MormonJesus69420 is deploying the project #31
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy Project | |
run-name: ${{ github.actor }} is deploying the project | |
on: | |
# Run on push to main branch and tags | |
push: | |
branches: | |
- main | |
tags: | |
- "v*.*.*" | |
# Runs every time a pull request is created or updated | |
pull_request: | |
env: | |
# Run in batch mode, produce errors, use settings file, set local repo | |
MAVEN_CONFIG: -B -e -s .m2/settings.xml -Dmaven.repo.local=.m2/repository | |
concurrency: | |
# Define concurrency group name which will then be used to determine duplicate workflow runs | |
group: ${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
test-project: | |
name: Build and Test the Project | |
runs-on: self-hosted-linux | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup Java JDK | |
uses: actions/setup-java@v4 | |
with: | |
distribution: temurin | |
java-version: 21 | |
architecture: x64 | |
# Cache maven dependencies for quicker runs | |
cache: maven | |
- name: Cache Maven Packages | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
- name: Install Maven | |
run: | | |
sudo apt-get update -y | |
sudo apt-get install wget -y | |
wget https://downloads.apache.org/maven/maven-3/3.9.7/binaries/apache-maven-3.9.7-bin.tar.gz | |
tar xzf apache-maven-3.9.7-bin.tar.gz | |
sudo mv apache-maven-3.9.7 /opt/ | |
sudo ln -s /opt/apache-maven-3.9.7/bin/mvn /usr/local/bin/mvn | |
echo "PATH=/opt/apache-maven-3.9.7/bin:$PATH" >> $GITHUB_ENV | |
mvn -v | |
- name: Import Secrets | |
uses: hashicorp/vault-action@v3 | |
id: sec | |
with: | |
url: ${{ secrets.VAULT_URL }} | |
method: ldap | |
username: ${{ secrets.VAULT_USERNAME }} # TODO: Remove this, only for testing, using my personal account | |
password: ${{ secrets.VAULT_PASSWORD }} | |
# method: approle | |
# roleId: ${{ secrets.VAULT_ROLE_ID }} | |
# secretId: ${{ secrets.VAULT_SECRET_ID }} | |
secrets: secret/v1/application/k8s/mlt/data/proxy * | |
- name: Test the Project | |
run: | | |
sed -i "s|HTTP_PROXY_HOST|${{ env.HTTP_PROXY_HOST }}|g" .m2/settings.xml | |
sed -i "s|HTTP_PROXY_PORT|${{ env.HTTP_PROXY_PORT }}|g" .m2/settings.xml | |
sed -i "s|HTTPS_PROXY_HOST|${{ env.HTTPS_PROXY_HOST }}|g" .m2/settings.xml | |
sed -i "s|HTTPS_PROXY_PORT|${{ env.HTTPS_PROXY_PORT }}|g" .m2/settings.xml | |
mvn ${{ env.MAVEN_CONFIG }} verify --fail-at-end | |
- name: Publish Test Report | |
uses: scacap/action-surefire-report@v1 | |
with: | |
fail_on_test_failures: true | |
env: | |
http_proxy : ${{ env.HTTP_PROXY_HOST }}:${{ env.HTTP_PROXY_PORT }} | |
https_proxy : ${{ env.HTTPS_PROXY_HOST }}:${{ env.HTTPS_PROXY_PORT }} | |
- name: Upload the JAR File | |
uses: actions/upload-artifact@v4 | |
with: | |
name: packaged-project | |
path: target/wls-*.jar | |
if-no-files-found: error | |
overwrite: true | |
- name: Cache Maven Repository | |
uses: actions/cache@v4 | |
with: | |
path: ~/.m2/repository | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
publish-image: | |
name: Build and Publish the Docker Image | |
needs: test-project | |
if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v') | |
runs-on: self-hosted-linux | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
with: | |
driver: docker | |
- name: Import Secrets | |
uses: hashicorp/vault-action@v3 | |
with: | |
url: ${{ secrets.VAULT_URL }} | |
method: approle | |
roleId: ${{ secrets.VAULT_ROLE_ID }} | |
secretId: ${{ secrets.VAULT_SECRET_ID }} | |
secrets: secret/v1/application/k8s/mlt/harbor * | |
- name: Log in to Harbor Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ steps.sec.outputs.HARBOR_URL }} | |
username: ${{ steps.sec.outputs.HARBOR_USERNAME }} | |
password: ${{ steps.sec.outputs.HARBOR_PASSWORD }} | |
- name: Extract Metadata for Docker | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: mlt/wls # TODO: Figure out what image name will be generated | |
tags: | | |
type=semver,pattern={{version}} | |
type=ref,event=branch | |
type=ref,event=pr | |
- name: Download the JAR File | |
uses: actions/download-artifact@v4 | |
with: | |
name: packaged-project | |
- name: Build the Docker Image | |
uses: docker/build-push-action@v5 | |
with: | |
push: true | |
context: . | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
deploy-to-stage: | |
name: Deploy to Kubernetes Stage | |
needs: publish-image | |
if: github.ref == 'refs/heads/main' | |
runs-on: self-hosted-linux | |
environment: stage | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Import Secrets | |
uses: hashicorp/vault-action@v3 | |
with: | |
url: ${{ secrets.VAULT_URL }} | |
method: approle | |
roleId: ${{ secrets.VAULT_ROLE_ID }} | |
secretId: ${{ secrets.VAULT_SECRET_ID }} | |
secrets: secret/v1/application/k8s/mlt/k8s-stage * | |
- name: Setup Kubectl | |
uses: azure/setup-kubectl@v4 # TODO: Check if it needs some more config | |
- name: Deploy to Stage | |
run: | # TODO: Fix this to fit our config and needs, as I've "borrowed" this from Tekst team | |
echo "Deploying to stage version ${{ steps.sec.outputs.APP_VERSION }}" | |
sed -i "s/<version>/${{ steps.sec.outputs.APP_VERSION }}/g" k8s/stage/wls.yml | |
sed -i "s/<host_url>/${{ steps.sec.outputs.K8S_HOST_URL }}/g" k8s/stage/wls.yml | |
kubectl config set-cluster stagecl --server=${{ steps.sec.outputs.K8S_STAGE_SERVER }} | |
kubectl config set clusters.stagecl.certificate-authority-data ${{ steps.sec.outputs.K8S_STAGE_NB_NO_CA }} | |
kubectl config set-credentials ${{ steps.sec.outputs.K8S_STAGE_USER }} --token=${{ steps.sec.outputs.K8S_STAGE_NB_NO_TOKEN }} | |
kubectl config set-context mlt --cluster=stagecl --user=${{ steps.sec.outputs.K8S_STAGE_USER }} --namespace=mlt-stage | |
kubectl config use-context mlt | |
kubectl config view | |
kubectl version | |
kubectl apply -f k8s/stage/wls.yml | |
kubectl rollout restart deploy/wls | |
deploy-to-prod: | |
name: Deploy to Kubernetes Prod | |
needs: publish-image | |
if: startsWith(github.event.ref, 'refs/tags/v') | |
runs-on: self-hosted-linux | |
environment: prod | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Import Secrets | |
uses: hashicorp/vault-action@v3 | |
with: | |
url: ${{ secrets.VAULT_URL }} | |
method: approle | |
roleId: ${{ secrets.VAULT_ROLE_ID }} | |
secretId: ${{ secrets.VAULT_SECRET_ID }} | |
secrets: | | |
secret/v1/application/k8s/mlt/k8s-prod * | |
- name: Setup Kubectl | |
uses: azure/setup-kubectl@v4 # TODO: Check if it needs some more config | |
- name: Deploy to Prod | |
run: | # TODO: Fix this to fit our config and needs, as I've "borrowed" this from Tekst team | |
echo "Deploying to production version ${{ steps.sec.outputs.APP_VERSION }}" | |
sed -i "s/<version>/${{ steps.sec.outputs.APP_VERSION }}/g" k8s/prod/wls.yml | |
sed -i "s/<host_url>/${{ steps.sec.outputs.K8S_HOST_URL }}/g" k8s/prod/wls.yml | |
kubectl config set-cluster prodcl --server=${{ steps.sec.outputs.K8S_PROD_SERVER }} | |
kubectl config set clusters.prodcl.certificate-authority-data ${{ steps.sec.outputs.K8S_PROD_NB_NO_CA }} | |
kubectl config set-credentials ${{ steps.sec.outputs.K8S_PROD_USER }} --token=${{ steps.sec.outputs.K8S_PROD_NB_NO_TOKEN }} | |
kubectl config set-context mlt --cluster=prodcl --user=${{ steps.sec.outputs.K8S_PROD_USER }} --namespace=mlt-prod | |
kubectl config use-context mlt | |
kubectl config view | |
kubectl version | |
kubectl apply -f k8s/prod/wls.yml | |
kubectl rollout restart deploy/wls |