chore: deploy pipeline cleanup (#17788) #132
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Runtime - deploy syncroot | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - infra/runtime/syncroot/** | |
| - .github/workflows/deploy-runtime-syncroot.yaml | |
| workflow_dispatch: | |
| inputs: | |
| environments: | |
| description: "Runtime environments to tag. Comma-separated (e.g. at_ring1,at_ring2)." | |
| required: false | |
| default: "at_ring1" | |
| permissions: | |
| id-token: write | |
| contents: read | |
| actions: write | |
| jobs: | |
| get-short-sha: | |
| uses: ./.github/workflows/template-short-sha.yaml | |
| construct-rings-array: | |
| uses: ./.github/workflows/template-runtime-construct-environments.yaml | |
| with: | |
| inputs: ${{ toJSON(github.event.inputs) }} | |
| push-syncroot-artifact: | |
| name: Push syncroot as OCI artifact | |
| needs: get-short-sha | |
| runs-on: ubuntu-latest | |
| environment: dev | |
| permissions: | |
| id-token: write # Require write permission to Fetch an OIDC token. | |
| outputs: | |
| short-sha: ${{ needs.get-short-sha.outputs.short-sha }} | |
| defaults: | |
| run: | |
| working-directory: ./infra/runtime | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| with: | |
| fetch-depth: 0 # Shallow clone | |
| - name: az login | |
| uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID_FC }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID_FC }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID_FC }} | |
| - name: az acr login | |
| run: az acr login --name altinncr | |
| - name: flux install | |
| uses: fluxcd/flux2/action@8454b02a32e48d775b9f563cb51fdcb1787b5b93 # v2.7.5 | |
| - name: push artifact | |
| run: | | |
| cd syncroot/ | |
| flux push artifact oci://altinncr.azurecr.io/studio-apps/syncroot:${{ needs.get-short-sha.outputs.short-sha }} \ | |
| --provider=generic \ | |
| --reproducible \ | |
| --path="." \ | |
| --source="$(git config --get remote.origin.url)" \ | |
| --revision="$(git branch --show-current)/$(git rev-parse HEAD)" | |
| tag-syncroot: | |
| name: Tag syncroot | |
| needs: [push-syncroot-artifact, construct-rings-array] | |
| runs-on: ubuntu-latest | |
| environment: ${{ matrix.environment }} | |
| permissions: | |
| id-token: write # Require write permission to Fetch an OIDC token. | |
| strategy: | |
| matrix: | |
| include: ${{ fromJson(needs.construct-rings-array.outputs.result) }} | |
| steps: | |
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 | |
| with: | |
| fetch-depth: 0 # Shallow clone | |
| - name: az login | |
| uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID_FC }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID_FC }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID_FC }} | |
| - name: az acr login | |
| run: az acr login --name altinncr | |
| - name: flux install | |
| uses: fluxcd/flux2/action@8454b02a32e48d775b9f563cb51fdcb1787b5b93 # v2.7.5 | |
| - name: tag artifact | |
| run: | | |
| flux tag artifact oci://altinncr.azurecr.io/studio-apps/syncroot:${{ needs.push-syncroot-artifact.outputs.short-sha }} \ | |
| --tag ${{ matrix.ring }} |