-
Notifications
You must be signed in to change notification settings - Fork 5
114 lines (99 loc) · 4.23 KB
/
deploy-to-kubernetes.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
name: Deploy images to k8s
permissions:
id-token: write
contents: read
on:
push:
branches:
- 'main'
- 'staging'
paths:
- 'app/**'
- 'api/**'
- 'webshot/**'
- '.github/**'
workflow_dispatch:
jobs:
wait_for_docker_images:
name: Wait for docker images to be deployed
runs-on: ubuntu-22.04
steps:
- name: Wait for API image to be pushed to Docker Hub
uses: fountainhead/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
checkName: Push API Docker image to Azure Container Registry
ref: ${{ github.event.pull_request.head.sha || github.sha }}
intervalSeconds: 30
- name: Wait for Geoprocessing image to be pushed to Docker Hub
uses: fountainhead/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
checkName: Push Geoprocessing Docker image to Azure Container Registry
ref: ${{ github.event.pull_request.head.sha || github.sha }}
intervalSeconds: 30
- name: Wait for Client image to be pushed to Docker Hub
uses: fountainhead/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
checkName: Push Client Docker image to Docker Hub
ref: ${{ github.event.pull_request.head.sha || github.sha }}
intervalSeconds: 30
- name: Wait for Webshot image to be pushed to Docker Hub
uses: fountainhead/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
checkName: Push Webshot Docker image to Azure Container Registry
ref: ${{ github.event.pull_request.head.sha || github.sha }}
intervalSeconds: 30
deploy_images_to_kubernetes:
name: Deploy updated Docker image to Kubernetes
needs: wait_for_docker_images
runs-on: ubuntu-22.04
steps:
- name: Check out the repo
uses: actions/checkout@v3
- name: Login via Azure CLI
uses: azure/login@v1
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
- name: Configure SSH access to the bastion host
run: |
mkdir -p ~/.ssh/
echo "$SSH_KEY" > ~/.ssh/bastion.key
chmod 600 ~/.ssh/bastion.key
env:
SSH_KEY: ${{ secrets.BASTION_SSH_PRIVATE_KEY }}
- name: Add custom host data
run: |
sudo sh -c 'echo "127.0.0.1 ${{ secrets.AZURE_AKS_HOST }}" >> /etc/hosts'
- name: Install kubectl
run: |
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
sudo apt-get install -y kubectl
- name: Config kubectl
run: |
mkdir ~/.kube
az aks get-credentials --resource-group ${{ secrets.AZURE_RESOURCE_GROUP }} --name ${{ secrets.AZURE_AKS_CLUSTER_NAME }}
sed -i 's/\([[:alnum:]]\+\?.privatelink.[[:alnum:]]\+\?.azmk8s.io\):443/\1:4433/g' ~/.kube/config
- name: Creating SSH tunnel
run: |
ssh -i ~/.ssh/bastion.key -o StrictHostKeyChecking=no -N -L 4433:${{ secrets.AZURE_AKS_HOST }}:443 ${{ secrets.BASTION_USER }}@${{ secrets.BASTION_HOST }} -T &
- name: Redeploy production pods
if: ${{ github.ref == 'refs/heads/main' }}
run: |
kubectl rollout restart deployment api -n production
kubectl rollout restart deployment client -n production
kubectl rollout restart deployment geoprocessing -n production
kubectl rollout restart deployment webshot -n production
- name: Redeploy staging pods
if: ${{ github.ref == 'refs/heads/staging' }}
run: |
kubectl rollout restart deployment api -n staging
kubectl rollout restart deployment client -n staging
kubectl rollout restart deployment geoprocessing -n staging
kubectl rollout restart deployment webshot -n staging