-
Notifications
You must be signed in to change notification settings - Fork 1
294 lines (234 loc) · 17 KB
/
maven-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
# https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
# Warning: The `set-output` command is deprecated and will be disabled soon.
# Please upgrade to using Environment Files.
# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
name: Java CI with Maven for SVC
env:
AZURE_CONTAINER_REGISTRY: acrpetcliaca # The name of the ACR, must be UNIQUE. The name must contain only alphanumeric characters, be globally unique, and between 5 and 50 characters in length.
REGISTRY_URL: acrpetcliaca.azurecr.io # set this to the URL of your registry
REPOSITORY: petclinic # set this to your ACR repository
PROJECT_NAME: petclinic # set this to your project's name
KV_NAME: kv-petcliaca29 # The name of the KV, must be UNIQUE. A vault name must be between 3-24 alphanumeric characters
RG_KV: rg-iac-kv29 # RG where to deploy KV
RG_APP: rg-iac-aca-petclinic-mic-srv # RG where to deploy the other Azure services: ACA, ACA Env., MySQL, etc.
# ==== APPS ====
PRJ_PREFIX: spring-petclinic
API_GATEWAY: api-gateway
ADMIN_SERVER: admin-server
CUSTOMERS_SERVICE: customers-service
VETS_SERVICE: vets-service
VISITS_SERVICE: visits-service
CONFIG_SERVER: config-server
DISCOVERY_SERVER: discovery-server
DOCKERFILE_PATH_ADMIN_SERVER: ./docker/petclinic-admin-server/Dockerfile
DOCKERFILE_PATH_DISCOVERY_SERVER: ./docker/petclinic-discovery-server/Dockerfile
DOCKERFILE_PATH_API_GATEWAY: ./docker/petclinic-api-gateway/Dockerfile
DOCKERFILE_PATH_CONFIG_SERVER: ./docker/petclinic-config-server/Dockerfile
DOCKERFILE_PATH_CUSTOMERS_SERVICE: ./docker/petclinic-customers-service/Dockerfile
DOCKERFILE_PATH_VETS_SERVICE: ./docker/petclinic-vets-service/Dockerfile
DOCKERFILE_PATH_VISITS_SERVICE: ./docker/petclinic-visits-service/Dockerfile
# ==== Versions ====
DEPLOYMENT_VERSION: 2.6.13
AZ_CLI_VERSION: 2.45.0
JAVA_VERSION: 11
# https://github.com/Azure/actions-workflow-samples/blob/master/assets/create-secrets-for-GitHub-workflows.md#consume-secrets-in-your-workflow
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets
# ==== Secrets ====
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_callinputs
on:
workflow_dispatch:
workflow_call:
outputs:
tag_id:
description: "The Maven Build job output"
value: ${{ jobs.maven-build.outputs.tag_id }}
push:
branches:
- main
pull_request:
branches:
- main
# required for https://learn.microsoft.com/en-us/azure/developer/github/connect-from-azure?tabs=azure-cli%2Clinux#set-up-azure-login-with-openid-connect-authentication
permissions:
id-token: write
contents: read
packages: write
jobs:
maven-build:
runs-on: ubuntu-latest
outputs:
tag_id: ${{ steps.acr_build.outputs.tag_id }}
steps:
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#environment-files
# /!\ IMPORTANT: The step that creates or updates the environment variable does not have access to the new value, but all subsequent steps in a job will have access.
- name: Set Base environment variables
run: |
echo "LOCAL_IP=$(curl whatismyip.akamai.com)" >> $GITHUB_ENV
echo "API_GATEWAY_JAR_ARTIFACT=${{ env.PRJ_PREFIX }}-${{ env.API_GATEWAY }}-${{ env.DEPLOYMENT_VERSION }}.jar" >> $GITHUB_ENV
echo "ADMIN_SERVER_JAR_ARTIFACT=${{ env.PRJ_PREFIX }}-${{ env.ADMIN_SERVER }}-${{ env.DEPLOYMENT_VERSION }}.jar" >> $GITHUB_ENV
echo "CONFIG_SERVER_JAR_ARTIFACT=${{ env.PRJ_PREFIX }}-${{ env.CONFIG_SERVER }}-${{ env.DEPLOYMENT_VERSION }}.jar" >> $GITHUB_ENV
echo "DISCOVERY_SERVER_JAR_ARTIFACT=${{ env.PRJ_PREFIX }}-${{ env.DISCOVERY_SERVER }}-${{ env.DEPLOYMENT_VERSION }}.jar" >> $GITHUB_ENV
echo "CUSTOMERS_SERVICE_JAR_ARTIFACT=${{ env.PRJ_PREFIX }}-${{ env.CUSTOMERS_SERVICE }}-${{ env.DEPLOYMENT_VERSION }}.jar" >> $GITHUB_ENV
echo "VETS_SERVICE_JAR_ARTIFACT=${{ env.PRJ_PREFIX }}-${{ env.VETS_SERVICE }}-${{ env.DEPLOYMENT_VERSION }}.jar" >> $GITHUB_ENV
echo "VISITS_SERVICE_JAR_ARTIFACT=${{ env.PRJ_PREFIX }}-${{ env.VISITS_SERVICE }}-${{ env.DEPLOYMENT_VERSION }}.jar" >> $GITHUB_ENV
echo "ADMIN_SERVER_GROUP_ID=org.springframework.samples.petclinic.admin" >> $GITHUB_ENV
echo "ADMIN_SERVER_ARTIFACT_ID=${{ env.PRJ_PREFIX }}-${{ env.ADMIN_SERVER }}" >> $GITHUB_ENV
echo "API_GATEWAY_GROUP_ID=org.springframework.samples.petclinic.api" >> $GITHUB_ENV
echo "API_GATEWAY_ARTIFACT_ID=${{ env.PRJ_PREFIX }}-${{ env.API_GATEWAY }}" >> $GITHUB_ENV
echo "CONFIG_SERVER_GROUP_ID=org.springframework.samples.petclinic.config" >> $GITHUB_ENV
echo "CONFIG_SERVER_ARTIFACT_ID=${{ env.PRJ_PREFIX }}-${{ env.CONFIG_SERVER }}" >> $GITHUB_ENV
echo "CUSTOMERS_SERVICE_GROUP_ID=org.springframework.samples.petclinic.client" >> $GITHUB_ENV
echo "CUSTOMERS_SERVICE_ARTIFACT_ID=${{ env.PRJ_PREFIX }}-${{ env.CUSTOMERS_SERVICE }}" >> $GITHUB_ENV
echo "DISCOVERY_SERVER_GROUP_ID=org.springframework.samples.petclinic.discovery" >> $GITHUB_ENV
echo "DISCOVERY_SERVER_ARTIFACT_ID=${{ env.PRJ_PREFIX }}-${{ env.DISCOVERY_SERVER }}" >> $GITHUB_ENV
echo "VETS_SERVICE_GROUP_ID=org.springframework.samples.petclinic.vets" >> $GITHUB_ENV
echo "VETS_SERVICE_ARTIFACT_ID=${{ env.PRJ_PREFIX }}-${{ env.VETS_SERVICE }}" >> $GITHUB_ENV
echo "VISITS_SERVICE_GROUP_ID=org.springframework.samples.petclinic.visits" >> $GITHUB_ENV
echo "VISITS_SERVICE_ARTIFACT_ID=${{ env.PRJ_PREFIX }}-${{ env.VISITS_SERVICE }}" >> $GITHUB_ENV
echo "GH_WORKSPACE=${{ github.workspace }}" >> $GITHUB_ENV # "/github/workspace"
shell: bash
- name: Checkout
uses: actions/checkout@v3
- name: Set up JDK
uses: actions/setup-java@v3
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: 'microsoft' # https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#Microsoft
cache: maven
- name: Build with Maven
id: mvn_build
run: |
pwd
ls -al
echo "****************************************************************************************"
echo "* *"
echo "* *"
echo "* /!\ IMPORTANT WARNING: projects must be built with -Denv=cloud *"
echo "* EXCEPT for api-gateway *"
echo "* *"
echo "* *"
echo "****************************************************************************************"
mvn -B clean package --file pom.xml -DskipTests -Denv=cloud --projects spring-petclinic-config-server,spring-petclinic-customers-service,spring-petclinic-vets-service,spring-petclinic-visits-service
echo "github.workspace = ${{ github.workspace }}"
ls -al
ls -al spring-petclinic-${{ env.CONFIG_SERVER }}/target/*.jar
ls -al spring-petclinic-${{ env.CUSTOMERS_SERVICE }}/target/*.jar
ls -al spring-petclinic-${{ env.VETS_SERVICE }}/target/*.jar
ls -al spring-petclinic-${{ env.VISITS_SERVICE }}/target/*.jar
#ls -al spring-petclinic-${{ env.API_GATEWAY }}/target/*.jar
# ls -al spring-petclinic-${{ env.DISCOVERY_SERVER }}/target/*.jar
# ls -al spring-petclinic-${{ env.ADMIN_SERVER }}/target/*.jar
# https://docs.github.com/en/packages/learn-github-packages/introduction-to-github-packages
# https://docs.github.com/en/actions/security-guides/automatic-token-authentication
# To authenticate to a GitHub Packages registry within a GitHub Actions workflow, you can use
# GITHUB_TOKEN to publish packages associated with the workflow repository.
# https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry
# https://docs.github.com/en/actions/publishing-packages/publishing-java-packages-with-maven#publishing-packages-to-github-packages
# Publish the package
# https://stackoverflow.com/questions/57711558/deploy-to-github-package-registry-from-github-action
# https://github.com/marketplace/actions/generate-settings-xml-for-maven-builds
# https://maven.apache.org/plugins/maven-deploy-plugin/deploy-mojo.html#altDeploymentRepository
- name: Publish the Maven package
run: |
mkdir -p ~/.m2
echo "<settings><servers><server><id>github-aca</id><username>$(echo "$GITHUB_REPOSITORY" | awk -F / '{print $1}')</username><password>\${env.GITHUB_TOKEN}</password></server></servers></settings>" > ~/.m2/settings.xml
REPO="github-aca::default::https://maven.pkg.github.com/${GITHUB_REPOSITORY}"
# mvn deploy -DaltReleaseDeploymentRepository="${REPO}" -DaltSnapshotDeploymentRepository="${REPO}" --batch-mode -DskipTests -Dmaven.install.skip=true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check all Jar artifacts
run: |
pwd
ls -al
echo "Checking all artifacts Jar files :"
ls -al spring-petclinic-${{ env.CONFIG_SERVER }}/target/*.jar
ls -al spring-petclinic-${{ env.CUSTOMERS_SERVICE }}/target/*.jar
ls -al spring-petclinic-${{ env.VETS_SERVICE }}/target/*.jar
ls -al spring-petclinic-${{ env.VISITS_SERVICE }}/target/*.jar
# ls -al spring-petclinic-${{ env.API_GATEWAY }}/target/*.jar
# ls -al spring-petclinic-${{ env.DISCOVERY_SERVER }}/target/*.jar
# ls -al spring-petclinic-${{ env.ADMIN_SERVER }}/target/*.jar
# https://github.com/marketplace/actions/docker-setup-buildx
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2.0.0
- name: Azure Login
uses: azure/login@v1 # https://github.com/marketplace/actions/azure-login
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Build image and push it to ACR
id: acr_build
run: |
# https://docs.github.com/en/actions/using-jobs/defining-outputs-for-jobs
# https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
# GITHUB_SHA: The commit SHA that triggered the workflow
# GITHUB_RUN_ID: A unique number for each workflow run within a repository. This number does not change if you re-run the workflow run.
# mismatch with ACR {{.Run.ID}}. {{.Run.ID}} would be different for each az acr build
tag_id=$GITHUB_SHA
echo "GITHUB_RUN_ID="$GITHUB_RUN_ID
echo "GITHUB_SHA="$GITHUB_SHA
echo "run_id="${{ github.run_id }}
echo "github.sha="${{ github.sha }}
echo "tag_id="$tag_id
SHORT_SHA=`echo $GITHUB_SHA | cut -c1-8`
echo "SHORT_SHA="$SHORT_SHA
tag_id=$SHORT_SHA
echo "tag_id="$tag_id
# The `set-output` command is deprecated and will be disabled soon.
# see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#environment-files
# https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-output-parameter
# echo "::set-output name=tag_id::$tag_id"
echo "tag_id=$tag_id" >> $GITHUB_ENV
echo "tag_id=$tag_id" >> $GITHUB_OUTPUT
# https://github.com/cwe1ss/msa-template/blob/main/.github/workflows/_service-build.yml
set -euo pipefail
access_token=$(az account get-access-token --query accessToken -o tsv)
refresh_token=$(curl https://${{ env.REGISTRY_URL }}/oauth2/exchange -v -d "grant_type=access_token&service=${{ env.REGISTRY_URL }}&access_token=$access_token" | jq -r .refresh_token)
docker login ${{ env.REGISTRY_URL }} -u 00000000-0000-0000-0000-000000000000 --password-stdin <<< "$refresh_token"
#acr_usr=$(az deployment group show -g ${{ env.RG_APP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query properties.outputs.acrRegistryUsr.value | tr -d '"')
#acr_pwd=$(az deployment group show -g ${{ env.RG_APP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query properties.outputs.acrRegistryPwd.value | tr -d '"')
# az acr login --name ${{ env.REGISTRY_URL }} -u $acr_usr -p $acr_pwd
# az acr login --name ${{ env.REGISTRY_URL }} --expose-token
az configure --defaults acr=${{ env.AZURE_CONTAINER_REGISTRY }}
# https://github.com/Azure/acr-build/issues/10
# https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables
# {{.Run.ID}} would be different for each az acr build , not the best to simplify Image Tag
# https://learn.microsoft.com/en-us/azure/container-registry/container-registry-get-started-docker-cli?tabs=azure-cli
docker build --build-arg --no-cache -t ${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.CONFIG_SERVER }}:$tag_id -f "./docker/petclinic-config-server/Dockerfile" .
docker tag ${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.CONFIG_SERVER }}:$tag_id ${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.CONFIG_SERVER }}:latest
docker push "${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.CONFIG_SERVER }}:latest"
docker push "${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.CONFIG_SERVER }}:$tag_id"
docker build --build-arg --no-cache -t ${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.CUSTOMERS_SERVICE }}:$tag_id -f "./docker/petclinic-customers-service/Dockerfile" .
docker tag ${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.CUSTOMERS_SERVICE }}:$tag_id ${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.CUSTOMERS_SERVICE }}:latest
docker push "${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.CUSTOMERS_SERVICE }}:latest"
docker push "${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.CUSTOMERS_SERVICE }}:$tag_id"
docker build --build-arg --no-cache -t ${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.VETS_SERVICE }}:$tag_id -f "./docker/petclinic-vets-service/Dockerfile" .
docker tag ${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.VETS_SERVICE }}:$tag_id ${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.VETS_SERVICE }}:latest
docker push "${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.VETS_SERVICE }}:latest"
docker push "${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.VETS_SERVICE }}:$tag_id"
docker build --build-arg --no-cache -t ${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.VISITS_SERVICE }}:$tag_id -f "./docker/petclinic-visits-service/Dockerfile" .
docker tag ${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.VISITS_SERVICE }}:$tag_id ${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.VISITS_SERVICE }}:latest
docker push "${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.VISITS_SERVICE }}:latest"
docker push "${{ env.REGISTRY_URL }}/${{ env.REPOSITORY }}/${{ env.VISITS_SERVICE }}:$tag_id"
#az acr build --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RG_APP }} \
# -t ${{ env.REPOSITORY }}/${{ env.CONFIG_SERVER }}:$tag_id \
# --file ${{ env.DOCKERFILE_PATH_CONFIG_SERVER }} \
# ${{ github.workspace }}
#az acr build --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RG_APP }} \
# -t ${{ env.REPOSITORY }}/${{ env.CUSTOMERS_SERVICE }}:$tag_id \
# --file ${{ env.DOCKERFILE_PATH_CUSTOMERS_SERVICE }} \
# ${{ github.workspace }}
#az acr build --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RG_APP }} \
# -t ${{ env.REPOSITORY }}/${{ env.VETS_SERVICE }}:$tag_id \
# --file ${{ env.DOCKERFILE_PATH_VETS_SERVICE }} \
# ${{ github.workspace }}
#az acr build --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RG_APP }} \
# -t ${{ env.REPOSITORY }}/${{ env.VISITS_SERVICE }}:$tag_id \
# --file ${{ env.DOCKERFILE_PATH_VISITS_SERVICE }} \
# ${{ github.workspace }}