FIX token refresh (#8) #39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Push, and Deploy meme-bot | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| env: | |
| DOCKER_IMAGE: ghcr.io/${{ github.repository }}/meme-bot | |
| KUBE_NAMESPACE: meme-bot | |
| HELM_CHART_PATH: ./charts/meme-bot | |
| KANIKO_CACHE_ARGS: "--cache=true --cache-copy-layers=true --cache-ttl=24h" | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| test: | |
| runs-on: arc-runner-set | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Set up Go | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version: '1.23' # Укажите версию Go, используемую в проекте | |
| - name: Run tests | |
| run: go test -v ./... | |
| build-to-ghcr: | |
| runs-on: arc-runner-set # uses self-hosted runner scale set | |
| needs: test # Зависит от успешного выполнения тестов | |
| container: | |
| image: gcr.io/kaniko-project/executor:v1.20.0-debug # the kaniko image | |
| permissions: | |
| contents: read # read the repository | |
| packages: write # to push to GHCR, omit for other container registry. https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#publishing-a-package-using-an-action | |
| steps: | |
| - name: Build and Push Image to GHCR with kaniko | |
| run: | | |
| cat <<EOF > /kaniko/.docker/config.json | |
| { | |
| "auths": { | |
| "ghcr.io": { | |
| "auth": "$(echo -n "$GIT_USERNAME:$GIT_PASSWORD" | base64 -w0)" | |
| } | |
| } | |
| } | |
| EOF | |
| /kaniko/executor --dockerfile="./Dockerfile" \ | |
| --context="${{ github.repositoryUrl }}#${{ github.ref }}#${{ github.sha }}" \ | |
| --destination="$GH_REGISTRY/$IMAGE_NAME:$(echo ${GITHUB_SHA} | head -c 7)" \ | |
| ${{ env.KANIKO_CACHE_ARGS }} \ | |
| --push-retry 5 | |
| env: # needed to authenticate to github and download the repo | |
| GIT_USERNAME: ${{ github.actor }} | |
| GIT_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
| GH_REGISTRY: "ghcr.io" | |
| IMAGE_NAME: "${{ github.repository }}/meme-bot" | |
| deploy-to-k8s: | |
| runs-on: arc-runner-set | |
| needs: build-to-ghcr | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Install Helm | |
| run: | | |
| curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash | |
| - name: Deploy to Kubernetes using Helm | |
| run: | | |
| helm upgrade --install meme-bot ${{ env.HELM_CHART_PATH }} \ | |
| --namespace ${{ env.KUBE_NAMESPACE }} \ | |
| --set image.repository=${{ env.DOCKER_IMAGE }} \ | |
| --set image.tag=$(echo ${GITHUB_SHA} | head -c 7) \ | |
| --set secrets.telegramBotToken=${{ secrets.TELEGRAM_BOT_TOKEN }} \ | |
| --set secrets.yandexOAuthToken=${{ secrets.YANDEX_OAUTH_TOKEN }} \ | |
| --set secrets.yandexArtFolderId=${{ secrets.YANDEX_ART_FOLDER_ID }} \ | |
| --set secrets.fusionBrainApiKey=${{ secrets.FUSION_BRAIN_API_KEY }} \ | |
| --set secrets.fusionBrainSecretKey=${{ secrets.FUSION_BRAIN_SECRET_KEY }} |