Skip to content

Build & Deploy

Build & Deploy #31

Workflow file for this run

name: Build & Deploy
on:
push:
branches:
- main
workflow_dispatch:
schedule:
- cron: '10 0 * * 0'
permissions:
id-token: write
contents: read
packages: write
jobs:
package:
uses: Chia-Network/actions/.github/workflows/docker-build.yaml@main
deploy_internal:
name: Deploy Internal
needs:
- package
runs-on: [k8s-public]
container:
image: registry.gitlab.com/cmmarslender/kubectl-helm:v3
steps:
- uses: actions/checkout@v3
- name: Vault Login
uses: Chia-Network/actions/vault/login@main
with:
vault_url: ${{ secrets.VAULT_URL }}
role_name: github-block-metrics
- name: Get secrets from vault
uses: hashicorp/vault-action@v2
with:
url: ${{ secrets.VAULT_URL }}
token: ${{ env.VAULT_TOKEN }}
secrets: |
secret/data/fmt/mysql1/db-info host | DB_HOST;
secret/data/fmt/mysql1/users/blocks-write-user username | DB_USER;
secret/data/fmt/mysql1/users/blocks-write-user password | DB_PASSWORD;
secret/data/fmt/k8s/ghcr_image_pull username | IMAGE_PULL_USERNAME;
secret/data/fmt/k8s/ghcr_image_pull password | IMAGE_PULL_PASSWORD;
secret/data/fmt/k8s/fremont-baremetal api_server_url | K8S_API_SERVER_URL;
secret/data/fmt/k8s/fremont-baremetal private_crt | PRIVATE_CRT;
secret/data/fmt/k8s/fremont-baremetal private_key | PRIVATE_KEY;
secret/data/fmt/k8s/fremont-baremetal public_crt | PUBLIC_CRT;
secret/data/fmt/k8s/fremont-baremetal public_key | PUBLIC_KEY;
- name: Get config.yaml
run: |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
echo "CONFIG_YAML<<$EOF" >> $GITHUB_ENV
cat k8s/config.yaml >> $GITHUB_ENV
echo "$EOF" >> $GITHUB_ENV
- name: Login to k8s cluster
uses: Chia-Network/actions/vault/k8s-login@main
with:
vault_url: ${{ secrets.VAULT_URL }}
vault_token: ${{ env.VAULT_TOKEN }}
backend_name: fremont-baremetal
role_name: github-actions
cluster_url: ${{ env.K8S_API_SERVER_URL }}
- uses: Chia-Network/actions/k8s/image-pull-secret@main
with:
secret_name: block-metrics-image-pull
namespace: block-metrics
username: ${{ env.IMAGE_PULL_USERNAME }}
password: ${{ env.IMAGE_PULL_PASSWORD }}
docker_server: "ghcr.io"
- uses: Chia-Network/actions/helm/deploy@main
env:
DOCKER_TAG: "sha-${{ github.sha }}"
with:
namespace: "block-metrics"
app_name: "block-metrics"
helm_chart_repo: "https://chia-network.github.io/helm-charts"
helm_chart: "generic"
helm_values: "./k8s/internal.yaml"
deploy_public:
name: Deploy Public
needs:
- package
runs-on: [k8s-public]
container:
image: registry.gitlab.com/cmmarslender/kubectl-helm:v3
steps:
- uses: actions/checkout@v3
- name: Vault Login
uses: Chia-Network/actions/vault/login@main
with:
vault_url: ${{ secrets.VAULT_URL }}
role_name: github-block-metrics
- name: Get secrets from vault
uses: hashicorp/vault-action@v2
with:
url: ${{ secrets.VAULT_URL }}
token: ${{ env.VAULT_TOKEN }}
secrets: |
secret/data/pub-metrics-eks/rds/rds-info db_host | DB_HOST;
secret/data/pub-metrics-eks/rds/blocks-write-user username | DB_USER;
secret/data/pub-metrics-eks/rds/blocks-write-user password | DB_PASSWORD;
secret/data/fmt/k8s/ghcr_image_pull username | IMAGE_PULL_USERNAME;
secret/data/fmt/k8s/ghcr_image_pull password | IMAGE_PULL_PASSWORD;
secret/data/pub-metrics-eks/chia-certs private_crt | PRIVATE_CRT;
secret/data/pub-metrics-eks/chia-certs private_key | PRIVATE_KEY;
secret/data/pub-metrics-eks/chia-certs public_crt | PUBLIC_CRT;
secret/data/pub-metrics-eks/chia-certs public_key | PUBLIC_KEY;
- name: Get config.yaml
run: |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
echo "CONFIG_YAML<<$EOF" >> $GITHUB_ENV
cat k8s/config.yaml >> $GITHUB_ENV
echo "$EOF" >> $GITHUB_ENV
- name: Get ephemeral aws credentials
uses: Chia-Network/actions/vault/aws-sts@main
with:
vault_url: ${{ secrets.VAULT_URL }}
vault_token: ${{ env.VAULT_TOKEN }}
role_name: pub-metrics-deploy
- name: Log in to cluster
run: aws eks update-kubeconfig --name pub-metrics --region us-west-2
- uses: Chia-Network/actions/k8s/image-pull-secret@main
with:
secret_name: block-metrics-image-pull
namespace: block-metrics
username: ${{ env.IMAGE_PULL_USERNAME }}
password: ${{ env.IMAGE_PULL_PASSWORD }}
docker_server: "ghcr.io"
- uses: Chia-Network/actions/helm/deploy@main
env:
DOCKER_TAG: "sha-${{ github.sha }}"
with:
namespace: "block-metrics"
app_name: "block-metrics"
helm_chart_repo: "https://chia-network.github.io/helm-charts"
helm_chart: "generic"
helm_values: "./k8s/pub-metrics.yaml"