chore: short-sha workflow to simple GITHUB_SHA refs (#18332) #136

Workflow file for this run

.github/workflows/deploy-runtime-pdf3.yaml at dd67225

	name: Runtime - deploy pdf3

	on:
	push:
	branches:
	- main
	paths:
	- src/Runtime/pdf3/**
	- .github/workflows/deploy-runtime-pdf3.yaml
	workflow_dispatch:
	inputs:
	environments:
	description: "Runtime environments to tag. Comma-separated (e.g. at_ring1,at_ring2)."
	required: false
	default: "at_ring1"

	permissions:
	id-token: write
	contents: read
	actions: write

	jobs:
	construct-rings-array:
	uses: ./.github/workflows/template-runtime-construct-environments.yaml
	with:
	inputs: ${{ toJSON(github.event.inputs) }}

	push-pdf3-artifact:
	name: Push pdf3 as OCI artifact
	runs-on: ubuntu-latest
	environment: dev
	permissions:
	id-token: write # Require write permission to Fetch an OIDC token.
	packages: write # Require write permission to push to GHCR.
	outputs:
	short-sha: ${{ steps.vars.outputs.short-sha }}
	config-repo: ${{ steps.vars.outputs.config-repo }}
	defaults:
	run:
	working-directory: src/Runtime/pdf3
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
	with:
	fetch-depth: 0 # Shallow clone

	- name: Set up Docker
	uses: docker/setup-docker-action@e43656e248c0bd0647d3f5c195d116aacf6fcaf4 # v4.7.0
	with:
	daemon-config: \|
	{
	"features": {
	"containerd-snapshotter": true
	}
	}

	- name: Set up QEMU
	uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0

	- name: set vars
	id: vars
	run: \|
	SHA="${GITHUB_SHA::10}"
	GHCR_BASE="ghcr.io/altinn/altinn-studio"
	ACR_PREFIX="altinncr.azurecr.io"

	echo "short-sha=$SHA" >> $GITHUB_OUTPUT
	echo "registry-name=altinncr" >> $GITHUB_OUTPUT
	echo "ghcr-image-proxy-repo=${GHCR_BASE}/runtime-pdf3-proxy:${SHA}" >> $GITHUB_OUTPUT
	echo "ghcr-image-worker-repo=${GHCR_BASE}/runtime-pdf3-worker:${SHA}" >> $GITHUB_OUTPUT
	echo "image-proxy-repo=${ACR_PREFIX}/${GHCR_BASE}/runtime-pdf3-proxy:${SHA}" >> $GITHUB_OUTPUT
	echo "image-worker-repo=${ACR_PREFIX}/${GHCR_BASE}/runtime-pdf3-worker:${SHA}" >> $GITHUB_OUTPUT
	echo "config-repo=${ACR_PREFIX}/studio-apps/runtime-pdf3-repo:${SHA}" >> $GITHUB_OUTPUT

	- name: login to ghcr
	run: echo "${{ secrets.GITHUB_TOKEN }}" \| docker login ghcr.io -u ${{ github.actor }} --password-stdin

	- name: az login
	uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID_FC }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID_FC }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID_FC }}

	- name: az acr login
	run: az acr login --name ${{ steps.vars.outputs.registry-name }}

	- name: flux install
	uses: fluxcd/flux2/action@bfa461ed2153ae5e0cca6bce08e0845268fb3088 # v2.8.2

	- name: docker build
	run: \|
	set -e
	docker build --platform linux/amd64,linux/arm64 -t ${{ steps.vars.outputs.ghcr-image-proxy-repo }} -f Dockerfile.proxy . &
	PROXY_PID=$!
	docker build --platform linux/amd64,linux/arm64 -t ${{ steps.vars.outputs.ghcr-image-worker-repo }} -f Dockerfile.worker . &
	WORKER_PID=$!
	wait $PROXY_PID
	wait $WORKER_PID

	- name: push images
	run: \|
	set -e
	docker push ${{ steps.vars.outputs.ghcr-image-proxy-repo }} &
	PROXY_PID=$!
	docker push ${{ steps.vars.outputs.ghcr-image-worker-repo }} &
	WORKER_PID=$!
	wait $PROXY_PID
	wait $WORKER_PID

	- name: patch base with image tag
	working-directory: src/Runtime/pdf3/infra/kustomize/base
	run: \|
	export PROXY_IMAGE="${{ steps.vars.outputs.image-proxy-repo }}"
	export WORKER_IMAGE="${{ steps.vars.outputs.image-worker-repo }}"
	export IMAGE_TAG="${{ steps.vars.outputs.short-sha }}"
	yq -i '.metadata.annotations["altinn.studio/image"] = env(PROXY_IMAGE)' proxy.yaml
	yq -i '.metadata.annotations["altinn.studio/image"] = env(WORKER_IMAGE)' worker.yaml
	yq -i '.metadata.annotations["altinn.studio/image-tag"] = env(IMAGE_TAG)' proxy.yaml
	yq -i '.metadata.annotations["altinn.studio/image-tag"] = env(IMAGE_TAG)' worker.yaml

	- name: push artifact
	working-directory: src/Runtime/pdf3/infra/kustomize
	run: \|
	flux push artifact oci://${{ steps.vars.outputs.config-repo }} \
	--provider=generic \
	--reproducible \
	--path="." \
	--source="$(git config --get remote.origin.url)" \
	--revision="$(git branch --show-current)/$(git rev-parse HEAD)"

	tag-pdf3:
	name: Tag pdf3
	needs: [push-pdf3-artifact, construct-rings-array]
	runs-on: ubuntu-latest
	environment: ${{ matrix.environment }}
	permissions:
	id-token: write # Require write permission to Fetch an OIDC token.
	strategy:
	matrix:
	include: ${{ fromJson(needs.construct-rings-array.outputs.result) }}
	steps:
	- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
	with:
	fetch-depth: 0 # Shallow clone

	- name: az login
	uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2
	with:
	client-id: ${{ secrets.AZURE_CLIENT_ID_FC }}
	tenant-id: ${{ secrets.AZURE_TENANT_ID_FC }}
	subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID_FC }}

	- name: az acr login
	run: az acr login --name altinncr

	- name: flux install
	uses: fluxcd/flux2/action@bfa461ed2153ae5e0cca6bce08e0845268fb3088 # v2.8.2

	- name: tag artifact
	run: \|
	flux tag artifact oci://${{ needs.push-pdf3-artifact.outputs.config-repo }} \
	--tag ${{ matrix.ring }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: short-sha workflow to simple GITHUB_SHA refs (#18332) #136

Workflow file

chore: short-sha workflow to simple GITHUB_SHA refs (#18332) #136

Uh oh!

Workflow file for this run