Skip to content

score-compose init|generate #182

score-compose init|generate

score-compose init|generate #182

Workflow file for this run

# You need to set up Workload Identity Federation in your Google Cloud project in order to use this GitHub Actions definition: https://medium.com/p/3932dce678b8.
# And the secrets.GSA_ID needs to have the roles/artifactregistry.repoAdmin role in order push and delete container images.
name: open-pr
permissions:
contents: read
id-token: write
pull-requests: write
on:
pull_request:
env:
ENVIRONMENT_ID: pr-${{ github.event.number }}
IMAGE_NAME: ${{ secrets.REGISTRY_LOCATION }}-docker.pkg.dev/${{ secrets.PROJECT_ID }}/${{ secrets.REGISTRY_NAME }}/${{ vars.APP_NAME }}
SCORE_COMPOSE_VERSION: 'latest'
SCORE_HELM_VERSION: 'latest'
WORKLOAD_NAME: my-sample-workload
CONTAINER_NAME: my-sample-container
HUMCTL_VERSION: '0.21.0'
jobs:
build-run-test-push:
runs-on: ubuntu-latest
steps:
- name: checkout code
uses: actions/checkout@v4
- name: install humctl
uses: humanitec/setup-cli-action@v1
with:
version: ${{ env.HUMCTL_VERSION }}
- name: humctl score validate
run: |
humctl score validate score/score.yaml \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ secrets.HUMANITEC_ORG }} \
--strict
- name: install score-compose
uses: score-spec/setup-score@v2
with:
file: score-compose
token: ${{ secrets.GITHUB_TOKEN }}
version: ${{ env.SCORE_COMPOSE_VERSION }}
- name: score-compose
run: |
make score-compose
cat <<EOF > compose.override.yaml
services:
${{ env.WORKLOAD_NAME }}-${{ env.CONTAINER_NAME }}:
read_only: true
cap_drop:
- ALL
user: "1000"
EOF
- name: compose-up
run: |
make compose-up
- name: compose-test
run: |
sleep 10
make compose-test
- name: create kind cluster
run: |
kind create cluster
kind load docker-image sail-sharp-${{ env.WORKLOAD_NAME }}-${{ env.CONTAINER_NAME }}
- name: install score-helm
uses: score-spec/setup-score@v2
with:
file: score-helm
token: ${{ secrets.GITHUB_TOKEN }}
version: ${{ env.SCORE_HELM_VERSION }}
- name: generate helm values file
run: |
score-helm run \
-f score/score.yaml \
-o ${{ env.WORKLOAD_NAME }}-values.yaml
- name: helm install
id: helm-install
run: |
helm repo add \
score-helm-charts \
https://score-spec.github.io/score-helm-charts
helm install \
${{ env.WORKLOAD_NAME }} \
score-helm-charts/workload \
--values ${{ env.WORKLOAD_NAME }}-values.yaml \
--set containers.${{ env.CONTAINER_NAME }}.image.name=sail-sharp-${{ env.WORKLOAD_NAME }}-${{ env.CONTAINER_NAME }} \
--wait \
--timeout=30s
kubectl wait \
--for=condition=available \
--timeout=30s \
deployment/${{ env.WORKLOAD_NAME }}
- name: catch helm install errors
if: ${{ failure() && steps.helm-install.outcome == 'failure' }}
run: |
kubectl get events
kubectl logs \
-l app.kubernetes.io/name=${{ env.WORKLOAD_NAME }}
- name: authenticate to google cloud
uses: google-github-actions/auth@v2
with:
workload_identity_provider: '${{ secrets.WI_PROVIDER_ID }}'
service_account: '${{ secrets.GSA_ID }}'
- name: setup gcloud
uses: google-github-actions/setup-gcloud@v2
with:
version: latest
- name: sign-in to gar
run: |
gcloud auth configure-docker \
${{ secrets.REGISTRY_LOCATION }}-docker.pkg.dev \
--quiet
- name: delete previous container image in gar
run: |
gcloud artifacts docker images delete \
${IMAGE_NAME}:${{ env.ENVIRONMENT_ID }} \
--delete-tags \
--quiet \
|| true
- name: push the container to gar
run: |
docker tag sail-sharp-${{ env.WORKLOAD_NAME }}-${{ env.CONTAINER_NAME }} ${{ env.IMAGE_NAME }}:${{ env.ENVIRONMENT_ID }}
docker push \
${{ env.IMAGE_NAME }}:${{ env.ENVIRONMENT_ID }}
deploy-preview-env:
needs: build-run-test-push
runs-on: ubuntu-latest
env:
BASE_ENVIRONMENT: 'development'
ENVIRONMENT_TYPE: 'development'
ENVIRONMENT_NAME: PR-${{ github.event.number }}
steps:
- name: checkout code
uses: actions/checkout@v4
- name: install humctl
uses: humanitec/setup-cli-action@v1
with:
version: ${{ env.HUMCTL_VERSION }}
- name: create humanitec preview env
run: |
humctl create environment ${{ env.ENVIRONMENT_ID }} \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ secrets.HUMANITEC_ORG }} \
--app ${{ vars.APP_NAME }} \
--name ${{ env.ENVIRONMENT_NAME }} \
-t ${{ env.ENVIRONMENT_TYPE }} \
--from ${{ env.BASE_ENVIRONMENT }} \
|| true
- name: authenticate to google cloud
uses: google-github-actions/auth@v2
with:
workload_identity_provider: '${{ secrets.WI_PROVIDER_ID }}'
service_account: '${{ secrets.GSA_ID }}'
- name: setup gcloud
uses: google-github-actions/setup-gcloud@v2
with:
version: latest
- name: sign-in to gar
run: |
gcloud auth configure-docker \
${{ secrets.REGISTRY_LOCATION }}-docker.pkg.dev \
--quiet
- name: get container image digest
run: |
echo "IMAGE_DIGEST=$(oras manifest fetch ${{ env.IMAGE_NAME }}:${{ env.ENVIRONMENT_ID }} \
--descriptor \
| jq -r .digest)" >> ${{ github.env }}
- name: humctl score deploy
run: |
HUMANITEC_CLI_ALPHA_FEATURES=score-deploy-wait humctl score deploy \
--deploy-config score/score.deploy.yaml \
--image ${{ env.IMAGE_NAME }}@${IMAGE_DIGEST} \
--message "$(curl -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" "${{ github.event.pull_request.commits_url }}?per_page=10" | jq -r .[-1].commit.message)" \
--workload-source-url-prefix "https://github.com/${{ github.repository }}/blob/${{ github.head_ref }}/score" \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ secrets.HUMANITEC_ORG }} \
--app ${{ vars.APP_NAME }} \
--env ${{ env.ENVIRONMENT_ID }} \
--wait
- name: build comment message
if: ${{ always() }}
run: |
DEPLOYMENT_ID=$(humctl get deployment . -o json \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ secrets.HUMANITEC_ORG }} \
--app ${{ vars.APP_NAME }} \
--env ${{ env.ENVIRONMENT_ID }} \
| jq -r .metadata.id)
ENV_URL="https://app.humanitec.io/orgs/"${{ secrets.HUMANITEC_ORG }}"/apps/"${{ vars.APP_NAME }}"/envs/"${{ env.ENVIRONMENT_ID }}"/deploys/"${DEPLOYMENT_ID}
DOMAINS=$(humctl get active-resources \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ secrets.HUMANITEC_ORG }} \
--app ${{ vars.APP_NAME }} \
--env ${{ env.ENVIRONMENT_ID }} -o json \
| jq -r '. | map(. | select(.metadata.type == "dns")) | map((.metadata.res_id | split(".") | .[1]) + ": [" + .status.resource.host + "](https://" + .status.resource.host + ")") | join("\n")')
DEPLOYMENT_ERRORS=$(humctl get deployment-error \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ secrets.HUMANITEC_ORG }} \
--app ${{ vars.APP_NAME }} \
--env ${{ env.ENVIRONMENT_ID }} -o json)
if [ "$DEPLOYMENT_ERRORS" = "[]" ]; then
echo "## Deployment successfully completed for ${{ env.ENVIRONMENT_NAME }}! :tada:" >> pr_message.txt
echo "" >> pr_message.txt
else
echo "## Deployment failed for ${{ env.ENVIRONMENT_NAME }}! :x:" >> pr_message.txt
echo "" >> pr_message.txt
echo "### Errors:" >> pr_message.txt
echo "" >> pr_message.txt
echo '```json' >> pr_message.txt
echo "" >> pr_message.txt
echo "$DEPLOYMENT_ERRORS" | jq .[0].status.message -r >> pr_message.txt
echo "" >> pr_message.txt
echo '```' >> pr_message.txt
echo "" >> pr_message.txt
echo "<details><summary>Errors details</summary>" >> pr_message.txt
echo "" >> pr_message.txt
echo "### Errors details:" >> pr_message.txt
echo '```json' >> pr_message.txt
echo "" >> pr_message.txt
echo "$DEPLOYMENT_ERRORS" >> pr_message.txt
echo "" >> pr_message.txt
echo '```' >> pr_message.txt
echo "" >> pr_message.txt
echo "</details>" >> pr_message.txt
echo "" >> pr_message.txt
fi
echo "### [View in Humanitec]($ENV_URL)" >> pr_message.txt
echo "Deployment ID: $DEPLOYMENT_ID" >> pr_message.txt
echo "" >> pr_message.txt
echo "### Domains:" >> pr_message.txt
echo "" >> pr_message.txt
echo "$DOMAINS" >> pr_message.txt
echo "" >> pr_message.txt
echo "<details><summary>Deployment diff</summary>" >> pr_message.txt
echo "" >> pr_message.txt
echo "### Deployment diff:" >> pr_message.txt
echo '```json' >> pr_message.txt
echo "" >> pr_message.txt
humctl diff sets env/${{ env.ENVIRONMENT_ID }} env/${{ env.BASE_ENVIRONMENT }} \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ secrets.HUMANITEC_ORG }} \
--app ${{ vars.APP_NAME }} -o json >> pr_message.txt
echo "" >> pr_message.txt
echo '```' >> pr_message.txt
echo "" >> pr_message.txt
echo "</details>" >> pr_message.txt
if [ "$DEPLOYMENT_ERRORS" = "[]" ]; then
echo "<details><summary>Active Resources Usage</summary>" >> pr_message.txt
echo "" >> pr_message.txt
echo "### Active Resources Usage:" >> pr_message.txt
echo '```none' >> pr_message.txt
echo "" >> pr_message.txt
humctl resources active-resource-usage \
--env ${{ env.ENVIRONMENT_ID }} \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ secrets.HUMANITEC_ORG }} \
--app ${{ vars.APP_NAME }} >> pr_message.txt
echo "" >> pr_message.txt
echo '```' >> pr_message.txt
echo "" >> pr_message.txt
echo "</details>" >> pr_message.txt
fi
if [ "$DEPLOYMENT_ERRORS" = "[]" ]; then
echo "<details><summary>Resources Graph</summary>" >> pr_message.txt
echo "" >> pr_message.txt
echo "### Resources Graph:" >> pr_message.txt
echo '```none' >> pr_message.txt
echo "" >> pr_message.txt
humctl resources graph \
--env ${{ env.ENVIRONMENT_ID }} \
--token ${{ secrets.HUMANITEC_TOKEN }} \
--org ${{ secrets.HUMANITEC_ORG }} \
--app ${{ vars.APP_NAME }} >> pr_message.txt
echo "" >> pr_message.txt
echo '```' >> pr_message.txt
echo "" >> pr_message.txt
echo "</details>" >> pr_message.txt
fi
cat pr_message.txt
- name: comment pr
if: ${{ always() }}
uses: thollander/actions-comment-pull-request@v2
with:
filePath: pr_message.txt