name: Docker Image CI on: push: branches: - develop tags: - "docker-build-*" jobs: build-and-push: runs-on: ubuntu-latest steps: # Stap 1: Code ophalen - uses: actions/checkout@v4 # Stap 2: Versienummer ophalen uit pom.xml en opslaan als artifact - name: Setup Java uses: actions/setup-java@v3 with: java-version: '17' distribution: 'temurin' - name: Setup Maven + Java uses: s4u/setup-maven-action@v1.6.0 with: java-version: '21' maven-version: '3.9.5' - name: Extract Quarkus version from pom.xml run: | VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) echo $VERSION > version.txt - name: Inject private key into resources run: | mkdir -p src/main/resources echo "${{ secrets.PRIVATE_KEY }}" > src/main/resources/privateKey.pem chmod 600 src/main/resources/privateKey.pem - name: Decode keystore run: | echo "${{ secrets.KEYSTORE_BASE64 }}" | base64 -d > src/main/resources/keystore.jks chmod 600 src/main/resources/keystore.jks - name: Inject public key into resources run: | mkdir -p src/main/resources echo "${{ secrets.PUBLIC_KEY }}" > src/main/resources/publicKey.pem chmod 600 src/main/resources/publicKey.pem - name: Save version as artifact uses: actions/upload-artifact@v3 with: name: version path: version.txt # Stap 3: Notify Mattermost via Bot (Build gestart) - name: Notify Mattermost via Bot env: VERSION: ${{ env.VERSION }} REPO: ${{ gitea.repository }} BRANCH: ${{ gitea.ref }} MATTERMOST_BOT_TOKEN: ${{ secrets.MATTERMOST_BOT_TOKEN }} run: | curl --fail -X POST -H "Authorization: Bearer $MATTERMOST_BOT_TOKEN" \ -H 'Content-Type: application/json' \ -d '{ "channel_id": "9a8obynkd7rctk6qf8rfe6oppy", "message": "@all 🚀 *Build gestart!* Een nieuwe build is begonnen voor de repository *'"$REPO"'* op branch *'"$BRANCH"'*." }' \ https://mattermost.melvanveen.nl/api/v4/posts # Stap 4: Inloggen bij Docker Hub - name: Log in to Docker Hub uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} # Stap 5: Quarkus JAR bouwen (via Maven) en Docker-image bouwen - name: Build the Quarkus JAR and Docker image run: | VERSION=$(cat version.txt) mvn clean package -DskipTests -Dquarkus.profile=test docker buildx build . --file Dockerfile-tst --tag veenm/paypoint-backend-jvm:$VERSION --platform linux/amd64 # Stap 6: Docker-image pushen naar Docker Hub (huidige versie tag) - name: Push the Docker image (version) run: | VERSION=$(cat version.txt) docker push veenm/paypoint-backend-jvm:$VERSION deploy: needs: build-and-push runs-on: ubuntu-latest steps: # Stap 1: Artifact ophalen - name: Download version artifact uses: actions/download-artifact@v3 with: name: version # Stap 2: Lees versie uit het artifact - name: Read version id: read_version run: echo "VERSION=$(cat version.txt)" >> $GITHUB_ENV - name: SSH into Alpine and update Docker container uses: appleboy/ssh-action@v0.1.10 with: host: ${{ secrets.ALPINE_HOST }} username: ${{ secrets.ALPINE_USER }} password: ${{ secrets.ALPINE_PASSWORD }} envs: VERSION,DB_HOST,DB_PORT,DB_USERNAME,DB_PASSWORD,CORS_ORIGINS,MAILER_FROM,MAILER_HOST,MAILER_PORT,MAILER_USERNAME,MAILER_PASSWORD script: | echo "Gekozen versie: $VERSION" docker stop paypoint-backend || true docker rm paypoint-backend || true docker pull veenm/paypoint-backend-jvm:$VERSION docker run -d --name paypoint-backend --restart unless-stopped -p 15001:8080 \ -e DB_HOST="$DB_HOST" \ -e DB_PORT="$DB_PORT" \ -e DB_USERNAME="$DB_USERNAME" \ -e DB_PASSWORD="$DB_PASSWORD" \ -e CORS_ORIGINS="$CORS_ORIGINS" \ -e MAILER_FROM="$MAILER_FROM" \ -e MAILER_HOST="$MAILER_HOST" \ -e MAILER_PORT="$MAILER_PORT" \ -e MAILER_USERNAME="$MAILER_USERNAME" \ -e MAILER_PASSWORD="$MAILER_PASSWORD" \ veenm/paypoint-backend-jvm:$VERSION docker image prune -f env: VERSION: ${{ env.VERSION }} DB_HOST: ${{ secrets.ALPINE_HOST }} DB_PORT: ${{ secrets.DB_PORT_TEST }} DB_USERNAME: ${{ secrets.DB_USERNAME_TEST }} DB_PASSWORD: ${{ secrets.DB_PASSWORD_TEST }} CORS_ORIGINS: ${{ secrets.CORS_ORIGINS_TEST }} MAILER_FROM: ${{ secrets.MAILER_FROM }} MAILER_HOST: ${{ secrets.MAILER_HOST }} MAILER_PORT: ${{ secrets.MAILER_PORT }} MAILER_USERNAME: ${{ secrets.MAILER_USERNAME }} MAILER_PASSWORD: ${{ secrets.MAILER_PASSWORD }} # Stap 4: Notify Mattermost via Bot (Build is geslaagd) - name: Notify Mattermost via Bot env: MATTERMOST_BOT_TOKEN: ${{ secrets.MATTERMOST_BOT_TOKEN }} VERSION: ${{ env.VERSION }} run: | curl --fail -X POST -H "Authorization: Bearer $MATTERMOST_BOT_TOKEN" \ -H 'Content-Type: application/json' \ -d '{ "channel_id": "9a8obynkd7rctk6qf8rfe6oppy", "message": "@all ✅ *Build is geslaagd!* Versie '"$VERSION"' staat klaar op https://test-paypoint.melvanveen.nl" }' \ https://mattermost.melvanveen.nl/api/v4/posts notify-failure: needs: [ build-and-push, deploy ] runs-on: ubuntu-latest if: failure() steps: - name: Notify Mattermost via Bot on failure env: MATTERMOST_BOT_TOKEN: ${{ secrets.MATTERMOST_BOT_TOKEN }} REPO: ${{ gitea.repository }} BRANCH: ${{ gitea.ref }} run: | curl --fail -X POST -H "Authorization: Bearer $MATTERMOST_BOT_TOKEN" \ -H 'Content-Type: application/json' \ -d '{ "channel_id": "9a8obynkd7rctk6qf8rfe6oppy", "message": "@all ❌ *Build gefaald!* De pipeline is stukgelopen voor *'"$REPO"'* op branch *'"$BRANCH"'*." }' \ https://mattermost.melvanveen.nl/api/v4/posts