This repository has been archived by the owner on Aug 16, 2024. It is now read-only.

CI VOL API #15

Workflow file for this run

.github/workflows/vol-api-build-pr-main-ci.yml at ee40828

	name: CI VOL API
	run-name: CI VOL API

	on:
	# pull_request:
	push:
	branches:
	- feature/AWSRESET1-514

	jobs:

	hadolint:
	uses: ./.github/workflows/docker-hadolint.yaml

	ci-vol-api:

	runs-on: ubuntu-latest

	env:
	AWS_REGION : ${{ vars.DVSA_AWS_REGION }}
	AWS_ACCOUNT_ID_VOL_NP_TOOLING: ${{ vars.VOL_AWS_ACCOUNT_TOOLING_NONPROD }}
	REPO_NAME: ${{vars.AWS_ECR_NP_VOLTOOLING_REPONAME}}
	AWS_ACCOUNT_ID_SHAREDCOREECR: ${{vars.AWS_ACCOUNT_ID_SHAREDCOREECR}}

	permissions:
	id-token: write # This is required for requesting the JWT
	contents: read # This is required for actions/checkout

	steps:

	- name: Checkout the repository to the runner
	uses: actions/checkout@v3

	##create s3 bucket in vol-non-prod tooling and vol-prod tooling to get the composer
	- name: Download the compose file
	run: \|
	php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
	php composer-setup.php --install-dir=/usr/local/bin --filename=composer
	php -r "unlink('composer-setup.php');"

	- name: Install Composer dependencies
	run: \|
	composer install --optimize-autoloader --no-interaction --no-dev

	- name: Build VOL Backend
	run: \|
	date > config/version
	git describe --all >> config/version
	tar cvzf backend.tar.gz --exclude=config/autoload/local.php --exclude=config/autoload/local.php.dist composer.lock init_autoloader.php config module public data/autoload data/cache vendor

	- name: Set BASE_IMAGE and VOL_API_IMAGE_TAG
	run: \|
	envsubst < Dockerfile \| tee Dockerfile.tmp
	mv Dockerfile.tmp Dockerfile
	IMAGE_SHA=$(git rev-parse --short HEAD)
	BASE_IMAGE=$(head -n1 Dockerfile)
	BASE_IMAGE=${BASE_IMAGE#* }
	echo "VOL_API_IMAGE_TAG=vol-api-7.4.33-alpine-fpm-$IMAGE_SHA" >> $GITHUB_ENV

	- name: Setup Notation CLI
	uses: notaryproject/notation-action/setup@v1
	with:
	version: 1.0.0

	- name: Set up Notation AWS Signer plugin
	run: \|
	wget https://d2hvyiie56hcat.cloudfront.net/linux/amd64/installer/deb/latest/aws-signer-notation-cli_amd64.deb
	sudo dpkg -i aws-signer-notation-cli_amd64.deb
	notation version
	notation plugin ls

	- name: Configure AWS credentials on Shared Core ECR
	uses: aws-actions/[email protected]
	with:
	role-to-assume: ${{ secrets.DVSA_AWS_ROLE_SHAREDCORECR }}
	role-session-name: GitHub_to_AWS_via_FederatedOIDC
	aws-region: ${{ vars.DVSA_AWS_REGION }}

	- name: Login to Shared Core ECR
	id: login-ecr-sharedcoreecr
	uses: aws-actions/[email protected]

	- name: Build VOL API image after verifying Base image
	run: \|
	notation verify $BASE_IMAGE --plugin "com.amazonaws.signer.notation.plugin" --id "${{ secrets.DVSA_AWS_SHAREDCORECR_IMAGE_SIGNING_PROFILE }}"
	docker build -t $AWS_ACCOUNT_ID_VOL_NP_TOOLING.dkr.ecr.$AWS_REGION.amazonaws.com/$REPO_NAME:$VOL_API_IMAGE_TAG --build-arg DVSA_AWS_SHAREDCOREECR_ID=${{secrets.DVSA_AWS_SHAREDCOREECR_ID}} .

	- name: Configure AWS credentials on Non Production VOL ECR
	uses: aws-actions/[email protected]
	with:
	role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }}
	role-session-name: GitHub_to_AWS_via_FederatedOIDC
	aws-region: ${{ vars.DVSA_AWS_REGION}}

	- name: Login to Non Production VOL ECR
	id: login-ecr-vol-tooling-non-prod
	uses: aws-actions/amazon-ecr-login@v2

	- name: Push VOL API image
	run: \|
	docker push $AWS_ACCOUNT_ID_VOL_NP_TOOLING.dkr.ecr.$AWS_REGION.amazonaws.com/$REPO_NAME:$VOL_API_IMAGE_TAG

	- name: Sign VOL API image
	run: \|
	notation sign $AWS_ACCOUNT_ID_VOL_NP_TOOLING.dkr.ecr.$AWS_REGION.amazonaws.com/$REPO_NAME:$VOL_API_IMAGE_TAG --plugin "com.amazonaws.signer.notation.plugin" --id "${{ secrets.DVSA_AWS_NONPRODVOLTOOLING_IMAGE_SIGNING_PROFILE }}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CI VOL API #15

Workflow file

CI VOL API #15

Jobs

Run details

Workflow file for this run