replace APScheduler with Celery beat (#6993) #708
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and push a Docker image | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - dev | |
| tags: | |
| - '*' | |
| workflow_dispatch: | |
| inputs: | |
| ref: | |
| description: 'ref to be deployed (e.g. "refs/heads/main", "v1.0.0", "2c0472cf")' | |
| type: string | |
| required: true | |
| default: refs/heads/dev | |
| env: | |
| APP: sumo | |
| APPLICATION_REPOSITORY: mozilla/kitsune | |
| IMAGE_NAME: kitsune | |
| GAR_LOCATION: us | |
| GCP_PROJECT_ID: moz-fx-sumo-prod | |
| GAR_REPOSITORY: sumo-prod | |
| jobs: | |
| build: | |
| permissions: | |
| contents: read | |
| deployments: write | |
| id-token: write | |
| runs-on: ubuntu-latest | |
| if: github.repository == 'mozilla/kitsune' | |
| outputs: | |
| deployment_env: ${{ env.DEPLOYMENT_ENV }} | |
| deployment_realm: ${{ env.DEPLOYMENT_REALM }} | |
| image_tag: ${{ env.TAG }} | |
| steps: | |
| - id: set_ref_id | |
| name: Set the REF_ID | |
| env: | |
| REF_ID: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.ref || github.ref }} | |
| run: echo "REF_ID=$REF_ID" >> $GITHUB_ENV | |
| - uses: actions/checkout@v4 | |
| - name: Create version.json | |
| run: | | |
| # create a version.json per | |
| # https://github.com/mozilla-services/Dockerflow/blob/master/docs/version_object.md | |
| printf '{"commit":"%s","version":"%s","source":"%s","build":"%s"}\n' \ | |
| "$GITHUB_SHA" \ | |
| "$GITHUB_REF_NAME" \ | |
| "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \ | |
| "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" > version.json | |
| - id: checkout_application_repo | |
| name: checkout application repo | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| ref: ${{ env.REF_ID }} | |
| - id: resolve_image_tag | |
| name: Resolve Docker image tag | |
| run: | | |
| if [[ "$REF_ID" == "refs/heads/dev" ]]; then | |
| echo TAG="dev-$(git describe --tags --abbrev=7)" >> "$GITHUB_ENV" | |
| # Updates to the dev branch are deployed to dev. | |
| echo DEPLOYMENT_ENV=dev >> "$GITHUB_ENV" | |
| echo DEPLOYMENT_REALM=nonprod >> "$GITHUB_ENV" | |
| elif [[ "$REF_ID" == "refs/heads/main" ]]; then | |
| echo TAG="$(git describe --tags --abbrev=7)" >> "$GITHUB_ENV" | |
| # Updates to the main branch are deployed to stage. | |
| echo DEPLOYMENT_ENV=stage >> "$GITHUB_ENV" | |
| echo DEPLOYMENT_REALM=nonprod >> "$GITHUB_ENV" | |
| elif [[ "$REF_ID" == refs/tags/* ]]; then | |
| echo TAG="$(git describe --tags --abbrev=7)" >> "$GITHUB_ENV" | |
| # Version tags are deployed to prod. | |
| echo DEPLOYMENT_ENV=prod >> "$GITHUB_ENV" | |
| echo DEPLOYMENT_REALM=prod >> "$GITHUB_ENV" | |
| else | |
| # Everything else is just built but not deployed. | |
| echo TAG="custom-$(git rev-parse --short HEAD)" >> "$GITHUB_ENV" | |
| echo DEPLOYMENT_ENV=none >> "$GITHUB_ENV" | |
| echo DEPLOYMENT_REALM=none >> "$GITHUB_ENV" | |
| fi | |
| - uses: docker/setup-buildx-action@v3 | |
| - id: gcp_auth | |
| name: GCP authentication | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: access_token | |
| service_account: artifact-writer@${{ env.GCP_PROJECT_ID }}.iam.gserviceaccount.com | |
| workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }} | |
| - id: docker_login | |
| name: Log in to the container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.GAR_LOCATION }}-docker.pkg.dev | |
| username: oauth2accesstoken | |
| password: ${{ steps.gcp_auth.outputs.access_token }} | |
| - id: build_and_push | |
| name: Build and push image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| tags: | | |
| ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.GCP_PROJECT_ID }}/${{ env.GAR_REPOSITORY }}/${{ env.IMAGE_NAME }}:${{ env.TAG }} | |
| push: true | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| upload-static-assets: | |
| name: upload static assets | |
| if: needs.build.outputs.deployment_env != 'none' | |
| environment: ${{ needs.build.outputs.deployment_env }} | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| permissions: | |
| contents: read | |
| id-token: write | |
| steps: | |
| - id: gcp_auth | |
| name: gcp auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| token_format: access_token | |
| service_account: deploy-${{ needs.build.outputs.deployment_env }}@moz-fx-sumo-${{ needs.build.outputs.deployment_realm }}.iam.gserviceaccount.com | |
| workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }} | |
| - id: docker_login | |
| name: docker login | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.GAR_LOCATION }}-docker.pkg.dev | |
| username: oauth2accesstoken | |
| password: ${{ steps.gcp_auth.outputs.access_token }} | |
| - id: setup-gcloud | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - id: upload-assets | |
| name: upload static assets | |
| env: | |
| IMAGE_TAG: ${{ needs.build.outputs.image_tag }} | |
| DEPLOYMENT_REALM: ${{ needs.build.outputs.deployment_realm }} | |
| DEPLOYMENT_ENV: ${{ needs.build.outputs.deployment_env }} | |
| run: |- | |
| TMP_DIR=static-upload | |
| TMP_DIR_HASHED=static-upload-hashed | |
| docker create --name tmp $GAR_LOCATION-docker.pkg.dev/$GCP_PROJECT_ID/$GAR_REPOSITORY/$IMAGE_NAME:$IMAGE_TAG | |
| mkdir -p ./$TMP_DIR ./$TMP_DIR_HASHED | |
| docker cp tmp:/app/static/. ./$TMP_DIR/ | |
| find $TMP_DIR -maxdepth 1 -type f -regextype sed -regex ".*\.[0-9a-f]\{16\}\..*" -exec mv -t $TMP_DIR_HASHED {} + | |
| gsutil -m rsync -r ./$TMP_DIR_HASHED/ gs://$APP-$DEPLOYMENT_REALM-$DEPLOYMENT_ENV-assets-bucket/static/ | |
| gsutil -m rsync -r ./$TMP_DIR/ gs://$APP-$DEPLOYMENT_REALM-$DEPLOYMENT_ENV-assets-bucket/static/ | |
| docker rm tmp |