[auth] oid4vci implementation #340
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deployment | |
on: | |
pull_request: | |
branches: | |
- master | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
jobs: | |
build-and-push-server-image: | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Log in to the Container registry | |
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
- uses: benjlevesque/[email protected] | |
id: short-sha | |
with: | |
length: 8 | |
- name: Build and push server Docker image | |
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc | |
with: | |
file: Dockerfile.full | |
context: . | |
push: true | |
tags: | | |
${{ env.REGISTRY }}/malach-it/boruta-server:${{ steps.short-sha.outputs.sha }}, | |
${{ env.REGISTRY }}/malach-it/boruta-server:${{ github.head_ref || github.ref_name }} | |
labels: ${{ steps.meta.outputs.labels }} | |
build-and-push-gateway-image: | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Log in to the Container registry | |
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
- uses: benjlevesque/[email protected] | |
id: short-sha | |
with: | |
length: 8 | |
- name: Build and push gateway Docker image | |
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc | |
with: | |
file: Dockerfile.gateway | |
context: . | |
push: true | |
tags: | | |
${{ env.REGISTRY }}/malach-it/boruta-gateway:${{ steps.short-sha.outputs.sha }}, | |
${{ env.REGISTRY }}/malach-it/boruta-gateway:${{ github.head_ref || github.ref_name }} | |
labels: ${{ steps.meta.outputs.labels }} | |
build-and-push-auth-image: | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Log in to the Container registry | |
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
- uses: benjlevesque/[email protected] | |
id: short-sha | |
with: | |
length: 8 | |
- name: Build and push auth Docker image | |
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc | |
with: | |
file: Dockerfile.auth | |
context: . | |
push: true | |
tags: | | |
${{ env.REGISTRY }}/malach-it/boruta-auth:${{ steps.short-sha.outputs.sha }}, | |
${{ env.REGISTRY }}/malach-it/boruta-auth:${{ github.head_ref || github.ref_name }} | |
labels: ${{ steps.meta.outputs.labels }} | |
build-and-push-admin-image: | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Log in to the Container registry | |
uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract metadata (tags, labels) for Docker | |
id: meta | |
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 | |
with: | |
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
- uses: benjlevesque/[email protected] | |
id: short-sha | |
with: | |
length: 8 | |
- name: Build and push admin Docker image | |
uses: docker/build-push-action@ad44023a93711e3deb337508980b4b5e9bcdc5dc | |
with: | |
file: Dockerfile.admin | |
context: . | |
push: true | |
tags: | | |
${{ env.REGISTRY }}/malach-it/boruta-admin:${{ steps.short-sha.outputs.sha }}, | |
${{ env.REGISTRY }}/malach-it/boruta-admin:${{ github.head_ref || github.ref_name }} | |
labels: ${{ steps.meta.outputs.labels }} | |
deploy: | |
runs-on: ubuntu-20.04 | |
needs: | |
- build-and-push-server-image | |
- build-and-push-gateway-image | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Install OS dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y curl python3-pip apt-transport-https | |
- name: Install helm | |
run: | | |
curl https://baltocdn.com/helm/signing.asc | sudo apt-key add - | |
echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list | |
sudo apt-get update | |
sudo apt-get install -y helm | |
- name: Install ansible | |
run: | | |
pip3 install --upgrade setuptools pip | |
pip3 install ansible pyhelm grpcio requests openshift kubernetes | |
ansible-galaxy collection install kubernetes.core | |
- name: Install kubectl | |
run: | | |
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" | |
curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256" | |
echo "$(<kubectl.sha256) kubectl" | sha256sum --check | |
sudo mv ./kubectl /usr/bin/kubectl | |
sudo chmod 755 /usr/bin/kubectl | |
- uses: benjlevesque/[email protected] | |
id: short-sha | |
with: | |
length: 8 | |
- name: Deploy | |
run: | | |
cd ansible | |
echo ${{ secrets.VAULT_PASSWORD }} > vault_pass.txt | |
ansible-vault decrypt ./.kube/kubeconfig-k8s-boruta.yaml --vault-password-file vault_pass.txt | |
KUBECONFIG=./.kube/kubeconfig-k8s-boruta.yaml ansible-playbook -i ./inventories/scaleway deploy.yml -e release_tag=${{ steps.short-sha.outputs.sha }} --vault-password-file vault_pass.txt |