Automated production image update #production-deploy #3777
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: warehouse-publish-docker-containers | |
| env: | |
| X_GITHUB_GRAPHQL_API: ${{ vars.X_GITHUB_GRAPHQL_API }} | |
| X_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # This workflow only runs when a commit is completed on main. | |
| on: | |
| # Allows you to run this workflow manually from the Actions tab | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| warehouse-publish-docker-containers: | |
| name: warehouse-publish-docker-containers | |
| environment: indexer | |
| runs-on: ubuntu-latest | |
| # We should skip this if the commit message contains the string '#production-deploy' | |
| if: ${{ !contains(github.event.head_commit.message, '#production-deploy') }} | |
| permissions: | |
| packages: write | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Setup Python and UV | |
| uses: astral-sh/setup-uv@v5 | |
| with: | |
| python-version: 3.12 | |
| - name: Install dependencies | |
| run: uv sync --all-packages --all-extras | |
| - name: 'Login to GitHub Container Registry' | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Package and publish other docker containers | |
| run: bash .github/scripts/publish-docker-containers.sh | |
| # The remaining steps currently kill a pods in our kubernetes | |
| # because we haven't dealt with using strict versions on the cluster yet. | |
| # This ensures the pods are up to date. This is a hack for now. | |
| - uses: 'google-github-actions/auth@v2' | |
| with: | |
| credentials_json: '${{ secrets.GOOGLE_CREDENTIALS_JSON }}' | |
| create_credentials_file: true | |
| - name: 'Set up Cloud SDK' | |
| uses: 'google-github-actions/setup-gcloud@v2' | |
| with: | |
| version: '>= 363.0.0' | |
| # Get the GKE credentials so we can deploy to the cluster | |
| - uses: google-github-actions/get-gke-credentials@db150f2cc60d1716e61922b832eae71d2a45938f | |
| with: | |
| cluster_name: ${{ secrets.GKE_CLUSTER_NAME }} | |
| location: ${{ secrets.GKE_CLUSTER_REGION }} | |
| project_id: ${{ vars.GOOGLE_PROJECT_ID }} | |
| # Trigger a webhook to the flux notification service to notify it of the | |
| # new image. This will trigger the notification controller to update the | |
| # image in the kubernetes cluster. | |
| - name: Trigger flux image update | |
| run: uv run oso production trigger-image-update --endpoint ${{ secrets.FLUX_IMAGE_UPDATE_WEBHOOK_ENDPOINT }} |