From 51b95a5ca26f96f819ec3ad130e56507a75bbb7b Mon Sep 17 00:00:00 2001 From: Jyotsna Date: Mon, 28 Dec 2020 14:50:00 +0530 Subject: [PATCH] Readme updated with traceability changes (#84) * Updated new features in Readme with sample workflows - updated changes. --- README.md | 70 +++++++++++++++++++++++++++---------------------------- 1 file changed, 34 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index 2a1171d6..113ed491 100644 --- a/README.md +++ b/README.md @@ -314,24 +314,22 @@ jobs: imagepullsecrets: | demo-k8s-secret ``` -## Sample workflows with new environment variables ( which this action reads from ) which can be reused throughout the workflow and help with traceability fields. +## Sample workflows for new traceability fields support + + - Environment variable `HELM_CHART_PATHS` is a list of helmchart files used in k8s-bake and k8s-deploy + - Use script to build image and add `dockerfile-path` label to it. The value expected is the link to the dockerfile. + If your dockerfile is in the same repo and branch where the workflow is run, it can be a relative path and it will be converted to a link for traceability. + - Run docker login action for each image registry - in case image build and image deploy are 2 distinct jobs in the same or separate workflows. ### End to end workflow for building and deploying container images - - Environment variables `CR_USERNAME` and `CR_PASSWORD` container registry login credentials - - Environment variable `DOCKERFILE_PATHS` is a list of dockerfile paths for images used as - ```yaml on: [push] env: - REGISTRY_URL: contoso.azurecr.io - NAMESPACE: testnamespace1 - CR_USERNAME: ${{ secrets.AZURE_CLIENT_ID }} - CR_PASSWORD: ${{ secrets.AZURE_CLIENT_SECRET }} - DOCKERFILE_PATHS: | - contoso.azurecr.io/k8sdemo:first ./Dockerfile + NAMESPACE: demo-ns2 + jobs: - build: + build-and-deploy: runs-on: ubuntu-latest steps: - uses: actions/checkout@master @@ -339,11 +337,11 @@ jobs: - uses: Azure/docker-login@v1 with: login-server: contoso.azurecr.io - username: ${{ env.CR_USERNAME }} - password: ${{ env.CR_PASSWORD }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} - run: | - docker build . -t contoso.azurecr.io/k8sdemo:${{ github.sha }} + docker build . -t contoso.azurecr.io/k8sdemo:${{ github.sha }} --label dockerfile-path=./Dockerfile docker push contoso.azurecr.io/k8sdemo:${{ github.sha }} # Set the target AKS cluster. @@ -355,9 +353,9 @@ jobs: - uses: Azure/k8s-create-secret@v1 with: - container-registry-url: ${{ env.REGISTRY_URL }} - container-registry-username: ${{ env.CR_USERNAME }} - container-registry-password: ${{ env.CR_PASSWORD }} + container-registry-url: contoso.azurecr.io + container-registry-username: ${{ secrets.REGISTRY_USERNAME }} + container-registry-password: ${{ secrets.REGISTRY_PASSWORD }} secret-name: demo-k8s-secret - uses: Azure/k8s-deploy@v1.2 @@ -366,7 +364,7 @@ jobs: manifests/deployment.yml manifests/service.yml images: | - demo.azurecr.io/k8sdemo:${{ github.sha }} + contoso.azurecr.io/k8sdemo:${{ github.sha }} imagepullsecrets: | demo-k8s-secret ``` @@ -376,10 +374,7 @@ jobs: ```yaml on: [push] env: - REGISTRY_URL: contoso.azurecr.io - NAMESPACE: testnamespace1 - CR_USERNAME: ${{ secrets.AZURE_CLIENT_ID }} - CR_PASSWORD: ${{ secrets.AZURE_CLIENT_SECRET }} + NAMESPACE: demo-ns2 jobs: build: @@ -390,25 +385,20 @@ jobs: - uses: Azure/docker-login@v1 with: login-server: contoso.azurecr.io - username: ${{ env.CR_USERNAME }} - password: ${{ env.CR_PASSWORD }} + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} - run: | - docker build . -t contoso.azurecr.io/k8sdemo:${{ github.sha }} --label dockerfile-path=./Dockerfile + docker build . -t contoso.azurecr.io/k8sdemo:${{ github.sha }} --label dockerfile-path=https://github.com/${{github.repo}}/blob/${GITHUB_REF##*/}/Dockerfile docker push contoso.azurecr.io/k8sdemo:${{ github.sha }} ``` ### CD workflow using bake action to get manifests deploying to a Kubernetes cluster -- Env variable `HELM_CHART_PATHS` is a list of helmchart files used in k8s-bake and k8s-deploy - ```yaml on: [push] env: - REGISTRY_URL: contoso.azurecr.io - NAMESPACE: testnamespace1 - CR_USERNAME: ${{ secrets.AZURE_CLIENT_ID }} - CR_PASSWORD: ${{ secrets.AZURE_CLIENT_SECRET }} + NAMESPACE: demo-ns2 HELM_CHART_PATHS: | ./helmCharts/file1 @@ -417,6 +407,12 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@master + + - uses: Azure/docker-login@v1 + with: + login-server: contoso.azurecr.io + username: ${{ secrets.REGISTRY_USERNAME }} + password: ${{ secrets.REGISTRY_PASSWORD }} # Set the target AKS cluster. - uses: Azure/aks-set-context@v1 @@ -427,10 +423,12 @@ jobs: - uses: Azure/k8s-create-secret@v1 with: - container-registry-url: ${{ env.REGISTRY_URL }} - container-registry-username: ${{ env.CR_USERNAME }} - container-registry-password: ${{ env.CR_PASSWORD }} + namespace: ${{ env.NAMESPACE }} + container-registry-url: contoso.azurecr.io + container-registry-username: ${{ secrets.REGISTRY_USERNAME }} + container-registry-password: ${{ secrets.REGISTRY_PASSWORD }} secret-name: demo-k8s-secret + - uses: azure/k8s-bake@v1 with: renderEngine: 'helm' @@ -445,7 +443,7 @@ jobs: with: manifests: ${{ steps.bake.outputs.manifestsBundle }} images: | - demo.azurecr.io/k8sdemo:${{ github.sha }} + contoso.azurecr.io/k8sdemo:${{ github.sha }} imagepullsecrets: | demo-k8s-secret ``` @@ -462,4 +460,4 @@ provided by the bot. You will only need to do this once across all repos using o This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or -contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. +contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. \ No newline at end of file