG}"
echo "GITHUB_ACTIONS_PULL_REQUEST ${GITHUB_ACTIONS_PULL_REQUEST}"
if [[ ! -z "$GITHUB_ACTIONS_PULL_REQUEST" && "$GITHUB_ACTIONS_PULL_REQUEST" != "" ]]; then
version="pullrequest-$GITHUB_ACTIONS_PULL_REQUEST"
build=pullrequest-$GITHUB_ACTIONS_PULL_REQUEST-build$GITHUB_RUN_NUMBER
elif [[ "$GITHUB_ACTIONS_TAG" =~ ^v[0-9]+\. ]]; then
echo "GITHUB_ACTIONS_TAG ${GITHUB_ACTIONS_TAG}"
version=release-${GITHUB_ACTIONS_TAG/v/}
build=release-${GITHUB_ACTIONS_TAG/v/}
else
COMMIT_COUNT=$(git rev-list --count HEAD)
COMMIT_SHA=$(git rev-parse --short=6 HEAD)
build=development-$(git describe --all | sed 's/heads\///' | sed 's/\//-/g')
build+=-build$GITHUB_RUN_NUMBER
version=development-$(git describe --all | sed 's/heads\///' | sed 's/\//-/g')
fi
PROJECT="${{ inputs.project }}"
REPOSITORY="${{ inputs.repository }}"
if [ -z ${REPOSITORY} ]; then
REPOSITORY="$PROJECT/$PROJECT"
fi
REGISTRY="${{ vars.PROJECT_AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.region }}.amazonaws.com"
BUILD_TAG="$REGISTRY/$REPOSITORY:$build"
VERSION_TAG="$REGISTRY/$REPOSITORY:$version"
echo "container-registry=$(echo $REGISTRY)" >> $GITHUB_OUTPUT
echo "container-build-tag=$(echo $BUILD_TAG)" >> $GITHUB_OUTPUT
echo "container-version-tag=$(echo $VERSION_TAG)" >> $GITHUB_OUTPUT
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
if: ${{ env.cloud_aws_access_secret != '' }}
with:
aws-access-key-id: ${{ secrets.CLOUD_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.CLOUD_AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.CLOUD_AWS_SESSION_TOKEN}}
aws-region: ${{ inputs.region }}
- name: ECR
if: ${{ env.cloud_aws_access_secret != '' }}
run: |
echo "Project ECR - ${{ vars.PROJECT_AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.region }}.amazonaws.com"
echo "Brightspot Cloud ECR - ${{ vars.CLOUD_AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.region }}.amazonaws.com"
- name: Login to project ECR
uses: docker/login-action@v3
if: ${{ env.cloud_aws_access_secret != '' }}
with:
registry: ${{ vars.PROJECT_AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.region }}.amazonaws.com
- name: Login to Brightspot Cloud ECR
uses: docker/login-action@v3
if: ${{ env.cloud_aws_access_secret != '' }}
with:
registry: ${{ vars.CLOUD_AWS_ACCOUNT_ID }}.dkr.ecr.${{ inputs.region }}.amazonaws.com
- uses: int128/docker-manifest-create-action@v2
if: ${{ env.cloud_aws_access_secret != '' }}
with:
tags: |
${{ steps.tag-container.outputs.container-build-tag }}
${{ steps.tag-container.outputs.container-version-tag }}
sources: |
if [ -n "${{ inputs.build-arm-container }}" ]; then
${{ steps.tag-container.outputs.container-build-tag }}-ARM64
fi
if [ -n "${{ inputs.build-x86-container }}" ]; then
${{ steps.tag-container.outputs.container-build-tag }}-X64
fi