From 45c22e915f87f344b02cfa05323524ec6a9b0d03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sindre=20=C3=98strem?= Date: Thu, 9 Jan 2025 15:14:49 +0100 Subject: [PATCH 01/11] test workflow template --- .github/workflows/ci_pipeline.yml | 415 +++++++++++++++----------- .mvn/wrapper/maven-wrapper.properties | 18 ++ 2 files changed, 251 insertions(+), 182 deletions(-) create mode 100644 .mvn/wrapper/maven-wrapper.properties diff --git a/.github/workflows/ci_pipeline.yml b/.github/workflows/ci_pipeline.yml index b1e842a..836e15a 100644 --- a/.github/workflows/ci_pipeline.yml +++ b/.github/workflows/ci_pipeline.yml @@ -1,196 +1,247 @@ -name: CI/CD Pipeline - +name: Test tekst-workflows on: - push: - branches: - - "**" - tags: - - "v*.*.*" - pull_request: - branches: - - "main" - -env: - MAVEN_INFO: "--batch-mode -Dmaven.repo.local=.m2/repository -Dbuild.tag=$GITHUB_REF_NAME -Dbuild.commit-id-short=$GITHUB_SHA -Dbuild.commit-id-long=$GITHUB_SHA -Dbuild.pipeline-id=$GITHUB_RUN_ID" + push jobs: - build-and-test: - name: Build and Test + build_maven_pipeline: + name: Build Maven Pipeline runs-on: [self-hosted-linux] steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Set up JDK 17 - uses: actions/setup-java@v4 + - name: Tekst workflow + uses: NationalLibraryOfNorway/tekst-workflows/.github/workflows/build_maven_pipeline@main with: - java-version: '17' - distribution: 'temurin' + ENVIRONMENT: stage + JDK_VERSION: 17 + MAVEN_VERSION: 3.9.6 + USE_MAVEN_PROXY_SETTINGS: true + secrets: + VAULT_URL: ${{ secrets.VAULT_URL }} + VAULT_SECRET_PATH: kv/team/text/data + VAULT_ROLE_ID: ${{ secrets.VAULT_ROLE_ID }} + VAULT_SECRET_ID: ${{ secrets.VAULT_SECRET_ID }} - - name: Cache Maven packages - uses: actions/cache@v4 - with: - path: ~/.m2 - key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} - restore-keys: ${{ runner.os }}-m2 - - - name: Install Maven - run: | - sudo apt-get update -y - sudo apt-get install wget -y - wget https://downloads.apache.org/maven/maven-3/3.9.6/binaries/apache-maven-3.9.6-bin.tar.gz - tar xzf apache-maven-3.9.6-bin.tar.gz - sudo mv apache-maven-3.9.6 /opt/ - sudo ln -s /opt/apache-maven-3.9.6/bin/mvn /usr/local/bin/mvn - echo "PATH=/opt/apache-maven-3.9.6/bin:$PATH" >> $GITHUB_ENV - mvn -v - - - name: Build and Test - run: | - sed -i "s/https_proxy_host/${{ secrets.HTTP_PROXY }}/g" .m2/settings.xml - sed -i "s/https_proxy_port/${{ secrets.HTTP_PROXY_PORT }}/g" .m2/settings.xml - sed -i "s/http_proxy_host/${{ secrets.HTTP_PROXY }}/g" .m2/settings.xml - sed -i "s/http_proxy_port/${{ secrets.HTTP_PROXY_PORT }}/g" .m2/settings.xml - mvn -e -s .m2/settings.xml ${{ env.MAVEN_INFO }} verify - - - name: Upload artifact - uses: actions/upload-artifact@v4 - with: - name: bikube.jar - path: target/bikube.jar - - name: Cache .m2/repository - uses: actions/cache@v4 - with: - path: ~/.m2/repository - key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} - restore-keys: ${{ runner.os }}-m2 - - build-and-publish-docker-image: - needs: build-and-test - if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') - name: Create and push Docker image - outputs: - image_version: ${{ steps.meta.outputs.version }} - runs-on: [self-hosted-linux] - steps: - - name: Check out the repo - uses: actions/checkout@v4 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - with: - driver: docker - - name: Log in to Harbor - uses: docker/login-action@v3 - with: - registry: ${{ secrets.HARBOR_URL }} - username: ${{ secrets.HARBOR_USERNAME }} - password: ${{ secrets.HARBOR_PASSWORD }} - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v5 - with: - images: harbor.nb.no/tekst/bikube - tags: | - type=semver,pattern={{version}} - type=ref,event=branch - type=ref,event=pr - - - name: Download artifact - uses: actions/download-artifact@v4 - with: - name: bikube.jar - - name: Build image - uses: docker/build-push-action@v5 - with: - push: true - context: . - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - - deploy-to-k8s-stage: - name: Deploy to kubernetes stage environment - needs: build-and-publish-docker-image - if: github.ref == 'refs/heads/main' - runs-on: [self-hosted-linux] - environment: stage - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Import secrets - id: import-secrets - uses: hashicorp/vault-action@v3 - with: - url: ${{ secrets.VAULT_URL }} - method: approle - roleId: ${{ secrets.VAULT_ROLE_ID }} - secretId: ${{ secrets.VAULT_SECRET_ID }} - secrets: | - kv/team/text/data/k8s-text-stage * - - - name: Setup Kubectl - uses: azure/setup-kubectl@v4 - with: - version: 'v1.26.5' - - - name: Deploy to stage cluster - run: | - echo "Deploying to stage version ${{ needs.build-and-publish-docker-image.outputs.image_version }}" - sed -i "s//${{ needs.build-and-publish-docker-image.outputs.image_version }}/g" k8s/stage/bikube.yml - sed -i "s//${{ steps.import-secrets.outputs.K8S_HOST_URL }}/g" k8s/stage/bikube.yml - kubectl config set-cluster stagecl --server=${{ steps.import-secrets.outputs.K8S_STAGE_SERVER }} - kubectl config set clusters.stagecl.certificate-authority-data ${{ steps.import-secrets.outputs.K8S_STAGE_NB_NO_CA }} - kubectl config set-credentials ${{ steps.import-secrets.outputs.K8S_STAGE_USER }} --token=${{ steps.import-secrets.outputs.K8S_STAGE_NB_NO_TOKEN }} - kubectl config set-context tekst --cluster=stagecl --user=${{ steps.import-secrets.outputs.K8S_STAGE_USER }} --namespace=tekst-stage - kubectl config use-context tekst - kubectl config view - kubectl version - kubectl apply -f k8s/stage/bikube.yml - kubectl rollout restart deploy/bikube - - deploy-to-k8s-prod: - name: Deploy to kubernetes prod environment - needs: build-and-publish-docker-image - if: startsWith(github.event.ref, 'refs/tags/v') - runs-on: [self-hosted-linux] - environment: prod - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Import secrets - id: import-secrets - uses: hashicorp/vault-action@v3 - with: - url: ${{ secrets.VAULT_URL }} - method: approle - roleId: ${{ secrets.VAULT_ROLE_ID }} - secretId: ${{ secrets.VAULT_SECRET_ID }} - secrets: | - kv/team/text/data/k8s-text-prod * - - - name: Setup Kubectl - uses: azure/setup-kubectl@v4 - with: - version: 'v1.26.5' - - - name: Deploy to prod cluster - run: | - echo "Deploying to production version ${{ needs.build-and-publish-docker-image.outputs.image_version }}" - sed -i "s//${{ needs.build-and-publish-docker-image.outputs.image_version }}/g" k8s/prod/bikube.yml - sed -i "s//${{ steps.import-secrets.outputs.K8S_HOST_URL }}/g" k8s/prod/bikube.yml - sed -i "s//${{ steps.import-secrets.outputs.ALT_HOST_URL }}/g" k8s/prod/bikube.yml - kubectl config set-cluster prodcl --server=${{ steps.import-secrets.outputs.K8S_PROD_SERVER }} - kubectl config set clusters.prodcl.certificate-authority-data ${{ steps.import-secrets.outputs.K8S_PROD_NB_NO_CA }} - kubectl config set-credentials ${{ steps.import-secrets.outputs.K8S_PROD_USER }} --token=${{ steps.import-secrets.outputs.K8S_PROD_NB_NO_TOKEN }} - kubectl config set-context tekst --cluster=prodcl --user=${{ steps.import-secrets.outputs.K8S_PROD_USER }} --namespace=tekst-prod - kubectl config use-context tekst - kubectl config view - kubectl version - kubectl apply -f k8s/prod/bikube.yml - kubectl rollout restart deploy/bikube + + + + + + + + + + + + + + + + + + + + + + +#name: CI/CD Pipeline +# +#on: +# push: +# branches: +# - "**" +# tags: +# - "v*.*.*" +# pull_request: +# branches: +# - "main" +# +#env: +# MAVEN_INFO: "--batch-mode -Dmaven.repo.local=.m2/repository -Dbuild.tag=$GITHUB_REF_NAME -Dbuild.commit-id-short=$GITHUB_SHA -Dbuild.commit-id-long=$GITHUB_SHA -Dbuild.pipeline-id=$GITHUB_RUN_ID" +# +#jobs: +# build-and-test: +# name: Build and Test +# runs-on: [self-hosted-linux] +# steps: +# - name: Checkout repository +# uses: actions/checkout@v4 +# +# - name: Set up JDK 17 +# uses: actions/setup-java@v4 +# with: +# java-version: '17' +# distribution: 'temurin' +# +# - name: Cache Maven packages +# uses: actions/cache@v4 +# with: +# path: ~/.m2 +# key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} +# restore-keys: ${{ runner.os }}-m2 +# +# - name: Install Maven +# run: | +# sudo apt-get update -y +# sudo apt-get install wget -y +# wget https://downloads.apache.org/maven/maven-3/3.9.6/binaries/apache-maven-3.9.6-bin.tar.gz +# tar xzf apache-maven-3.9.6-bin.tar.gz +# sudo mv apache-maven-3.9.6 /opt/ +# sudo ln -s /opt/apache-maven-3.9.6/bin/mvn /usr/local/bin/mvn +# echo "PATH=/opt/apache-maven-3.9.6/bin:$PATH" >> $GITHUB_ENV +# mvn -v +# +# - name: Build and Test +# run: | +# sed -i "s/https_proxy_host/${{ secrets.HTTP_PROXY }}/g" .m2/settings.xml +# sed -i "s/https_proxy_port/${{ secrets.HTTP_PROXY_PORT }}/g" .m2/settings.xml +# sed -i "s/http_proxy_host/${{ secrets.HTTP_PROXY }}/g" .m2/settings.xml +# sed -i "s/http_proxy_port/${{ secrets.HTTP_PROXY_PORT }}/g" .m2/settings.xml +# mvn -e -s .m2/settings.xml ${{ env.MAVEN_INFO }} verify +# +# - name: Upload artifact +# uses: actions/upload-artifact@v4 +# with: +# name: bikube.jar +# path: target/bikube.jar +# +# - name: Cache .m2/repository +# uses: actions/cache@v4 +# with: +# path: ~/.m2/repository +# key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} +# restore-keys: ${{ runner.os }}-m2 +# +# build-and-publish-docker-image: +# needs: build-and-test +# if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') +# name: Create and push Docker image +# outputs: +# image_version: ${{ steps.meta.outputs.version }} +# runs-on: [self-hosted-linux] +# steps: +# - name: Check out the repo +# uses: actions/checkout@v4 +# +# - name: Set up Docker Buildx +# uses: docker/setup-buildx-action@v3 +# with: +# driver: docker +# +# - name: Log in to Harbor +# uses: docker/login-action@v3 +# with: +# registry: ${{ secrets.HARBOR_URL }} +# username: ${{ secrets.HARBOR_USERNAME }} +# password: ${{ secrets.HARBOR_PASSWORD }} +# +# - name: Extract metadata (tags, labels) for Docker +# id: meta +# uses: docker/metadata-action@v5 +# with: +# images: harbor.nb.no/tekst/bikube +# tags: | +# type=semver,pattern={{version}} +# type=ref,event=branch +# type=ref,event=pr +# +# - name: Download artifact +# uses: actions/download-artifact@v4 +# with: +# name: bikube.jar +# +# - name: Build image +# uses: docker/build-push-action@v5 +# with: +# push: true +# context: . +# tags: ${{ steps.meta.outputs.tags }} +# labels: ${{ steps.meta.outputs.labels }} +# +# deploy-to-k8s-stage: +# name: Deploy to kubernetes stage environment +# needs: build-and-publish-docker-image +# if: github.ref == 'refs/heads/main' +# runs-on: [self-hosted-linux] +# environment: stage +# steps: +# - name: Checkout repository +# uses: actions/checkout@v4 +# +# - name: Import secrets +# id: import-secrets +# uses: hashicorp/vault-action@v3 +# with: +# url: ${{ secrets.VAULT_URL }} +# method: approle +# roleId: ${{ secrets.VAULT_ROLE_ID }} +# secretId: ${{ secrets.VAULT_SECRET_ID }} +# secrets: | +# kv/team/text/data/k8s-text-stage * +# +# - name: Setup Kubectl +# uses: azure/setup-kubectl@v4 +# with: +# version: 'v1.26.5' +# +# - name: Deploy to stage cluster +# run: | +# echo "Deploying to stage version ${{ needs.build-and-publish-docker-image.outputs.image_version }}" +# sed -i "s//${{ needs.build-and-publish-docker-image.outputs.image_version }}/g" k8s/stage/bikube.yml +# sed -i "s//${{ steps.import-secrets.outputs.K8S_HOST_URL }}/g" k8s/stage/bikube.yml +# kubectl config set-cluster stagecl --server=${{ steps.import-secrets.outputs.K8S_STAGE_SERVER }} +# kubectl config set clusters.stagecl.certificate-authority-data ${{ steps.import-secrets.outputs.K8S_STAGE_NB_NO_CA }} +# kubectl config set-credentials ${{ steps.import-secrets.outputs.K8S_STAGE_USER }} --token=${{ steps.import-secrets.outputs.K8S_STAGE_NB_NO_TOKEN }} +# kubectl config set-context tekst --cluster=stagecl --user=${{ steps.import-secrets.outputs.K8S_STAGE_USER }} --namespace=tekst-stage +# kubectl config use-context tekst +# kubectl config view +# kubectl version +# kubectl apply -f k8s/stage/bikube.yml +# kubectl rollout restart deploy/bikube +# +# deploy-to-k8s-prod: +# name: Deploy to kubernetes prod environment +# needs: build-and-publish-docker-image +# if: startsWith(github.event.ref, 'refs/tags/v') +# runs-on: [self-hosted-linux] +# environment: prod +# steps: +# - name: Checkout repository +# uses: actions/checkout@v4 +# +# - name: Import secrets +# id: import-secrets +# uses: hashicorp/vault-action@v3 +# with: +# url: ${{ secrets.VAULT_URL }} +# method: approle +# roleId: ${{ secrets.VAULT_ROLE_ID }} +# secretId: ${{ secrets.VAULT_SECRET_ID }} +# secrets: | +# kv/team/text/data/k8s-text-prod * +# +# - name: Setup Kubectl +# uses: azure/setup-kubectl@v4 +# with: +# version: 'v1.26.5' +# +# - name: Deploy to prod cluster +# run: | +# echo "Deploying to production version ${{ needs.build-and-publish-docker-image.outputs.image_version }}" +# sed -i "s//${{ needs.build-and-publish-docker-image.outputs.image_version }}/g" k8s/prod/bikube.yml +# sed -i "s//${{ steps.import-secrets.outputs.K8S_HOST_URL }}/g" k8s/prod/bikube.yml +# sed -i "s//${{ steps.import-secrets.outputs.ALT_HOST_URL }}/g" k8s/prod/bikube.yml +# kubectl config set-cluster prodcl --server=${{ steps.import-secrets.outputs.K8S_PROD_SERVER }} +# kubectl config set clusters.prodcl.certificate-authority-data ${{ steps.import-secrets.outputs.K8S_PROD_NB_NO_CA }} +# kubectl config set-credentials ${{ steps.import-secrets.outputs.K8S_PROD_USER }} --token=${{ steps.import-secrets.outputs.K8S_PROD_NB_NO_TOKEN }} +# kubectl config set-context tekst --cluster=prodcl --user=${{ steps.import-secrets.outputs.K8S_PROD_USER }} --namespace=tekst-prod +# kubectl config use-context tekst +# kubectl config view +# kubectl version +# kubectl apply -f k8s/prod/bikube.yml +# kubectl rollout restart deploy/bikube diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties new file mode 100644 index 0000000..f3283b0 --- /dev/null +++ b/.mvn/wrapper/maven-wrapper.properties @@ -0,0 +1,18 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.3/apache-maven-3.6.3-bin.zip +wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar From c7ddbe3723bac9ce69c08618ff5e0e49ad29fe57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sindre=20=C3=98strem?= Date: Thu, 9 Jan 2025 15:16:15 +0100 Subject: [PATCH 02/11] correct? level --- .github/workflows/ci_pipeline.yml | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) diff --git a/.github/workflows/ci_pipeline.yml b/.github/workflows/ci_pipeline.yml index 836e15a..3c8f4e4 100644 --- a/.github/workflows/ci_pipeline.yml +++ b/.github/workflows/ci_pipeline.yml @@ -4,21 +4,18 @@ on: jobs: build_maven_pipeline: - name: Build Maven Pipeline - runs-on: [self-hosted-linux] - steps: - - name: Tekst workflow - uses: NationalLibraryOfNorway/tekst-workflows/.github/workflows/build_maven_pipeline@main - with: - ENVIRONMENT: stage - JDK_VERSION: 17 - MAVEN_VERSION: 3.9.6 - USE_MAVEN_PROXY_SETTINGS: true - secrets: - VAULT_URL: ${{ secrets.VAULT_URL }} - VAULT_SECRET_PATH: kv/team/text/data - VAULT_ROLE_ID: ${{ secrets.VAULT_ROLE_ID }} - VAULT_SECRET_ID: ${{ secrets.VAULT_SECRET_ID }} + - name: Tekst workflow + uses: NationalLibraryOfNorway/tekst-workflows/.github/workflows/build_maven_pipeline@main + with: + ENVIRONMENT: stage + JDK_VERSION: 17 + MAVEN_VERSION: 3.9.6 + USE_MAVEN_PROXY_SETTINGS: true + secrets: + VAULT_URL: ${{ secrets.VAULT_URL }} + VAULT_SECRET_PATH: kv/team/text/data + VAULT_ROLE_ID: ${{ secrets.VAULT_ROLE_ID }} + VAULT_SECRET_ID: ${{ secrets.VAULT_SECRET_ID }} From 800f6844110c6c5e37cfa95ea5eca64c0717bb93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sindre=20=C3=98strem?= Date: Thu, 9 Jan 2025 15:16:51 +0100 Subject: [PATCH 03/11] correct? level --- .github/workflows/ci_pipeline.yml | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ci_pipeline.yml b/.github/workflows/ci_pipeline.yml index 3c8f4e4..4150348 100644 --- a/.github/workflows/ci_pipeline.yml +++ b/.github/workflows/ci_pipeline.yml @@ -4,18 +4,17 @@ on: jobs: build_maven_pipeline: - - name: Tekst workflow - uses: NationalLibraryOfNorway/tekst-workflows/.github/workflows/build_maven_pipeline@main - with: - ENVIRONMENT: stage - JDK_VERSION: 17 - MAVEN_VERSION: 3.9.6 - USE_MAVEN_PROXY_SETTINGS: true - secrets: - VAULT_URL: ${{ secrets.VAULT_URL }} - VAULT_SECRET_PATH: kv/team/text/data - VAULT_ROLE_ID: ${{ secrets.VAULT_ROLE_ID }} - VAULT_SECRET_ID: ${{ secrets.VAULT_SECRET_ID }} + uses: NationalLibraryOfNorway/tekst-workflows/.github/workflows/build_maven_pipeline@main + with: + ENVIRONMENT: stage + JDK_VERSION: 17 + MAVEN_VERSION: 3.9.6 + USE_MAVEN_PROXY_SETTINGS: true + secrets: + VAULT_URL: ${{ secrets.VAULT_URL }} + VAULT_SECRET_PATH: kv/team/text/data + VAULT_ROLE_ID: ${{ secrets.VAULT_ROLE_ID }} + VAULT_SECRET_ID: ${{ secrets.VAULT_SECRET_ID }} From 65b8b1aa9830fde1de340f80798a3cd8e7384faa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sindre=20=C3=98strem?= Date: Thu, 9 Jan 2025 15:19:41 +0100 Subject: [PATCH 04/11] ad .yml --- .github/workflows/ci_pipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci_pipeline.yml b/.github/workflows/ci_pipeline.yml index 4150348..8d342de 100644 --- a/.github/workflows/ci_pipeline.yml +++ b/.github/workflows/ci_pipeline.yml @@ -4,7 +4,7 @@ on: jobs: build_maven_pipeline: - uses: NationalLibraryOfNorway/tekst-workflows/.github/workflows/build_maven_pipeline@main + uses: NationalLibraryOfNorway/tekst-workflows/.github/workflows/build_maven_pipeline.yml@main with: ENVIRONMENT: stage JDK_VERSION: 17 From 4a8dd48c5f2fc62c843b77224ae8c7872e48b132 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sindre=20=C3=98strem?= Date: Thu, 9 Jan 2025 15:31:36 +0100 Subject: [PATCH 05/11] something --- something | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 something diff --git a/something b/something new file mode 100644 index 0000000..e69de29 From 04861456fbb258b4e2d9adfbdf60aabf052a3711 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sindre=20=C3=98strem?= Date: Fri, 10 Jan 2025 11:13:19 +0100 Subject: [PATCH 06/11] rename --- .github/workflows/ci_pipeline.yml | 2 +- something | 0 2 files changed, 1 insertion(+), 1 deletion(-) delete mode 100644 something diff --git a/.github/workflows/ci_pipeline.yml b/.github/workflows/ci_pipeline.yml index 8d342de..a68ffcf 100644 --- a/.github/workflows/ci_pipeline.yml +++ b/.github/workflows/ci_pipeline.yml @@ -4,7 +4,7 @@ on: jobs: build_maven_pipeline: - uses: NationalLibraryOfNorway/tekst-workflows/.github/workflows/build_maven_pipeline.yml@main + uses: NationalLibraryOfNorway/tekst-workflows/.github/workflows/build-maven-pipeline.yml@main with: ENVIRONMENT: stage JDK_VERSION: 17 diff --git a/something b/something deleted file mode 100644 index e69de29..0000000 From 3cc545db0afcc7838928d5237922cba7a5e96cb3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sindre=20=C3=98strem?= Date: Fri, 10 Jan 2025 15:15:12 +0100 Subject: [PATCH 07/11] Add new workflows --- .github/workflows/ci_pipeline.yml | 243 -------------------- .github/workflows/pr-check.yml | 16 ++ .github/workflows/publish-prod-release.yml | 20 ++ .github/workflows/publish-stage-release.yml | 20 ++ 4 files changed, 56 insertions(+), 243 deletions(-) delete mode 100644 .github/workflows/ci_pipeline.yml create mode 100644 .github/workflows/pr-check.yml create mode 100644 .github/workflows/publish-prod-release.yml create mode 100644 .github/workflows/publish-stage-release.yml diff --git a/.github/workflows/ci_pipeline.yml b/.github/workflows/ci_pipeline.yml deleted file mode 100644 index a68ffcf..0000000 --- a/.github/workflows/ci_pipeline.yml +++ /dev/null @@ -1,243 +0,0 @@ -name: Test tekst-workflows -on: - push - -jobs: - build_maven_pipeline: - uses: NationalLibraryOfNorway/tekst-workflows/.github/workflows/build-maven-pipeline.yml@main - with: - ENVIRONMENT: stage - JDK_VERSION: 17 - MAVEN_VERSION: 3.9.6 - USE_MAVEN_PROXY_SETTINGS: true - secrets: - VAULT_URL: ${{ secrets.VAULT_URL }} - VAULT_SECRET_PATH: kv/team/text/data - VAULT_ROLE_ID: ${{ secrets.VAULT_ROLE_ID }} - VAULT_SECRET_ID: ${{ secrets.VAULT_SECRET_ID }} - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -#name: CI/CD Pipeline -# -#on: -# push: -# branches: -# - "**" -# tags: -# - "v*.*.*" -# pull_request: -# branches: -# - "main" -# -#env: -# MAVEN_INFO: "--batch-mode -Dmaven.repo.local=.m2/repository -Dbuild.tag=$GITHUB_REF_NAME -Dbuild.commit-id-short=$GITHUB_SHA -Dbuild.commit-id-long=$GITHUB_SHA -Dbuild.pipeline-id=$GITHUB_RUN_ID" -# -#jobs: -# build-and-test: -# name: Build and Test -# runs-on: [self-hosted-linux] -# steps: -# - name: Checkout repository -# uses: actions/checkout@v4 -# -# - name: Set up JDK 17 -# uses: actions/setup-java@v4 -# with: -# java-version: '17' -# distribution: 'temurin' -# -# - name: Cache Maven packages -# uses: actions/cache@v4 -# with: -# path: ~/.m2 -# key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} -# restore-keys: ${{ runner.os }}-m2 -# -# - name: Install Maven -# run: | -# sudo apt-get update -y -# sudo apt-get install wget -y -# wget https://downloads.apache.org/maven/maven-3/3.9.6/binaries/apache-maven-3.9.6-bin.tar.gz -# tar xzf apache-maven-3.9.6-bin.tar.gz -# sudo mv apache-maven-3.9.6 /opt/ -# sudo ln -s /opt/apache-maven-3.9.6/bin/mvn /usr/local/bin/mvn -# echo "PATH=/opt/apache-maven-3.9.6/bin:$PATH" >> $GITHUB_ENV -# mvn -v -# -# - name: Build and Test -# run: | -# sed -i "s/https_proxy_host/${{ secrets.HTTP_PROXY }}/g" .m2/settings.xml -# sed -i "s/https_proxy_port/${{ secrets.HTTP_PROXY_PORT }}/g" .m2/settings.xml -# sed -i "s/http_proxy_host/${{ secrets.HTTP_PROXY }}/g" .m2/settings.xml -# sed -i "s/http_proxy_port/${{ secrets.HTTP_PROXY_PORT }}/g" .m2/settings.xml -# mvn -e -s .m2/settings.xml ${{ env.MAVEN_INFO }} verify -# -# - name: Upload artifact -# uses: actions/upload-artifact@v4 -# with: -# name: bikube.jar -# path: target/bikube.jar -# -# - name: Cache .m2/repository -# uses: actions/cache@v4 -# with: -# path: ~/.m2/repository -# key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} -# restore-keys: ${{ runner.os }}-m2 -# -# build-and-publish-docker-image: -# needs: build-and-test -# if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') -# name: Create and push Docker image -# outputs: -# image_version: ${{ steps.meta.outputs.version }} -# runs-on: [self-hosted-linux] -# steps: -# - name: Check out the repo -# uses: actions/checkout@v4 -# -# - name: Set up Docker Buildx -# uses: docker/setup-buildx-action@v3 -# with: -# driver: docker -# -# - name: Log in to Harbor -# uses: docker/login-action@v3 -# with: -# registry: ${{ secrets.HARBOR_URL }} -# username: ${{ secrets.HARBOR_USERNAME }} -# password: ${{ secrets.HARBOR_PASSWORD }} -# -# - name: Extract metadata (tags, labels) for Docker -# id: meta -# uses: docker/metadata-action@v5 -# with: -# images: harbor.nb.no/tekst/bikube -# tags: | -# type=semver,pattern={{version}} -# type=ref,event=branch -# type=ref,event=pr -# -# - name: Download artifact -# uses: actions/download-artifact@v4 -# with: -# name: bikube.jar -# -# - name: Build image -# uses: docker/build-push-action@v5 -# with: -# push: true -# context: . -# tags: ${{ steps.meta.outputs.tags }} -# labels: ${{ steps.meta.outputs.labels }} -# -# deploy-to-k8s-stage: -# name: Deploy to kubernetes stage environment -# needs: build-and-publish-docker-image -# if: github.ref == 'refs/heads/main' -# runs-on: [self-hosted-linux] -# environment: stage -# steps: -# - name: Checkout repository -# uses: actions/checkout@v4 -# -# - name: Import secrets -# id: import-secrets -# uses: hashicorp/vault-action@v3 -# with: -# url: ${{ secrets.VAULT_URL }} -# method: approle -# roleId: ${{ secrets.VAULT_ROLE_ID }} -# secretId: ${{ secrets.VAULT_SECRET_ID }} -# secrets: | -# kv/team/text/data/k8s-text-stage * -# -# - name: Setup Kubectl -# uses: azure/setup-kubectl@v4 -# with: -# version: 'v1.26.5' -# -# - name: Deploy to stage cluster -# run: | -# echo "Deploying to stage version ${{ needs.build-and-publish-docker-image.outputs.image_version }}" -# sed -i "s//${{ needs.build-and-publish-docker-image.outputs.image_version }}/g" k8s/stage/bikube.yml -# sed -i "s//${{ steps.import-secrets.outputs.K8S_HOST_URL }}/g" k8s/stage/bikube.yml -# kubectl config set-cluster stagecl --server=${{ steps.import-secrets.outputs.K8S_STAGE_SERVER }} -# kubectl config set clusters.stagecl.certificate-authority-data ${{ steps.import-secrets.outputs.K8S_STAGE_NB_NO_CA }} -# kubectl config set-credentials ${{ steps.import-secrets.outputs.K8S_STAGE_USER }} --token=${{ steps.import-secrets.outputs.K8S_STAGE_NB_NO_TOKEN }} -# kubectl config set-context tekst --cluster=stagecl --user=${{ steps.import-secrets.outputs.K8S_STAGE_USER }} --namespace=tekst-stage -# kubectl config use-context tekst -# kubectl config view -# kubectl version -# kubectl apply -f k8s/stage/bikube.yml -# kubectl rollout restart deploy/bikube -# -# deploy-to-k8s-prod: -# name: Deploy to kubernetes prod environment -# needs: build-and-publish-docker-image -# if: startsWith(github.event.ref, 'refs/tags/v') -# runs-on: [self-hosted-linux] -# environment: prod -# steps: -# - name: Checkout repository -# uses: actions/checkout@v4 -# -# - name: Import secrets -# id: import-secrets -# uses: hashicorp/vault-action@v3 -# with: -# url: ${{ secrets.VAULT_URL }} -# method: approle -# roleId: ${{ secrets.VAULT_ROLE_ID }} -# secretId: ${{ secrets.VAULT_SECRET_ID }} -# secrets: | -# kv/team/text/data/k8s-text-prod * -# -# - name: Setup Kubectl -# uses: azure/setup-kubectl@v4 -# with: -# version: 'v1.26.5' -# -# - name: Deploy to prod cluster -# run: | -# echo "Deploying to production version ${{ needs.build-and-publish-docker-image.outputs.image_version }}" -# sed -i "s//${{ needs.build-and-publish-docker-image.outputs.image_version }}/g" k8s/prod/bikube.yml -# sed -i "s//${{ steps.import-secrets.outputs.K8S_HOST_URL }}/g" k8s/prod/bikube.yml -# sed -i "s//${{ steps.import-secrets.outputs.ALT_HOST_URL }}/g" k8s/prod/bikube.yml -# kubectl config set-cluster prodcl --server=${{ steps.import-secrets.outputs.K8S_PROD_SERVER }} -# kubectl config set clusters.prodcl.certificate-authority-data ${{ steps.import-secrets.outputs.K8S_PROD_NB_NO_CA }} -# kubectl config set-credentials ${{ steps.import-secrets.outputs.K8S_PROD_USER }} --token=${{ steps.import-secrets.outputs.K8S_PROD_NB_NO_TOKEN }} -# kubectl config set-context tekst --cluster=prodcl --user=${{ steps.import-secrets.outputs.K8S_PROD_USER }} --namespace=tekst-prod -# kubectl config use-context tekst -# kubectl config view -# kubectl version -# kubectl apply -f k8s/prod/bikube.yml -# kubectl rollout restart deploy/bikube diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml new file mode 100644 index 0000000..20eefab --- /dev/null +++ b/.github/workflows/pr-check.yml @@ -0,0 +1,16 @@ +name: Test tekst-workflows +on: + push: + branches: + - "**" + pull_request: + branches: + - "main" + +jobs: + maven_pr_check: + if: (github.event_name == 'pull_request' || github.event_name == 'push') && github.ref != 'refs/heads/main' + uses: NationalLibraryOfNorway/tekst-workflows/.github/workflows/maven-check.yml@main + with: + JDK_VERSION: 17 + MAVEN_VERSION: 3.9.6 \ No newline at end of file diff --git a/.github/workflows/publish-prod-release.yml b/.github/workflows/publish-prod-release.yml new file mode 100644 index 0000000..0e94039 --- /dev/null +++ b/.github/workflows/publish-prod-release.yml @@ -0,0 +1,20 @@ +name: Test tekst-workflows +on: + release: + types: + - created + +jobs: + build_maven_pipeline: + if: github.event_name == 'release' && github.ref == 'refs/tags/v*' + uses: NationalLibraryOfNorway/tekst-workflows/.github/workflows/maven-build-and-deploy.yml@main + with: + ENVIRONMENT: prod + JDK_VERSION: 17 + MAVEN_VERSION: 3.9.6 + USE_MAVEN_PROXY_SETTINGS: true + secrets: + VAULT_URL: ${{ secrets.VAULT_URL }} + VAULT_SECRET_PATH: kv/team/text/data + VAULT_ROLE_ID: ${{ secrets.VAULT_ROLE_ID }} + VAULT_SECRET_ID: ${{ secrets.VAULT_SECRET_ID }} \ No newline at end of file diff --git a/.github/workflows/publish-stage-release.yml b/.github/workflows/publish-stage-release.yml new file mode 100644 index 0000000..916a600 --- /dev/null +++ b/.github/workflows/publish-stage-release.yml @@ -0,0 +1,20 @@ +name: Test tekst-workflows +on: + push: + branches: + - "main" + +jobs: + build_maven_pipeline: + environment: stage + uses: NationalLibraryOfNorway/tekst-workflows/.github/workflows/maven-build-and-deploy.yml@main + with: + ENVIRONMENT: stage + JDK_VERSION: 17 + MAVEN_VERSION: 3.9.6 + USE_MAVEN_PROXY_SETTINGS: true + secrets: + VAULT_URL: ${{ secrets.VAULT_URL }} + VAULT_SECRET_PATH: kv/team/text/data + VAULT_ROLE_ID: ${{ secrets.VAULT_ROLE_ID }} + VAULT_SECRET_ID: ${{ secrets.VAULT_SECRET_ID }} \ No newline at end of file From 163e243250ee34f645d75a9355ce3cd42d969762 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sindre=20=C3=98strem?= Date: Fri, 10 Jan 2025 15:23:09 +0100 Subject: [PATCH 08/11] Small fixes --- .github/workflows/pr-check.yml | 1 - .github/workflows/publish-prod-release.yml | 8 ++++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index 20eefab..c23a7f8 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -9,7 +9,6 @@ on: jobs: maven_pr_check: - if: (github.event_name == 'pull_request' || github.event_name == 'push') && github.ref != 'refs/heads/main' uses: NationalLibraryOfNorway/tekst-workflows/.github/workflows/maven-check.yml@main with: JDK_VERSION: 17 diff --git a/.github/workflows/publish-prod-release.yml b/.github/workflows/publish-prod-release.yml index 0e94039..397e86a 100644 --- a/.github/workflows/publish-prod-release.yml +++ b/.github/workflows/publish-prod-release.yml @@ -1,13 +1,13 @@ name: Test tekst-workflows on: - release: - types: - - created + push: + tags: + - v* jobs: build_maven_pipeline: - if: github.event_name == 'release' && github.ref == 'refs/tags/v*' uses: NationalLibraryOfNorway/tekst-workflows/.github/workflows/maven-build-and-deploy.yml@main + environment: prod with: ENVIRONMENT: prod JDK_VERSION: 17 From e12e9796020e3ee6232d6c5af7e0e2c68c580e43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sindre=20=C3=98strem?= Date: Fri, 10 Jan 2025 15:39:30 +0100 Subject: [PATCH 09/11] set vault secrets to pr workflow --- .github/workflows/pr-check.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index c23a7f8..5c832a3 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -12,4 +12,9 @@ jobs: uses: NationalLibraryOfNorway/tekst-workflows/.github/workflows/maven-check.yml@main with: JDK_VERSION: 17 - MAVEN_VERSION: 3.9.6 \ No newline at end of file + MAVEN_VERSION: 3.9.6 + secrets: + VAULT_URL: ${{ secrets.VAULT_URL }} + VAULT_SECRET_PATH: kv/team/text/data + VAULT_ROLE_ID: ${{ secrets.VAULT_ROLE_ID }} + VAULT_SECRET_ID: ${{ secrets.VAULT_SECRET_ID }} \ No newline at end of file From 4c8896e0dd71e02bdf11cc757af1c6ae87f459f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sindre=20=C3=98strem?= Date: Fri, 10 Jan 2025 16:09:53 +0100 Subject: [PATCH 10/11] update to match workflow --- .github/workflows/publish-stage-release.yml | 2 +- {.m2 => .mvn}/settings.xml | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename {.m2 => .mvn}/settings.xml (100%) diff --git a/.github/workflows/publish-stage-release.yml b/.github/workflows/publish-stage-release.yml index 916a600..c7e3ae6 100644 --- a/.github/workflows/publish-stage-release.yml +++ b/.github/workflows/publish-stage-release.yml @@ -12,7 +12,7 @@ jobs: ENVIRONMENT: stage JDK_VERSION: 17 MAVEN_VERSION: 3.9.6 - USE_MAVEN_PROXY_SETTINGS: true + USE_MAVEN_SETTINGS_FILE: true secrets: VAULT_URL: ${{ secrets.VAULT_URL }} VAULT_SECRET_PATH: kv/team/text/data diff --git a/.m2/settings.xml b/.mvn/settings.xml similarity index 100% rename from .m2/settings.xml rename to .mvn/settings.xml From 96199d77308db9abc9e844a063a05e023647559e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sindre=20=C3=98strem?= Date: Fri, 10 Jan 2025 16:10:58 +0100 Subject: [PATCH 11/11] . --- .github/workflows/pr-check.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml index 5c832a3..b306143 100644 --- a/.github/workflows/pr-check.yml +++ b/.github/workflows/pr-check.yml @@ -13,6 +13,7 @@ jobs: with: JDK_VERSION: 17 MAVEN_VERSION: 3.9.6 + USE_MAVEN_SETTINGS_FILE: true secrets: VAULT_URL: ${{ secrets.VAULT_URL }} VAULT_SECRET_PATH: kv/team/text/data