-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
88 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,88 @@ | ||
| name: Deploy to Kubernetes | ||
|
|
||
| on: | ||
| push: | ||
| branches: ["development", "stable", "k8s-deploy-action"] | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| deploy: | ||
| env: | ||
| #BRANCH_NAME: ${{ github.head_ref || github.ref_name }} | ||
| BRANCH_NAME: development | ||
| REGISTRY: ghcr.io | ||
| IMAGE_NAME: ${{ github.repository }} | ||
| NAMESPACE: "gn-demo-${{ github.head_ref || github.ref_name }}" | ||
| KUBECONFIG: "${{ github.workspace }}/.kube/config" | ||
|
|
||
| runs-on: ubuntu-24.04 | ||
|
|
||
| permissions: | ||
| contents: read | ||
| packages: write | ||
| attestations: write | ||
| id-token: write | ||
|
|
||
| steps: | ||
| - name: Branch safety check | ||
| run: '[ "${{ env.BRANCH_NAME }}" = "development" ] || [ "${{ env.BRANCH_NAME }}" = "stable" ]' | ||
|
|
||
| - id: lowercase_image_name | ||
| run: echo "IMAGE_NAME_LC=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> ${GITHUB_OUTPUT} | ||
|
|
||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Log in to the Container registry | ||
| uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | ||
| with: | ||
| registry: ${{ env.REGISTRY }} | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - name: Build and push Docker image | ||
| id: push | ||
| uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 | ||
| with: | ||
| context: . | ||
| file: ./Dockerfile | ||
| push: true | ||
| tags: ${{ env.REGISTRY }}/${{ steps.lowercase_image_name.outputs.IMAGE_NAME_LC }}:${{ env.BRANCH_NAME }} | ||
|
|
||
| - name: "Write to $KUBECONFIG" | ||
| run: | | ||
| mkdir -p '${{ github.workspace }}/.kube' && umask 177 | ||
| if [ "${{ env.BRANCH_NAME }}" = "development" ]; then | ||
| printf "%s" '${{ secrets.K8S_CONFIG_DEVELOPMENT }}' > "$KUBECONFIG" | ||
| elif [ "${{ env.BRANCH_NAME }}" = "stable" ]; then | ||
| printf "%s" '${{ secrets.K8S_CONFIG_STABLE }}' > "$KUBECONFIG" | ||
| fi | ||
| - run: | | ||
| kubectl version \ | ||
| && kubectl -n ${{ env.NAMESPACE }} get pods | ||
| - name: Checkout Helm chart repo | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| repository: geosolutions-it/geonode-k8s | ||
| path: geonode-k8s | ||
|
|
||
| - name: Read Helm values from secret | ||
| working-directory: ./geonode-k8s | ||
| run: | | ||
| # HACK: GitHub secrets are limited to 48 KB, so we compress the file. | ||
| # cat custom-values.yaml | gzip | base64 -w0 | ||
| if [ "${{ env.BRANCH_NAME }}" = "development" ]; then | ||
| printf "%s" "${{ secrets.HELM_VALUES_DEVELOPMENT }}" | base64 -d | gunzip > custom-values.yaml | ||
| elif [ "${{ env.BRANCH_NAME }}" = "stable" ]; then | ||
| printf "%s" "${{ secrets.HELM_VALUES_STABLE }}" | base64 -d | gunzip > custom-values.yaml | ||
| fi | ||
| - name: Deploy to Kubernetes | ||
| working-directory: ./geonode-k8s | ||
| run: | | ||
| helm version \ | ||
| && helm list -n ${{ env.NAMESPACE }} \ | ||
| && helm dependency build --namespace ${{ env.NAMESPACE }} charts/geonode \ | ||
| && helm upgrade --cleanup-on-fail --install --namespace ${{ env.NAMESPACE }} --values custom-values.yaml gn-demo-${{ env.BRANCH_NAME }} charts/geonode |