version: 2.1 orbs: aws-ecr: circleci/aws-ecr@7.0.0 jobs: build-and-push: machine: image: ubuntu-2204:current resource_class: medium parameters: docker-tag: type: string path: type: string repo: type: string dockerfile: type: string steps: - aws-ecr/build-and-push-image: checkout: true account-url: AWS_ECR_ACCOUNT_URL aws-access-key-id: AWS_ACCESS_KEY_ID aws-secret-access-key: AWS_SECRET_ACCESS_KEY create-repo: false dockerfile: <> path: <> region: AWS_REGION repo: <> tag: '<>${CIRCLE_SHA1}' - run: name: Send image push Lark notification command: | bash scripts/ci/notify_feishu.sh \ --event image_push \ --image-repo "$AWS_ECR_ACCOUNT_URL/<>" \ --version-tag "<>${CIRCLE_SHA1}" deploy: machine: image: ubuntu-2204:current resource_class: medium parameters: docker-tag: type: string path: type: string deploy-name: type: string deploy-namespace: type: string repo: type: string steps: - checkout - run: name: kubectl apply command: | CMD='/home/ubuntu/cluster-for-B/deploy.sh <> <>'${CIRCLE_SHA1}' <> <>' echo $CMD ssh ${USER_NAME}@${HOST_NAME} ${CMD} - run: name: Send deploy Lark notification command: | bash scripts/ci/notify_feishu.sh \ --event deploy \ --service-name <> \ --namespace <> \ --image-repo "$AWS_ECR_ACCOUNT_URL/<>" \ --version-tag "<>${CIRCLE_SHA1}" docker-hub-build-push: machine: image: ubuntu-2404:current resource_class: medium parameters: repo: type: string dockerfile: type: string docker-tag: type: string deploy: type: boolean default: false steps: - checkout - run: name: Build Docker image command: | # Check whether this is an ARM build if [[ "<>" == *"arm64"* ]]; then # Configure Docker buildx for multi-platform builds docker buildx create --use --name multiarch docker buildx inspect --bootstrap # Build the ARM64 image docker buildx build -t <>:<> --platform linux/arm64 --no-cache -f <> --load . else # Standard x86 build docker build -t <>:<> --no-cache -f <> . fi - run: name: Publish Docker Image to Docker Hub command: | echo "$DOCKERHUB_PASS" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin IMAGE_TAG="0.0.${CIRCLE_BUILD_NUM}" docker tag <>:<> <>:$IMAGE_TAG docker push <>:<> docker push <>:$IMAGE_TAG # Pass IMAGE_TAG through to later steps for CD SSH deployment echo "export IMAGE_TAG=$IMAGE_TAG" >> $BASH_ENV bash scripts/ci/notify_feishu.sh \ --event docker_hub \ --image-repo <> \ --image-tag <> \ --version-tag "$IMAGE_TAG" - when: # Trigger CD only when deploy=true and the current branch is onprem-release # to avoid accidental deployments from other branches condition: and: - << parameters.deploy >> - equal: [ onprem-release, << pipeline.git.branch >> ] steps: # Load the private key uploaded in CircleCI project settings -> SSH Keys into ssh-agent # ONPREM_DEPLOY_SSH_KEY_FINGERPRINT is the MD5 fingerprint returned by CircleCI after upload - add_ssh_keys: fingerprints: - "$ONPREM_DEPLOY_SSH_KEY_FINGERPRINT" - run: name: SSH deploy to server (update catalog-agent image and restart) command: | # Write the server public key to known_hosts to avoid an interactive # confirmation prompt on the first connection # The server SSH port is controlled by the ONPREM_DEPLOY_SSH_PORT # environment variable, for example 17290 mkdir -p ~/.ssh ssh-keyscan -H -p "$ONPREM_DEPLOY_SSH_PORT" "$ONPREM_DEPLOY_SSH_HOST" >> ~/.ssh/known_hosts 2>/dev/null # Pass the IMAGE_TAG generated in this job to the remote script # - The local shell expands $IMAGE_TAG into the remote command prefix # - The heredoc uses the single-quoted 'REMOTE' form to avoid local # re-expansion of the script body # - sed replaces the entire catalog-agent image line directly, # compatible with any repository prefix such as "gptbasesparticle/..." # or "docker.gbase.ai/...", and any tag format such as 0.0.x # - Tags starting with a digit exclude non-AMD64 images such as arm64; # this CD step only runs in the AMD64 job ssh -p "$ONPREM_DEPLOY_SSH_PORT" "$ONPREM_DEPLOY_SSH_USER@$ONPREM_DEPLOY_SSH_HOST" \ "IMAGE_TAG='$IMAGE_TAG' bash -s" \<<'REMOTE' set -euo pipefail cd gbase_onprem echo "catalog-agent image line before update:" grep -E '^[[:space:]]*image:[[:space:]]*[^#[:space:]]*catalog-agent:[0-9]' docker-compose.yml || true sed -i -E "s|^([[:space:]]*)image:[[:space:]]*[^#[:space:]]*catalog-agent:[0-9][^[:space:]]*|\1image: gptbasesparticle/catalog-agent:${IMAGE_TAG}|" docker-compose.yml echo "catalog-agent image line after update:" grep -E "^[[:space:]]*image:[[:space:]]*gptbasesparticle/catalog-agent:${IMAGE_TAG}" docker-compose.yml docker compose down catalog-agent docker compose up catalog-agent -d REMOTE bash scripts/ci/notify_feishu.sh \ --event deploy \ --service-name catalog-agent \ --namespace onprem-release \ --image-repo <> \ --version-tag "$IMAGE_TAG" workflows: backend_build_and_push: jobs: - build-and-push: name: build-for-test context: - ecr-new path: . dockerfile: Dockerfile repo: catalog-agent docker-tag: '' filters: branches: only: - dev - deploy: name: deploy-for-test docker-tag: '' repo: catalog-agent path: '/home/ubuntu/cluster-for-B/gbase-dev/catalog-agent/deploy.yaml' deploy-name: catalog-agent deploy-namespace: gbase-dev context: - ecr-new filters: branches: only: - dev requires: - build-for-test - build-and-push: name: build-for-prod context: - ecr-new path: . dockerfile: Dockerfile repo: catalog-agent docker-tag: '' filters: branches: only: - prod - build-and-push: name: build-for-staging context: - ecr-new path: . dockerfile: Dockerfile repo: catalog-agent docker-tag: '' filters: branches: only: - staging - deploy: name: deploy-for-prod docker-tag: '' repo: catalog-agent path: '/home/ubuntu/cluster-for-B/default/catalog-agent/deploy.yaml' deploy-name: catalog-agent deploy-namespace: gbase-dev context: - ecr-new filters: branches: only: - prod requires: - build-for-prod - deploy: name: deploy-for-staging docker-tag: '' repo: catalog-agent path: '/home/ubuntu/cluster-for-B/gbase-staging/catalog-agent/deploy.yaml' deploy-name: catalog-agent deploy-namespace: gbase-staging context: - ecr-new filters: branches: only: - staging requires: - build-for-staging - docker-hub-build-push: name: docker-hub-build-push repo: gptbasesparticle/catalog-agent dockerfile: Dockerfile docker-tag: latest # Enable CD: after build and push complete, SSH to the server to update the # catalog-agent image. This only applies to the onprem-release branch; # see the when condition inside the job. deploy: true filters: branches: only: - onprem-release - docker-hub-build-push: name: docker-hub-build-push-arm repo: gptbasesparticle/catalog-agent dockerfile: Dockerfile docker-tag: latest_arm64 filters: branches: only: - onprem-release # Deploy to the onprem-dev environment - build-and-push: name: build-for-onprem-dev context: - ecr-new path: . dockerfile: Dockerfile repo: catalog-agent docker-tag: '' filters: branches: only: - onprem-dev - deploy: name: deploy-for-onprem-dev docker-tag: '' repo: catalog-agent path: '/home/ubuntu/cluster-for-B/onprem-dev/catalog-agent/deploy.yaml' deploy-name: catalog-agent deploy-namespace: onprem-dev context: - ecr-new filters: branches: only: - onprem-dev requires: - build-for-onprem-dev