name: Build and Push Docker Image on: push: branches: - main workflow_dispatch: jobs: build-and-push: runs-on: orchestration-platform defaults: run: shell: sh env: REGISTRY: gitea.dataprovider01.sandbox-cat-dat.simpl-europe.eu IMAGE_REPO: gitea.dataprovider01.sandbox-cat-dat.simpl-europe.eu/j.r/template-code-location K8S_NAMESPACE: dataprovider01 HELM_RELEASE: dataprovider01-dataprovider-orchestration-platform DAGSTER_CHART_VERSION: 0.2.0 steps: - name: Checkout repository (shell) run: | REPO_DIR="repo" REPO_CLONE_URL="https://gitea.dataprovider01.sandbox-cat-dat.simpl-europe.eu/j.r/template-code-location.git" CLONE_USER="${{ secrets.REGISTRY_USERNAME }}" CLONE_PASS="${{ secrets.REGISTRY_PASSWORD }}" REF_NAME="${GITHUB_REF_NAME}" if [ -z "${REF_NAME}" ]; then REF_NAME="${GITHUB_REF#refs/heads/}" fi if [ -z "${CLONE_USER}" ] || [ -z "${CLONE_PASS}" ]; then echo "Missing REGISTRY_USERNAME or REGISTRY_PASSWORD secret" exit 1 fi rm -rf "${REPO_DIR}" AUTH_HEADER="$(printf '%s:%s' "${CLONE_USER}" "${CLONE_PASS}" | base64 | tr -d '\n')" git clone --depth 1 --branch "${REF_NAME}" \ -c "http.extraHeader=Authorization: Basic ${AUTH_HEADER}" \ "${REPO_CLONE_URL}" \ "${REPO_DIR}" if [ ! -f "${REPO_DIR}/Dockerfile" ]; then echo "Dockerfile not found after clone" exit 1 fi - name: Validate registry secrets run: | if [ -z "${{ secrets.REGISTRY_USERNAME }}" ] || [ -z "${{ secrets.REGISTRY_PASSWORD }}" ]; then echo "Missing REGISTRY_USERNAME or REGISTRY_PASSWORD secret" exit 1 fi - name: Login to registry run: | echo "${{ secrets.REGISTRY_PASSWORD }}" | docker login "${REGISTRY}" \ -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin - name: Build image run: | COMMIT_SHA="${GITHUB_SHA:-$GITEA_SHA}" SHORT_SHA="$(echo "${COMMIT_SHA}" | cut -c1-12)" cd repo docker build \ -t "${IMAGE_REPO}:latest" \ -t "${IMAGE_REPO}:${SHORT_SHA}" \ . - name: Push image tags run: | COMMIT_SHA="${GITHUB_SHA:-$GITEA_SHA}" SHORT_SHA="$(echo "${COMMIT_SHA}" | cut -c1-12)" docker push "${IMAGE_REPO}:latest" docker push "${IMAGE_REPO}:${SHORT_SHA}" - name: Install helm and kubectl run: | ARCH="$(uname -m)" if [ "${ARCH}" = "x86_64" ]; then ARCH="amd64" elif [ "${ARCH}" = "aarch64" ]; then ARCH="arm64" fi if ! command -v helm >/dev/null 2>&1; then apk add --no-cache curl tar gzip ca-certificates HELM_VERSION="v3.16.4" curl -fsSL "https://get.helm.sh/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz" -o /tmp/helm.tgz tar -xzf /tmp/helm.tgz -C /tmp mv "/tmp/linux-${ARCH}/helm" /usr/local/bin/helm chmod +x /usr/local/bin/helm fi if ! command -v kubectl >/dev/null 2>&1; then KUBECTL_VERSION="v1.31.2" curl -fsSL "https://dl.k8s.io/release/${KUBECTL_VERSION}/bin/linux/${ARCH}/kubectl" -o /usr/local/bin/kubectl chmod +x /usr/local/bin/kubectl fi helm version kubectl version --client - name: Deploy to Dagster with Helm run: | if [ -z "${{ secrets.KUBE_CONFIG_B64 }}" ]; then echo "Missing KUBE_CONFIG_B64 secret" exit 1 fi COMMIT_SHA="${GITHUB_SHA:-$GITEA_SHA}" SHORT_SHA="$(echo "${COMMIT_SHA}" | cut -c1-12)" mkdir -p "${HOME}/.kube" echo "${{ secrets.KUBE_CONFIG_B64 }}" | base64 -d > "${HOME}/.kube/config" export KUBECONFIG="${HOME}/.kube/config" helm upgrade --install "${HELM_RELEASE}" dagster \ --repo "https://code.europa.eu/api/v4/projects/1304/packages/helm/stable" \ --version "${DAGSTER_CHART_VERSION}" \ --namespace "${K8S_NAMESPACE}" \ --reuse-values \ --set-string "dagster.dagster-user-deployments.deployments[0].image.repository=${IMAGE_REPO}" \ --set-string "dagster.dagster-user-deployments.deployments[0].image.tag=${SHORT_SHA}" DEPLOYMENT_NAME="$(kubectl -n "${K8S_NAMESPACE}" get deployment -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' | grep 'template-code-location' | head -n 1)" if [ -n "${DEPLOYMENT_NAME}" ]; then kubectl -n "${K8S_NAMESPACE}" rollout restart "deployment/${DEPLOYMENT_NAME}" kubectl -n "${K8S_NAMESPACE}" rollout status "deployment/${DEPLOYMENT_NAME}" --timeout=300s else echo "No deployment name matched template-code-location; Helm upgrade completed without explicit rollout restart." fi