-
-
Notifications
You must be signed in to change notification settings - Fork 27
158 lines (149 loc) · 5.95 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
name: "Deployement"
on:
workflow_call:
inputs:
ghEnvironmentName:
required: true
type: string
description: "The name of the environment on Github to deploy to (e.g. staging, production, previews)"
friendlyEnvironmentName:
required: false
type: string
description: "The name of the environment as friendly named to deploy to (e.g. staging, production, pr-123)"
kubeNamespace:
required: true
type: string
description: "The name of the Kubernetes namespace to deploy to (e.g. staging, production, previews)"
imageTag:
required: true
description: "The docker image tag to deploy"
type: string
secrets:
TF_WORKSPACE:
required: true
description: "Terraform workspace"
TERRAFORM_AWS_ACCESS_KEY_ID:
required: true
description: "AWS access key id"
TERRAFORM_AWS_SECRET_ACCESS_KEY:
required: true
description: "AWS secret access key"
permissions:
contents: read
jobs:
detect_stack:
name: "detect stack"
runs-on: ubuntu-latest
permissions:
pull-requests: read
contents: read
outputs:
stacks: ${{ steps.detected_stack.outputs.stacks }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Expose stack to deploy
uses: actions/github-script@v7
id: detected_stack
with:
script: |
let stacks = [];
if (context.eventName == 'release' && context.payload.action == 'released') {
stacks = ['pre-cluster', 'cluster'];
}
if (context.eventName == 'push' && context.ref == 'refs/heads/main' ) {
} else {
stacks.push('apps');
}
console.log(`Stack to deploy: ${stacks}`);
core.setOutput('stacks', stacks);
terraform:
name: "${{ matrix.stack }} on ${{ inputs.friendlyEnvironmentName }}"
runs-on: ubuntu-latest
needs: [detect_stack]
environment:
name: ${{ inputs.ghEnvironmentName }}
url: ${{ steps.envurl.outputs.urlWithProtocol }}
strategy:
matrix:
stack: ${{ fromJson(needs.detect_stack.outputs.stacks) }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.TERRAFORM_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TERRAFORM_AWS_SECRET_ACCESS_KEY }}
KUBE_CONFIG_PATH: ~/.kube/config
# Use the Bash shell regardless whether the GitHub Actions runner is
# ubuntu-latest, macos-latest, or windows-latest
defaults:
run:
shell: bash
working-directory: "deploy/stacks/${{ matrix.stack }}"
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v4
# Configure the kube config
- env:
KUBECONFIG_ADMIN: ${{ secrets.KUBECONFIG_ADMIN }}
run: mkdir -p ~/.kube && echo "$KUBECONFIG_ADMIN" >> ~/.kube/config
# Generate the url of the environment
- name: Generate url of the environment
id: envurl
uses: actions/github-script@v7
if: matrix.stack == 'apps'
with:
script: |
const eventName = context.eventName;
const event = context.payload;
let url = '';
if (eventName == 'pull_request') {
url = `pr-${context.payload.pull_request.number}.previews.s42.dev`;
} else if (eventName == 'release' && context.payload.action == 'released') {
url = 's42.app';
} else {
console.log(`No configuration (fallback to staging) for this event: ${eventName} | context.payload: ${JSON.stringify(context.payload)}`)
url = 'next.s42.app';
}
core.setOutput('url', url);
core.setOutput('urlWithProtocol', `https://${url}`);
# Install the latest version of Terraform CLI and configure the
# Terraform CLI configuration file with a Terraform Cloud user API token
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
# Force the version due to crash on latest
# https://github.com/hashicorp/terraform/issues/32200
terraform_version: "1.3.3"
# Initialize a new or existing Terraform working directory by creating
# initial files, loading any remote state, downloading modules, etc.
- name: Terraform Init
id: init
run: terraform init -input=false
# On push to main, build or change infrastructure according
# to Terraform configuration files
- name: Terraform Apply
id: apply
env:
TF_WORKSPACE: ${{ secrets.TF_WORKSPACE }}
# TF VARS
TF_VAR_namespace: ${{ inputs.kubeNamespace }}
TF_VAR_appsVersion: '{"s42"="${{ inputs.imageTag }}"}'
TF_VAR_baseUrl: ${{ steps.envurl.outputs.url }}
TF_VAR_webhooksEnabled: ${{ inputs.kubeNamespace == 'production' }}
TF_VAR_crawlerEnabled: ${{ inputs.kubeNamespace == 'production' }}
TF_VAR_hasPersistentStorage: ${{ contains(fromJson('["production", "staging"]'), inputs.kubeNamespace) }}
run: terraform apply -auto-approve -input=false
# Update discord channel version information after all jobs are done
# under production environment.
update_discord_channel:
name: "update discord channel"
runs-on: ubuntu-latest
needs: [terraform]
if: ${{ inputs.kubeNamespace == 'production' }}
steps:
- name: Update Discord channel
run: |
curl --request PATCH \
--url https://discord.com/api/v9/channels/954496570362044466 \
--header 'Authorization: Bot ${{ secrets.DISCORD_BOT_TOKEN }}' \
--header 'Content-Type: application/json' \
--data '{"name": "🔖 ${{ github.event.release.tag_name }}+beta"}'