Skip to content

Commit

Permalink
chore: New post-merge workflow and new IT cases. (#158)
Browse files Browse the repository at this point in the history
  • Loading branch information
@antoniotarricone
antoniotarricone authored Dec 13, 2024
1 parent 1f6f48e commit 04cda5e
Show file tree
Hide file tree
Showing 2 changed files with 541 additions and 20 deletions.
368 changes: 368 additions & 0 deletions .github/workflows/post-merge-mcshared.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,368 @@
name: Post-merge/release workflow

on:
workflow_dispatch:
pull_request:
types:
- closed
branches:
- main

jobs:
##############################################################################
# #
# RELEASE CANDIDATE #
# #
##############################################################################
release_candidate:
if: github.event.pull_request.merged == true || github.event_name == 'workflow_dispatch'

runs-on: ubuntu-22.04

environment: cstar-d-mcshared

permissions:
id-token: write # Get OIDC token to authenticate to Azure.
packages: write # Push container imaged to GHCR.
contents: write # Create a new release.

outputs:
new_release_published: ${{ steps.semantic.outputs.new_release_published }}
new_release_version: ${{ steps.semantic.outputs.new_release_version }}

steps:
#
# Checkout the source code.
#
- name: Checkout the source code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
with:
token: ${{ secrets.GIT_PAT }}
fetch-depth: 0

#
# Install Node.
#
- name: Install Node
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c
with:
node-version: "20.18.0"

#
# Calculate of the new version (dry-run).
#
- name: Calculate of the new version (dry-run)
uses: cycjimmy/semantic-release-action@b1b432f13acb7768e0c8efdec416d363a57546f2 # 4.1.1
id: semantic
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
semantic_version: 21.1.1
branch: main
extra_plugins: |
@semantic-release/[email protected] # 44c780c6f9c1bf2643fe48b6718bd9a84b820132
@semantic-release/[email protected] # 3e934d45f97fd07a63617c0fc098c9ed3e67d97a
dry_run: true

#
# Setup Java Build Environment.
#
- name: Setup Java Build Environment
uses: pagopa/mil-actions/setup-java-build-env@f782a1b3cdb79afda2c10007ae46b831b31fe640 # 1.1.2
with:
gh_user: ${{ secrets.GIT_USER }}
gh_token: ${{ secrets.GIT_PAT }}

#
# RELEASE CANDIDATE - Update of pom.xml and openapi.yaml with the RC new version.
#
- name: RELEASE CANDIDATE - Update of pom.xml and openapi.yaml with the new version
if: steps.semantic.outputs.new_release_published == 'true'
run: |
yq -i ".info.version = \"${{ steps.semantic.outputs.new_release_version }}-RC\"" "src/main/resources/META-INF/openapi.yaml"
yq -i ".info.version = \"${{ steps.semantic.outputs.new_release_version }}-RC\"" "src/main/resources/META-INF/openapi_not_admin.yaml"
${{ runner.temp }}/maven/bin/mvn versions:set -DnewVersion=${{ steps.semantic.outputs.new_release_version }}-RC -s ${{ runner.temp }}/settings.xml --no-transfer-progress
#
# RELEASE CANDIDATE - Build and push native container image.
#
- name: RELEASE CANDIDATE - Build and push native container image
id: rc_image
if: steps.semantic.outputs.new_release_published == 'true'
uses: pagopa/mil-actions/build-push-native-image@241c6c17f483229fdd4ac26c6d79d1d65be2659c # 1.1.1
with:
gh_token: ${{ secrets.GIT_PAT }}
sonar_token: ${{ secrets.SONAR_TOKEN }}
release_version: ${{ steps.semantic.outputs.new_release_version }}-RC
skip_test: false

#
# Setup Terraform
#
- name: Setup Terraform
if: steps.semantic.outputs.new_release_published == 'true'
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
with:
terraform_version: 1.9.7

#
# RELEASE CANDIDATE - Update Container App.
#
- name: RELEASE CANDIDATE - Update Container App
if: steps.semantic.outputs.new_release_published == 'true'
shell: bash
working-directory: src/main/terraform
env:
ARM_CLIENT_ID: "${{ secrets.AZURE_CLIENT_ID }}"
ARM_SUBSCRIPTION_ID: "${{ secrets.AZURE_SUBSCRIPTION_ID }}"
ARM_TENANT_ID: "${{ secrets.AZURE_TENANT_ID }}"
run: |
terraform init \
-backend-config="env/cstar-d-mcshared/backend.tfvars" \
-reconfigure
terraform apply \
-var-file="env/cstar-d-mcshared/terraform.tfvars" \
-var="mil_auth_image=${{ steps.rc_image.outputs.image }}" \
-auto-approve \
-lock-timeout=300s
##############################################################################
# #
# CREATE RUNNER #
# #
##############################################################################
create_runner:
needs: release_candidate

if: needs.release_candidate.outputs.new_release_published == 'true'

runs-on: ubuntu-22.04

environment: cstar-d-mcshared

permissions:
id-token: write

outputs:
runner_name: ${{ steps.create_github_runner.outputs.runner_name }}

steps:
- name: Create GitHub Runner
id: create_github_runner
uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-create-action@ca5ac73f306764b9ec186af3594d905deab50590
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
container_app_environment_name: ${{ secrets.ACA_ENV_NAME }}
resource_group_name: ${{ secrets.ACA_ENV_RESOURCE_GROUP_NAME }}
pat_token: ${{ secrets.GIT_PAT }}
self_hosted_runner_image_tag: "v3.5.1"

##############################################################################
# #
# INTEGRATION TESTS #
# #
##############################################################################
integration_tests:
needs: create_runner

runs-on: [self-hosted, "${{ needs.create_runner.outputs.runner_name }}"]

environment: cstar-d-mcshared

steps:
#
# Checkout the source code.
#
- name: Checkout the source code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2

#
# Setup Java Build Environment.
#
- name: Setup Java Build Environment
uses: pagopa/mil-actions/setup-java-build-env@f782a1b3cdb79afda2c10007ae46b831b31fe640 # 1.1.2
with:
gh_user: ${{ secrets.GIT_USER }}
gh_token: ${{ secrets.GIT_PAT }}

#
# Run integration tests.
#
- name: Run integration tests
run: |
${{ runner.temp }}/maven/bin/mvn verify \
-s ${{ runner.temp }}/settings.xml \
--no-transfer-progress \
-DskipUTs=true \
-DskipITs=false \
-Dbase_uri=${{ secrets.IT_BASE_URI }} \
-Dadmin_client_id=${{ secrets.IT_ADMIN_CLIENT_ID }} \
-Dadmin_client_secret=${{ secrets.IT_ADMIN_CLIENT_SECRET }} \
-Dtoken_info_client_id=${{ secrets.IT_TOKEN_INFO_CLIENT_ID }} \
-Dtoken_info_client_secret=${{ secrets.IT_TOKEN_INFO_CLIENT_SECRET }} \
-Dtest_username=${{ secrets.IT_TEST_USERNAME }} \
-Dtest_password=${{ secrets.IT_TEST_PASSWORD }}
##############################################################################
# #
# CLEANUP RUNNER #
# #
##############################################################################
cleanup_runner:
needs: create_runner

if: always()

runs-on: ubuntu-22.04

environment: cstar-d-mcshared

permissions:
id-token: write

steps:
- name: Cleanup GitHub Runner
uses: pagopa/eng-github-actions-iac-template/azure/github-self-hosted-runner-azure-cleanup-action@0ee2f58fd46d10ac7f00bce4304b98db3dbdbe9a
with:
client_id: ${{ secrets.AZURE_CLIENT_ID }}
tenant_id: ${{ secrets.AZURE_TENANT_ID }}
subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
resource_group_name: ${{ secrets.ACA_ENV_RESOURCE_GROUP_NAME }}
runner_name: ${{ needs.create_runner.outputs.runner_name }}
pat_token: ${{ secrets.GIT_PAT }}

##############################################################################
# #
# STABLE #
# #
##############################################################################
stable:
needs: [release_candidate, integration_tests]

runs-on: ubuntu-22.04

environment: cstar-d-mcshared

permissions:
id-token: write # Get OIDC token to authenticate to Azure.
packages: write # Push container imaged to GHCR.
contents: write # Create a new release.

outputs:
image: ${{ steps.stable_image.outputs.image }}

steps:
#
# STABLE - Update of pom.xml and openapi.yaml with the new version.
#
- name: STABLE - Update of pom.xml and openapi.yaml with the new version
run: |
${{ runner.temp }}/maven/bin/mvn versions:set -DnewVersion=${{ needs.release_candidate.outputs.new_release_version }} -s ${{ runner.temp }}/settings.xml --no-transfer-progress
yq -i ".info.version = \"${{ needs.release_candidate.outputs.new_release_version }}\"" "src/main/resources/META-INF/openapi.yaml"
yq -i ".info.version = \"${{ needs.release_candidate.outputs.new_release_version }}\"" "src/main/resources/META-INF/openapi_not_admin.yaml"
git config user.name "GitHub Workflow"
git config user.email "<>"
git add pom.xml
git add src/main/resources/META-INF/openapi.yaml
git commit -m "Updated with new version ${{ needs.release_candidate.outputs.new_release_version }}"
git push origin main
#
# Calculation of the new version (again) with tagging + releasing + etc.
#
- name: Calculation of the new version (w/o dry_run) and put tag
uses: cycjimmy/semantic-release-action@b1b432f13acb7768e0c8efdec416d363a57546f2 # 4.1.1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
semantic_version: 21.1.1
branch: main
extra_plugins: |
@semantic-release/[email protected] # 44c780c6f9c1bf2643fe48b6718bd9a84b820132
@semantic-release/[email protected] # 3e934d45f97fd07a63617c0fc098c9ed3e67d97a
dry_run: false

#
# STABLE - Build and push native container image.
#
- name: STABLE - Build and push native container image
id: stable_image
uses: pagopa/mil-actions/build-push-native-image@241c6c17f483229fdd4ac26c6d79d1d65be2659c # 1.1.1
with:
gh_token: ${{ secrets.GIT_PAT }}
sonar_token: ${{ secrets.SONAR_TOKEN }}
release_version: ${{ needs.release_candidate.outputs.new_release_version }}
skip_test: true

#
# STABLE - Update Container App.
#
- name: STABLE - Update Container App
if: steps.semantic.outputs.new_release_published == 'true'
shell: bash
working-directory: src/main/terraform
env:
ARM_CLIENT_ID: "${{ secrets.AZURE_CLIENT_ID }}"
ARM_SUBSCRIPTION_ID: "${{ secrets.AZURE_SUBSCRIPTION_ID }}"
ARM_TENANT_ID: "${{ secrets.AZURE_TENANT_ID }}"
run: |
terraform init \
-backend-config="env/cstar-d-mcshared/backend.tfvars" \
-reconfigure
terraform apply \
-var-file="env/cstar-d-mcshared/terraform.tfvars" \
-var="mil_auth_image=${{ steps.stable_image.outputs.image }}" \
-auto-approve \
-lock-timeout=300s
##############################################################################
# #
# UAT DEPLOYMENT #
# #
##############################################################################
uat_deployment:
needs: stable

runs-on: ubuntu-22.04

environment: cstar-u-mcshared

permissions:
id-token: write

steps:
#
# Checkout the source code.
#
- name: Checkout the source code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2

#
# Setup Terraform
#
- name: Setup Terraform
uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
with:
terraform_version: 1.9.7

#
# Update Container App.
#
- name: STABLE - Update Container App
shell: bash
working-directory: src/main/terraform
env:
ARM_CLIENT_ID: "${{ secrets.AZURE_CLIENT_ID }}"
ARM_SUBSCRIPTION_ID: "${{ secrets.AZURE_SUBSCRIPTION_ID }}"
ARM_TENANT_ID: "${{ secrets.AZURE_TENANT_ID }}"
run: |
terraform init \
-backend-config="env/cstar-u-mcshared/backend.tfvars" \
-reconfigure
terraform apply \
-var-file="env/cstar-u-mcshared/terraform.tfvars" \
-var="mil_auth_image=${{ needs.stable.outputs.image }}" \
-auto-approve \
-lock-timeout=300s
Loading

0 comments on commit 04cda5e

Please sign in to comment.