fix: Fixed user managed identity. #92
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Post-merge workflow | |
on: | |
pull_request: | |
types: | |
- closed | |
branches: | |
- main | |
jobs: | |
post_merge: | |
if: github.event.pull_request.merged == true | |
runs-on: ubuntu-latest | |
environment: dev-cd | |
permissions: | |
id-token: write | |
packages: write | |
contents: write | |
steps: | |
# | |
# Checkout the source code. | |
# | |
- name: Checkout the source code | |
uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab | |
with: | |
token: ${{ secrets.GIT_PAT }} | |
fetch-depth: 0 | |
# | |
# Calculate of the new version (dry-run). | |
# | |
- name: Calculate of the new version (dry-run) | |
uses: cycjimmy/semantic-release-action@8e58d20d0f6c8773181f43eb74d6a05e3099571d | |
id: semantic | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
semantic_version: 19 | |
branch: main | |
extra_plugins: | | |
@semantic-release/[email protected] | |
@semantic-release/[email protected] | |
dry_run: true | |
# | |
# Cache JDK. | |
# | |
- name: Cache JDK | |
if: steps.semantic.outputs.new_release_published == 'true' | |
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 | |
id: cache-jdk | |
with: | |
key: OpenJDK21U-jdk_x64_linux_hotspot_21.0.2_13.tar.gz | |
path: | | |
${{ runner.temp }}/jdk_setup.tar.gz | |
${{ runner.temp }}/jdk_setup.sha256 | |
# | |
# Download JDK and verify its hash. | |
# | |
- name: Download JDK and verify its hash | |
if: steps.semantic.outputs.new_release_published == 'true' && steps.cache-jdk.outputs.cache-hit != 'true' | |
run: | | |
echo "454bebb2c9fe48d981341461ffb6bf1017c7b7c6e15c6b0c29b959194ba3aaa5 ${{ runner.temp }}/jdk_setup.tar.gz" >> ${{ runner.temp }}/jdk_setup.sha256 | |
curl -L "https://github.com/adoptium/temurin21-binaries/releases/download/jdk-21.0.2%2B13/OpenJDK21U-jdk_x64_linux_hotspot_21.0.2_13.tar.gz" -o "${{ runner.temp }}/jdk_setup.tar.gz" | |
sha256sum --check --status "${{ runner.temp }}/jdk_setup.sha256" | |
# | |
# Setup JDK. | |
# | |
- name: Setup JDK | |
if: steps.semantic.outputs.new_release_published == 'true' | |
uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 | |
with: | |
distribution: "jdkfile" | |
jdkFile: "${{ runner.temp }}/jdk_setup.tar.gz" | |
java-version: "21" | |
cache: maven | |
# | |
# Cache Maven. | |
# | |
- name: Cache Maven | |
if: steps.semantic.outputs.new_release_published == 'true' | |
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 | |
id: cache-maven | |
with: | |
key: apache-maven-3.9.6-bin.tar.gz | |
path: | | |
${{ runner.temp }}/maven_setup.tar.gz | |
${{ runner.temp }}/maven_setup.sha256 | |
# | |
# Download Maven and verify its hash. | |
# | |
- name: Download Maven and verify its hash | |
if: steps.semantic.outputs.new_release_published == 'true' && steps.cache-maven.outputs.cache-hit != 'true' | |
run: | | |
echo "6eedd2cae3626d6ad3a5c9ee324bd265853d64297f07f033430755bd0e0c3a4b ${{ runner.temp }}/maven_setup.tar.gz" >> ${{ runner.temp }}/maven_setup.sha256 | |
curl -L "https://archive.apache.org/dist/maven/maven-3/3.9.6/binaries/apache-maven-3.9.6-bin.tar.gz" -o "${{ runner.temp }}/maven_setup.tar.gz" | |
sha256sum --check --status "${{ runner.temp }}/maven_setup.sha256" | |
# | |
# Setup Maven. | |
# | |
- name: Setup Maven | |
if: steps.semantic.outputs.new_release_published == 'true' | |
run: | | |
mkdir ${{ runner.temp }}/maven | |
tar -xvf ${{ runner.temp }}/maven_setup.tar.gz -C ${{ runner.temp }}/maven --strip-components=1 | |
echo "<settings><servers><server><id>github</id><username>${{ secrets.GIT_USER }}</username><password>${{ secrets.GIT_PAT }}</password></server></servers></settings>" >> ${{ runner.temp }}/settings.xml | |
# | |
# RELEASE CANDIDATE - Update of pom.xml with the new version. | |
# | |
- name: RELEASE CANDIDATE - Update of pom.xml with the new version | |
if: steps.semantic.outputs.new_release_published == 'true' | |
run: ${{ runner.temp }}/maven/bin/mvn versions:set -DnewVersion=${{ steps.semantic.outputs.new_release_version }}-RC -s ${{ runner.temp }}/settings.xml --no-transfer-progress | |
# | |
# RELEASE CANDIDATE - Update of openapi.yaml with the new version. | |
# | |
- name: RELEASE CANDIDATE - Update of openapi.yaml with the new version. | |
if: steps.semantic.outputs.new_release_published == 'true' | |
run: yq -i ".info.version = \"${{ steps.semantic.outputs.new_release_version }}-RC\"" "src/main/resources/META-INF/openapi.yaml" | |
# | |
# RELEASE CANDIDATE - Execute unit-test + Calculate test coverage + SCA with Sonar. | |
# | |
- name: RELEASE CANDIDATE - Execute unit-test + Calculate test coverage + SCA with Sonar | |
if: steps.semantic.outputs.new_release_published == 'true' | |
env: | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: ${{ runner.temp }}/maven/bin/mvn verify -Pvalidate -s ${{ runner.temp }}/settings.xml --no-transfer-progress | |
# | |
# RELEASE CANDIDATE - Build native executable. | |
# | |
- name: RELEASE CANDIDATE - Build native executable | |
if: steps.semantic.outputs.new_release_published == 'true' | |
run: ${{ runner.temp }}/maven/bin/mvn clean package -Pnative -Dmaven.test.skip=true -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image@sha256:ce70e1a8016471ff0fc9c8f048cd9e37afddacd3de37ed0bca74201d102e45f5 -s ${{ runner.temp }}/settings.xml --no-transfer-progress | |
# | |
# RELEASE CANDIDATE - Build Docker image. | |
# | |
- name: RELEASE CANDIDATE - Build Docker image | |
if: steps.semantic.outputs.new_release_published == 'true' | |
run: docker build -f src/main/docker/Dockerfile.native-micro -t ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }}-RC . | |
# | |
# RELEASE CANDIDATE - Push Docker image. | |
# | |
- name: RELEASE CANDIDATE - Push Docker image | |
if: steps.semantic.outputs.new_release_published == 'true' | |
run: | | |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
docker push -a ghcr.io/${{ github.repository }} | |
# | |
# RELEASE CANDICATE - Get Docker image with sha256. | |
# | |
- name: RELEASE CANDIDATE - Get Docker image with sha256 | |
if: steps.semantic.outputs.new_release_published == 'true' | |
run: echo "image_sha256_rc=$(docker image inspect -f '{{index .RepoDigests 0}}' ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }}-RC)" >> "$GITHUB_ENV" | |
# | |
# Login to Azure. | |
# | |
- name: Login to Azure | |
if: steps.semantic.outputs.new_release_published == 'true' | |
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
# | |
# RELEASE CANDIDATE - Update Container App + OpenAPI descriptor on APIM | |
# | |
- name: RELEASE CANDIDATE - Update Container App + OpenAPI descriptor on APIM | |
if: steps.semantic.outputs.new_release_published == 'true' | |
uses: azure/CLI@fa0f960f00db49b95fdb54328a767aee31e80105 | |
with: | |
inlineScript: | | |
az config set extension.use_dynamic_install=yes_without_prompt | |
az containerapp update -n ${{ secrets.AZURE_CONTAINER_APP_NAME }} -g ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} -i ${{ env.image_sha256_rc }} | |
API_DATA=$(az apim api show --resource-group ${{ secrets.AZURE_APIM_RESOURCE_GROUP }} --service-name ${{ secrets.AZURE_APIM_NAME }} --api-id ${{ secrets.AZURE_APIM_API_ID }} --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} --query "{path:path, serviceUrl:serviceUrl}") | |
API_PATH=$(echo $API_DATA | jq -r '.path') | |
API_SERVICE_URL=$(echo $API_DATA | jq -r '.serviceUrl') | |
az apim api import \ | |
--resource-group ${{ secrets.AZURE_APIM_RESOURCE_GROUP }} \ | |
--service-name ${{ secrets.AZURE_APIM_NAME }} \ | |
--api-id ${{ secrets.AZURE_APIM_API_ID }} \ | |
--specification-format OpenApi \ | |
--specification-path src/main/resources/META-INF/openapi.yaml \ | |
--path $API_PATH \ | |
--service-url $API_SERVICE_URL \ | |
--subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
# | |
# Install Node. | |
# | |
- name: Install Node | |
if: steps.semantic.outputs.new_release_published == 'true' | |
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c | |
with: | |
node-version: "18.16.0" | |
# | |
# Install Newman. | |
# | |
- name: Install Newman | |
if: steps.semantic.outputs.new_release_published == 'true' | |
run: npm install -g newman | |
# | |
# Run Postman collection. | |
# | |
- name: Run Postman collection | |
if: steps.semantic.outputs.new_release_published == 'true' | |
run: | | |
newman run src/test/postman/mil-auth.postman_collection.json \ | |
-e src/test/postman/dev.postman_environment.json \ | |
--env-var "correctPassword=${{ secrets.NEWMAN_IT__CORRECTPASSWORD }}" \ | |
--env-var "correctClientSecret=${{ secrets.NEWMAN_IT__CORRECTCLIENTSECRET }}" \ | |
--env-var "correctClientSecretForVasLayer=${{ secrets.NEWMAN_IT__CORRECTCLIENTSECRETFORVASLAYER }}" \ | |
--env-var "clientSecretForMilDebtPosition=${{ secrets.NEWMAN_IT__CLIENTSECRETFORMILDEBTPOSITION }}" | |
# | |
# STABLE - Update of pom.xml and openapi.yaml with the new version. | |
# | |
- name: STABLE - Update of pom.xml and openapi.yaml with the new version | |
if: steps.semantic.outputs.new_release_published == 'true' | |
run: | | |
${{ runner.temp }}/maven/bin/mvn versions:set -DnewVersion=${{ steps.semantic.outputs.new_release_version }} -s ${{ runner.temp }}/settings.xml --no-transfer-progress | |
yq -i ".info.version = \"${{ steps.semantic.outputs.new_release_version }}\"" "src/main/resources/META-INF/openapi.yaml" | |
git config user.name "GitHub Workflow" | |
git config user.email "<>" | |
git add pom.xml | |
git add src/main/resources/META-INF/openapi.yaml | |
git commit -m "Updated with new version ${{ steps.semantic.outputs.new_release_version }}" | |
git push origin main | |
# | |
# Calculation of the new version (again) with tagging + releasing + etc. | |
# | |
- name: Calculation of the new version (w/o dry_run) and put tag | |
if: steps.semantic.outputs.new_release_published == 'true' | |
uses: cycjimmy/semantic-release-action@8e58d20d0f6c8773181f43eb74d6a05e3099571d | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
semantic_version: 19 | |
branch: main | |
extra_plugins: | | |
@semantic-release/[email protected] | |
@semantic-release/[email protected] | |
dry_run: false | |
# | |
# STABLE - Build native executable. | |
# | |
- name: STABLE - Build native executable | |
if: steps.semantic.outputs.new_release_published == 'true' | |
run: ${{ runner.temp }}/maven/bin/mvn clean package -Pnative -Dmaven.test.skip=true -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image@sha256:ce70e1a8016471ff0fc9c8f048cd9e37afddacd3de37ed0bca74201d102e45f5 -s ${{ runner.temp }}/settings.xml --no-transfer-progress | |
# | |
# STABLE - Build Docker image. | |
# | |
- name: STABLE - Build Docker image | |
if: steps.semantic.outputs.new_release_published == 'true' | |
run: docker build -f src/main/docker/Dockerfile.native-micro -t ghcr.io/${{ github.repository }}:latest -t ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }} . | |
# | |
# STABLE - Push Docker image. | |
# | |
- name: STABLE - Push Docker image | |
if: steps.semantic.outputs.new_release_published == 'true' | |
run: | | |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
docker push -a ghcr.io/${{ github.repository }} | |
# | |
# STABLE - Get Docker image with sha256. | |
# | |
- name: STABLE - Get Docker image with sha256 | |
if: steps.semantic.outputs.new_release_published == 'true' | |
run: echo "image_sha256=$(docker image inspect -f '{{index .RepoDigests 0}}' ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }})" >> "$GITHUB_ENV" | |
# | |
# STABLE - Update Container App. | |
# | |
- name: STABLE - Update Container App | |
if: steps.semantic.outputs.new_release_published == 'true' | |
uses: azure/CLI@fa0f960f00db49b95fdb54328a767aee31e80105 | |
with: | |
inlineScript: | | |
az config set extension.use_dynamic_install=yes_without_prompt | |
az containerapp update -n ${{ secrets.AZURE_CONTAINER_APP_NAME }} -g ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} --subscription ${{ secrets.AZURE_SUBSCRIPTION_ID }} -i ${{ env.image_sha256 }} |