api-server/.github/workflows/build.yaml at 5885534debdbdae75d5f320ae8fd7b006a6bc04f · hollow-cube/api-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: "Build and push"

on:
  push:
    branches: [ main ]

env:
  GO_VERSION: "1.24.4"

jobs:
  #  lint:
  #    runs-on: ubuntu-latest
  #    steps:
  #      - uses: actions/setup-go@v4
  #        with:
  #          go-version: "${{ env.GO_VERSION }}"
  #          cache: false
  #      - uses: actions/checkout@v4
  #      - name: go-lint
  #        uses: golangci/golangci-lint-action@v3
  #        with:
  #          version: latest
  #          args: --timeout 5m0s

  # Detect services that need to be built via the builder
  detect-services:
    runs-on: ubuntu-latest
    outputs:
      services: ${{ steps.detect-services.outputs.services }}
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: '0'

      - uses: actions/setup-go@v5
        with:
          go-version: ${{ env.GO_VERSION }}
          cache: false

      - name: Create Go cache directories
        run: |
          mkdir -p ~/go/pkg/mod
          mkdir -p ~/.cache/go-build

      - name: Cache Go modules and build cache
        uses: actions/cache@v4
        with:
          path: |
            ~/go/pkg/mod
            ~/.cache/go-build
          key: ${{ runner.os }}-go-detect-${{ hashFiles('**/go.sum', 'go.work.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-detect-
            ${{ runner.os }}-go-

      - name: detect-services
        id: detect-services
        env:
          GH_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          services=$(go run builder/main.go)
          echo "Raw services output: $services"
          echo "services=$services" >> $GITHUB_OUTPUT

      - name: print-services
        run: |
          echo "Services: ${{ steps.detect-services.outputs.services }}"

  docker-build-and-publish:
    needs: [ detect-services ]
    if: needs.detect-services.outputs.services != '[]'
    runs-on: ubuntu-latest
    strategy:
      matrix:
        service: ${{ fromJson(needs.detect-services.outputs.services) }}
    steps:
      - name: Import Secrets
        uses: hollow-cube/actions/secrets@main
        with:
          token: ${{ secrets.VAULT_TOKEN }}
          path: global/github
      - uses: actions/checkout@v4

      - uses: actions/setup-go@v5
        with:
          go-version: ${{ env.GO_VERSION }}
          cache: false  # Disable built-in cache, we'll handle it manually

      # Create cache directories before restoring
      - name: Create Go cache directories
        run: |
          mkdir -p ~/go/pkg/mod
          mkdir -p ~/.cache/go-build

      - name: Cache Go modules and build cache
        uses: actions/cache@v4
        with:
          path: |
            ~/go/pkg/mod
            ~/.cache/go-build
          key: ${{ runner.os }}-go-${{ matrix.service }}-${{ hashFiles('**/go.sum', 'go.work.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-${{ matrix.service }}-
            ${{ runner.os }}-go-

      - uses: ko-build/setup-ko@v0.8
        env:
          KO_DOCKER_REPO: mworzala

      - name: Build image
        shell: bash
        run: |
          ko login docker.io --username mworzala --password ${{ env.DOCKER_PASS }}
          ko build ./services/${{ matrix.service }}/cmd/${{ matrix.service }} --base-import-paths --tags ${{ github.sha }} --platform linux/amd64
          echo "Version: ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY

  helm-build:
    needs: [ detect-services, docker-build-and-publish ]
    if: needs.detect-services.outputs.services != '[]' # Only run if there are services to build
    runs-on: ubuntu-latest
    strategy:
      matrix:
        service: ${{ fromJson(needs.detect-services.outputs.services) }}
    steps:
      - name: Helm build
        uses: hollow-cube/actions/helm-build@main
        with:
          vault-token: ${{ secrets.VAULT_TOKEN }}
          name: ${{ matrix.service }}
          path: "services/${{ matrix.service }}/deploy/helm-chart"

  helm-deploy:
    needs: [ detect-services, docker-build-and-publish, helm-build ]
    if: needs.detect-services.outputs.services != '[]' # Only run if there are services to build
    runs-on: ubuntu-latest
    strategy:
      matrix:
        service: ${{ fromJson(needs.detect-services.outputs.services) }}
    steps:
      - name: Helm deploy
        uses: hollow-cube/actions/helm-deploy@main
        with:
          vault-token: ${{ secrets.VAULT_TOKEN }}
          name: ${{ matrix.service }}
          cluster: prod-v2
          values: "services/${{ matrix.service }}/deploy/helm-chart/values-prod.yaml"