Skip to content
.github/workflows/production-deploy.yaml

fix: correct asset image naming in build pipeline #109

Sign in to view logs

fix: correct asset image naming in build pipeline

fix: correct asset image naming in build pipeline #109

Workflow file for this run

.github/workflows/production-deploy.yaml at 810b71c
name: Deploy Production

Check failure on line 1 in .github/workflows/production-deploy.yaml

View workflow run for this annotation

GitHub Actions / .github/workflows/production-deploy.yaml

Invalid workflow file 

(Line: 56, Col: 9): Job 'prod-deploy' depends on unknown job 'build-derived'.
on:
push:
tags:
- 'v*'
workflow_call:
inputs:
version:
type: string
required: true
chart_version:
type: string
required: true
default: current
description: Set to 'current' to use currently deployed chart version or '0.x.y' to specify chart
jobs:
# Note - build occurs again here, even though this image has been built in continuous.
# This is because in continuous, the images are pushed to the dev registry
# Logging in to dev and prod to push to both in continuous isn't really catered for
# Since the build strategy is now a push instead of a pull, all images could live in a single registry, at which point this action would use cache and effectively just perform a tag
workflow-check:
runs-on: ubuntu-latest
outputs:
ref: ${{ steps.check.outputs.ref }}
steps:
- id: check
run: |
if [[ "${{ inputs.version }}" == "" ]]; then
echo "ref=${{ github.ref_name }}" >> $GITHUB_OUTPUT
else
if [[ ${{ inputs.version }} == v* ]]; then
echo "ref=${{ inputs.version }}" >> $GITHUB_OUTPUT
else
echo "ref=v${{ inputs.version }}" >> $GITHUB_OUTPUT
fi
fi
build-images:
name: "Build Images for ${{ needs.determine-version.outputs.environment }}"
needs: [workflow-check]
uses: ./.github/workflows/build-images.yml
with:
git_ref: ${{ needs.workflow-check.outputs.ref }}
image_tag: ${{ needs.workflow-check.outputs.ref }}
branch_name: ""
environment: prod
push_to_prod_registry: true
secrets: inherit
prod-deploy:
runs-on: ubuntu-latest
permissions:
contents: 'read'
id-token: 'write'
needs:
- build-derived
- workflow-check
steps:
- name: Checkout Code
uses: actions/checkout@v4
with:
ref: ${{ needs.workflow-check.outputs.ref }}
- id: auth
name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
token_format: 'access_token'
workload_identity_provider: 'projects/${{ secrets.PROD_GKE_PROJECT_ID}}/locations/global/workloadIdentityPools/github/providers/github'
service_account: '${{ secrets.PROD_GKE_SA }}'
- name: Setup GCloud
uses: google-github-actions/setup-gcloud@v2
with:
project_id: ${{ secrets.PROD_GKE_PROJECT }}
install_components: 'gke-gcloud-auth-plugin'
- name: Authenticate GHA Runner To Target Cluster
uses: google-github-actions/get-gke-credentials@v2
with:
cluster_name: ${{secrets.PROD_GKE_CLUSTER}}
location: ${{secrets.PROD_GKE_REGION}}
project_id: ${{secrets.PROD_GKE_PROJECT}}
- name: Set up yq
uses: frenck/action-setup-yq@v1
- name: Determine chart version
id: chart_version
run: |
if [[ "${{ inputs.chart_version }}" == "current" ]]; then
echo "chart_version=${{ vars.CHART_VERSION }}" >> $GITHUB_OUTPUT
else
echo "chart_version=${{ inputs.chart_version }}" >> $GITHUB_OUTPUT
fi
- name: Deploy Production
run: ./build/ci/production-helm-deploy.sh build/ci/production-values.yaml
env:
GIT_COMMIT: "${{ needs.workflow-check.outputs.ref }}"
PROJECT_ID: "${{ secrets.PROD_GKE_PROJECT }}"
NAMESPACE: "${{secrets.PROD_GKE_NAMESPACE}}"
IMAGE_NAME: "${{ secrets.IMAGE_NAME }}"
CHART_VERSION: "${{ steps.chart_version.outputs.chart_version }}"
- name: Update workflow default chart
run: >
curl -L
-X PATCH
-H "Accept: application/vnd.github+json"
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}"
-H "X-GitHub-Api-Version: 2022-11-28"
https://api.github.com/repos/Sefaria/Sefaria-Project/actions/variables/CHART_VERSION
-d '{"name":"CHART_VERSION","value":"${{ steps.chart_version.outputs.chart_version }}"}'