Skip to content

Commit 586f1f2

Browse files
author
박지원F
committed
[Internal] 사내 CI 워크플로우 추가
- ts-build-amoro-image.yml: alpha/live Docker 이미지 빌드 - ts-ci-jp.yml: 일본 법인 CI Signed-off-by: 박지원F <jiwonpark@tossinvest.com>
1 parent 80e3310 commit 586f1f2

2 files changed

Lines changed: 256 additions & 0 deletions

File tree

Lines changed: 119 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,119 @@
1+
name: '[TossSecurities] Build Amoro Docker Image'
2+
3+
on:
4+
workflow_dispatch:
5+
push:
6+
tags:
7+
- 'v*'
8+
9+
jobs:
10+
maven-build:
11+
runs-on: ts-dp-alpha-apne2-amd64
12+
outputs:
13+
amoro_version: ${{ steps.version.outputs.amoro_version }}
14+
image_tag: ${{ steps.version.outputs.image_tag }}
15+
steps:
16+
- name: Checkout repository
17+
uses: actions/checkout@v4
18+
19+
- name: Extract version from pom.xml
20+
id: version
21+
run: |
22+
AMORO_VERSION=$(grep 'amoro-parent' -C 3 pom.xml | grep -Eo '<version>.*</version>' | awk -F'[><]' '{print $3}')
23+
BRANCH_NAME="${GITHUB_REF_NAME}"
24+
echo "amoro_version=${AMORO_VERSION}" >> $GITHUB_OUTPUT
25+
echo "image_tag=${BRANCH_NAME}" >> $GITHUB_OUTPUT
26+
27+
- name: Set up JDK 11
28+
uses: actions/setup-java@v1
29+
with:
30+
java-version: '11'
31+
32+
- name: Build Amoro dist package
33+
run: |
34+
./mvnw clean package -am -e -pl dist -DskipTests
35+
36+
- name: Upload dist to Nexus
37+
run: |
38+
DIST_FILE=$(ls dist/target/apache-amoro-*-bin.tar.gz)
39+
curl --fail -T "$DIST_FILE" \
40+
"http://nexus.tossinvest.bz/repository/hadoop/amoro/${{ steps.version.outputs.image_tag }}/apache-amoro-${{ steps.version.outputs.image_tag }}-bin.tar.gz"
41+
42+
- name: Cleanup workspace
43+
if: always()
44+
run: |
45+
set -euxo pipefail
46+
if [ -d "${GITHUB_WORKSPACE}" ]; then
47+
sudo chown -R "$(id -u)":"$(id -g)" "${GITHUB_WORKSPACE}" || true
48+
sudo rm -rf "${GITHUB_WORKSPACE}"/{*,.*} || true
49+
sudo rm -rf "${GITHUB_WORKSPACE}"/.??* || true
50+
fi
51+
52+
docker-build-alpha:
53+
needs: maven-build
54+
runs-on: ts-dp-alpha-apne2-amd64
55+
steps:
56+
- name: Checkout repository
57+
uses: actions/checkout@v4
58+
59+
- name: Download dist from Nexus
60+
run: |
61+
mkdir -p dist/target
62+
curl --fail -o dist/target/apache-amoro-${{ needs.maven-build.outputs.amoro_version }}-bin.tar.gz \
63+
"http://nexus.tossinvest.bz/repository/hadoop/amoro/${{ needs.maven-build.outputs.image_tag }}/apache-amoro-${{ needs.maven-build.outputs.image_tag }}-bin.tar.gz"
64+
65+
- name: Login to Harbor
66+
run: docker login harbor.alpha.tossinvest.bz -u "${{ secrets.HARBOR_ALPHA_ID }}" -p "${{ secrets.HARBOR_ALPHA_PW }}"
67+
68+
- name: Build Docker image
69+
run: |
70+
DOCKER_BUILDKIT=1 docker build \
71+
-f docker/amoro/Dockerfile \
72+
-t harbor.alpha.tossinvest.bz/dp/amoro:${{ needs.maven-build.outputs.image_tag }} \
73+
.
74+
docker push harbor.alpha.tossinvest.bz/dp/amoro:${{ needs.maven-build.outputs.image_tag }}
75+
76+
- name: Cleanup workspace
77+
if: always()
78+
run: |
79+
set -euxo pipefail
80+
if [ -d "${GITHUB_WORKSPACE}" ]; then
81+
sudo chown -R "$(id -u)":"$(id -g)" "${GITHUB_WORKSPACE}" || true
82+
sudo rm -rf "${GITHUB_WORKSPACE}"/{*,.*} || true
83+
sudo rm -rf "${GITHUB_WORKSPACE}"/.??* || true
84+
fi
85+
86+
docker-build-live:
87+
needs: maven-build
88+
runs-on: ["dp-dev-1"]
89+
steps:
90+
- name: Checkout repository
91+
uses: actions/checkout@v4
92+
93+
- name: Download dist from Nexus
94+
run: |
95+
mkdir -p dist/target
96+
curl --fail -o dist/target/apache-amoro-${{ needs.maven-build.outputs.amoro_version }}-bin.tar.gz \
97+
"http://nexus.tossinvest.bz/repository/hadoop/amoro/${{ needs.maven-build.outputs.image_tag }}/apache-amoro-${{ needs.maven-build.outputs.image_tag }}-bin.tar.gz"
98+
99+
- name: Login to Harbor
100+
run: docker login harbor.live.tossinvest.bz -u "${{ secrets.HARBOR_LIVE_ID }}" -p "${{ secrets.HARBOR_LIVE_PW }}"
101+
102+
- name: Build Docker image
103+
run: |
104+
DOCKER_BUILDKIT=1 docker build \
105+
--build-arg MAVEN_MIRROR=http://nexus.tossinvest.bz/repository/maven-central \
106+
-f docker/amoro/Dockerfile \
107+
-t harbor.live.tossinvest.bz/dp/amoro:${{ needs.maven-build.outputs.image_tag }} \
108+
.
109+
docker push harbor.live.tossinvest.bz/dp/amoro:${{ needs.maven-build.outputs.image_tag }}
110+
111+
- name: Cleanup workspace
112+
if: always()
113+
run: |
114+
set -euxo pipefail
115+
if [ -d "${GITHUB_WORKSPACE}" ]; then
116+
sudo chown -R "$(id -u)":"$(id -g)" "${GITHUB_WORKSPACE}" || true
117+
sudo rm -rf "${GITHUB_WORKSPACE}"/{*,.*} || true
118+
sudo rm -rf "${GITHUB_WORKSPACE}"/.??* || true
119+
fi

.github/workflows/ts-ci-jp.yml

Lines changed: 137 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,137 @@
1+
name: '[TossSecurities] CI For JP'
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
image_tag:
7+
description: 'Harbor image tag to push to JP ECR'
8+
required: true
9+
type: string
10+
phase:
11+
description: 'Target environment'
12+
required: true
13+
type: choice
14+
options:
15+
- alpha
16+
- live
17+
18+
jobs:
19+
push-to-jp-alpha:
20+
if: ${{ inputs.phase == 'alpha' }}
21+
runs-on: ts-dp-alpha-apne2-arm64
22+
steps:
23+
- name: Login to Harbor
24+
run: |
25+
docker login -u ${{ secrets.HARBOR_LIVE_ID }} -p ${{ secrets.HARBOR_LIVE_PW }} harbor.live.tossinvest.bz
26+
27+
- name: Pull image from Harbor
28+
run: |
29+
docker pull harbor.live.tossinvest.bz/dp/amoro:${{ inputs.image_tag }}
30+
31+
- name: install-aws-cli
32+
uses: tossinvest-actions/install-aws-cli-action@v2
33+
with:
34+
version: 2
35+
36+
- name: Configure AWS credentials
37+
uses: tossinvest-actions/configure-aws-credentials@main
38+
with:
39+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_JP_ALPHA }}
40+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_JP_ALPHA }}
41+
aws-region: ap-northeast-1
42+
43+
- name: Login to Amazon ECR
44+
id: login-ecr
45+
uses: tossinvest-actions/amazon-ecr-login@v1
46+
with:
47+
registry-ids: 887721946944
48+
49+
- name: Create ECR repository and set lifecycle policy
50+
env:
51+
ECR_REPOSITORY: dp/amoro
52+
run: |
53+
aws ecr describe-repositories --repository-names $ECR_REPOSITORY \
54+
|| aws ecr create-repository --repository-name $ECR_REPOSITORY
55+
aws ecr put-lifecycle-policy --repository-name $ECR_REPOSITORY --lifecycle-policy-text '{
56+
"rules": [{
57+
"rulePriority": 1,
58+
"description": "Keep only the latest 10 images",
59+
"selection": {
60+
"tagStatus": "any",
61+
"countType": "imageCountMoreThan",
62+
"countNumber": 10
63+
},
64+
"action": {
65+
"type": "expire"
66+
}
67+
}]
68+
}'
69+
70+
- name: Tag and push image to JP Alpha ECR
71+
env:
72+
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
73+
ECR_REPOSITORY: dp/amoro
74+
IMAGE_TAG: ${{ inputs.image_tag }}
75+
run: |
76+
docker tag harbor.live.tossinvest.bz/dp/amoro:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
77+
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
78+
79+
push-to-jp-live:
80+
if: ${{ inputs.phase == 'live' }}
81+
runs-on: dc2-amd64
82+
steps:
83+
- name: Login to Harbor
84+
run: |
85+
docker login -u ${{ secrets.HARBOR_LIVE_ID }} -p ${{ secrets.HARBOR_LIVE_PW }} harbor.live.tossinvest.bz
86+
87+
- name: Pull image from Harbor
88+
run: |
89+
docker pull harbor.live.tossinvest.bz/dp/amoro:${{ inputs.image_tag }}
90+
91+
- name: install-aws-cli
92+
uses: tossinvest-actions/install-aws-cli-action@v2
93+
with:
94+
version: 2
95+
96+
- name: Configure AWS credentials
97+
uses: tossinvest-actions/configure-aws-credentials@main
98+
with:
99+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_JP_LIVE }}
100+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_JP_LIVE }}
101+
aws-region: ap-northeast-1
102+
103+
- name: Login to Amazon ECR
104+
id: login-ecr
105+
uses: tossinvest-actions/amazon-ecr-login@v1
106+
with:
107+
registry-ids: 965031587152
108+
109+
- name: Create ECR repository and set lifecycle policy
110+
env:
111+
ECR_REPOSITORY: dp/amoro
112+
run: |
113+
aws ecr describe-repositories --repository-names $ECR_REPOSITORY \
114+
|| aws ecr create-repository --repository-name $ECR_REPOSITORY
115+
aws ecr put-lifecycle-policy --repository-name $ECR_REPOSITORY --lifecycle-policy-text '{
116+
"rules": [{
117+
"rulePriority": 1,
118+
"description": "Keep only the latest 10 images",
119+
"selection": {
120+
"tagStatus": "any",
121+
"countType": "imageCountMoreThan",
122+
"countNumber": 10
123+
},
124+
"action": {
125+
"type": "expire"
126+
}
127+
}]
128+
}'
129+
130+
- name: Tag and push image to JP Live ECR
131+
env:
132+
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
133+
ECR_REPOSITORY: dp/amoro
134+
IMAGE_TAG: ${{ inputs.image_tag }}
135+
run: |
136+
docker tag harbor.live.tossinvest.bz/dp/amoro:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
137+
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

0 commit comments

Comments
 (0)