-
Notifications
You must be signed in to change notification settings - Fork 0
124 lines (120 loc) · 5.39 KB
/
kube-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# Description
# -----------
# This workflow builds and releases the Docker image to Harbor, then deploys out to the kubernetes environment.
#
# Setup
# -----
# 1. Create the following secrets inside GitHub:
# - LMS_GH_TOKEN (Personal access token for the lmsgit user that has read access to other repositories)
# - LMS_MAVEN_SETTINGS (Base64 encoded settings.xml file)
# - LMS_REGISTRY_PASSWORD (Registry password - push access)
# - LMS_REGISTRY_USERNAME (Registry username)
# 2. Create the following environments, representative of the deployments:
# - reg
# - stg
# - prd
# 3. Create the following secrets in each of the above environments
# - LMS_KUBECONFIG_DEPLOYER (Base64 encoded kubernetes deployment service account for the appropriate cluster)
# 4. Create the following variables in each of the above environment
# - DOCKER_TAG (tag name for the docker image that will be deployed i.e. stable, unstable-reg, etc)
# 5. Create the following variables in the repository
# - IMAGE_REPO_NAME (Harbor registry name where the docker image will be pushed)
# - DEPLOY_DIR (Directory where the helm deployment files can be found)
# - JAR_FILE (Name of the application jar file)
# - K8S_RELEASE_PREFIX (Kubernetes release name prefix for the deployed application)
# - BUILD_PROFILES (Comma separated list of maven build profiles that need to be activated)
name: Build and Deploy
on:
workflow_dispatch:
inputs:
server_env:
type: choice
required: true
options:
- reg
- stg
- prd
description: Select deployment env
default: reg
helm_deployer_branch:
required: true
description: Indicate the branch that contains the helm deployment files
default: develop
env:
TZ: America/New_York
IMAGE_REPO: registry.docker.iu.edu/lms/${{ vars.IMAGE_REPO_NAME }}
IMAGE_TAG: registry.docker.iu.edu/lms/${{ vars.IMAGE_REPO_NAME }}:${{ vars.DOCKER_TAG }}
DIGEST_REPO: registry.docker.iu.edu/lms/${{ vars.IMAGE_REPO_NAME }}@sha256
KUBE_NS: ua-vpit--enterprise-systems--lms--helm-release
jobs:
mvn_build:
name: Maven Build
runs-on: self-hosted
container:
image: maven:3.9.9-eclipse-temurin-21
environment: ${{ github.event.inputs.server_env }}
steps:
- name: Clone GitHub root repository
uses: actions/checkout@v4
with:
repository: iu-uits-es/ess-lms-canvas-standalone-apps
ref: ${{ github.event.inputs.helm_deployer_branch }}
token: ${{ secrets.LMS_GH_TOKEN }}
github-server-url: https://github.iu.edu
- name: Clone GitHub tool repository
uses: actions/checkout@v4
with:
path: tools/${{ vars.DEPLOY_DIR }}
- name: mvn setup
run: mkdir /root/.m2
- name: Create maven settings.xml
run: echo -n '${{ secrets.LMS_MAVEN_SETTINGS }}' | base64 -d > /root/.m2/settings.xml
- name: Maven Build
run: mvn clean install -B -P '${{ vars.BUILD_PROFILES}}'
working-directory: tools/${{ vars.DEPLOY_DIR }}
- name: copy jar file
run: |
mkdir -p deployments/${{ vars.DEPLOY_DIR }}/lib
cp tools/${{ vars.DEPLOY_DIR }}/target/${{ vars.JAR_FILE }} deployments/${{ vars.DEPLOY_DIR }}/lib/${{ vars.JAR_FILE }}
- name: build/push docker image
run: |
mvn clean install -B -P docker-push -D dockerfile.username=${{ secrets.LMS_REGISTRY_USERNAME }} \
-D dockerfile.password=${{ secrets.LMS_REGISTRY_PASSWORD }} -D docker_repository_base=registry.docker.iu.edu/lms/ \
-D docker_tag=${{ vars.DOCKER_TAG }}
working-directory: deployments/${{ vars.DEPLOY_DIR }}
deploy:
name: Deploy to Kubernetes
needs: [ mvn_build ]
runs-on: self-hosted
environment: ${{ github.event.inputs.server_env }}
container:
image: registry.docker.iu.edu/library/kube-deployer:3.10.2
credentials:
username: ${{ secrets.LMS_REGISTRY_USERNAME }}
password: ${{ secrets.LMS_REGISTRY_PASSWORD }}
steps:
- name: Clone GitHub repository
uses: actions/checkout@v4
with:
repository: iu-uits-es/ess-lms-canvas-standalone-apps
ref: ${{ github.event.inputs.helm_deployer_branch }}
token: ${{ secrets.LMS_GH_TOKEN }}
github-server-url: https://github.iu.edu
- name: Create KUBECONFIG file for the cluster
run: |
echo -n '${{ secrets.LMS_KUBECONFIG_DEPLOYER}}' | base64 -d > /root/.kube/config
chmod 400 /root/.kube/config
- name: Get Docker Image SHA
id: get-docker-image-sha
run: |
echo "DOCKER_IMAGE_SHA=$(skopeo inspect --creds '${{ secrets.LMS_REGISTRY_USERNAME }}:${{ secrets.LMS_REGISTRY_PASSWORD }}' \
docker://${{ env.IMAGE_TAG }} | jq -rc '.Digest' | awk -F':' '{ print $2 }')" >> "$GITHUB_OUTPUT"
- name: Deploy
env:
KUBECONFIG: /root/.kube/config
working-directory: deployments/${{ vars.DEPLOY_DIR }}
run: |
helm upgrade ${{ vars.K8S_RELEASE_PREFIX }}-${{ github.event.inputs.server_env }} ../../k8s \
--values helm-common.yaml,helm-${{ github.event.inputs.server_env }}.yaml --install -n ${{ env.KUBE_NS }} \
--set image.repository="${{ env.DIGEST_REPO }}",image.tag="${{ steps.get-docker-image-sha.outputs.docker_image_sha }}",image.tagName="${{ vars.DOCKER_TAG }}" \
--wait --timeout 15m