Merge pull request #49 from equinor/fix-missing-shell #46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & push | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - release | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| build-deploy: | |
| runs-on: ubuntu-20.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - name: "dev" | |
| ref: "refs/heads/master" | |
| acr-name: "radixdev" | |
| client-id: "bc7934db-95bc-40b0-b9b8-c0944b0f6937" | |
| subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" | |
| - name: "playground" | |
| ref: "refs/heads/release" | |
| acr-name: "radixdev" | |
| client-id: "bc7934db-95bc-40b0-b9b8-c0944b0f6937" | |
| subscription-id: "16ede44b-1f74-40a5-b428-46cca9a5741b" | |
| - name: "platform" | |
| ref: "refs/heads/release" | |
| acr-name: "radixprod" | |
| client-id: "4ac3be6d-c4df-46be-ba6c-55d490a024f5" | |
| subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" | |
| - name: "c2" | |
| ref: "refs/heads/release" | |
| acr-name: "radixc2prod" | |
| client-id: "4ac3be6d-c4df-46be-ba6c-55d490a024f5" | |
| subscription-id: "ded7ca41-37c8-4085-862f-b11d21ab341a" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| if: matrix.target.ref == github.ref | |
| - uses: azure/login@v2 | |
| if: matrix.target.ref == github.ref | |
| with: | |
| client-id: ${{matrix.target.client-id}} | |
| tenant-id: "3aa4a235-b6e2-48d5-9195-7fcf05b459b0" | |
| subscription-id: ${{matrix.target.subscription-id}} | |
| - name: Get GitHub Public IP | |
| if: matrix.target.ref == github.ref | |
| id: github_public_ip | |
| run: echo "ipv4=$(curl 'https://ifconfig.me/ip')" >> $GITHUB_OUTPUT | |
| - name: Add GitHub IP to ACR | |
| if: matrix.target.ref == github.ref | |
| id: update_firewall | |
| run: az acr network-rule add | |
| --name ${{matrix.target.acr-name}} | |
| --subscription ${{matrix.target.subscription-id}} | |
| --ip-address ${{ steps.github_public_ip.outputs.ipv4 }} | |
| - name: Wait for 2 minutes while the network rule to take effect | |
| if: matrix.target.ref == github.ref | |
| run: | | |
| sleep 120 | |
| - name: Wait for Specific IP in ACR Network Rules | |
| if: matrix.target.ref == github.ref | |
| run: | | |
| MAX_ATTEMPTS=10 | |
| ATTEMPT=0 | |
| TARGET_IP="${{ steps.github_public_ip.outputs.ipv4 }}" | |
| echo "Waiting for IP $TARGET_IP to be allowed in ACR network rules..." | |
| while [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do | |
| NETWORK_RULES=$(az acr network-rule list --name ${{matrix.target.acr-name}} --subscription ${{ matrix.target.subscription-id }} --query "ipRules[]|[?contains(ipAddressOrRange, '$TARGET_IP')]" --output tsv) | |
| if [ -n "$NETWORK_RULES" ]; then | |
| echo "IP $TARGET_IP is allowed." | |
| break | |
| fi | |
| echo "Attempt $((ATTEMPT+1)) of $MAX_ATTEMPTS. Retrying in 10 seconds..." | |
| ATTEMPT=$((ATTEMPT+1)) | |
| sleep 10 | |
| done | |
| if [ $ATTEMPT -eq $MAX_ATTEMPTS ]; then | |
| echo "IP $TARGET_IP was not allowed after $MAX_ATTEMPTS attempts. Exiting." | |
| exit 1 | |
| fi | |
| - name: Get ACR Login Server | |
| if: matrix.target.ref == github.ref | |
| id: get-acr-login-server | |
| run: | | |
| echo "login_server=$(az acr show --name ${{ matrix.target.acr-name }} --query loginServer --output tsv)" >> $GITHUB_OUTPUT | |
| - name: Get ACR Access Token | |
| if: matrix.target.ref == github.ref | |
| id: get-acr-token | |
| run: | | |
| echo "Getting ACR access token" | |
| access_token=$(az acr login --name ${{ matrix.target.acr-name }} --expose-token --output tsv --query accessToken) | |
| echo "::add-mask::$access_token" | |
| echo "access_token=$access_token" >> $GITHUB_OUTPUT | |
| - name: Log in to ACR | |
| if: matrix.target.ref == github.ref | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ steps.get-acr-login-server.outputs.login_server }} | |
| username: "00000000-0000-0000-0000-000000000000" | |
| password: ${{ steps.get-acr-token.outputs.access_token }} | |
| - name: Set up Docker Buildx | |
| if: matrix.target.ref == github.ref | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build an image name | |
| if: matrix.target.ref == github.ref | |
| id: build-image-name | |
| run: | | |
| echo "image-name=${{ matrix.target.acr-name }}.azurecr.io/radix-cluster-cleanup" >> $GITHUB_OUTPUT | |
| - name: Build an image tag | |
| if: matrix.target.ref == github.ref | |
| id: build-tag | |
| run: | | |
| sha=${GITHUB_SHA::8} | |
| ts=$(date +%s) | |
| echo "tag=${GITHUB_REF_NAME}-${sha}-${ts}" >> $GITHUB_OUTPUT | |
| - name: Extract labels from metadata for Docker | |
| if: matrix.target.ref == github.ref | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ steps.build-image-name.outputs.image-name }} | |
| - name: Build and push Docker image | |
| if: matrix.target.ref == github.ref | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: true | |
| platforms: | | |
| linux/amd64 | |
| linux/arm64 | |
| tags: "${{ steps.build-image-name.outputs.image-name }}:${{ steps.build-tag.outputs.tag }}" | |
| labels: ${{ steps.meta.outputs.labels }} | |
| - name: Revoke GitHub IP on ACR | |
| if: ${{ matrix.target.ref == github.ref && steps.update_firewall.outcome == 'success' && !cancelled()}} # Always run this step even if previous step failed | |
| run: az acr network-rule remove | |
| --name ${{matrix.target.acr-name}} | |
| --subscription ${{matrix.target.subscription-id}} | |
| --ip-address ${{ steps.github_public_ip.outputs.ipv4 }} |