-
Notifications
You must be signed in to change notification settings - Fork 0
134 lines (119 loc) · 4.6 KB
/
reusable-helm-deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: Deploy Kubernetes Application
on:
workflow_call:
inputs:
skip_docker_image:
default: false
required: false
type: boolean
description: Boolean flag to skip the docker build and publish steps of the workflow. Used for helm deploys that do not require their own Docker image.
chart_path:
default: deployments/helm/${{ github.event.repository.name }}
required: false
type: string
description: 'Path to Helm chart'
secrets:
GHA_ACCESS_USER:
required: false
description: 'Required for Golang services to download private Go modules during Docker image builds.'
GHA_ACCESS_TOKEN:
required: false
description: 'Required for Golang services to download private Go modules during Docker image builds.'
BUF_TOKEN:
required: false
description: 'Required for Golang and frontend services to access private Buf registries during Docker image builds.'
jobs:
push_docker_image:
name: Build and Push Docker Image
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
deployments: write
outputs:
image_tag: ${{ steps.docker.outputs.image_tag }}
deployment_id: ${{ steps.deployment.outputs.deployment_id }}
environment: ${{ steps.docker.outputs.environment }}
steps:
- uses: docker/setup-buildx-action@v2
if: ${{ !inputs.skip_docker_image }}
- uses: docker/login-action@v2
if: ${{ !inputs.skip_docker_image }}
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Get Docker Tags
id: docker
uses: lockerstock/github-actions/get-docker-tags@main
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Start Deployment
id: deployment
uses: lockerstock/github-actions/deployment-status@main
with:
token: ${{ secrets.GITHUB_TOKEN }}
step: start
environment: ${{ steps.docker.outputs.environment }}
- name: Build and Push Docker Image
if: ${{ !inputs.skip_docker_image }}
uses: docker/build-push-action@v3
with:
push: true
tags: ${{ steps.docker.outputs.tags }}
# TODO: When arm64 k8s nodes are available, revert platforms to `linux/amd64,linux/arm64`.
platforms: linux/amd64
labels: |
"org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}"
"org.opencontainers.image.authors=${{ github.repository_owner }},${{ github.actor }}"
"org.opencontainers.image.version=${{ steps.docker.outputs.image_tag }}"
"org.opencontainers.image.ref.name=${{ github.head_ref || github.ref_name }}"
"org.opencontainers.image.environment=${{ steps.docker.outputs.environment }}"
"org.opencontainers.image.sha=${{ github.sha }}"
build-args: |
RELEASE_VERSION=${{ steps.docker.outputs.image_tag }}
ACCESS_TOKEN=${{ secrets.GHA_ACCESS_TOKEN }}
BUF_TOKEN=${{ secrets.BUF_TOKEN }}
- name: Failed Deployment
uses: lockerstock/github-actions/deployment-status@main
if: failure()
with:
token: ${{ secrets.GITHUB_TOKEN }}
deployment_id: ${{ steps.deployment.outputs.deployment_id }}
step: finish
environment: ${{ steps.docker.outputs.environment }}
deploy:
name: Deploy Helm Chart
runs-on:
- self-hosted
- k8s
- ${{ needs.push_docker_image.outputs.environment }}
needs:
- push_docker_image
permissions:
contents: write
id-token: write
deployments: write
packages: read
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Helm deploy
id: deploy
uses: lockerstock/github-actions/deploy-helm@main
with:
token: ${{ secrets.GHA_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
actor: ${{ secrets.GHA_ACCESS_USER }}
image_tag: ${{ needs.push_docker_image.outputs.image_tag }}
chart_path: ${{ inputs.chart_path }}
- name: Finish Deployment
uses: lockerstock/github-actions/deployment-status@main
if: always()
with:
token: ${{ secrets.GITHUB_TOKEN }}
deployment_id: ${{ needs.push_docker_image.outputs.deployment_id }}
step: finish
env_url: https://${{ steps.deploy.outputs.hostname }}
environment: ${{ steps.deploy.outputs.environment }}
auto_inactive: true