diff --git a/.github/workflows/cr.yml b/.github/workflows/cr.yml index d0489fa6..342197a6 100644 --- a/.github/workflows/cr.yml +++ b/.github/workflows/cr.yml @@ -5,25 +5,30 @@ permissions: pull-requests: write env: - webhook_url: ${{ secrets.WEBHOOK }} + WEBHOOK_URL: ${{ secrets.WEBHOOK }} + OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} on: pull_request: types: [opened, reopened, synchronize] jobs: - test: + code_review: runs-on: ubuntu-latest steps: - uses: anc95/ChatGPT-CodeReview@main env: MODEL: gpt-3.5-turbo GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} + OPENAI_API_KEY: ${{ env.OPENAI_API_KEY }} LANGUAGE: Korean - - - name: notification to swit - uses: roharon/action-swit@v1 - with: - webhooks_url: ${{ env.webhook_url }} - MESSAGE: "🏷 ${{ job.status }} λ°±μ—”λ“œ OpenAI μ½”λ“œ 리뷰 : Core-service - by ${{ github.actor }}" \ No newline at end of file + + - name: Send Notification + if: ${{ always() }} + run: | + if [[ ${{ job.status }} == "success" ]]; then + MESSAGE="βœ… ${{ job.status }} λ°±μ—”λ“œ OpenAI μ½”λ“œ 리뷰 성곡: core-service - by ${{ github.actor }}" + else + MESSAGE="❌ ${{ job.status }} λ°±μ—”λ“œ OpenAI μ½”λ“œ 리뷰 μ‹€νŒ¨: core-service - by ${{ github.actor }}" + fi + curl -X POST -H "Content-Type: application/json" --data "{\"text\":\"${MESSAGE}\"}" ${{ env.WEBHOOK_URL }} \ No newline at end of file diff --git a/.github/workflows/dp.yml b/.github/workflows/dp.yml new file mode 100644 index 00000000..ee0cf3db --- /dev/null +++ b/.github/workflows/dp.yml @@ -0,0 +1,98 @@ +name: Deploy to Kubernetes + +on: + workflow_run: + workflows: ["Java CI with Gradle"] + branches: [main] + types: + - completed + + push: + branches: + - kustomize + +env: + AWS_REGION: ${{ secrets.AWS_REGION }} + EKS_CLUSTER_NAME: ${{ secrets.EKS_CLUSTER_NAME }} + OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE }} + WEBHOOK_URL: ${{ secrets.WEBHOOK }} + DEPLOY_ENV: ${{ github.ref == 'refs/heads/main' && 'PROD' || 'DEV' }} + GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }} + +permissions: + contents: write + id-token: write + +jobs: + kustomize_upadte: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-region: ${{ env.AWS_REGION }} + role-session-name: GitHubActions + role-to-assume: ${{ env.OIDC_ROLE_ARN }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + # kustomize λͺ…령을 κ°€μ Έμ˜¨λ‹€. + - name: Setup Kustomize + uses: imranismail/setup-kustomize@v1 + + - name: Checkout for Kustomize repository + uses: actions/checkout@v2 + with: + repository: Project-Catcher/core-service-kusto + ref: main + token: ${{ env.GITHUB_TOKEN }} + path: core-service-kusto + + - name: Update Kustomize image + run: | + if [ "${{ env.DEPLOY_ENV }}" == "PROD" ]; then + KUSTOMIZE_PATH="core-service-kusto/overlays/production" + FILE_NAME="production-patch.yaml" + else + KUSTOMIZE_PATH="core-service-kusto/overlays/development" + FILE_NAME="deployment-patch.yaml" + fi + + # Docker 이미지 URL μ„€μ • + cd $KUSTOMIZE_PATH + kustomize edit set image core-service="${{ steps.login-ecr.outputs.registry }}/catcher-dev-ecr-back-core:${{ github.sha }}" + cat kustomization.yaml + + - name: Check for changes + id: git-check + run: | + cd core-service-kusto + git status + git diff-index --quiet HEAD || echo "::set-output name=changes_exist::true" + + # μˆ˜μ •λœ 파일 commit & push + - name: Commit manifest files + if: steps.git-check.outputs.changes_exist == 'true' + run: | + cd core-service-kusto + git config --global user.email "github-actions@github.com" + git config --global user.name "github-actions" + git commit -am "Update image tag" + git push -u origin main + + - name: Send Notification + if: ${{ always() }} + run: | + if [[ '${{ steps.git-check.outputs.changes_exist }}' == 'true' && ${{ job.status }} == 'success' ]]; then + MESSAGE="βœ… ${{ job.status }} Kustomize Update 성곡: core-service-kusto - by ${{ github.actor }}" + elif [[ '${{ steps.git-check.outputs.changes_exist }}' != 'true' && ${{ job.status }} == 'success' ]]; then + MESSAGE="ℹ️ ${{ job.status }} Kustomize : μˆ˜μ • 사항 μ—†μŒ - core-service-kusto - by ${{ github.actor }}" + else + MESSAGE="❌ ${{ job.status }} Kustomize Update μ‹€νŒ¨: core-service-kusto - by ${{ github.actor }}" + fi + curl -X POST -H "Content-Type: application/json" --data "{\"text\":\"${MESSAGE}\"}" ${{ env.WEBHOOK_URL }} \ No newline at end of file diff --git a/.github/workflows/ecr.yml b/.github/workflows/ecr.yml index 5622864a..1f193736 100644 --- a/.github/workflows/ecr.yml +++ b/.github/workflows/ecr.yml @@ -5,26 +5,29 @@ on: branches: [ "main" ] env: + ECR_URL: ${{ secrets.ECR_REPO_DEV }} + ROLE_ARN: ${{ secrets.OIDC_ROLE }} AWS_REGION: ${{ secrets.AWS_REGION }} - OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE }} - DEPLOY_ENV: ${{ github.ref == 'refs/heads/main' && 'PROD' || 'DEV' }} - GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }} - ECR_URL: ${{ secrets.AWS_ECR_DEV_CORE }} - webhook_url: ${{ secrets.WEBHOOK }} + WEBHOOK_URL: ${{ secrets.WEBHOOK }} permissions: id-token: write - contents: write + contents: read jobs: build: name: Build - # runs-on: self-hosted runs-on: ubuntu-latest + permissions: + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + steps: - name: Checkout uses: actions/checkout@v3 + with: + fetch-depth: 1 - name: Set up JDK 17 uses: actions/setup-java@v3 @@ -47,52 +50,25 @@ jobs: with: aws-region: ${{ env.AWS_REGION }} role-session-name: GitHubActions - role-to-assume: ${{ env.OIDC_ROLE_ARN }} + role-to-assume: ${{ env.ROLE_ARN }} - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v1 - - name: Publish Image to ECR(CORE-SERVICE) + - name: Publish Image to ECR(core-SERVICE) run: | - docker tag core-service:latest ${{ env.ECR_URL }}:${{ github.sha }} - docker push ${{ env.ECR_URL }}:${{ github.sha }} - - - name: notification to swit - uses: roharon/action-swit@v1 - with: - webhooks_url: ${{ env.webhook_url }} - MESSAGE: "🏷 ${{ job.status }} λ°±μ—”λ“œ ECR λ„μ»€νŒŒμΌ μ—…λ‘œλ“œ : Core-service - by ${{ github.actor }}" + docker tag core-service:latest ${{ env.ECR_URL }}:core-service + docker push ${{ env.ECR_URL }}:core-service - - name: Setup Kustomize - uses: imranismail/setup-kustomize@v1 - - - name: Checkout for Kustomize repository - uses: actions/checkout@v2 - with: - repository: Project-Catcher/core-service-kusto - ref: main - token: ${{ env.GITHUB_TOKEN }} - path: core-service-kusto - - - name: Update Kustomize image + - name: Send Notification + if: ${{ always() }} run: | - # PRD/DEV 브랜치 λΆ„λ¦¬λ˜μ–΄μžˆμ§€ μ•ŠμœΌλ―€λ‘œ μΆ”ν›„ μ—…λ°μ΄νŠΈ μ˜ˆμ • - # if [ "${{ env.DEPLOY_ENV }}" == "PROD" ]; then - # KUSTOMIZE_PATH="core-service-kusto/overlays/prd" - # else - # KUSTOMIZE_PATH="core-service-kusto/overlays/dev" - # fi + if [[ ${{ job.status }} == "success" ]]; then + MESSAGE="βœ… ${{ job.status }} λ°±μ—”λ“œ ECR λ„μ»€νŒŒμΌ μ—…λ‘œλ“œ 성곡: core-service - by ${{ github.actor }}" + else + MESSAGE="❌ ${{ job.status }} λ°±μ—”λ“œ ECR λ„μ»€νŒŒμΌ μ—…λ‘œλ“œ μ‹€νŒ¨: core-service - by ${{ github.actor }}" + fi + curl -X POST -H "Content-Type: application/json" --data "{\"text\":\"${MESSAGE}\"}" ${{ env.WEBHOOK_URL }} - KUSTOMIZE_PATH="core-service-kusto/overlays/dev" - cd $KUSTOMIZE_PATH - kustomize edit set image core-svc-image="${{ env.ECR_URL }}:${{ github.sha }}" - kustomize build . - - - name: Commit minifest files - run: | - cd core-service-kusto - git config --global user.email "github-actions@github.com" - git config --global user.name "github-actions" - git commit -am "Update image tag" - git push -u origin main + \ No newline at end of file diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index aa0b1127..435b9cf3 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -3,20 +3,19 @@ name: CI Test on: pull_request: branches: [ main ] + types: [opened, synchronize, reopened] env: - ecr_url: ${{ secrets.ECR_REPO_DEV }} - role_arn: ${{ secrets.OIDC_ROLE }} - aws_region: ${{ secrets.AWS_REGION }} - aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - default_output: ${{ secrets.AWS_DEFAULT_OUTPUT }} - webhook_url: ${{ secrets.WEBHOOK }} + AWS_REGION: ${{ secrets.AWS_REGION }} + AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + DEFAULT_OUTPUT: ${{ secrets.AWS_DEFAULT_OUTPUT }} + WEBHOOK_URL: ${{ secrets.WEBHOOK }} permissions: write-all jobs: - build: + test_pr: name: Build and Test runs-on: ubuntu-latest @@ -31,10 +30,10 @@ jobs: - name: Configure AWS credentials run: | - aws configure set aws_access_key_id ${{ env.aws_access_key }} - aws configure set aws_secret_access_key ${{ env.aws_secret_key }} - aws configure set default.region ${{ env.aws_region }} - aws configure set default.output ${{ env.default_output }} + aws configure set aws_access_key_id ${{ env.AWS_ACCESS_KEY }} + aws configure set aws_secret_access_key ${{ env.AWS_SECRET_KEY }} + aws configure set default.region ${{ env.AWS_REGION }} + aws configure set default.output ${{ env.DEFAULT_OUTPUT }} - name: Set up JDK 17 uses: actions/setup-java@v3 @@ -55,8 +54,12 @@ jobs: github_token: ${{ secrets.GITHUB_TOKEN }} files: build/test-results/**/*.xml - - name: notification to swit - uses: roharon/action-swit@v1 - with: - webhooks_url: ${{ env.webhook_url }} - MESSAGE: "🏷 ${{ job.status }} λ°±μ—”λ“œ Unit Test : Core-service - by ${{ github.actor }}" \ No newline at end of file + - name: Send Notification + if: ${{ always() }} + run: | + if [[ ${{ job.status }} == "success" ]]; then + MESSAGE="βœ… ${{ job.status }} λ°±μ—”λ“œ Unit Test 성곡: core-service - by ${{ github.actor }}" + else + MESSAGE="❌ ${{ job.status }} λ°±μ—”λ“œ Unit Test μ‹€νŒ¨: core-service - by ${{ github.actor }}" + fi + curl -X POST -H "Content-Type: application/json" --data "{\"text\":\"${MESSAGE}\"}" ${{ env.WEBHOOK_URL }} \ No newline at end of file