-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
146 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,144 @@ | ||
| # | ||
| # Build and push PostHog and PostHog Cloud container images | ||
| # | ||
| # - posthog_build: build and push the PostHog container image to DockerHub | ||
| # | ||
| # - posthog_cloud_build: build the PostHog Cloud container image using | ||
| # as base image the container image from the previous step. The image is | ||
| # then pushed to AWS ECR. | ||
| # | ||
| name: Ingestion Container Images CD | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - master | ||
| paths: | ||
| - 'plugin-server/**' | ||
|
|
||
| concurrency: ${{ github.workflow }} # ensure only one of this runs at a time | ||
|
|
||
| jobs: | ||
| posthog_build: | ||
| name: Build and push PostHog | ||
| if: github.repository == 'PostHog/posthog' | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| id-token: write # allow issuing OIDC tokens for this workflow run | ||
| contents: read # allow at least reading the repo contents, add other permissions if necessary | ||
| packages: write # allow push to ghcr.io | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Update git SHA | ||
| run: echo "GIT_SHA = '${GITHUB_SHA}'" > posthog/gitsha.py | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v2 | ||
|
|
||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v2 | ||
|
|
||
| - name: Set up Depot CLI | ||
| uses: depot/setup-action@v1 | ||
|
|
||
| - name: Login to DockerHub | ||
| uses: docker/login-action@v2 | ||
| with: | ||
| username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
| password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
|
|
||
| - name: Build and push container images | ||
| id: build | ||
| uses: depot/build-push-action@v1 | ||
| with: | ||
| project: x19jffd9zf # posthog | ||
| buildx-fallback: true # fallback to using 'docker buildx build' if 'depot build' is unable to acquire a builder connection | ||
| cache-from: type=gha # always pull the layers from GHA | ||
| cache-to: type=gha,mode=max # always push the layers to GHA | ||
| push: true | ||
| tags: posthog/posthog:latest | ||
| platforms: linux/amd64,linux/arm64 | ||
|
|
||
| posthog_cloud_build: | ||
| name: Build and push PostHog Cloud | ||
| if: github.repository == 'PostHog/posthog' | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| id-token: write # allow issuing OIDC tokens for this workflow run | ||
| contents: read # allow at least reading the repo contents, add other permissions if necessary | ||
| packages: read # allow pull from ghcr.io | ||
| needs: [posthog_build] | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Update git SHA | ||
| run: echo "GIT_SHA = '${GITHUB_SHA}'" > posthog/gitsha.py | ||
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v2 | ||
|
|
||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v2 | ||
|
|
||
| - name: Set up Depot CLI | ||
| uses: depot/setup-action@v1 | ||
|
|
||
| - name: Checkout PostHog Cloud code | ||
| run: | | ||
| mkdir cloud/ | ||
| cd cloud/ | ||
| curl -u posthog-bot:${{ secrets.POSTHOG_BOT_GITHUB_TOKEN }} -L https://github.com/posthog/posthog-cloud/tarball/master | tar --strip-components=1 -xz -- | ||
| - name: Configure AWS credentials | ||
| uses: aws-actions/configure-aws-credentials@v1 | ||
| with: | ||
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| aws-region: us-east-1 | ||
|
|
||
| - name: Login to Amazon ECR | ||
| id: aws-ecr | ||
| uses: aws-actions/amazon-ecr-login@v1 | ||
|
|
||
| - name: Build container images | ||
| id: build | ||
| uses: depot/build-push-action@v1 | ||
| with: | ||
| project: 1stsk4xt19 # posthog-cloud | ||
| buildx-fallback: true # fallback to using 'docker buildx build' if 'depot build' is unable to acquire a builder connection | ||
| cache-from: type=gha # always pull the layers from GHA | ||
| cache-to: type=gha,mode=max # always push the layers to GHA | ||
| push: true | ||
| tags: ${{ steps.aws-ecr.outputs.registry }}/posthog-cloud:latest | ||
| platforms: linux/amd64,linux/arm64 | ||
| file: Dockerfile.cloud | ||
| context: cloud | ||
| # Use the non-cloud image as base image and extend it with | ||
| # the posthog-cloud code we've checked out. | ||
| build-args: | | ||
| BASE_IMAGE=posthog/posthog:latest | ||
| - name: get deployer token | ||
| id: deployer | ||
| uses: getsentry/action-github-app-token@v2 | ||
| with: | ||
| app_id: ${{ secrets.DEPLOYER_APP_ID }} | ||
| private_key: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }} | ||
|
|
||
| - name: Trigger Ingestion Cloud deployment | ||
| if: steps.check_changes_plugins.outputs.changed != '' | ||
| uses: peter-evans/repository-dispatch@v1 | ||
| with: | ||
| token: ${{ secrets.GITHUB_TOKEN }} | ||
| repository: PostHog/charts | ||
| event-type: ingestion_deploy | ||
| client-payload: | | ||
| { | ||
| "image_tag": "${{ steps.build.outputs.digest }}", | ||
| } | ||