Compare commits
15 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| ab540e0f8b | |||
| d1e70af74d | |||
| 342558e3e6 | |||
| b76f572c0f | |||
| e949536edb | |||
| b83d151aba | |||
| 39e5090b6e | |||
| 4334d096f6 | |||
| e8e9785094 | |||
| e18a13a781 | |||
| 2907874026 | |||
| f2e1c2198c | |||
| 2a7a286842 | |||
| af59783877 | |||
| 12089d0968 |
@@ -27,18 +27,23 @@ jobs:
|
|||||||
image: catthehacker/ubuntu:act-22.04
|
image: catthehacker/ubuntu:act-22.04
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
|
||||||
- name: Checkout code
|
|
||||||
uses: actions/checkout@v2
|
|
||||||
|
|
||||||
- name: Import Secrets
|
- name: Import Secrets
|
||||||
uses: hashicorp/vault-action@v2
|
uses: hashicorp/vault-action@v2
|
||||||
with:
|
with:
|
||||||
url: https://vault.project-rent-dev.com
|
url: https://vault.project-quest-dev.com
|
||||||
token: ${{ secrets.VAULT_TOKEN }}
|
token: ${{ secrets.VAULT_TOKEN }}
|
||||||
secrets: |
|
secrets: |
|
||||||
cicd/data/docker password | REGISTRY_PASSWORD ;
|
cicd/data/docker password | REGISTRY_PASSWORD ;
|
||||||
cicd/data/docker username | REGISTRY_USERNAME ;
|
cicd/data/docker username | REGISTRY_USERNAME ;
|
||||||
|
cicd/data/submodule token | SUBMODULE_TOKEN ;
|
||||||
|
cicd/data/submodule npm_token | NPM_TOKEN ;
|
||||||
|
- name: Checkout code
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
submodules: recursive
|
||||||
|
fetch-depth: 0
|
||||||
|
token: ${{ env.SUBMODULE_TOKEN }}
|
||||||
|
|
||||||
- name: Set up Docker BuildX
|
- name: Set up Docker BuildX
|
||||||
uses: docker/setup-buildx-action@v2
|
uses: docker/setup-buildx-action@v2
|
||||||
@@ -68,8 +73,12 @@ jobs:
|
|||||||
|
|
||||||
- name: Build Docker image
|
- name: Build Docker image
|
||||||
run: |
|
run: |
|
||||||
docker build -t ${{ inputs.REGISTRY }}/${{ inputs.USER_FOR_IMAGE_STORE }}/${{ inputs.APP_NAME }}:${{ env.VERSION }} .
|
docker build \
|
||||||
|
--build-arg SUBMODULE_TOKEN=${{ env.NPM_TOKEN }} \
|
||||||
|
-f ${{ inputs.DOCKERFILE_PATH }} \
|
||||||
|
-t ${{ inputs.REGISTRY }}/${{ inputs.USER_FOR_IMAGE_STORE }}/${{ inputs.APP_NAME }}:${{ env.VERSION }} \
|
||||||
|
.
|
||||||
|
|
||||||
- name: Push Docker image
|
- name: Push Docker image
|
||||||
run: |
|
run: |
|
||||||
docker push ${{ inputs.REGISTRY }}/${{ inputs.USER_FOR_IMAGE_STORE }}/${{ inputs.APP_NAME }}:${{ env.VERSION }}
|
docker push ${{ inputs.REGISTRY }}/${{ inputs.USER_FOR_IMAGE_STORE }}/${{ inputs.APP_NAME }}:${{ env.VERSION }}
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ on:
|
|||||||
REGISTRY:
|
REGISTRY:
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
default: registry.project-rent-dev.com
|
default: registry.project-quest-dev.com
|
||||||
PROD_NAMESPACE:
|
PROD_NAMESPACE:
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
@@ -42,6 +42,18 @@ on:
|
|||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
description: Kubeconf secret path in vault for prod
|
description: Kubeconf secret path in vault for prod
|
||||||
|
HELM_VERSION:
|
||||||
|
type: string
|
||||||
|
default: 3.17
|
||||||
|
description: Last stable with our chart's
|
||||||
|
ENABLE_CUSTOM_SET:
|
||||||
|
type: string
|
||||||
|
default: "false"
|
||||||
|
description: Last stable with our chart's
|
||||||
|
CUSTOM_HELM_SET:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
description: Last stable with our chart's
|
||||||
secrets:
|
secrets:
|
||||||
VAULT_TOKEN:
|
VAULT_TOKEN:
|
||||||
required: true
|
required: true
|
||||||
@@ -69,7 +81,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Export secrets for deploy
|
- name: Export secrets for deploy
|
||||||
run: |
|
run: |
|
||||||
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
|
if [ "${{ github.ref }}" = "refs/heads/main" ]; then
|
||||||
echo "NAMESPACE=${{ inputs.PROD_NAMESPACE }}" >> $GITHUB_ENV
|
echo "NAMESPACE=${{ inputs.PROD_NAMESPACE }}" >> $GITHUB_ENV
|
||||||
echo "VALUES_FILE=${{ inputs.PROD_VALUES_FILE }}" >> $GITHUB_ENV
|
echo "VALUES_FILE=${{ inputs.PROD_VALUES_FILE }}" >> $GITHUB_ENV
|
||||||
echo "KUBECONF=${{ inputs.PROD_KUBECONF_SECRET_PATH }}" >> $GITHUB_ENV
|
echo "KUBECONF=${{ inputs.PROD_KUBECONF_SECRET_PATH }}" >> $GITHUB_ENV
|
||||||
@@ -82,7 +94,7 @@ jobs:
|
|||||||
- name: Import config of k8s
|
- name: Import config of k8s
|
||||||
uses: hashicorp/vault-action@v2
|
uses: hashicorp/vault-action@v2
|
||||||
with:
|
with:
|
||||||
url: https://vault.project-rent-dev.com
|
url: https://vault.project-quest-dev.com
|
||||||
token: ${{ secrets.VAULT_TOKEN }}
|
token: ${{ secrets.VAULT_TOKEN }}
|
||||||
secrets: |
|
secrets: |
|
||||||
${{ env.KUBECONF }} | KUBECONFIG;
|
${{ env.KUBECONF }} | KUBECONFIG;
|
||||||
@@ -90,17 +102,38 @@ jobs:
|
|||||||
- name: Install helm
|
- name: Install helm
|
||||||
uses: azure/setup-helm@v4.2.0
|
uses: azure/setup-helm@v4.2.0
|
||||||
with:
|
with:
|
||||||
version: latest
|
version: ${{ inputs.HELM_VERSION }}
|
||||||
|
|
||||||
- name: Set up Kubectl
|
- name: Set up Kubectl
|
||||||
uses: azure/k8s-set-context@v4
|
uses: azure/k8s-set-context@v4
|
||||||
with:
|
with:
|
||||||
kubeconfig: ${{ env.KUBECONFIG }}
|
kubeconfig: ${{ env.KUBECONFIG }}
|
||||||
|
|
||||||
|
- name: Set EXTRA_ARGS if ENABLE_CUSTOM_SET is true
|
||||||
|
run: |
|
||||||
|
if [ "${{ inputs.ENABLE_CUSTOM_SET }}" = "true" ]; then
|
||||||
|
echo "CUSTOM_HELM_SET_TEMPLATE=${{ inputs.CUSTOM_HELM_SET }}" >> "$GITHUB_ENV"
|
||||||
|
else
|
||||||
|
echo "CUSTOM_HELM_SET_TEMPLATE=" >> "$GITHUB_ENV"
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: Install envsubst
|
||||||
|
run: |
|
||||||
|
sudo apt-get update && sudo apt-get install -y gettext
|
||||||
|
|
||||||
|
- name: Render and export EXTRA_ARGS
|
||||||
|
run: |
|
||||||
|
if [ -n "$CUSTOM_HELM_SET_TEMPLATE" ]; then
|
||||||
|
export EXTRA_ARGS=$(echo "$CUSTOM_HELM_SET_TEMPLATE" | envsubst)
|
||||||
|
else
|
||||||
|
export EXTRA_ARGS=""
|
||||||
|
fi
|
||||||
|
echo "EXTRA_ARGS=$EXTRA_ARGS" >> "$GITHUB_ENV"
|
||||||
|
|
||||||
- name: Install chart
|
- name: Install chart
|
||||||
run: |
|
run: |
|
||||||
helm upgrade --install --cleanup-on-fail --atomic --timeout 2m --wait ${{ inputs.APP_NAME }} ./chart \
|
helm upgrade --install --cleanup-on-fail --atomic --timeout 2m --wait ${{ inputs.APP_NAME }} ./chart \
|
||||||
--namespace ${{ env.NAMESPACE }} \
|
--namespace ${{ env.NAMESPACE }} \
|
||||||
--set image.repository=${{ inputs.REGISTRY }}/${{ inputs.REGISTRY_USER }}/${{ inputs.APP_NAME }} \
|
--set image.repository=${{ inputs.REGISTRY }}/${{ inputs.REGISTRY_USER }}/${{ inputs.APP_NAME }} \
|
||||||
--set image.tag=${{ env.VERSION }} \
|
--set image.tag=${{ env.VERSION }} \
|
||||||
-f ${{ env.VALUES_FILE }}
|
-f ${{ env.VALUES_FILE }} ${{ env.EXTRA_ARGS }}
|
||||||
@@ -22,18 +22,32 @@ jobs:
|
|||||||
image: catthehacker/ubuntu:act-22.04
|
image: catthehacker/ubuntu:act-22.04
|
||||||
steps:
|
steps:
|
||||||
|
|
||||||
- name: Checkout repo
|
- name: Import Common Secrets
|
||||||
uses: actions/checkout@v3
|
uses: hashicorp/vault-action@v2
|
||||||
|
with:
|
||||||
|
url: https://vault.project-quest-dev.com
|
||||||
|
token: ${{ secrets.VAULT_TOKEN }}
|
||||||
|
secrets: |
|
||||||
|
cicd/data/submodule token | SUBMODULE_TOKEN ;
|
||||||
|
|
||||||
|
- name: Checkout code
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
submodules: recursive
|
||||||
|
fetch-depth: 0
|
||||||
|
token: ${{ env.SUBMODULE_TOKEN }}
|
||||||
|
|
||||||
- name: Setup Node
|
- name: Setup Node
|
||||||
uses: actions/setup-node@v3
|
uses: actions/setup-node@v3
|
||||||
|
with:
|
||||||
|
node-version: 20
|
||||||
|
|
||||||
- name: Install dependencies
|
- name: Install dependencies
|
||||||
run: npm install
|
run: npm install
|
||||||
|
|
||||||
- name: Export secrets for prisma
|
- name: Export secrets for prisma
|
||||||
run: |
|
run: |
|
||||||
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
|
if [ "${{ github.ref }}" = "refs/heads/main" ]; then
|
||||||
echo "PRISMA_DB_SECRET_PATH=${{ inputs.PROD_PRISMA_SECRET_DB_PATH }}" >> $GITHUB_ENV
|
echo "PRISMA_DB_SECRET_PATH=${{ inputs.PROD_PRISMA_SECRET_DB_PATH }}" >> $GITHUB_ENV
|
||||||
else
|
else
|
||||||
echo "PRISMA_DB_SECRET_PATH=${{ inputs.DEV_PRISMA_SECRET_DB_PATH }}" >> $GITHUB_ENV
|
echo "PRISMA_DB_SECRET_PATH=${{ inputs.DEV_PRISMA_SECRET_DB_PATH }}" >> $GITHUB_ENV
|
||||||
@@ -42,7 +56,7 @@ jobs:
|
|||||||
- name: Import prisma db url
|
- name: Import prisma db url
|
||||||
uses: hashicorp/vault-action@v2
|
uses: hashicorp/vault-action@v2
|
||||||
with:
|
with:
|
||||||
url: https://vault.project-rent-dev.com
|
url: https://vault.project-quest-dev.com
|
||||||
token: ${{ secrets.VAULT_TOKEN }}
|
token: ${{ secrets.VAULT_TOKEN }}
|
||||||
secrets: |
|
secrets: |
|
||||||
${{ env.PRISMA_DB_SECRET_PATH }} | PRISMA_DB_URL;
|
${{ env.PRISMA_DB_SECRET_PATH }} | PRISMA_DB_URL;
|
||||||
|
|||||||
Reference in New Issue
Block a user