-
Notifications
You must be signed in to change notification settings - Fork 1
85 lines (79 loc) · 3.18 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
name: Deploy Site
on:
workflow_dispatch:
inputs:
environment:
description: Deploy Environment
type: environment
required: true
workflow_call:
inputs:
environment:
description: Deploy Environment
type: string
required: true
jobs:
# The hostname for the deployment is stored in the environment, which means
# we have to read it *before* the job that needs it in the environment definition
read-env:
name: Read hostname from environment
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
outputs:
hostname: ${{ steps.read-env.outputs.hostname }}
steps:
- name: Read hostname from environment
id: read-env
run: |
HOSTNAME=${{ vars.HOSTNAME }}
echo "Hostname is $HOSTNAME"
echo "hostname=$HOSTNAME" >> $GITHUB_OUTPUT
deploy-app:
name: Deploy Kubernetes app
runs-on: ubuntu-latest
environment:
name: ${{ inputs.environment }}
url: https://${{ needs.read-env.outputs.hostname }}/
needs:
- read-env
permissions:
contents: read
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Google Cloud auth
uses: google-github-actions/auth@v0
with:
# Auth with the *keskne* project because that's where the cluster is hosted
service_account: ${{ secrets.KESKNE_GOOGLE_SERVICE_ACCOUNT }}
workload_identity_provider: ${{ secrets.KESKNE_GOOGLE_WORKLOAD_ID_PROVIDER }}
- name: Save kubeconfig
uses: google-github-actions/get-gke-credentials@v1
with:
cluster_name: ${{ vars.KESKNE_CLUSTER_NAME }}
location: ${{ vars.KESKNE_CLUSTER_LOCATION }}
- name: Helm deploy
# The two TLS secrets have to be put in files because they're multi-line
run: |
echo "${{ secrets.TLS_CERT }}" > /tmp/tls_cert
echo "${{ secrets.TLS_KEY }}" > /tmp/tls_key
helm upgrade beta-spray ./deploy/helm/ \
--install \
--namespace ${{ vars.NAMESPACE }} \
--create-namespace \
--set-string versionSha="${{ github.sha }}" \
--set-string hostname="${{ vars.HOSTNAME }}" \
--set databaseBackupEnabled="${{ vars.DATABASE_BACKUP_ENABLED }}" \
--set-string databaseBackupBucket="${{ secrets.DATABASE_BACKUP_BUCKET }}" \
--set-string databaseBackupGcpKey="${{ secrets.DATABASE_BACKUP_GCP_KEY }}" \
--set-string googleOauthClientId="${{ secrets.GOOGLE_OAUTH_CLIENT_ID }}" \
--set-string googleOauthClientSecret="${{ secrets.GOOGLE_OAUTH_CLIENT_SECRET }}" \
--set-string mediaBucket="${{ secrets.MEDIA_BUCKET }}" \
--set-string staticAssetsHost=storage.googleapis.com \
--set-string staticAssetsBucket="${{ secrets.STATIC_ASSETS_BUCKET }}" \
--set-string apiGcpKey="${{ secrets.API_GCP_KEY }}" \
--set-string apiSecretKey="${{ secrets.API_SECRET_KEY }}" \
--set-string databasePassword="${{ secrets.DATABASE_PASSWORD }}" \
--set-file tlsCert=/tmp/tls_cert \
--set-file tlsKey=/tmp/tls_key