github actions for local ht shib proxy dex

hathitrust · Jan 27, 2022 · 1e70d34 · 1e70d34
1 parent 07c7245
commit 1e70d34
Show file tree

Hide file tree

Showing 7 changed files with 94 additions and 163 deletions.
diff --git a/.github/workflows/build-master.yml b/.github/workflows/build-master.yml
@@ -0,0 +1,25 @@
+name: Docker Build master
+
+on:
+  push:
+    branches: [ master ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v1
+    - name: Login to DockerHub
+      uses: docker/login-action@v1
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+    - name: Clone latest repository
+      uses: actions/checkout@v2
+    - name: Build dex container image and push to DockerHub
+      uses: docker/build-push-action@v2
+      with:
+        push: true
+        tags: 'hathitrust/dex-shib-proxy-unstable:${{ github.sha }},hathitrust/dex-shib-proxy-unstable:latest'
+        file: Dockerfile
diff --git a/.github/workflows/ci.yaml → .github/workflows/ci.yml b/.github/workflows/ci.yaml → .github/workflows/ci.yml
@@ -53,7 +53,7 @@ jobs:
 
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v1
         with:
           go-version: 1.16
 
@@ -72,6 +72,7 @@ jobs:
       - name: Test
         run: make testall
         env:
+          DEX_FOO_USER_PASSWORD: $2a$10$33EMT0cVYVlPy6WAMCLsceLYjWhuHpbz5yuZxu/GAFj03J9Lytjuy
           DEX_MYSQL_DATABASE: dex
           DEX_MYSQL_USER: root
           DEX_MYSQL_PASSWORD: root
@@ -97,7 +98,7 @@ jobs:
           DEX_KEYSTONE_ADMIN_PASS: DEMO_PASS
           DEX_KUBERNETES_CONFIG_PATH: ~/.kube/config
 
-      - name: Lint
+      - name: Run linter
         run: make lint
 
       # Ensure proto generation doesn't depend on external packages.

diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml
diff --git a/.github/workflows/deploy-test.yml b/.github/workflows/deploy-test.yml
@@ -0,0 +1,20 @@
+name: Manual Deploy (Testing)
+
+on:
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: azure/setup-kubectl@v1
+    - name: Authenticate with kubernetes
+      run: |
+        mkdir -p ${HOME}/.kube/certs/cluster
+        echo ${{ secrets.KUBERNETES_CA }} | base64 -d > ${HOME}/.kube/certs/cluster/k8s-ca.crt
+        kubectl config set-cluster cluster --certificate-authority=${HOME}/.kube/certs/cluster/k8s-ca.crt --server=https://macc.kubernetes.hathitrust.org
+        kubectl config set-credentials github --token=${{ secrets.KUBERNETES_TOKEN }}
+        kubectl config set-context github --cluster=cluster --user=github --namespace=oidc-saml-proxy-testing
+        kubectl config use-context github
+    - name: Manual Deploy (Testing)
+      run: kubectl set image deployment oidc-saml-proxy oidc-saml-proxy=hathitrust/dex-shib-proxy-unstable:latest
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,20 @@
+name: Manual Deploy (Production)
+
+on:
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: azure/setup-kubectl@v1
+    - name: Authenticate with kubernetes
+      run: |
+        mkdir -p ${HOME}/.kube/certs/cluster
+        echo ${{ secrets.KUBERNETES_CA }} | base64 -d > ${HOME}/.kube/certs/cluster/k8s-ca.crt
+        kubectl config set-cluster cluster --certificate-authority=${HOME}/.kube/certs/cluster/k8s-ca.crt --server=https://macc.kubernetes.hathitrust.org
+        kubectl config set-credentials github --token=${{ secrets.KUBERNETES_TOKEN }}
+        kubectl config set-context github --cluster=cluster --user=github --namespace=oidc-saml-proxy-production
+        kubectl config use-context github
+    - name: Manual Deploy (Production)
+      run: kubectl set image deployment oidc-saml-proxy oidc-saml-proxy=hathitrust/dex-shib-proxy:latest
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
diff --git a/.github/workflows/tag-release.yml b/.github/workflows/tag-release.yml
@@ -0,0 +1,26 @@
+name: Docker Tag Latest Release
+
+on:
+  release:
+    types: [ released ]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v1
+    - name: Login to DockerHub
+      uses: docker/login-action@v1
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+    - name: Clone latest repository
+      uses: actions/checkout@v2
+    - name: Tag latest release in DockerHub
+      run: |
+        docker pull hathitrust/dex-shib-proxy-unstable:${{ github.sha }}
+        docker tag hathitrust/dex-shib-proxy-unstable:${{ github.sha }} hathitrust/dex-shib-proxy:${{ github.event.release.tag_name }}
+        docker tag hathitrust/dex-shib-proxy-unstable:${{ github.sha }} hathitrust/dex-shib-proxy:latest
+        docker push hathitrust/dex-shib-proxy:${{ github.event.release.tag_name }}
+        docker push hathitrust/dex-shib-proxy:latest