diff --git a/.github/workflows/stripe-to-invoice.yml b/.github/workflows/stripe-to-invoice.yml index a6debbf..6e77844 100644 --- a/.github/workflows/stripe-to-invoice.yml +++ b/.github/workflows/stripe-to-invoice.yml @@ -1,4 +1,4 @@ -name: Build & Deploy stripe-to-invoice (with DB secrets) +name: Build & Deploy stripe-to-invoice (with DB secrets + migrations) on: push: @@ -41,10 +41,10 @@ jobs: tags: docker.io/kimjunte/stripe_to_invoice:${{ env.GITHUB_REF_SLUG }} # -------------------------------------------------- - # APPLY DB SECRETS + # APPLY DB + APP SECRETS # -------------------------------------------------- secrets: - name: Apply runtime DB secret + name: Apply runtime secrets runs-on: mealcraft-runners needs: build @@ -92,7 +92,7 @@ jobs: echo "POSTGRES_DB=stripe_invoice" >> $GITHUB_ENV fi - - name: Load DB creds from db/.env and apply secret + - name: Apply DB secret run: | set -a source db/.env @@ -112,8 +112,8 @@ jobs: --namespace $NAMESPACE \ --from-literal=DATABASE_URL="$DATABASE_URL" \ --dry-run=client -o yaml | kubectl apply -f - - - - name: Apply Next env/secrets + + - name: Apply app secrets run: | set -e set -a @@ -123,45 +123,78 @@ jobs: if [[ "$ENV" == "prod" ]]; then STRIPE_SECRET_KEY="$PROD_STRIPE_SECRET_KEY" STRIPE_CLIENT_ID="$PROD_STRIPE_CLIENT_ID" - APP_URL=$PROD_APP_URL - AWS_REGION=$PROD_AWS_REGION - AWS_ACCESS_KEY_ID=$PROD_AWS_ACCESS_KEY_ID - AWS_SECRET_ACCESS_KEY=$PROD_AWS_SECRET_ACCESS_KEY - SES_FROM_EMAIL=$PROD_SES_FROM_EMAIL - STRIPE_REDIRECT_URI=$PROD_STRIPE_REDIRECT_URI + APP_URL="$PROD_APP_URL" else STRIPE_SECRET_KEY="$DEV_STRIPE_SECRET_KEY" STRIPE_CLIENT_ID="$DEV_STRIPE_CLIENT_ID" - APP_URL=$DEV_APP_URL - AWS_REGION=$DEV_AWS_REGION - AWS_ACCESS_KEY_ID=$DEV_AWS_ACCESS_KEY_ID - AWS_SECRET_ACCESS_KEY=$DEV_AWS_SECRET_ACCESS_KEY - SES_FROM_EMAIL=$DEV_SES_FROM_EMAIL - STRIPE_REDIRECT_URI=$DEV_STRIPE_REDIRECT_URI + APP_URL="$DEV_APP_URL" fi + : "${STRIPE_SECRET_KEY:?missing STRIPE_SECRET_KEY}" : "${STRIPE_CLIENT_ID:?missing STRIPE_CLIENT_ID}" - : "${NAMESPACE:?missing NAMESPACE}" : "${APP_URL:?missing APP_URL}" - : "${AWS_REGION:?missing AWS_REGION}" - : "${AWS_ACCESS_KEY_ID:?missing AWS_ACCESS_KEY_ID}" - : "${AWS_SECRET_ACCESS_KEY:?missing AWS_SECRET_ACCESS_KEY}" - : "${SES_FROM_EMAIL:?missing SES_FROM_EMAIL}" - : "${STRIPE_REDIRECT_URI:?missing STRIPE_REDIRECT_URI}" - export STRIPE_SECRET_KEY STRIPE_CLIENT_ID NAMESPACE APP_URL AWS_REGION AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY SES_FROM_EMAIL STRIPE_REDIRECT_URI + export STRIPE_SECRET_KEY STRIPE_CLIENT_ID APP_URL NAMESPACE envsubst < stripe_to_invoice/deployment/secrets/stripe-secrets.yaml \ | kubectl apply -f - # -------------------------------------------------- - # DEPLOY APP + # RUN ATLAS MIGRATIONS + # -------------------------------------------------- + migrate: + name: Run DB migrations (Atlas) + runs-on: ubuntu-22.04 + needs: secrets + + steps: + - uses: actions/checkout@v4 + + - name: Install Atlas + uses: ariga/setup-atlas@v0 + + - name: Decide environment + run: | + if [[ "$GITHUB_REF" == refs/heads/main || "$GITHUB_REF" == refs/tags/* || "$GITHUB_REF" == refs/heads/release/* ]]; then + echo "ENV=prod" >> $GITHUB_ENV + echo "POSTGRES_HOST=postgres-prod.default.svc.cluster.local" >> $GITHUB_ENV + echo "POSTGRES_DB=stripe_invoice" >> $GITHUB_ENV + else + echo "ENV=dev" >> $GITHUB_ENV + echo "POSTGRES_HOST=postgres-dev.dev.svc.cluster.local" >> $GITHUB_ENV + echo "POSTGRES_DB=stripe_invoice" >> $GITHUB_ENV + fi + + - name: Run migrations + run: | + set -e + set -a + source db/.env + set +a + + if [[ "$ENV" == "prod" ]]; then + USER="$PROD_POSTGRES_USER" + PASS="$PROD_POSTGRES_PASSWORD" + else + USER="$DEV_POSTGRES_USER" + PASS="$DEV_POSTGRES_PASSWORD" + fi + + DATABASE_URL="postgres://${USER}:${PASS}@${POSTGRES_HOST}:5432/${POSTGRES_DB}?sslmode=disable" + + atlas migrate apply \ + --dir file://migrations \ + --url "$DATABASE_URL" + + # -------------------------------------------------- + # DEPLOY APPLICATION # -------------------------------------------------- deploy: runs-on: mealcraft-runners needs: - build - secrets + - migrate steps: - uses: actions/checkout@v4 diff --git a/db/k8s/migrations/stripe-to-invoice-dev-migrate.yaml b/db/k8s/migrations/stripe-to-invoice-dev-migrate.yaml deleted file mode 100644 index 9619e1b..0000000 --- a/db/k8s/migrations/stripe-to-invoice-dev-migrate.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# apiVersion: batch/v1 -# kind: Job -# metadata: -# name: atlas-migrate-dev -# spec: -# template: -# spec: -# restartPolicy: Never -# containers: -# - name: atlas -# image: arigaio/atlas:latest -# command: ["/atlas"] -# args: ["migrate", "apply", "--env", "stripe_invoice"] -# envFrom: -# - secretRef: -# name: postgres-secret - - - - -# # You can run this: -# # kubectl apply -f k8s/migrations/atlas-job.yaml -# # Or later from CI. - - -#doesn't work - 28/12/2025 \ No newline at end of file diff --git a/db/k8s/migrations/stripe-to-invoice-prod-migrate.yaml b/db/k8s/migrations/stripe-to-invoice-prod-migrate.yaml deleted file mode 100644 index 16aa865..0000000 --- a/db/k8s/migrations/stripe-to-invoice-prod-migrate.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# apiVersion: batch/v1 -# kind: Job -# metadata: -# name: atlas-migrate-dev -# spec: -# template: -# spec: -# restartPolicy: Never -# containers: -# - name: atlas -# image: arigaio/atlas:latest -# command: ["migrate", "apply", "--env", "stripe_invoice"] -# envFrom: -# - secretRef: -# name: postgres-secret - - - - -# # You can run this: -# # kubectl apply -f k8s/migrations/atlas-job.yaml -# # Or later from CI. - - -#doesn't work - 28/12/2025 \ No newline at end of file