-
-
Notifications
You must be signed in to change notification settings - Fork 211
133 lines (131 loc) · 5.02 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# yaml-language-server: $schema=https://github.com/SchemaStore/schemastore/blob/master/src/schemas/json/github-workflow.json
name: Deploy
on:
workflow_call:
inputs:
docker-images-version:
type: string
description: Docker Images Version
default: latest
required: false
gke-cluster:
type: string
description: Google Kubernetes Engine Cluster
required: true
gke-zone:
type: string
description: Google Kubernetes Engine Zone
required: true
secrets:
gke-credentials:
description: Google Kubernetes Engine Credentials as JSON
required: true
gke-project:
description: Google Kubernetes Engine Project
required: true
cloudflare-api-token:
description: Cloudflare API Token
required: true
cloudflare-zone-id:
description: Cloudflare Zone Id
required: true
keycloak-admin-password:
description: Keycloak Admin Password
required: true
outputs:
url:
value: ${{ jobs.deploy.outputs.url }}
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
environment:
name: ${{ inputs.environment }}
url: https://${{ inputs.url }}
permissions:
contents: 'read'
id-token: 'write'
outputs:
url: ${{ steps.deploy.outputs.url }}
steps:
-
name: Checkout
uses: actions/checkout@v4
-
name: Auth gcloud
uses: google-github-actions/auth@v2
with:
credentials_json: ${{ secrets.gke-credentials }}
-
name: Setup gcloud
uses: google-github-actions/setup-gcloud@v2
with:
project_id: ${{ secrets.gke-project }}
-
name: Configure gcloud
run: |
gcloud components install gke-gcloud-auth-plugin
gcloud --quiet auth configure-docker
gcloud container clusters get-credentials ${{ inputs.gke-cluster }} --zone ${{ inputs.gke-zone }}
-
name: Cache Helm Dependencies
uses: actions/cache@v4
with:
path: helm/api-platform/charts/
key: ${{ runner.os }}-helm-dependencies-${{ github.run_id }}
restore-keys: |
${{ runner.os }}-helm-dependencies-
-
name: Build Helm Dependencies
run: |
helm repo add bitnami https://charts.bitnami.com/bitnami/
helm repo add stable https://charts.helm.sh/stable/
helm dependency build ./helm/api-platform
# Release name MUST start with a letter
-
name: Deploy
id: deploy
run: |
if [ "${{ github.event_name }}" == "push" ]; then
release=prod
namespace=$release
url=demo.api-platform.com
else
release=pr-${{ github.event.pull_request.number }}
namespace=$release
url=$release-demo.api-platform.com
fi
echo "url=$url" >> "$GITHUB_OUTPUT"
cors="https://$url|http://localhost|https://localhost|http://localhost:3000"
set -o pipefail
helm upgrade $release ./helm/api-platform -f ./helm/api-platform/values.yaml \
--install \
--create-namespace \
--debug \
--wait \
--namespace=$namespace \
--set=app.version=${{ github.sha }} \
--set=keycloak.image.repository=${{ secrets.gke-project }}/${{ secrets.gke-project }}/keycloak \
--set=keycloak.image.tag=${{ inputs.docker-images-version }} \
--set=keycloak.auth.adminPassword=${{ secrets.keycloak-admin-password }} \
--set-string=keycloak.extraEnvVars[0].value=https://$url/oidc/ \
--set-string=keycloak.extraEnvVars[1].value=https://$url/oidc/ \
--set=php.image.repository=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/${{ secrets.gke-project }}/php \
--set=php.image.tag=${{ inputs.docker-images-version }} \
--set=pwa.image.repository=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/${{ secrets.gke-project }}/pwa \
--set=pwa.image.tag=${{ inputs.docker-images-version }} \
--set=ingress.hosts[0].host=$url \
--set=ingress.tls[0].hosts[0]=$url \
--set=external-dns.cloudflare.apiToken=${{ secrets.cloudflare-api-token }} \
--set=external-dns.domainFilters={"$url"} \
--set=external-dns.zoneIdFilters={${{ secrets.cloudflare-zone-id }}} \
--set=php.corsAllowOrigin="^$(echo "$cors" | sed 's/\./\\\\./g')$" \
--set=php.trustedHosts="^127\\.0\\.0\\.1|localhost|$(echo "$url" | sed 's/\./\\\\./g')$" \
--set=mercure.publicUrl=https://$url/.well-known/mercure \
--set=mercure.extraDirectives="demo \
cors_origins $(echo "$cors" | sed 's/|/ /g')" \
| sed --unbuffered '/USER-SUPPLIED VALUES/,$d'
-
name: Debug kube events
if: failure()
run: kubectl get events --namespace=$namespace --sort-by .metadata.creationTimestamp