88 lines
No EOL
2.6 KiB
YAML
88 lines
No EOL
2.6 KiB
YAML
name: Deploy DB Infrastructure
|
||
|
||
on:
|
||
push:
|
||
branches:
|
||
- main
|
||
|
||
jobs:
|
||
deploy:
|
||
runs-on: mealcraft-runners
|
||
|
||
steps:
|
||
- name: Checkout repo
|
||
uses: actions/checkout@v4
|
||
|
||
# Install kubectl
|
||
- name: Install kubectl
|
||
run: |
|
||
sudo apt-get update
|
||
sudo apt-get install -y curl ca-certificates
|
||
curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
|
||
sudo install -m 0755 kubectl /usr/local/bin/kubectl
|
||
|
||
# Configure kubeconfig (ARC in-cluster)
|
||
- name: Configure kubeconfig
|
||
run: |
|
||
KUBE_HOST="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT"
|
||
SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
|
||
CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
||
NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
|
||
|
||
kubectl config set-cluster microk8s \
|
||
--server="$KUBE_HOST" \
|
||
--certificate-authority="$CA_CERT"
|
||
|
||
kubectl config set-credentials runner \
|
||
--token="$SA_TOKEN"
|
||
|
||
kubectl config set-context runner-context \
|
||
--cluster=microk8s \
|
||
--user=runner \
|
||
--namespace="$NAMESPACE"
|
||
|
||
kubectl config use-context runner-context
|
||
|
||
# 1️⃣ Secrets
|
||
- name: Apply DB secrets
|
||
run: |
|
||
kubectl apply -f db/k8s/secrets/
|
||
|
||
# 2️⃣ PostgreSQL
|
||
- name: Deploy Postgres
|
||
run: |
|
||
kubectl apply -f db/k8s/postgres/
|
||
|
||
# 3️⃣ Backups (CronJob)
|
||
- name: Deploy Postgres backups
|
||
run: |
|
||
kubectl apply -f db/k8s/backups/
|
||
|
||
migrate:
|
||
runs-on: mealcraft-runners
|
||
needs: deploy
|
||
|
||
steps:
|
||
- name: Checkout repo
|
||
uses: actions/checkout@v4
|
||
|
||
# Install Atlas
|
||
- name: Install Atlas CLI
|
||
run: |
|
||
curl -sSf https://atlasgo.sh | sh
|
||
|
||
# Load DB creds from Kubernetes secret
|
||
- name: Load Postgres credentials
|
||
run: |
|
||
export POSTGRES_USER=$(kubectl get secret postgres-secret -o jsonpath='{.data.POSTGRES_USER}' | base64 -d)
|
||
export POSTGRES_PASSWORD=$(kubectl get secret postgres-secret -o jsonpath='{.data.POSTGRES_PASSWORD}' | base64 -d)
|
||
|
||
echo "POSTGRES_USER=$POSTGRES_USER" >> $GITHUB_ENV
|
||
echo "POSTGRES_PASSWORD=$POSTGRES_PASSWORD" >> $GITHUB_ENV
|
||
|
||
# Run Atlas migrations (DEV only)
|
||
- name: Run Atlas migrations (dev)
|
||
run: |
|
||
atlas migrate apply \
|
||
--env stripe_invoice_dev
|
||
|