Skip to content

Commit

Permalink
ci: updated to v2 deploy; added packages read token
Browse files Browse the repository at this point in the history
  • Loading branch information
@niquerio
niquerio committed Jun 14, 2022
1 parent b2576e4 commit 3508a71
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 18 deletions.
9 changes: 5 additions & 4 deletions .github/workflows/build-main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,15 +27,16 @@ jobs:
context: .
file: Dockerfile.prod
push: true
secrets: |
"gh_package_read_token=${{ secrets.GH_PACKAGE_READ_TOKEN }}"
tags: |
ghcr.io/mlibrary/${{ secrets.IMAGE_NAME }}:latest
ghcr.io/mlibrary/${{ secrets.IMAGE_NAME }}:${{ github.sha }}
- name: Deploy to testing
uses: mlibrary/deploy-to-kubernetes@v1
uses: mlibrary/deploy-to-kubernetes@v2
with:
github_username: ${{ github.actor }}
github_token: ${{ secrets.GITHUB_TOKEN }}
image: mlibrary/${{ secrets.IMAGE_NAME }}:${{ github.sha }}
registry_token: ${{ secrets.GITHUB_TOKEN }}
image: ghcr.io/mlibrary/${{ secrets.IMAGE_NAME }}:${{ github.sha }}
cluster_ca: ${{ secrets.HATCHER_CLUSTER_CA }}
cluster_server: https://hatcher.kubernetes.lib.umich.edu
namespace_token: ${{ secrets.HATCHER_TOKEN }}
Expand Down
7 changes: 3 additions & 4 deletions .github/workflows/manual-deploy-production.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,10 @@ jobs:
push: true
tags: ghcr.io/mlibrary/${{ secrets.IMAGE_NAME }}:${{steps.tag_check.outputs.tag}}
- name: Deploy to ${{ env.environment }}
uses: mlibrary/deploy-to-kubernetes@v1
uses: mlibrary/deploy-to-kubernetes@v2
with:
github_username: ${{ github.actor }}
github_token: ${{ secrets.GITHUB_TOKEN }}
image: mlibrary/${{ secrets.IMAGE_NAME }}:${{ steps.tag_check.outputs.tag }}
registry_token: ${{ secrets.GITHUB_TOKEN }}
image: ghcr.io/mlibrary/${{ secrets.IMAGE_NAME }}:${{ github.sha }}
cluster_ca: ${{ secrets.HATCHER_CLUSTER_CA }}
cluster_server: https://hatcher.kubernetes.lib.umich.edu
namespace_token: ${{ secrets.HATCHER_TOKEN }}
Expand Down
9 changes: 5 additions & 4 deletions .github/workflows/manual-deploy-testing.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,13 +59,14 @@ jobs:
context: .
file: Dockerfile.prod
push: true
secrets: |
"gh_package_read_token=${{ secrets.GH_PACKAGE_READ_TOKEN }}"
tags: ghcr.io/mlibrary/${{ secrets.IMAGE_NAME }}:${{steps.tag_check.outputs.tag}}
- name: Deploy to ${{ env.environment }}
uses: mlibrary/deploy-to-kubernetes@v1
uses: mlibrary/deploy-to-kubernetes@v2
with:
github_username: ${{ github.actor }}
github_token: ${{ secrets.GITHUB_TOKEN }}
image: mlibrary/${{ secrets.IMAGE_NAME }}:${{ steps.tag_check.outputs.tag }}
registry_token: ${{ secrets.GITHUB_TOKEN }}
image: ghcr.io/mlibrary/${{ secrets.IMAGE_NAME }}:${{ github.sha }}
cluster_ca: ${{ secrets.HATCHER_CLUSTER_CA }}
cluster_server: https://hatcher.kubernetes.lib.umich.edu
namespace_token: ${{ secrets.HATCHER_TOKEN }}
Expand Down
7 changes: 3 additions & 4 deletions .github/workflows/tag-release.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,11 +33,10 @@ jobs:
docker push $PROD_IMAGE_ID:${{ env.TAG }}
docker push $PROD_IMAGE_ID:latest
- name: Deploy to production
uses: mlibrary/deploy-to-kubernetes@v1
uses: mlibrary/deploy-to-kubernetes@v2
with:
github_username: ${{ github.actor }}
github_token: ${{ secrets.GITHUB_TOKEN }}
image: mlibrary/${{ secrets.IMAGE_NAME }}:${{ env.TAG }}
registry_token: ${{ secrets.GITHUB_TOKEN }}
image: ghcr.io/mlibrary/${{ secrets.IMAGE_NAME }}:${{ github.sha }}
cluster_ca: ${{ secrets.HATCHER_CLUSTER_CA }}
cluster_server: https://hatcher.kubernetes.lib.umich.edu
namespace_token: ${{ secrets.HATCHER_TOKEN }}
Expand Down
7 changes: 5 additions & 2 deletions Dockerfile.prod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,16 @@ RUN mkdir -p /gems && chown ${UID}:${GID} /gems


COPY --chown=${UID}:${GID} . /app
USER $UNAME

ENV BUNDLE_PATH /gems
ENV BUNDLE_WITHOUT development:test

WORKDIR /app

RUN bundle _${BUNDLER_VERSION}_ install
RUN --mount=type=secret,id=gh_package_read_token \
read_token="$(cat /run/secrets/gh_package_read_token)" \
&& BUNDLE_RUBYGEMS__PKG__GITHUB__COM=${read_token} bundle _${BUNDLER_VERSION}_ install

USER $UNAME

CMD ["bundle", "exec", "ruby", "alma_webhook.rb", "-o", "0.0.0.0"]

0 comments on commit 3508a71

Please sign in to comment.