billing-service/.github/workflows/release-traceability.yml
2026-04-12 19:06:49 +08:00

107 lines
3.7 KiB
YAML

name: release-traceability
on:
push:
branches:
- main
workflow_dispatch: {}
jobs:
build:
runs-on: ubuntu-latest
outputs:
service_image_ref: ${{ steps.meta.outputs.service_image_ref }}
service_image_tag: ${{ steps.meta.outputs.service_image_tag }}
service_image_commit: ${{ steps.meta.outputs.service_image_commit }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Derive image identity
id: meta
run: bash ./scripts/github-actions/resolve-service-image-ref.sh
- name: Build image
env:
SERVICE_IMAGE_REF: ${{ steps.meta.outputs.service_image_ref }}
SERVICE_IMAGE_LATEST_REF: ghcr.io/${{ github.repository }}:latest
run: bash ./scripts/github-actions/build-service-image.sh
- name: Build linux binary artifact
env:
BILLING_SERVICE_BINARY_ARTIFACT: dist/billing-service-linux-amd64
run: bash ./scripts/github-actions/build-service-binary.sh
- name: Upload billing-service binary artifact
uses: actions/upload-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with:
name: billing-service-linux-amd64
path: dist/billing-service-linux-amd64
if-no-files-found: error
- name: Push image
run: bash ./scripts/github-actions/push-image-placeholder.sh
deploy:
runs-on: ubuntu-latest
needs: build
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Download billing-service binary artifact
uses: actions/download-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
with:
name: billing-service-linux-amd64
path: dist
- name: Install ansible
run: sudo apt-get update && sudo apt-get install -y ansible
- name: Configure deploy SSH
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
run: |
test -n "${SSH_PRIVATE_KEY}"
install -d -m 0700 ~/.ssh
printf '%s\n' "${SSH_PRIVATE_KEY}" > ~/.ssh/id_ed25519
chmod 0600 ~/.ssh/id_ed25519
ssh-keyscan -H jp-xhttp-contabo.svc.plus >> ~/.ssh/known_hosts
- name: Deploy via playbook
env:
BILLING_SERVICE_IMAGE_REF: ${{ needs.build.outputs.service_image_ref }}
BILLING_SERVICE_BINARY_ARTIFACT: dist/billing-service-linux-amd64
DATABASE_URL: ${{ secrets.DATABASE_URL }}
INTERNAL_SERVICE_TOKEN: ${{ secrets.INTERNAL_SERVICE_TOKEN }}
STACK_TARGET_HOST: jp-xhttp-contabo.svc.plus
run: bash ./scripts/github-actions/deploy-billing-service.sh
validate:
runs-on: ubuntu-latest
needs:
- build
- deploy
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Verify workflow dependency chain
run: bash ./scripts/github-actions/test-release-traceability-workflow.sh
- name: Verify traceability script cases
run: bash ./scripts/github-actions/test-validate-release-traceability.sh
- name: Configure validate SSH
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
run: |
test -n "${SSH_PRIVATE_KEY}"
install -d -m 0700 ~/.ssh
printf '%s\n' "${SSH_PRIVATE_KEY}" > ~/.ssh/id_ed25519
chmod 0600 ~/.ssh/id_ed25519
ssh-keyscan -H jp-xhttp-contabo.svc.plus >> ~/.ssh/known_hosts
- name: Validate runtime traceability
env:
SERVICE_IMAGE_REF: ${{ needs.build.outputs.service_image_ref }}
STACK_TARGET_HOST: jp-xhttp-contabo.svc.plus
run: bash ./scripts/github-actions/validate-release-traceability-remote.sh