-
Notifications
You must be signed in to change notification settings - Fork 0
152 lines (144 loc) · 7.56 KB
/
develop-release-charts.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
name: Release Charts
on:
push:
branches:
- develop
repository_dispatch:
types:
- update-staging
env:
REGISTRY: ghcr.io
jobs:
release:
environment: develop
permissions:
contents: write
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
submodules: true
- name: Configure Git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
- name: Calculate new version
id: resolve_version
uses: mathieudutour/github-tag-action@v6.2
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
tag_prefix: 'noheva-'
- name: Set new version
id: version
run: |
echo NEW_VERSION=$(echo ${{ steps.resolve_version.outputs.new_tag }}|sed s/noheva-//) >> $GITHUB_ENV
- name: Update versions
run: |
sed -i 's/version: .*/version: ${{ env.NEW_VERSION }}/g' ./charts/noheva/Chart.yaml &&
sed -i 's/version: .*/version: ${{ env.NEW_VERSION }}/g' ./charts/noheva/charts/noheva-auth/Chart.yaml &&
sed -i 's/version: .*/version: ${{ env.NEW_VERSION }}/g' ./charts/noheva/charts/noheva-api/Chart.yaml &&
sed -i 's/version: .*/version: ${{ env.NEW_VERSION }}/g' ./charts/noheva/charts/noheva-management/Chart.yaml &&
git add ./charts/noheva/Chart.yaml ./charts/noheva/charts/noheva-auth/Chart.yaml ./charts/noheva/charts/noheva-api/Chart.yaml ./charts/noheva/charts/noheva-management/Chart.yaml
- name: Import Secrets
id: import-secrets
uses: hashicorp/vault-action@v2
with:
url: ${{ secrets.VAULT_ADDR }}
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
${{ secrets.VAULT_PATH }} AWS_ACCESS_KEY_ID | AWS_ACCESS_KEY_ID ;
${{ secrets.VAULT_PATH }} AWS_SECRET_ACCESS_KEY | AWS_SECRET_ACCESS_KEY ;
${{ secrets.VAULT_PATH }} AWS_REGION | AWS_REGION ;
${{ secrets.VAULT_PATH }} EKS_CLUSTER_NAME | EKS_CLUSTER_NAME ;
${{ secrets.VAULT_PATH }} K8S_CLUSTER_ISSUER | K8S_CLUSTER_ISSUER ;
${{ secrets.VAULT_PATH }} K8S_NAMESPACE | K8S_NAMESPACE ;
${{ secrets.VAULT_PATH }} K8S_TLS_SECRET_NAME | K8S_TLS_SECRET_NAME ;
${{ secrets.VAULT_PATH }} AUTH_HOSTNAME | AUTH_HOSTNAME ;
${{ secrets.VAULT_PATH }} API_HOSTNAME | API_HOSTNAME ;
${{ secrets.VAULT_PATH }} MANAGEMENT_HOSTNAME | MANAGEMENT_HOSTNAME ;
${{ secrets.VAULT_PATH }} HCV_PATH | HCV_PATH ;
${{ secrets.VAULT_PATH }} HCV_SERVER | HCV_SERVER ;
${{ secrets.VAULT_PATH }} HCV_SECRET_NAME | HCV_SECRET_NAME
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Resolve noheva auth docker image sha
id: noheva-auth-tag
run: |
docker pull ghcr.io/metatavu/noheva-keycloak:develop &&
echo NOHEVA_AUTH_IMAGE_SHA=$(docker inspect ghcr.io/metatavu/noheva-keycloak:develop|jq '.[].RepoDigests[0]'|sed s/\"//g|sed 's/[a-z\.\/\-]*@sha256://') >> $GITHUB_OUTPUT
- name: Update auth image version
run: |
sed -i 's/sha256: .*/sha256: ${{ steps.noheva-auth-tag.outputs.NOHEVA_AUTH_IMAGE_SHA }}/g' ./charts/noheva/charts/noheva-auth/values.yaml &&
git add ./charts/noheva/charts/noheva-auth/values.yaml
- name: Resolve noheva api docker image sha
id: noheva-api-tag
run: |
docker pull ghcr.io/metatavu/noheva-api:develop &&
echo NOHEVA_API_IMAGE_SHA=$(docker inspect ghcr.io/metatavu/noheva-api:develop|jq '.[].RepoDigests[0]'|sed s/\"//g|sed 's/[a-z\.\/\-]*@sha256://') >> $GITHUB_OUTPUT
- name: Update noheva api image version
run: |
sed -i 's/sha256: .*/sha256: ${{ steps.noheva-api-tag.outputs.NOHEVA_API_IMAGE_SHA }}/g' ./charts/noheva/charts/noheva-api/values.yaml &&
git add ./charts/noheva/charts/noheva-api/values.yaml
- name: Resolve noheva management docker image sha
id: noheva-management-tag
run: |
docker pull ghcr.io/metatavu/noheva-management:develop &&
echo NOHEVA_MANAGEMENT_IMAGE_SHA=$(docker inspect ghcr.io/metatavu/noheva-management:develop|jq '.[].RepoDigests[0]'|sed s/\"//g|sed 's/[a-z\.\/\-]*@sha256://') >> $GITHUB_OUTPUT
- name: Update noheva management image version
run: |
sed -i 's/sha256: .*/sha256: ${{ steps.noheva-management-tag.outputs.NOHEVA_MANAGEMENT_IMAGE_SHA }}/g' ./charts/noheva/charts/noheva-management/values.yaml &&
git add ./charts/noheva/charts/noheva-management/values.yaml
- name: Commit changes
run: |
git commit --allow-empty -m "Updated chart versions"
- name: Push version changes to develop
uses: ad-m/github-push-action@v0.6.0
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
branch: develop
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Update kube config
run: aws eks update-kubeconfig --name ${{ env.EKS_CLUSTER_NAME }} --region ${{ env.AWS_REGION }}
- name: Install Helm
uses: azure/setup-helm@v3
- name: Install Chart
uses: WyriHaximus/github-action-helm3@v3
with:
exec: |
echo "ingress:" > new-values.yaml &&
echo " annotations:" >> new-values.yaml &&
echo " cert-manager.io/cluster-issuer: ${{ env.K8S_CLUSTER_ISSUER }}" >> new-values.yaml &&
echo " ingress.kubernetes.io/force-ssl-redirect: \"true\"" >> new-values.yaml &&
echo " ingress.kubernetes.io/proxy-body-size: 150m" >> new-values.yaml &&
echo " kubernetes.io/ingress.class: nginx" >> new-values.yaml &&
echo " nginx.ingress.kubernetes.io/proxy-body-size: 150m" >> new-values.yaml &&
echo " nginx.org/client-max-body-size: 150m" >> new-values.yaml &&
echo " nginx.org/proxy-connect-timeout: 30s" >> new-values.yaml &&
echo " nginx.org/proxy-read-timeout: 30s" >> new-values.yaml &&
echo " nginx.ingress.kubernetes.io/proxy-buffer-size: 32k" >> new-values.yaml &&
echo " labels:" >> new-values.yaml &&
echo " use-cloudflare-solver: \"true\"" >> new-values.yaml &&
echo " tls:" >> new-values.yaml &&
echo " secretName: ${{ env.K8S_TLS_SECRET_NAME }}" >> new-values.yaml &&
echo "auth:" >> new-values.yaml &&
echo " hostname: ${{ env.AUTH_HOSTNAME }}" >> new-values.yaml &&
echo "api:" >> new-values.yaml &&
echo " hostname: ${{ env.API_HOSTNAME }}" >> new-values.yaml &&
echo "management:" >> new-values.yaml &&
echo " hostname: ${{ env.MANAGEMENT_HOSTNAME }}" >> new-values.yaml &&
echo "hcv:" >> new-values.yaml &&
echo " path: ${{ env.HCV_PATH }}" >> new-values.yaml &&
echo " server: ${{ env.HCV_SERVER }}" >> new-values.yaml &&
echo " secretName: ${{ env.HCV_SECRET_NAME }}" >> new-values.yaml &&
helm upgrade noheva ./charts/noheva --namespace ${{ env.K8S_NAMESPACE }} -f new-values.yaml