-
Notifications
You must be signed in to change notification settings - Fork 4
151 lines (139 loc) · 5.67 KB
/
otel.yml
File metadata and controls
151 lines (139 loc) · 5.67 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
---
name: OpenTelemetry
# Build AWS OpenTelemetry Collector Docker image and push to Amazon ECR
on:
push:
paths:
- .github/workflows/otel.yml
- deploy/aws-otel-collector.Dockerfile
- 'otel/*'
# pull_request:
# # branches: [main]
# types: [opened,synchronize,reopened,labeled,unlabeled]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-otel
cancel-in-progress: true
env:
# Name of image
IMAGE_NAME: aws-otel-collector
# Name of org in GHCR Docker repository (must be lowercase)
IMAGE_OWNER: ${{ github.repository_owner }}
# IMAGE_OWNER: cogini
# AWS ECR Docker repo "org" name (may be blank, otherwise must have trailing slash)
ECR_IMAGE_OWNER: cogini/
# ECR_IMAGE_OWNER: ''
# Tag for release images, used to find the latest deployed image.
# IMAGE_TAG: ${{ (github.ref == 'refs/heads/main' && 'staging') || (github.ref == 'refs/heads/qa' && 'qa') }}
IMAGE_TAG: latest
IMAGE_VER: ${{ github.sha }}
# Registry for internal images
REGISTRY: ghcr.io/
# Registry for public images, default (blank) is docker.io
# PUBLIC_REGISTRY: ''
# Assume that base image has been synced to local registry
PUBLIC_REGISTRY: 'ghcr.io/'
AWS_OTEL_COLLECTOR_REPO_ORG: ${{ github.repository_owner }}
POSTGRES_REPO_ORG: ${{ github.repository_owner }}
RABBITMQ_REPO_ORG: ${{ github.repository_owner }}
# Git "main" branch. This might be "master" for old repos
MAIN_BRANCH: main
# GitHub Environment secrets and variables
# Docker Hub credentials to pull base images without rate limits
# secrets.DOCKERHUB_USERNAME
# secrets.DOCKERHUB_TOKEN
# AWS Account
# secrets.AWS_ACCOUNT_ID
# AWS default region
# vars.AWS_REGION
# AWS role allowing GitHub Actions to access resources and deploy
# secrets.AWS_ROLE_TO_ASSUME: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/foo-${{ environment }}-github-action-role
# Docker
DOCKER_BUILDKIT: '1'
DOCKER_FILE: deploy/aws-otel-collector.Dockerfile
jobs:
build-prod:
name: Build otel image
permissions:
id-token: write
contents: read
packages: write
runs-on: ubuntu-latest
environment: ${{ (github.ref_name == 'main' && 'staging') || (github.ref_name == 'qa' && 'qa') || (github.ref_name == 'prod' && 'production') }}
steps:
- name: Debug environment
run: |
echo "github.event_name: ${{ github.event_name }}"
echo "ref: ${{ github.ref }}"
echo "ref_name: ${{ github.ref_name }}"
echo "environment: ${{ needs.config.outputs.environment }}"
- name: Log in to GHCR
uses: docker/login-action@v4
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to Docker Hub
uses: docker/login-action@v4
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Configure AWS credentials
if: env.AWS_ENABLED == '1'
uses: aws-actions/configure-aws-credentials@v6
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
aws-region: ${{ vars.AWS_REGION }}
- name: Log in to Amazon ECR
if: env.AWS_ENABLED == '1'
id: ecr-login
uses: aws-actions/amazon-ecr-login@v2
# with:
# registries: ${{ (needs.config.outputs.environment == 'qa') && env.AWS_ACCOUNT_STAGING || vars.AWS_ACCOUNT }}
- name: Set vars
if: env.AWS_ENABLED == '1'
run: echo "ECR_REGISTRY=${{ steps.ecr-login.outputs.registry }}" >> "$GITHUB_ENV"
- name: Set vars
run: echo "NOW=$(date -u +%Y-%m-%dT%H:%M:%SZ)" >> "$GITHUB_ENV"
- name: Check out source
uses: actions/checkout@v6
- name: Set variables
id: vars
shell: bash
run: |
echo "GITHUB_SHA_SHORT=${GITHUB_SHA::7}" >> "$GITHUB_ENV"
echo "run_id=${GITHUB_RUN_ID}" >> "$GITHUB_OUTPUT"
echo "run_num=${GITHUB_RUN_NUMBER}" >> "$GITHUB_OUTPUT"
- name: Set up Docker buildx
id: buildx
uses: docker/setup-buildx-action@v4
with:
driver-opts: network=host
- name: Build image and push
if: env.AWS_ENABLED == '1'
uses: docker/build-push-action@v7
with:
file: ${{ env.DOCKER_FILE }}
# https://hub.docker.com/r/amazon/aws-otel-collector/tags
build-args: |
AWS_REGION=${{ vars.AWS_REGION }}
BASE_IMAGE_TAG='v0.47.0'
context: .
builder: ${{ steps.buildx.outputs.name }}
push: true
cache-from: type=gha,scope=${{ github.workflow }}-otel-${{ github.ref_name }}
cache-to: type=gha,scope=${{ github.workflow }}-otel-${{ github.ref_name }},mode=max
no-cache: ${{ github.run_attempt != '1' }}
# ssh: default
# https://github.com/opencontainers/image-spec/blob/main/annotations.md
# https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/
labels: |
org.opencontainers.image.source=https://github.com/${{ github.repository }}
org.opencontainers.image.created=${{ env.NOW }}
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.version=${{ github.run_number }}
app.kubernetes.io/name=${{ env.IMAGE_NAME }}
app.kubernetes.io/part-of=${{ github.repository }}
app.kubernetes.io/version=${{ github.run_number }}
tags: |
${{ env.ECR_REGISTRY }}/${{ env.ECR_IMAGE_OWNER }}${{ env.IMAGE_NAME }}:${{ github.sha }}
${{ env.ECR_REGISTRY }}/${{ env.ECR_IMAGE_OWNER }}${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}