kimjunte/juntekim.com
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 13
juntekim.com/.github/workflows/stripe-to-invoice.yml
Jun-te Kim 2e714534b9 env variable
2026-01-22 23:19:41 +00:00

334 lines
12 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: Build & Deploy stripe-to-invoice (with DB secrets + migrations)
on:
push:
branches:
- main
- feature/**
- release/**
tags:
- "*"
workflow_dispatch:
jobs:
# --------------------------------------------------
# BUILD IMAGE
# --------------------------------------------------
build:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Inject slug variables
uses: rlespinasse/github-slug-action@v4
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build & push image
uses: docker/build-push-action@v6
with:
context: .
file: stripe_to_invoice/deployment/Dockerfile
push: true
tags: docker.io/kimjunte/stripe_to_invoice:${{ env.GITHUB_REF_SLUG }}
# --------------------------------------------------
# DEPLOY POSTGRES (DEV / PROD)
# --------------------------------------------------
deploy-db:
name: Deploy Postgres (PV + PVC + Deployment)
runs-on: mealcraft-runners
needs: build
steps:
- uses: actions/checkout@v4
- name: Install kubectl
run: |
sudo apt-get update
sudo apt-get install -y curl ca-certificates gettext
curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo install -m 0755 kubectl /usr/local/bin/kubectl
- name: Configure kubeconfig (in-cluster)
run: |
KUBE_HOST="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT"
SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
kubectl config set-cluster microk8s --server="$KUBE_HOST" --certificate-authority="$CA_CERT"
kubectl config set-credentials runner --token="$SA_TOKEN"
kubectl config set-context runner-context --cluster=microk8s --user=runner
kubectl config use-context runner-context
- name: Decide environment
run: |
if [[ "$GITHUB_REF" == refs/heads/release/* || "$GITHUB_REF" == refs/tags/* ]]; then
echo "ENV=prod" >> $GITHUB_ENV
echo "NAMESPACE=default" >> $GITHUB_ENV
echo "PG_VOLUME=stripe_invoice_prod" >> $GITHUB_ENV
else
echo "ENV=dev" >> $GITHUB_ENV
echo "NAMESPACE=dev" >> $GITHUB_ENV
echo "PG_VOLUME=stripe_invoice_dev" >> $GITHUB_ENV
fi
- name: Apply Postgres manifests
run: |
export ENV NAMESPACE PG_VOLUME
envsubst < db/k8s/postgres/stripe-to-invoice-db.yaml | kubectl apply -f -
# --------------------------------------------------
# APPLY DB + APP SECRETS
# --------------------------------------------------
secrets:
name: Apply runtime secrets
runs-on: mealcraft-runners
needs: deploy-db
steps:
- uses: actions/checkout@v4
# 🔧 MINIMAL FIX (ENV bootstrap)
- name: Decide environment (from ref)
run: |
if [[ "$GITHUB_REF" == refs/heads/release/* || "$GITHUB_REF" == refs/tags/* ]]; then
echo "ENV=prod" >> $GITHUB_ENV
else
echo "ENV=dev" >> $GITHUB_ENV
fi
- name: Install kubectl
run: |
sudo apt-get update
sudo apt-get install -y curl ca-certificates gettext
curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo install -m 0755 kubectl /usr/local/bin/kubectl
- name: Configure kubeconfig (in-cluster)
run: |
KUBE_HOST="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT"
SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
kubectl config set-cluster microk8s --server="$KUBE_HOST" --certificate-authority="$CA_CERT"
kubectl config set-credentials runner --token="$SA_TOKEN"
kubectl config set-context runner-context --cluster=microk8s --user=runner
kubectl config use-context runner-context
- name: Decide environment
run: |
if [[ "$ENV" == "prod" ]]; then
echo "POSTGRES_HOST=postgres-prod.default.svc.cluster.local" >> $GITHUB_ENV
echo "POSTGRES_DB=stripe_invoice" >> $GITHUB_ENV
echo "RUNTIME_SECRET=postgres-prod" >> $GITHUB_ENV
echo "NAMESPACE=default" >> $GITHUB_ENV
else
echo "POSTGRES_HOST=postgres-dev.dev.svc.cluster.local" >> $GITHUB_ENV
echo "POSTGRES_DB=stripe_invoice" >> $GITHUB_ENV
echo "RUNTIME_SECRET=postgres-dev" >> $GITHUB_ENV
echo "NAMESPACE=dev" >> $GITHUB_ENV
fi
- name: Apply DB secret
run: |
set -a
source db/.env
set +a
if [[ "$ENV" == "prod" ]]; then
USER="$PROD_POSTGRES_USER"
PASS="$PROD_POSTGRES_PASSWORD"
else
USER="$DEV_POSTGRES_USER"
PASS="$DEV_POSTGRES_PASSWORD"
fi
DATABASE_URL="postgres://${USER}:${PASS}@${POSTGRES_HOST}:5432/${POSTGRES_DB}?sslmode=disable"
kubectl create secret generic "$RUNTIME_SECRET" \
--namespace "$NAMESPACE" \
--from-literal=POSTGRES_USER="$USER" \
--from-literal=POSTGRES_PASSWORD="$PASS" \
--from-literal=POSTGRES_DB="$POSTGRES_DB" \
--from-literal=DATABASE_URL="$DATABASE_URL" \
--dry-run=client -o yaml | kubectl apply -f -
- name: Apply app secrets
run: |
set -e
set -a
source stripe_to_invoice/deployment/secrets/.env
set +a
if [[ "$ENV" == "prod" ]]; then
STRIPE_SECRET_KEY="$PROD_STRIPE_SECRET_KEY"
STRIPE_CLIENT_ID="$PROD_STRIPE_CLIENT_ID"
STRIPE_REDIRECT_URI="$PROD_STRIPE_REDIRECT_URI"
APP_URL="$PROD_APP_URL"
XERO_CLIENT_ID="$PROD_XERO_CLIENT_ID"
XERO_CLIENT_SECRET="$PROD_XERO_SECRET_KEY"
XERO_REDIRECT_URI="$PROD_XERO_REDIRECT_URI"
AWS_REGION="$PROD_AWS_REGION"
STRIPE_WEBHOOK_SECRET="$PROD_STRIPE_WEBHOOK_SECRET"
SES_FROM_EMAIL="$PROD_SES_FROM_EMAIL"
else
STRIPE_SECRET_KEY="$DEV_STRIPE_SECRET_KEY"
STRIPE_CLIENT_ID="$DEV_STRIPE_CLIENT_ID"
STRIPE_REDIRECT_URI="$DEV_STRIPE_REDIRECT_URI"
APP_URL="$DEV_APP_URL"
XERO_CLIENT_ID="$DEV_XERO_CLIENT_ID"
XERO_CLIENT_SECRET="$DEV_XERO_SECRET_KEY"
XERO_REDIRECT_URI="$DEV_XERO_REDIRECT_URI"
AWS_REGION="$DEV_AWS_REGION"
STRIPE_WEBHOOK_SECRET="$DEV_STRIPE_WEBHOOK_SECRET"
SES_FROM_EMAIL="$DEV_SES_FROM_EMAIL"
fi
export \
STRIPE_SECRET_KEY \
STRIPE_CLIENT_ID \
STRIPE_REDIRECT_URI \
APP_URL \
XERO_CLIENT_ID \
XERO_CLIENT_SECRET \
XERO_REDIRECT_URI \
AWS_REGION \
STRIPE_WEBHOOK_SECRET \
SES_FROM_EMAIL \
NAMESPACE
envsubst < stripe_to_invoice/deployment/secrets/stripe-secrets.yaml | kubectl apply -f -
# --------------------------------------------------
# RUN ATLAS MIGRATIONS
# --------------------------------------------------
migrate:
name: Run DB migrations (Atlas)
runs-on: mealcraft-runners
needs: secrets
steps:
- uses: actions/checkout@v4
# 🔧 MINIMAL FIX (ENV bootstrap)
- name: Decide environment (from ref)
run: |
if [[ "$GITHUB_REF" == refs/heads/release/* || "$GITHUB_REF" == refs/tags/* ]]; then
echo "ENV=prod" >> $GITHUB_ENV
else
echo "ENV=dev" >> $GITHUB_ENV
fi
- name: Install Atlas
uses: ariga/setup-atlas@v0
- name: Install kubectl
run: |
sudo apt-get update
sudo apt-get install -y curl ca-certificates gettext
curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo install -m 0755 kubectl /usr/local/bin/kubectl
- name: Configure kubeconfig (in-cluster)
run: |
KUBE_HOST="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT"
SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
kubectl config set-cluster microk8s --server="$KUBE_HOST" --certificate-authority="$CA_CERT"
kubectl config set-credentials runner --token="$SA_TOKEN"
kubectl config set-context runner-context --cluster=microk8s --user=runner
kubectl config use-context runner-context
- name: Decide environment
run: |
if [[ "$ENV" == "prod" ]]; then
echo "SECRET=postgres-prod" >> $GITHUB_ENV
echo "NAMESPACE=default" >> $GITHUB_ENV
else
echo "SECRET=postgres-dev" >> $GITHUB_ENV
echo "NAMESPACE=dev" >> $GITHUB_ENV
fi
- name: Run migrations (DEBUG FULL DATABASE_URL)
run: |
DATABASE_URL=$(kubectl get secret "$SECRET" \
-n "$NAMESPACE" \
-o jsonpath='{.data.DATABASE_URL}' | base64 -d)
echo "DATABASE_URL (FULL DEBUG — REMOVE AFTER):"
echo "$DATABASE_URL"
atlas migrate apply \
--dir file://db/atlas/stripe_invoice/migrations \
--url "$DATABASE_URL"
# --------------------------------------------------
# DEPLOY APPLICATION
# --------------------------------------------------
deploy:
runs-on: mealcraft-runners
needs:
- build
- secrets
- migrate
steps:
- uses: actions/checkout@v4
# 🔧 MINIMAL FIX (ENV bootstrap)
- name: Decide environment (from ref)
run: |
if [[ "$GITHUB_REF" == refs/heads/release/* || "$GITHUB_REF" == refs/tags/* ]]; then
echo "ENV=prod" >> $GITHUB_ENV
else
echo "ENV=dev" >> $GITHUB_ENV
fi
- name: Install kubectl
run: |
sudo apt-get update
sudo apt-get install -y curl ca-certificates gettext
curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo install -m 0755 kubectl /usr/local/bin/kubectl
- name: Configure kubeconfig (in-cluster)
run: |
KUBE_HOST="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT"
SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
kubectl config set-cluster microk8s --server="$KUBE_HOST" --certificate-authority="$CA_CERT"
kubectl config set-credentials runner --token="$SA_TOKEN"
kubectl config set-context runner-context --cluster=microk8s --user=runner
kubectl config use-context runner-context
- name: Inject slug variables
uses: rlespinasse/github-slug-action@v4
- name: Decide environment
run: |
if [[ "$ENV" == "prod" ]]; then
echo "NAMESPACE=default" >> $GITHUB_ENV
echo "DB_ENV=prod" >> $GITHUB_ENV
echo "HOSTNAME=stripe-to-invoice.juntekim.com" >> $GITHUB_ENV
else
echo "NAMESPACE=dev" >> $GITHUB_ENV
echo "DB_ENV=dev" >> $GITHUB_ENV
echo "HOSTNAME=stripe-to-invoice.dev.juntekim.com" >> $GITHUB_ENV
fi
- name: Deploy application
run: |
export IMAGE="docker.io/kimjunte/stripe_to_invoice:$GITHUB_REF_SLUG"
export NAMESPACE DB_ENV HOSTNAME
envsubst < stripe_to_invoice/deployment/deployment.yaml | kubectl apply -f -
Reference in a new issue View git blame Copy permalink