204 lines
7.4 KiB
YAML
204 lines
7.4 KiB
YAML
name: Build & Deploy stripe-to-invoice (with DB secrets)
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- feature/**
|
|
- release/**
|
|
tags:
|
|
- "*"
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
# --------------------------------------------------
|
|
# BUILD IMAGE
|
|
# --------------------------------------------------
|
|
build:
|
|
runs-on: ubuntu-22.04
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Inject slug variables
|
|
uses: rlespinasse/github-slug-action@v4
|
|
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKER_HUB_USERNAME }}
|
|
password: ${{ secrets.DOCKER_HUB_TOKEN }}
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Build & push image
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
file: stripe_to_invoice/deployment/Dockerfile
|
|
push: true
|
|
tags: docker.io/kimjunte/stripe_to_invoice:${{ env.GITHUB_REF_SLUG }}
|
|
|
|
# --------------------------------------------------
|
|
# APPLY DB SECRETS
|
|
# --------------------------------------------------
|
|
secrets:
|
|
name: Apply runtime DB secret
|
|
runs-on: mealcraft-runners
|
|
needs: build
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Install kubectl
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install -y curl ca-certificates gettext
|
|
curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
|
|
sudo install -m 0755 kubectl /usr/local/bin/kubectl
|
|
|
|
- name: Configure kubeconfig (in-cluster)
|
|
run: |
|
|
KUBE_HOST="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT"
|
|
SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
|
|
CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
|
|
kubectl config set-cluster microk8s \
|
|
--server="$KUBE_HOST" \
|
|
--certificate-authority="$CA_CERT"
|
|
|
|
kubectl config set-credentials runner --token="$SA_TOKEN"
|
|
|
|
kubectl config set-context runner-context \
|
|
--cluster=microk8s \
|
|
--user=runner
|
|
|
|
kubectl config use-context runner-context
|
|
|
|
- name: Decide environment
|
|
run: |
|
|
if [[ "$GITHUB_REF" == refs/heads/main || "$GITHUB_REF" == refs/tags/* || "$GITHUB_REF" == refs/heads/release/* ]]; then
|
|
echo "ENV=prod" >> $GITHUB_ENV
|
|
echo "NAMESPACE=default" >> $GITHUB_ENV
|
|
echo "RUNTIME_SECRET=postgres-prod" >> $GITHUB_ENV
|
|
echo "POSTGRES_HOST=postgres-prod.default.svc.cluster.local" >> $GITHUB_ENV
|
|
echo "POSTGRES_DB=stripe_invoice" >> $GITHUB_ENV
|
|
else
|
|
echo "ENV=dev" >> $GITHUB_ENV
|
|
echo "NAMESPACE=dev" >> $GITHUB_ENV
|
|
echo "RUNTIME_SECRET=postgres-dev" >> $GITHUB_ENV
|
|
echo "POSTGRES_HOST=postgres-dev.dev.svc.cluster.local" >> $GITHUB_ENV
|
|
echo "POSTGRES_DB=stripe_invoice" >> $GITHUB_ENV
|
|
fi
|
|
|
|
- name: Load DB creds from db/.env and apply secret
|
|
run: |
|
|
set -a
|
|
source db/.env
|
|
set +a
|
|
|
|
if [[ "$ENV" == "prod" ]]; then
|
|
USER="$PROD_POSTGRES_USER"
|
|
PASS="$PROD_POSTGRES_PASSWORD"
|
|
else
|
|
USER="$DEV_POSTGRES_USER"
|
|
PASS="$DEV_POSTGRES_PASSWORD"
|
|
fi
|
|
|
|
DATABASE_URL="postgres://${USER}:${PASS}@${POSTGRES_HOST}:5432/${POSTGRES_DB}?sslmode=disable"
|
|
|
|
kubectl create secret generic $RUNTIME_SECRET \
|
|
--namespace $NAMESPACE \
|
|
--from-literal=DATABASE_URL="$DATABASE_URL" \
|
|
--dry-run=client -o yaml | kubectl apply -f -
|
|
|
|
- name: Apply Next env/secrets
|
|
run: |
|
|
set -e
|
|
set -a
|
|
source stripe_to_invoice/deployment/secrets/.env
|
|
set +a
|
|
|
|
if [[ "$ENV" == "prod" ]]; then
|
|
STRIPE_SECRET_KEY="$PROD_STRIPE_SECRET_KEY"
|
|
STRIPE_CLIENT_ID="$PROD_STRIPE_CLIENT_ID"
|
|
APP_URL=$PROD_APP_URL
|
|
AWS_REGION=$PROD_AWS_REGION
|
|
AWS_ACCESS_KEY_ID=$PROD_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY=$PROD_AWS_SECRET_ACCESS_KEY
|
|
SES_FROM_EMAIL=$PROD_SES_FROM_EMAIL
|
|
else
|
|
STRIPE_SECRET_KEY="$DEV_STRIPE_SECRET_KEY"
|
|
STRIPE_CLIENT_ID="$DEV_STRIPE_CLIENT_ID"
|
|
APP_URL=$DEV_APP_URL
|
|
AWS_REGION=$DEV_AWS_REGION
|
|
AWS_ACCESS_KEY_ID=$DEV_AWS_ACCESS_KEY_ID
|
|
AWS_SECRET_ACCESS_KEY=$DEV_AWS_SECRET_ACCESS_KEY
|
|
SES_FROM_EMAIL=$DEV_SES_FROM_EMAIL
|
|
fi
|
|
: "${STRIPE_SECRET_KEY:?missing STRIPE_SECRET_KEY}"
|
|
: "${STRIPE_CLIENT_ID:?missing STRIPE_CLIENT_ID}"
|
|
: "${NAMESPACE:?missing NAMESPACE}"
|
|
: "${APP_URL:?missing APP_URL}"
|
|
: "${AWS_REGION:?missing AWS_REGION}"
|
|
: "${AWS_ACCESS_KEY_ID:?missing AWS_ACCESS_KEY_ID}"
|
|
: "${AWS_SECRET_ACCESS_KEY:?missing AWS_SECRET_ACCESS_KEY}"
|
|
: "${SES_FROM_EMAIL:?missing SES_FROM_EMAIL}"
|
|
|
|
export STRIPE_SECRET_KEY STRIPE_CLIENT_ID NAMESPACE APP_URL AWS_REGION AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY SES_FROM_EMAIL
|
|
|
|
envsubst < stripe_to_invoice/deployment/secrets/stripe-secrets.yaml \
|
|
| kubectl apply -f -
|
|
|
|
# --------------------------------------------------
|
|
# DEPLOY APP
|
|
# --------------------------------------------------
|
|
deploy:
|
|
runs-on: mealcraft-runners
|
|
needs:
|
|
- build
|
|
- secrets
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Install kubectl
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install -y curl ca-certificates gettext
|
|
curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
|
|
sudo install -m 0755 kubectl /usr/local/bin/kubectl
|
|
|
|
- name: Configure kubeconfig (in-cluster)
|
|
run: |
|
|
KUBE_HOST="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT"
|
|
SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
|
|
CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
|
|
NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
|
|
|
|
kubectl config set-cluster microk8s --server="$KUBE_HOST" --certificate-authority="$CA_CERT"
|
|
kubectl config set-credentials runner --token="$SA_TOKEN"
|
|
kubectl config set-context runner-context --cluster=microk8s --user=runner --namespace="$NAMESPACE"
|
|
kubectl config use-context runner-context
|
|
|
|
- name: Inject slug variables
|
|
uses: rlespinasse/github-slug-action@v4
|
|
|
|
- name: Decide environment
|
|
run: |
|
|
if [[ "$GITHUB_REF" == refs/heads/release/* || "$GITHUB_REF" == refs/tags/* ]]; then
|
|
echo "NAMESPACE=default" >> $GITHUB_ENV
|
|
echo "DB_ENV=prod" >> $GITHUB_ENV
|
|
echo "HOSTNAME=stripe-to-invoice.juntekim.com" >> $GITHUB_ENV
|
|
else
|
|
echo "NAMESPACE=dev" >> $GITHUB_ENV
|
|
echo "DB_ENV=dev" >> $GITHUB_ENV
|
|
echo "HOSTNAME=stripe-to-invoice.dev.juntekim.com" >> $GITHUB_ENV
|
|
fi
|
|
|
|
- name: Deploy application
|
|
run: |
|
|
export IMAGE="docker.io/kimjunte/stripe_to_invoice:$GITHUB_REF_SLUG"
|
|
export NAMESPACE DB_ENV HOSTNAME
|
|
envsubst < stripe_to_invoice/deployment/deployment.yaml | kubectl apply -f -
|