chore: rename docker workflow to deploy.yml, label as CD #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CD | ||
| on: | ||
| push: | ||
| branches: [main] | ||
| workflow_dispatch: | ||
| env: | ||
| AWS_REGION: us-east-1 | ||
| ECR_REPOSITORY: tractorbeam/fixup | ||
| INFRA_REPO: tractorbeamai/internal-infra | ||
| VALUES_PATH: aws/accounts/shared-services/k8s/workloads/fixup/values.yaml | ||
| jobs: | ||
| build-and-push: | ||
| name: Build and Push | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| outputs: | ||
| image-tag: ${{ steps.meta.outputs.version }} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: aws-actions/configure-aws-credentials@v4 | ||
| with: | ||
| role-to-assume: ${{ secrets.AWS_ECR_PUSH_ROLE_ARN }} | ||
| aws-region: ${{ env.AWS_REGION }} | ||
| - id: login-ecr | ||
| uses: aws-actions/amazon-ecr-login@v2 | ||
| - uses: docker/setup-buildx-action@v3 | ||
| - id: meta | ||
| uses: docker/metadata-action@v5 | ||
| with: | ||
| images: ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }} | ||
| tags: | | ||
| type=sha,prefix=sha- | ||
| type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} | ||
| - uses: docker/build-push-action@v6 | ||
| with: | ||
| context: . | ||
| push: true | ||
| tags: ${{ steps.meta.outputs.tags }} | ||
| labels: ${{ steps.meta.outputs.labels }} | ||
| cache-from: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:buildcache | ||
| cache-to: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:buildcache,mode=max | ||
| provenance: false | ||
| deploy: | ||
| name: Open Deploy PR | ||
| needs: build-and-push | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| contents: read | ||
| steps: | ||
| - uses: actions/create-github-app-token@v1 | ||
| id: app-token | ||
| with: | ||
| app-id: ${{ secrets.PATROL_APP_ID }} | ||
| private-key: ${{ secrets.PATROL_APP_PRIVATE_KEY }} | ||
| owner: tractorbeamai | ||
| repositories: internal-infra | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| repository: ${{ env.INFRA_REPO }} | ||
| token: ${{ steps.app-token.outputs.token }} | ||
| - name: Update image tag | ||
| run: sed -i "s/^imageTag:.*/imageTag: ${{ needs.build-and-push.outputs.image-tag }}/" ${{ env.VALUES_PATH }} | ||
| - name: Create deploy PR | ||
| env: | ||
| GH_TOKEN: ${{ steps.app-token.outputs.token }} | ||
| run: | | ||
| git config user.name "fixup[bot]" | ||
| git config user.email "fixup[bot]@users.noreply.github.com" | ||
| BRANCH="deploy/fixup-${{ needs.build-and-push.outputs.image-tag }}" | ||
| git checkout -b "$BRANCH" | ||
| git add "${{ env.VALUES_PATH }}" | ||
| git commit -m "deploy: fixup ${{ needs.build-and-push.outputs.image-tag }}" | ||
| git push origin "$BRANCH" | ||
| gh pr create \ | ||
| --repo "${{ env.INFRA_REPO }}" \ | ||
| --title "deploy: fixup ${{ needs.build-and-push.outputs.image-tag }}" \ | ||
| --body "Automated image tag bump from [fixup@${{ github.sha }}](https://github.com/tractorbeamai/fixup/commit/${{ github.sha }})." \ | ||
| --label "merge when ready" | ||
