From 35071191dae9e7ae22a9e97874912a7e1e7061e4 Mon Sep 17 00:00:00 2001 From: Jake Heath Date: Wed, 1 May 2024 13:02:56 -0700 Subject: [PATCH 1/8] feat: make runs-on dynamic --- .github/workflows/argus-docker-build.yaml | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/.github/workflows/argus-docker-build.yaml b/.github/workflows/argus-docker-build.yaml index 210fa59a..024df8d0 100644 --- a/.github/workflows/argus-docker-build.yaml +++ b/.github/workflows/argus-docker-build.yaml @@ -3,19 +3,21 @@ name: Docker Image Build on: workflow_call: inputs: - envs: - description: The envs that this is building (rdev, staging, or prod), comma delimited + env: + description: | + The env that this is building (rdev, staging, or prod) required: true type: string images: - description: 'JSON array of images to build (required keys: dockerfile, context, name, platform)' + description: | + JSON array of images to build (required keys: dockerfile, context, name, platform) required: true type: string jobs: prep: name: Prep for Build - runs-on: [ARM64,self-hosted,Linux] + runs-on: ubuntu-latest if: contains(github.event.head_commit.message, '[no-deploy]') == false outputs: image-tag: ${{ steps.build-tags.outputs.IMAGE_TAG }} @@ -49,10 +51,7 @@ jobs: build-docker: name: Build Docker Image needs: [prep] - runs-on: - - self-hosted - - Linux - - ${{ matrix.image.platform == 'linux/amd64' && 'X64' || 'ARM64' }} + runs-on: ubuntu-latest env: IMAGE_TAG: ${{ needs.prep.outputs.image-tag }} if: needs.prep.outputs.image-tag != '' && needs.prep.outputs.image-tag != 'sha-' && needs.prep.outputs.images != '[]' @@ -105,7 +104,7 @@ jobs: update-manifests: name: Update ArgoCD manifests needs: [prep, build-docker] - runs-on: [ARM64,self-hosted,Linux] + runs-on: ubuntu-latest env: IMAGE_TAG: ${{ needs.prep.outputs.image-tag }} if: needs.prep.outputs.image-tag != '' && needs.prep.outputs.image-tag != 'sha-' && needs.prep.outputs.images != '[]' From 293bc95c409fbd5c854b9c908dfc57ff9728f336 Mon Sep 17 00:00:00 2001 From: Jake Heath Date: Wed, 1 May 2024 13:39:02 -0700 Subject: [PATCH 2/8] inputs --- .github/workflows/argus-docker-build.yaml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/.github/workflows/argus-docker-build.yaml b/.github/workflows/argus-docker-build.yaml index 024df8d0..300f0b12 100644 --- a/.github/workflows/argus-docker-build.yaml +++ b/.github/workflows/argus-docker-build.yaml @@ -13,6 +13,12 @@ on: JSON array of images to build (required keys: dockerfile, context, name, platform) required: true type: string + app_id: + type: string + required: true + pk: + type: string + required: true jobs: prep: @@ -76,14 +82,13 @@ jobs: id: generate_token uses: chanzuckerberg/github-app-token@v1.1.4 with: - app_id: ${{ secrets.CZI_GITHUB_HELPER_APP_ID }} - private_key: ${{ secrets.CZI_GITHUB_HELPER_PK }} + app_id: ${{ inputs.app_id }} + private_key: ${{ inputs.pk }} - uses: actions/checkout@v4 with: repository: chanzuckerberg/core-platform-settings path: core-platform-settings token: ${{ steps.generate_token.outputs.token }} - - name: Create ECR repo if necessary uses: int128/create-ecr-repository-action@v1 with: @@ -118,8 +123,8 @@ jobs: id: generate_token uses: chanzuckerberg/github-app-token@v1.1.4 with: - app_id: ${{ secrets.CZI_RELEASE_PLEASE_APP_ID }} - private_key: ${{ secrets.CZI_RELEASE_PLEASE_PK }} + app_id: ${{ inputs.app_id }} + private_key: ${{ inputs.pk }} - uses: actions/checkout@v4 with: fetch-depth: 0 From ef9464bc690f3720f68991b7dd92923e435d8f88 Mon Sep 17 00:00:00 2001 From: Jake Heath Date: Wed, 1 May 2024 13:48:02 -0700 Subject: [PATCH 3/8] secrets --- .github/workflows/argus-docker-build.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/argus-docker-build.yaml b/.github/workflows/argus-docker-build.yaml index 300f0b12..853dde9a 100644 --- a/.github/workflows/argus-docker-build.yaml +++ b/.github/workflows/argus-docker-build.yaml @@ -13,11 +13,10 @@ on: JSON array of images to build (required keys: dockerfile, context, name, platform) required: true type: string + secrets: app_id: - type: string required: true pk: - type: string required: true jobs: @@ -124,7 +123,7 @@ jobs: uses: chanzuckerberg/github-app-token@v1.1.4 with: app_id: ${{ inputs.app_id }} - private_key: ${{ inputs.pk }} + private_key: ${{ inputs.pk }} - uses: actions/checkout@v4 with: fetch-depth: 0 From 56de447f29acfd85e8f15129494d72415b060b17 Mon Sep 17 00:00:00 2001 From: Jake Heath Date: Wed, 1 May 2024 13:49:53 -0700 Subject: [PATCH 4/8] secrets --- .github/workflows/argus-docker-build.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/argus-docker-build.yaml b/.github/workflows/argus-docker-build.yaml index 853dde9a..2dfe2b31 100644 --- a/.github/workflows/argus-docker-build.yaml +++ b/.github/workflows/argus-docker-build.yaml @@ -81,8 +81,8 @@ jobs: id: generate_token uses: chanzuckerberg/github-app-token@v1.1.4 with: - app_id: ${{ inputs.app_id }} - private_key: ${{ inputs.pk }} + app_id: ${{ secrets.app_id }} + private_key: ${{ secrets.pk }} - uses: actions/checkout@v4 with: repository: chanzuckerberg/core-platform-settings @@ -122,8 +122,8 @@ jobs: id: generate_token uses: chanzuckerberg/github-app-token@v1.1.4 with: - app_id: ${{ inputs.app_id }} - private_key: ${{ inputs.pk }} + app_id: ${{ secrets.app_id }} + private_key: ${{ secrets.pk }} - uses: actions/checkout@v4 with: fetch-depth: 0 From d67479c9629882cdb3f64879bbf5f27c0838bcd5 Mon Sep 17 00:00:00 2001 From: Jake Heath Date: Wed, 1 May 2024 13:58:54 -0700 Subject: [PATCH 5/8] remote settings --- .github/workflows/argus-docker-build.yaml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/.github/workflows/argus-docker-build.yaml b/.github/workflows/argus-docker-build.yaml index 2dfe2b31..7efd90f5 100644 --- a/.github/workflows/argus-docker-build.yaml +++ b/.github/workflows/argus-docker-build.yaml @@ -13,6 +13,10 @@ on: JSON array of images to build (required keys: dockerfile, context, name, platform) required: true type: string + ecr_root_path: + type: string + required: false + default: core-platform-settings secrets: app_id: required: true @@ -83,17 +87,17 @@ jobs: with: app_id: ${{ secrets.app_id }} private_key: ${{ secrets.pk }} - - uses: actions/checkout@v4 - with: - repository: chanzuckerberg/core-platform-settings - path: core-platform-settings - token: ${{ steps.generate_token.outputs.token }} + # - uses: actions/checkout@v4 + # with: + # repository: chanzuckerberg/core-platform-settings + # path: core-platform-settings + # token: ${{ steps.generate_token.outputs.token }} - name: Create ECR repo if necessary uses: int128/create-ecr-repository-action@v1 with: repository: core-platform/${{ github.event.repository.name }}/${{ matrix.image.name }} - lifecycle-policy: core-platform-settings/ecr/lifecycle-policy.json - repository-policy: core-platform-settings/ecr/repository-policy.json + lifecycle-policy: ${inputs.ecr_root_path}/ecr/lifecycle-policy.json + repository-policy: ${inputs.ecr_root_path}/ecr/repository-policy.json - name: Build And Push uses: chanzuckerberg/github-actions/.github/actions/docker-build-push@docker-build-push-v1.6.0 with: From 411acea33badea40e8dcc6a61f930b94f3e4ac3e Mon Sep 17 00:00:00 2001 From: Jake Heath Date: Wed, 1 May 2024 14:01:43 -0700 Subject: [PATCH 6/8] root path --- .github/workflows/argus-docker-build.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/argus-docker-build.yaml b/.github/workflows/argus-docker-build.yaml index 7efd90f5..8dc60549 100644 --- a/.github/workflows/argus-docker-build.yaml +++ b/.github/workflows/argus-docker-build.yaml @@ -96,8 +96,8 @@ jobs: uses: int128/create-ecr-repository-action@v1 with: repository: core-platform/${{ github.event.repository.name }}/${{ matrix.image.name }} - lifecycle-policy: ${inputs.ecr_root_path}/ecr/lifecycle-policy.json - repository-policy: ${inputs.ecr_root_path}/ecr/repository-policy.json + lifecycle-policy: ${inputs.ecr_root_path}/lifecycle-policy.json + repository-policy: ${inputs.ecr_root_path}/repository-policy.json - name: Build And Push uses: chanzuckerberg/github-actions/.github/actions/docker-build-push@docker-build-push-v1.6.0 with: From ba7e5af0521bb6351153a9d2db6664bb831d0dc2 Mon Sep 17 00:00:00 2001 From: Jake Heath Date: Wed, 1 May 2024 14:48:18 -0700 Subject: [PATCH 7/8] branch --- .github/workflows/argus-docker-build.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/argus-docker-build.yaml b/.github/workflows/argus-docker-build.yaml index 8dc60549..5de0f61e 100644 --- a/.github/workflows/argus-docker-build.yaml +++ b/.github/workflows/argus-docker-build.yaml @@ -96,8 +96,8 @@ jobs: uses: int128/create-ecr-repository-action@v1 with: repository: core-platform/${{ github.event.repository.name }}/${{ matrix.image.name }} - lifecycle-policy: ${inputs.ecr_root_path}/lifecycle-policy.json - repository-policy: ${inputs.ecr_root_path}/repository-policy.json + lifecycle-policy: ${{inputs.ecr_root_path}}/lifecycle-policy.json + repository-policy: ${{inputs.ecr_root_path}}/repository-policy.json - name: Build And Push uses: chanzuckerberg/github-actions/.github/actions/docker-build-push@docker-build-push-v1.6.0 with: From 603e17146ea1d0737b3c3768a9522030573be4d5 Mon Sep 17 00:00:00 2001 From: Jake Heath Date: Wed, 1 May 2024 15:17:13 -0700 Subject: [PATCH 8/8] envs --- .github/workflows/argus-docker-build.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/argus-docker-build.yaml b/.github/workflows/argus-docker-build.yaml index 5de0f61e..75d09499 100644 --- a/.github/workflows/argus-docker-build.yaml +++ b/.github/workflows/argus-docker-build.yaml @@ -3,7 +3,7 @@ name: Docker Image Build on: workflow_call: inputs: - env: + envs: description: | The env that this is building (rdev, staging, or prod) required: true