Publish branch image #8
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Publish branch image | ||
| on: workflow_dispatch | ||
| env: | ||
| SERVICE_NAME: ${{ github.event.repository.name }} | ||
| GOOGLE_PROJECT: broad-dsp-gcr-public | ||
| jobs: | ||
| publish-branch-image-job: | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| tag: ${{ steps.tag.outputs.tag }} | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
| - name: Parse tag | ||
| id: tag | ||
| run: echo tag=$(git branch --show-current) >> $GITHUB_OUTPUT | ||
| - name: Set up JDK 17 | ||
| uses: actions/setup-java@v3 | ||
| with: | ||
| java-version: '17' | ||
| distribution: 'temurin' | ||
| - name: Cache Gradle packages | ||
| uses: actions/cache@v3 | ||
| with: | ||
| path: | | ||
| ~/.gradle/caches | ||
| ~/.gradle/wrapper | ||
| key: v1-${{ runner.os }}-gradle-${{ hashfiles('**/gradle-wrapper.properties') }}-${{ hashFiles('**/*.gradle') }} | ||
| restore-keys: v1-${{ runner.os }}-gradle-${{ hashfiles('**/gradle-wrapper.properties') }} | ||
| - name: Grant execute permission for gradlew | ||
| run: chmod +x gradlew | ||
| # - name: "Publish to Artifactory" | ||
| # run: ./gradlew :client-resttemplate:artifactoryPublish | ||
| # env: | ||
| # ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }} | ||
| # ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }} | ||
| # ARTIFACTORY_REPO_KEY: "libs-snapshot-local" | ||
| - name: Auth to GCR | ||
| uses: google-github-actions/auth@v1 | ||
| with: | ||
| credentials_json: ${{ secrets.GCR_PUBLISH_KEY_B64 }} | ||
| - name: Explicitly auth Docker for GCR | ||
| run: gcloud auth configure-docker --quiet | ||
| - name: Construct docker image name and tag | ||
| id: image-name | ||
| run: echo name=gcr.io/${GOOGLE_PROJECT}/${SERVICE_NAME}:${{ steps.tag.outputs.tag }} >> $GITHUB_OUTPUT | ||
| - name: Add Google Cloud Profiler to Docker Image | ||
| run: docker build ./service -t externalcreds:local | ||
| - name: Build image locally with jib | ||
| # build the docker image to make sure it does not error | ||
| run: | | ||
| ./gradlew --build-cache :service:jibDockerBuild \ | ||
| -Djib.from.image=docker://externalcreds:local \ | ||
| --image=${{ steps.image-name.outputs.name }} \ | ||
| -Djib.console=plain | ||
| - name: Push GCR image | ||
| run: 'docker push ${{ steps.image-name.outputs.name }}' | ||
| report-to-sherlock: | ||
| # Report new ECM version to Broad DevOps | ||
| uses: broadinstitute/sherlock/.github/workflows/client-report-app-version.yaml@main | ||
| needs: publish-branch-image-job | ||
| with: | ||
| new-version: ${{ needs.publish-branch-image-job.outputs.tag }} | ||
| chart-name: 'externalcreds' | ||
| permissions: | ||
| contents: 'read' | ||
| id-token: 'write' | ||
