refactor: use configurable running service for Python integration tests #921
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Tag and Push Container Images to GAR | |
| on: | |
| pull_request: | |
| types: [opened, labeled, unlabeled, synchronize] | |
| push: | |
| branches: | |
| - master | |
| tags: | |
| - '**' | |
| workflow_dispatch: {} | |
| jobs: | |
| # Note: the check job only contains all of the requirements for running the following build workflows. | |
| # This consolidates our build checks into a single place. | |
| check: | |
| if: > | |
| github.event_name == 'workflow_dispatch' || | |
| ( | |
| github.event_name == 'push' && | |
| (github.ref_name == 'master' || startsWith(github.ref, 'refs/tags/')) | |
| ) || | |
| ( | |
| github.event_name == 'pull_request' && | |
| github.event.pull_request.head.repo.full_name == github.repository && | |
| ( | |
| contains(github.event.pull_request.labels.*.name, 'preview') || | |
| contains(github.event.pull_request.labels.*.name, 'tokenserver-preview') | |
| ) | |
| ) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - run: echo "Conditions met, proceeding with build jobs" | |
| # Note: we are moving towards renaming all images `syncserver`, the union of sync and tokenserver. | |
| # This presently remains for the time being to simplify deploys by maintaining `image_name: syncstorage-rs`. | |
| # Historical context: <https://github.com/mozilla-services/syncstorage-rs/pull/1306> | |
| build-and-push-syncstorage-rs: | |
| needs: check | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/setup-build-and-push | |
| id: setup | |
| with: | |
| workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }} | |
| gcp_service_account: "${{ vars.SERVICE_ACCOUNT_NAME || 'artifact-writer' }}@moz-fx-sync-prod.iam.gserviceaccount.com" | |
| - name: Compute tags | |
| run: | | |
| TAGS=$(cat <<EOF | |
| us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncstorage-rs:${{ steps.setup.outputs.image_tag }} | |
| ghcr.io/${{ github.repository }}/syncstorage-rs:${{ steps.setup.outputs.image_tag }} | |
| EOF | |
| ) | |
| if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then | |
| TAGS="$TAGS | |
| us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncstorage-rs:latest | |
| ghcr.io/${{ github.repository }}/syncstorage-rs:latest" | |
| fi | |
| echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV" | |
| echo "$TAGS" >> "$GITHUB_ENV" | |
| echo "EOF" >> "$GITHUB_ENV" | |
| - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 | |
| with: | |
| context: . | |
| push: true | |
| build-args: | | |
| SYNCSTORAGE_DATABASE_BACKEND=spanner | |
| MYSQLCLIENT_PKG=libmysqlclient-dev | |
| tags: ${{ env.IMAGE_TAGS }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-and-push-syncserver-postgres: | |
| needs: check | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/setup-build-and-push | |
| id: setup | |
| with: | |
| workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }} | |
| gcp_service_account: "${{ vars.SERVICE_ACCOUNT_NAME || 'artifact-writer' }}@moz-fx-sync-prod.iam.gserviceaccount.com" | |
| - name: Compute tags | |
| run: | | |
| TAGS=$(cat <<EOF | |
| us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-postgres:${{ steps.setup.outputs.image_tag }} | |
| ghcr.io/${{ github.repository }}/syncserver-postgres:${{ steps.setup.outputs.image_tag }} | |
| EOF | |
| ) | |
| if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then | |
| TAGS="$TAGS | |
| us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-postgres:latest | |
| ghcr.io/${{ github.repository }}/syncserver-postgres:latest" | |
| fi | |
| echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV" | |
| echo "$TAGS" >> "$GITHUB_ENV" | |
| echo "EOF" >> "$GITHUB_ENV" | |
| - name: Build and push to prod GAR and ghcr | |
| uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 | |
| with: | |
| context: . | |
| push: true | |
| build-args: | | |
| SYNCSTORAGE_DATABASE_BACKEND=postgres | |
| TOKENSERVER_DATABASE_BACKEND=postgres | |
| tags: ${{ env.IMAGE_TAGS }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: GCP auth (enterprise) | |
| id: gcp_auth_ent | |
| uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3 | |
| with: | |
| workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: "${{ vars.SERVICE_ACCOUNT_NAME || 'artifact-writer' }}@moz-fx-fx-enterprise-prod.iam.gserviceaccount.com" | |
| token_format: access_token | |
| - name: Log in to enterprise GAR | |
| uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 | |
| with: | |
| registry: us-docker.pkg.dev | |
| username: oauth2accesstoken | |
| password: ${{ steps.gcp_auth_ent.outputs.access_token }} | |
| - name: Compute enterprise tags | |
| run: | | |
| TAGS="us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres:${{ steps.setup.outputs.image_tag }}" | |
| if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then | |
| TAGS="$TAGS | |
| us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres:latest" | |
| fi | |
| echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV" | |
| echo "$TAGS" >> "$GITHUB_ENV" | |
| echo "EOF" >> "$GITHUB_ENV" | |
| - name: Build and push to enterprise GAR | |
| uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 | |
| with: | |
| context: . | |
| push: true | |
| build-args: | | |
| SYNCSTORAGE_DATABASE_BACKEND=postgres | |
| TOKENSERVER_DATABASE_BACKEND=postgres | |
| tags: ${{ env.IMAGE_TAGS }} | |
| cache-from: type=gha | |
| # Note: we are moving towards renaming all images `syncserver`, the union of sync and tokenserver. | |
| # This presently remains for the time being to simplify deploys by maintaining `image_name: syncstorage-rs-spanner-python-utils`. | |
| # Historical context: <https://github.com/mozilla-services/syncstorage-rs/pull/1306> | |
| build-and-push-syncstorage-rs-spanner-python-utils: | |
| needs: check | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/setup-build-and-push | |
| id: setup | |
| with: | |
| workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }} | |
| gcp_service_account: "${{ vars.SERVICE_ACCOUNT_NAME || 'artifact-writer' }}@moz-fx-sync-prod.iam.gserviceaccount.com" | |
| version_json_path: ./tools/spanner/version.json | |
| - name: Compute tags | |
| run: | | |
| TAGS=$(cat <<EOF | |
| us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncstorage-rs-spanner-python-utils:${{ steps.setup.outputs.image_tag }} | |
| ghcr.io/${{ github.repository }}/syncstorage-rs-spanner-python-utils:${{ steps.setup.outputs.image_tag }} | |
| EOF | |
| ) | |
| if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then | |
| TAGS="$TAGS | |
| us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncstorage-rs-spanner-python-utils:latest | |
| ghcr.io/${{ github.repository }}/syncstorage-rs-spanner-python-utils:latest" | |
| fi | |
| echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV" | |
| echo "$TAGS" >> "$GITHUB_ENV" | |
| echo "EOF" >> "$GITHUB_ENV" | |
| - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 | |
| with: | |
| context: tools/spanner | |
| file: tools/spanner/Dockerfile | |
| push: true | |
| tags: ${{ env.IMAGE_TAGS }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| build-and-push-syncserver-postgres-python-utils: | |
| needs: check | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/setup-build-and-push | |
| id: setup | |
| with: | |
| workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }} | |
| gcp_service_account: "${{ vars.SERVICE_ACCOUNT_NAME || 'artifact-writer' }}@moz-fx-sync-prod.iam.gserviceaccount.com" | |
| version_json_path: ./tools/postgres/version.json | |
| - name: Compute tags | |
| run: | | |
| TAGS=$(cat <<EOF | |
| us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-postgres-python-utils:${{ steps.setup.outputs.image_tag }} | |
| ghcr.io/${{ github.repository }}/syncserver-postgres-python-utils:${{ steps.setup.outputs.image_tag }} | |
| EOF | |
| ) | |
| if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then | |
| TAGS="$TAGS | |
| us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-postgres-python-utils:latest | |
| ghcr.io/${{ github.repository }}/syncserver-postgres-python-utils:latest" | |
| fi | |
| echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV" | |
| echo "$TAGS" >> "$GITHUB_ENV" | |
| echo "EOF" >> "$GITHUB_ENV" | |
| - name: Build and push to prod GAR and ghcr | |
| uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 | |
| with: | |
| context: tools/postgres | |
| file: tools/postgres/Dockerfile | |
| push: true | |
| tags: ${{ env.IMAGE_TAGS }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: GCP auth (enterprise) | |
| id: gcp_auth_ent | |
| uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3 | |
| with: | |
| workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: "${{ vars.SERVICE_ACCOUNT_NAME || 'artifact-writer' }}@moz-fx-fx-enterprise-prod.iam.gserviceaccount.com" | |
| token_format: access_token | |
| - name: Log in to enterprise GAR | |
| uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 | |
| with: | |
| registry: us-docker.pkg.dev | |
| username: oauth2accesstoken | |
| password: ${{ steps.gcp_auth_ent.outputs.access_token }} | |
| - name: Compute enterprise tags | |
| run: | | |
| TAGS="us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres-python-utils:${{ steps.setup.outputs.image_tag }}" | |
| if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then | |
| TAGS="$TAGS | |
| us-docker.pkg.dev/moz-fx-fx-enterprise-prod/fx-enterprise-private/syncserver-postgres-python-utils:latest" | |
| fi | |
| echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV" | |
| echo "$TAGS" >> "$GITHUB_ENV" | |
| echo "EOF" >> "$GITHUB_ENV" | |
| - name: Build and push to enterprise GAR | |
| uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 | |
| with: | |
| context: tools/postgres | |
| file: tools/postgres/Dockerfile | |
| push: true | |
| tags: ${{ env.IMAGE_TAGS }} | |
| cache-from: type=gha | |
| build-and-push-syncserver-mysql: | |
| needs: check | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/setup-build-and-push | |
| id: setup | |
| with: | |
| workload_identity_provider: ${{ vars.GCPV2_GITHUB_WORKLOAD_IDENTITY_PROVIDER }} | |
| gcp_service_account: "${{ vars.SERVICE_ACCOUNT_NAME || 'artifact-writer' }}@moz-fx-sync-prod.iam.gserviceaccount.com" | |
| - name: Compute tags | |
| run: | | |
| TAGS=$(cat <<EOF | |
| us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-mysql:${{ steps.setup.outputs.image_tag }} | |
| ghcr.io/${{ github.repository }}/syncserver-mysql:${{ steps.setup.outputs.image_tag }} | |
| EOF | |
| ) | |
| if [[ "${{ steps.setup.outputs.push_latest }}" == "true" ]]; then | |
| TAGS="$TAGS | |
| us-docker.pkg.dev/moz-fx-sync-prod/sync-prod/syncserver-mysql:latest | |
| ghcr.io/${{ github.repository }}/syncserver-mysql:latest" | |
| fi | |
| echo "IMAGE_TAGS<<EOF" >> "$GITHUB_ENV" | |
| echo "$TAGS" >> "$GITHUB_ENV" | |
| echo "EOF" >> "$GITHUB_ENV" | |
| - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7 | |
| with: | |
| context: . | |
| push: true | |
| build-args: | | |
| SYNCSTORAGE_DATABASE_BACKEND=mysql | |
| TOKENSERVER_DATABASE_BACKEND=mysql | |
| tags: ${{ env.IMAGE_TAGS }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max |