From 000b867be23fac37b6fd9cbda3b9fa1005b9d6b0 Mon Sep 17 00:00:00 2001 From: eli Date: Wed, 29 Jan 2025 15:32:12 -0800 Subject: [PATCH 1/3] update pdp api example on ecs --- .github/workflows/pdp_cicd.yml | 390 +++++++++++++++++---------------- 1 file changed, 204 insertions(+), 186 deletions(-) diff --git a/.github/workflows/pdp_cicd.yml b/.github/workflows/pdp_cicd.yml index ba711d67..ced7f261 100644 --- a/.github/workflows/pdp_cicd.yml +++ b/.github/workflows/pdp_cicd.yml @@ -1,192 +1,210 @@ name: Build and Push PDP Docker Image -on: - release: - types: [published] +on: push + # release: + # types: [published] jobs: - pdp-tests: + # pdp-tests: + # runs-on: ubuntu-latest + # steps: + # - name: Checkout code + # uses: actions/checkout@v4 + + # - name: Set up QEMU + # uses: docker/setup-qemu-action@v3 + + # - name: Set up Docker Buildx + # uses: docker/setup-buildx-action@v3 + + # - uses: actions/checkout@v3 + # with: + # repository: permitio/permit-opa + # ref: main + # path: './permit-opa' + # token: ${{ secrets.CLONE_REPO_TOKEN }} + + # - name: Pre build PDP tests + # run: | + # echo "${{ github.event.release.tag_name }}" | cut -d '-' -f 1 > permit_pdp_version + # rm -rf custom + # mkdir custom + # build_root="$PWD" + # cd ./permit-opa + # find * \( -name '*go*' -o -name 'LICENSE.md' \) -print0 | xargs -0 tar -czf "$build_root"/custom/custom_opa.tar.gz --exclude '.*' + + # - uses: robinraju/release-downloader@v1 + # with: + # repository: permitio/datasync + # latest: true + # fileName: factstore_server* + # token: ${{ secrets.CLONE_REPO_TOKEN }} + # out-file-path: "factdb" + + # - name: Build and load image for PDP E2E tests + # uses: docker/build-push-action@v5 + # with: + # push: false + # load: true + # context: . + # build-args: | + # ALLOW_MISSING_FACTSTORE=false + # platforms: linux/amd64 + # tags: permitio/pdp-v2:test + # cache-from: type=gha + # cache-to: type=gha,mode=max + + # - uses: actions/checkout@v3 + # with: + # repository: permitio/permit-backend + # ref: main + # path: './permit-backend' + # token: ${{ secrets.CLONE_REPO_TOKEN }} + + # - name: Python setup + # uses: actions/setup-python@v5 + # with: + # python-version: '3.11.8' + + # - name: Run Pytests + # run: | + # python -m pip install --upgrade pip + # pip install ".[dev]" + # pytest -s --cache-clear horizon/tests/ + + # - name: Run E2E tests + # working-directory: ./permit-backend/proactive_tests/sidecar + # run: | + # pip install requests pydantic==1.8.2 docker + # python sidecar_tester.py -k ${{ secrets.PERMIT_TESTS_TOKEN }} -u https://api.permit.io -2 permitio/pdp-v2:test --no-pull + + # build-and-push-pdp-vanilla: + # needs: pdp-tests + # runs-on: ubuntu-latest + # steps: + # - name: Checkout code + # uses: actions/checkout@v4 + + # - name: Set up QEMU + # uses: docker/setup-qemu-action@v3 + + # - name: Set up Docker Buildx + # uses: docker/setup-buildx-action@v3 + + # - name: Login to Docker Hub + # uses: docker/login-action@v3 + # with: + # username: ${{ secrets.DOCKERHUB_USERNAME }} + # password: ${{ secrets.DOCKERHUB_TOKEN }} + + # - name: Pre build - for PDP-Vanilla + # run: echo "${{ github.event.release.tag_name }}" | cut -d '-' -f 1 > permit_pdp_version + + # - name: Build and push PDP-Vanilla - (official release) + # if: "!github.event.release.prerelease" + # uses: docker/build-push-action@v5 + # with: + # push: true + # context: . + # platforms: linux/amd64,linux/arm64 + # tags: permitio/pdp-v2-vanilla:${{ github.event.release.tag_name }}, permitio/pdp-v2-vanilla:latest + # cache-from: type=gha + # cache-to: type=gha,mode=max + + # - name: Build and push PDP-Vanilla image - (pre-release) + # if: "github.event.release.prerelease" + # uses: docker/build-push-action@v5 + # with: + # push: true + # context: . + # platforms: linux/amd64,linux/arm64 + # tags: permitio/pdp-v2-vanilla:${{ github.event.release.tag_name }} + # cache-from: type=gha + # cache-to: type=gha,mode=max + + # build-and-push-pdp: + # needs: pdp-tests + # runs-on: ubuntu-latest + # steps: + # - name: Checkout code + # uses: actions/checkout@v4 + + # - name: Set up QEMU + # uses: docker/setup-qemu-action@v3 + + # - name: Set up Docker Buildx + # uses: docker/setup-buildx-action@v3 + + # - name: Login to Docker Hub + # uses: docker/login-action@v3 + # with: + # username: ${{ secrets.DOCKERHUB_USERNAME }} + # password: ${{ secrets.DOCKERHUB_TOKEN }} + + # - uses: actions/checkout@v3 + # with: + # repository: permitio/permit-opa + # ref: main + # path: './permit-opa' + # token: ${{ secrets.CLONE_REPO_TOKEN }} + + # - name: Pre build PDP + # run: | + # echo "${{ github.event.release.tag_name }}" | cut -d '-' -f 1 > permit_pdp_version + # rm -rf custom + # mkdir custom + # build_root="$PWD" + # cd ./permit-opa + # find * \( -name '*go*' -o -name 'LICENSE.md' \) -print0 | xargs -0 tar -czf "$build_root"/custom/custom_opa.tar.gz --exclude '.*' + + # - uses: robinraju/release-downloader@v1 + # with: + # repository: permitio/datasync + # latest: true + # fileName: factstore_server* + # token: ${{ secrets.CLONE_REPO_TOKEN }} + # out-file-path: "factdb" + + # - name: Build and push PDP image - (pre-release) + # if: "github.event.release.prerelease" + # uses: docker/build-push-action@v5 + # with: + # push: true + # context: . + # platforms: linux/amd64,linux/arm64 + # build-args: | + # ALLOW_MISSING_FACTSTORE=false + # tags: permitio/pdp-v2:${{ github.event.release.tag_name }} + # cache-from: type=gha + # cache-to: type=gha,mode=max + + # - name: Build and push PDP image - (official release) + # if: "!github.event.release.prerelease" + # uses: docker/build-push-action@v5 + # with: + # push: true + # context: . + # platforms: linux/amd64,linux/arm64 + # build-args: | + # ALLOW_MISSING_FACTSTORE=false + # tags: permitio/pdp-v2:${{ github.event.release.tag_name }},permitio/pdp-v2:latest + # cache-from: type=gha + # cache-to: type=gha,mode=max + + update-pdp-api-ecs-service: + # needs: build-and-push-pdp runs-on: ubuntu-latest + # if: "!github.event.release.prerelease" steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - uses: actions/checkout@v3 - with: - repository: permitio/permit-opa - ref: main - path: './permit-opa' - token: ${{ secrets.CLONE_REPO_TOKEN }} - - - name: Pre build PDP tests - run: | - echo "${{ github.event.release.tag_name }}" | cut -d '-' -f 1 > permit_pdp_version - rm -rf custom - mkdir custom - build_root="$PWD" - cd ./permit-opa - find * \( -name '*go*' -o -name 'LICENSE.md' \) -print0 | xargs -0 tar -czf "$build_root"/custom/custom_opa.tar.gz --exclude '.*' - - - uses: robinraju/release-downloader@v1 - with: - repository: permitio/datasync - latest: true - fileName: factstore_server* - token: ${{ secrets.CLONE_REPO_TOKEN }} - out-file-path: "factdb" - - - name: Build and load image for PDP E2E tests - uses: docker/build-push-action@v5 - with: - push: false - load: true - context: . - build-args: | - ALLOW_MISSING_FACTSTORE=false - platforms: linux/amd64 - tags: permitio/pdp-v2:test - cache-from: type=gha - cache-to: type=gha,mode=max - - - uses: actions/checkout@v3 - with: - repository: permitio/permit-backend - ref: main - path: './permit-backend' - token: ${{ secrets.CLONE_REPO_TOKEN }} - - - name: Python setup - uses: actions/setup-python@v5 - with: - python-version: '3.11.8' - - - name: Run Pytests - run: | - python -m pip install --upgrade pip - pip install ".[dev]" - pytest -s --cache-clear horizon/tests/ - - - name: Run E2E tests - working-directory: ./permit-backend/proactive_tests/sidecar - run: | - pip install requests pydantic==1.8.2 docker - python sidecar_tester.py -k ${{ secrets.PERMIT_TESTS_TOKEN }} -u https://api.permit.io -2 permitio/pdp-v2:test --no-pull - - build-and-push-pdp-vanilla: - needs: pdp-tests - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Pre build - for PDP-Vanilla - run: echo "${{ github.event.release.tag_name }}" | cut -d '-' -f 1 > permit_pdp_version - - - name: Build and push PDP-Vanilla - (official release) - if: "!github.event.release.prerelease" - uses: docker/build-push-action@v5 - with: - push: true - context: . - platforms: linux/amd64,linux/arm64 - tags: permitio/pdp-v2-vanilla:${{ github.event.release.tag_name }}, permitio/pdp-v2-vanilla:latest - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Build and push PDP-Vanilla image - (pre-release) - if: "github.event.release.prerelease" - uses: docker/build-push-action@v5 - with: - push: true - context: . - platforms: linux/amd64,linux/arm64 - tags: permitio/pdp-v2-vanilla:${{ github.event.release.tag_name }} - cache-from: type=gha - cache-to: type=gha,mode=max - - build-and-push-pdp: - needs: pdp-tests - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - uses: actions/checkout@v3 - with: - repository: permitio/permit-opa - ref: main - path: './permit-opa' - token: ${{ secrets.CLONE_REPO_TOKEN }} - - - name: Pre build PDP - run: | - echo "${{ github.event.release.tag_name }}" | cut -d '-' -f 1 > permit_pdp_version - rm -rf custom - mkdir custom - build_root="$PWD" - cd ./permit-opa - find * \( -name '*go*' -o -name 'LICENSE.md' \) -print0 | xargs -0 tar -czf "$build_root"/custom/custom_opa.tar.gz --exclude '.*' - - - uses: robinraju/release-downloader@v1 - with: - repository: permitio/datasync - latest: true - fileName: factstore_server* - token: ${{ secrets.CLONE_REPO_TOKEN }} - out-file-path: "factdb" - - - name: Build and push PDP image - (pre-release) - if: "github.event.release.prerelease" - uses: docker/build-push-action@v5 - with: - push: true - context: . - platforms: linux/amd64,linux/arm64 - build-args: | - ALLOW_MISSING_FACTSTORE=false - tags: permitio/pdp-v2:${{ github.event.release.tag_name }} - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Build and push PDP image - (official release) - if: "!github.event.release.prerelease" - uses: docker/build-push-action@v5 - with: - push: true - context: . - platforms: linux/amd64,linux/arm64 - build-args: | - ALLOW_MISSING_FACTSTORE=false - tags: permitio/pdp-v2:${{ github.event.release.tag_name }},permitio/pdp-v2:latest - cache-from: type=gha - cache-to: type=gha,mode=max + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.PDP_CICD_AWS_ROLE }} + aws-region: us-east-1 + + - name: Force new deployment + run: | + aws ecs update-service \ + --cluster public-pdps-us-east-1 \ + --service pdp-general-redoc-service-731a74c \ + --force-new-deployment \ No newline at end of file From eb093975a343368a4958407d7b870bf273761da0 Mon Sep 17 00:00:00 2001 From: eli Date: Wed, 29 Jan 2025 15:34:11 -0800 Subject: [PATCH 2/3] check ecs --- .github/workflows/pdp_cicd.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/pdp_cicd.yml b/.github/workflows/pdp_cicd.yml index ced7f261..8c824d81 100644 --- a/.github/workflows/pdp_cicd.yml +++ b/.github/workflows/pdp_cicd.yml @@ -4,6 +4,10 @@ on: push # release: # types: [published] +permissions: + id-token: write + contents: read + jobs: # pdp-tests: # runs-on: ubuntu-latest From fb584469e43151ce920cffc2d40ae0dc592e5c8d Mon Sep 17 00:00:00 2001 From: eli Date: Wed, 29 Jan 2025 15:44:04 -0800 Subject: [PATCH 3/3] final - update our internal pdp --- .github/workflows/pdp_cicd.yml | 382 ++++++++++++++++----------------- 1 file changed, 191 insertions(+), 191 deletions(-) diff --git a/.github/workflows/pdp_cicd.yml b/.github/workflows/pdp_cicd.yml index 8c824d81..de7c6b54 100644 --- a/.github/workflows/pdp_cicd.yml +++ b/.github/workflows/pdp_cicd.yml @@ -1,204 +1,204 @@ name: Build and Push PDP Docker Image -on: push - # release: - # types: [published] +on: + release: + types: [published] permissions: id-token: write contents: read jobs: - # pdp-tests: - # runs-on: ubuntu-latest - # steps: - # - name: Checkout code - # uses: actions/checkout@v4 - - # - name: Set up QEMU - # uses: docker/setup-qemu-action@v3 - - # - name: Set up Docker Buildx - # uses: docker/setup-buildx-action@v3 - - # - uses: actions/checkout@v3 - # with: - # repository: permitio/permit-opa - # ref: main - # path: './permit-opa' - # token: ${{ secrets.CLONE_REPO_TOKEN }} - - # - name: Pre build PDP tests - # run: | - # echo "${{ github.event.release.tag_name }}" | cut -d '-' -f 1 > permit_pdp_version - # rm -rf custom - # mkdir custom - # build_root="$PWD" - # cd ./permit-opa - # find * \( -name '*go*' -o -name 'LICENSE.md' \) -print0 | xargs -0 tar -czf "$build_root"/custom/custom_opa.tar.gz --exclude '.*' - - # - uses: robinraju/release-downloader@v1 - # with: - # repository: permitio/datasync - # latest: true - # fileName: factstore_server* - # token: ${{ secrets.CLONE_REPO_TOKEN }} - # out-file-path: "factdb" - - # - name: Build and load image for PDP E2E tests - # uses: docker/build-push-action@v5 - # with: - # push: false - # load: true - # context: . - # build-args: | - # ALLOW_MISSING_FACTSTORE=false - # platforms: linux/amd64 - # tags: permitio/pdp-v2:test - # cache-from: type=gha - # cache-to: type=gha,mode=max - - # - uses: actions/checkout@v3 - # with: - # repository: permitio/permit-backend - # ref: main - # path: './permit-backend' - # token: ${{ secrets.CLONE_REPO_TOKEN }} - - # - name: Python setup - # uses: actions/setup-python@v5 - # with: - # python-version: '3.11.8' - - # - name: Run Pytests - # run: | - # python -m pip install --upgrade pip - # pip install ".[dev]" - # pytest -s --cache-clear horizon/tests/ - - # - name: Run E2E tests - # working-directory: ./permit-backend/proactive_tests/sidecar - # run: | - # pip install requests pydantic==1.8.2 docker - # python sidecar_tester.py -k ${{ secrets.PERMIT_TESTS_TOKEN }} -u https://api.permit.io -2 permitio/pdp-v2:test --no-pull - - # build-and-push-pdp-vanilla: - # needs: pdp-tests - # runs-on: ubuntu-latest - # steps: - # - name: Checkout code - # uses: actions/checkout@v4 - - # - name: Set up QEMU - # uses: docker/setup-qemu-action@v3 - - # - name: Set up Docker Buildx - # uses: docker/setup-buildx-action@v3 - - # - name: Login to Docker Hub - # uses: docker/login-action@v3 - # with: - # username: ${{ secrets.DOCKERHUB_USERNAME }} - # password: ${{ secrets.DOCKERHUB_TOKEN }} - - # - name: Pre build - for PDP-Vanilla - # run: echo "${{ github.event.release.tag_name }}" | cut -d '-' -f 1 > permit_pdp_version - - # - name: Build and push PDP-Vanilla - (official release) - # if: "!github.event.release.prerelease" - # uses: docker/build-push-action@v5 - # with: - # push: true - # context: . - # platforms: linux/amd64,linux/arm64 - # tags: permitio/pdp-v2-vanilla:${{ github.event.release.tag_name }}, permitio/pdp-v2-vanilla:latest - # cache-from: type=gha - # cache-to: type=gha,mode=max - - # - name: Build and push PDP-Vanilla image - (pre-release) - # if: "github.event.release.prerelease" - # uses: docker/build-push-action@v5 - # with: - # push: true - # context: . - # platforms: linux/amd64,linux/arm64 - # tags: permitio/pdp-v2-vanilla:${{ github.event.release.tag_name }} - # cache-from: type=gha - # cache-to: type=gha,mode=max - - # build-and-push-pdp: - # needs: pdp-tests - # runs-on: ubuntu-latest - # steps: - # - name: Checkout code - # uses: actions/checkout@v4 - - # - name: Set up QEMU - # uses: docker/setup-qemu-action@v3 - - # - name: Set up Docker Buildx - # uses: docker/setup-buildx-action@v3 - - # - name: Login to Docker Hub - # uses: docker/login-action@v3 - # with: - # username: ${{ secrets.DOCKERHUB_USERNAME }} - # password: ${{ secrets.DOCKERHUB_TOKEN }} - - # - uses: actions/checkout@v3 - # with: - # repository: permitio/permit-opa - # ref: main - # path: './permit-opa' - # token: ${{ secrets.CLONE_REPO_TOKEN }} - - # - name: Pre build PDP - # run: | - # echo "${{ github.event.release.tag_name }}" | cut -d '-' -f 1 > permit_pdp_version - # rm -rf custom - # mkdir custom - # build_root="$PWD" - # cd ./permit-opa - # find * \( -name '*go*' -o -name 'LICENSE.md' \) -print0 | xargs -0 tar -czf "$build_root"/custom/custom_opa.tar.gz --exclude '.*' - - # - uses: robinraju/release-downloader@v1 - # with: - # repository: permitio/datasync - # latest: true - # fileName: factstore_server* - # token: ${{ secrets.CLONE_REPO_TOKEN }} - # out-file-path: "factdb" - - # - name: Build and push PDP image - (pre-release) - # if: "github.event.release.prerelease" - # uses: docker/build-push-action@v5 - # with: - # push: true - # context: . - # platforms: linux/amd64,linux/arm64 - # build-args: | - # ALLOW_MISSING_FACTSTORE=false - # tags: permitio/pdp-v2:${{ github.event.release.tag_name }} - # cache-from: type=gha - # cache-to: type=gha,mode=max - - # - name: Build and push PDP image - (official release) - # if: "!github.event.release.prerelease" - # uses: docker/build-push-action@v5 - # with: - # push: true - # context: . - # platforms: linux/amd64,linux/arm64 - # build-args: | - # ALLOW_MISSING_FACTSTORE=false - # tags: permitio/pdp-v2:${{ github.event.release.tag_name }},permitio/pdp-v2:latest - # cache-from: type=gha - # cache-to: type=gha,mode=max + pdp-tests: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - uses: actions/checkout@v3 + with: + repository: permitio/permit-opa + ref: main + path: './permit-opa' + token: ${{ secrets.CLONE_REPO_TOKEN }} + + - name: Pre build PDP tests + run: | + echo "${{ github.event.release.tag_name }}" | cut -d '-' -f 1 > permit_pdp_version + rm -rf custom + mkdir custom + build_root="$PWD" + cd ./permit-opa + find * \( -name '*go*' -o -name 'LICENSE.md' \) -print0 | xargs -0 tar -czf "$build_root"/custom/custom_opa.tar.gz --exclude '.*' + + - uses: robinraju/release-downloader@v1 + with: + repository: permitio/datasync + latest: true + fileName: factstore_server* + token: ${{ secrets.CLONE_REPO_TOKEN }} + out-file-path: "factdb" + + - name: Build and load image for PDP E2E tests + uses: docker/build-push-action@v5 + with: + push: false + load: true + context: . + build-args: | + ALLOW_MISSING_FACTSTORE=false + platforms: linux/amd64 + tags: permitio/pdp-v2:test + cache-from: type=gha + cache-to: type=gha,mode=max + + - uses: actions/checkout@v3 + with: + repository: permitio/permit-backend + ref: main + path: './permit-backend' + token: ${{ secrets.CLONE_REPO_TOKEN }} + + - name: Python setup + uses: actions/setup-python@v5 + with: + python-version: '3.11.8' + + - name: Run Pytests + run: | + python -m pip install --upgrade pip + pip install ".[dev]" + pytest -s --cache-clear horizon/tests/ + + - name: Run E2E tests + working-directory: ./permit-backend/proactive_tests/sidecar + run: | + pip install requests pydantic==1.8.2 docker + python sidecar_tester.py -k ${{ secrets.PERMIT_TESTS_TOKEN }} -u https://api.permit.io -2 permitio/pdp-v2:test --no-pull + + build-and-push-pdp-vanilla: + needs: pdp-tests + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Pre build - for PDP-Vanilla + run: echo "${{ github.event.release.tag_name }}" | cut -d '-' -f 1 > permit_pdp_version + + - name: Build and push PDP-Vanilla - (official release) + if: "!github.event.release.prerelease" + uses: docker/build-push-action@v5 + with: + push: true + context: . + platforms: linux/amd64,linux/arm64 + tags: permitio/pdp-v2-vanilla:${{ github.event.release.tag_name }}, permitio/pdp-v2-vanilla:latest + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Build and push PDP-Vanilla image - (pre-release) + if: "github.event.release.prerelease" + uses: docker/build-push-action@v5 + with: + push: true + context: . + platforms: linux/amd64,linux/arm64 + tags: permitio/pdp-v2-vanilla:${{ github.event.release.tag_name }} + cache-from: type=gha + cache-to: type=gha,mode=max + + build-and-push-pdp: + needs: pdp-tests + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - uses: actions/checkout@v3 + with: + repository: permitio/permit-opa + ref: main + path: './permit-opa' + token: ${{ secrets.CLONE_REPO_TOKEN }} + + - name: Pre build PDP + run: | + echo "${{ github.event.release.tag_name }}" | cut -d '-' -f 1 > permit_pdp_version + rm -rf custom + mkdir custom + build_root="$PWD" + cd ./permit-opa + find * \( -name '*go*' -o -name 'LICENSE.md' \) -print0 | xargs -0 tar -czf "$build_root"/custom/custom_opa.tar.gz --exclude '.*' + + - uses: robinraju/release-downloader@v1 + with: + repository: permitio/datasync + latest: true + fileName: factstore_server* + token: ${{ secrets.CLONE_REPO_TOKEN }} + out-file-path: "factdb" + + - name: Build and push PDP image - (pre-release) + if: "github.event.release.prerelease" + uses: docker/build-push-action@v5 + with: + push: true + context: . + platforms: linux/amd64,linux/arm64 + build-args: | + ALLOW_MISSING_FACTSTORE=false + tags: permitio/pdp-v2:${{ github.event.release.tag_name }} + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Build and push PDP image - (official release) + if: "!github.event.release.prerelease" + uses: docker/build-push-action@v5 + with: + push: true + context: . + platforms: linux/amd64,linux/arm64 + build-args: | + ALLOW_MISSING_FACTSTORE=false + tags: permitio/pdp-v2:${{ github.event.release.tag_name }},permitio/pdp-v2:latest + cache-from: type=gha + cache-to: type=gha,mode=max update-pdp-api-ecs-service: - # needs: build-and-push-pdp + needs: build-and-push-pdp runs-on: ubuntu-latest - # if: "!github.event.release.prerelease" + if: "!github.event.release.prerelease" steps: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 @@ -206,7 +206,7 @@ jobs: role-to-assume: ${{ secrets.PDP_CICD_AWS_ROLE }} aws-region: us-east-1 - - name: Force new deployment + - name: Redeploy ECS service - pdp-general-redoc-service run: | aws ecs update-service \ --cluster public-pdps-us-east-1 \