kimjunte/juntekim.com
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 13

Merge pull request #32 from MealCraft/feature/stripe

Browse source 
Feature/stripe
This commit is contained in:
Jun-te Kim 2026-01-21 22:37:26 +00:00 committed by GitHub
commit b9ab2c8494
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 170 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

82
.github/workflows/stripe-to-invoice.yml vendored
View file

@ -40,13 +40,67 @@ jobs:
push: true
tags: docker.io/kimjunte/stripe_to_invoice:${{ env.GITHUB_REF_SLUG }}
# --------------------------------------------------
# DEPLOY POSTGRES (DEV + PROD)
# --------------------------------------------------
deploy-db:
name: Deploy Postgres (PV + PVC + Deployment)
runs-on: mealcraft-runners
needs: build
steps:
- uses: actions/checkout@v4
- name: Install kubectl
run: |
sudo apt-get update
sudo apt-get install -y curl ca-certificates gettext
curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo install -m 0755 kubectl /usr/local/bin/kubectl
- name: Configure kubeconfig (in-cluster)
run: |
KUBE_HOST="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT"
SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
kubectl config set-cluster microk8s \
--server="$KUBE_HOST" \
--certificate-authority="$CA_CERT"
kubectl config set-credentials runner --token="$SA_TOKEN"
kubectl config set-context runner-context \
--cluster=microk8s \
--user=runner
kubectl config use-context runner-context
- name: Decide environment
run: |
if [[ "$GITHUB_REF" == refs/heads/main || "$GITHUB_REF" == refs/tags/* || "$GITHUB_REF" == refs/heads/release/* ]]; then
echo "ENV=prod" >> $GITHUB_ENV
echo "NAMESPACE=default" >> $GITHUB_ENV
echo "PG_VOLUME=stripe_invoice_prod" >> $GITHUB_ENV
else
echo "ENV=dev" >> $GITHUB_ENV
echo "NAMESPACE=dev" >> $GITHUB_ENV
echo "PG_VOLUME=stripe_invoice_dev" >> $GITHUB_ENV
fi
- name: Apply Postgres manifests
run: |
export ENV NAMESPACE PG_VOLUME
envsubst < db/k8s/postgres/stripe-to-invoice-db.yaml | kubectl apply -f -
# --------------------------------------------------
# APPLY DB + APP SECRETS
# --------------------------------------------------
secrets:
name: Apply runtime secrets
runs-on: mealcraft-runners
needs: build
needs: deploy-db
steps:
- uses: actions/checkout@v4
@ -101,18 +155,24 @@ jobs:
if [[ "$ENV" == "prod" ]]; then
USER="$PROD_POSTGRES_USER"
PASS="$PROD_POSTGRES_PASSWORD"
RUNTIME_SECRET=postgres-prod
else
USER="$DEV_POSTGRES_USER"
PASS="$DEV_POSTGRES_PASSWORD"
RUNTIME_SECRET=postgres-dev
fi
DATABASE_URL="postgres://${USER}:${PASS}@${POSTGRES_HOST}:5432/${POSTGRES_DB}?sslmode=disable"
kubectl create secret generic $RUNTIME_SECRET \
--namespace $NAMESPACE \
--from-literal=POSTGRES_USER="$USER" \
--from-literal=POSTGRES_PASSWORD="$PASS" \
--from-literal=POSTGRES_DB="$POSTGRES_DB" \
--from-literal=DATABASE_URL="$DATABASE_URL" \
--dry-run=client -o yaml | kubectl apply -f -
- name: Apply app secrets
run: |
set -e
@ -181,6 +241,11 @@ jobs:
- name: Install Atlas
uses: ariga/setup-atlas@v0
- name: Install netcat
run: |
sudo apt-get update
sudo apt-get install -y netcat-openbsd
- name: Decide environment
run: |
if [[ "$GITHUB_REF" == refs/heads/main || "$GITHUB_REF" == refs/tags/* || "$GITHUB_REF" == refs/heads/release/* ]]; then
@ -193,6 +258,21 @@ jobs:
echo "POSTGRES_DB=stripe_invoice" >> $GITHUB_ENV
fi
- name: Wait for Postgres TCP
run: |
set -e
for i in {1..30}; do
if nc -z "$POSTGRES_HOST" 5432; then
echo "Postgres is accepting connections"
exit 0
fi
echo "Waiting for Postgres ($i/30)..."
sleep 5
done
echo "Postgres never became ready"
exit 1
- name: Run migrations
run: |
set -e

88
db/k8s/postgres/stripe-to-invoice-db.yaml Normal file
View file

@ -0,0 +1,88 @@
# --------------------------------------------------
# PersistentVolume (hostPath on mist)
# --------------------------------------------------
apiVersion: v1
kind: PersistentVolume
metadata:
name: postgres-${ENV}-pv
spec:
capacity:
storage: 20Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: local-storage
hostPath:
path: /home/kimjunte/k8s_storage/postgres/${PG_VOLUME}
---
# --------------------------------------------------
# PersistentVolumeClaim
# --------------------------------------------------
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-${ENV}-pvc
namespace: ${NAMESPACE}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
storageClassName: local-storage
---
# --------------------------------------------------
# PostgreSQL Deployment
# --------------------------------------------------
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres-${ENV}
namespace: ${NAMESPACE}
spec:
replicas: 1
selector:
matchLabels:
app: postgres
env: ${ENV}
template:
metadata:
labels:
app: postgres
env: ${ENV}
spec:
containers:
- name: postgres
image: postgres:16
ports:
- containerPort: 5432
envFrom:
- secretRef:
name: postgres-${ENV}
volumeMounts:
- name: postgres-data
mountPath: /var/lib/postgresql/data
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: postgres-${ENV}-pvc
---
# --------------------------------------------------
# PostgreSQL Service (internal)
# --------------------------------------------------
apiVersion: v1
kind: Service
metadata:
name: postgres-${ENV}
namespace: ${NAMESPACE}
spec:
type: ClusterIP
selector:
app: postgres
env: ${ENV}
ports:
- port: 5432
targetPort: 5432

1
stripe_to_invoice/deployment/secrets/stripe-secrets.yaml
View file

@ -17,3 +17,4 @@ stringData:
XERO_CLIENT_SECRET: ${XERO_CLIENT_SECRET}
XERO_REDIRECT_URI: ${XERO_REDIRECT_URI}
STRIPE_WEBHOOK_SECRET: ${STRIPE_WEBHOOK_SECRET}