Skip to content

Deploy to Kubernetes (prod) #971

Deploy to Kubernetes (prod)

Deploy to Kubernetes (prod) #971

Workflow file for this run

# Copyright (c) 2024 Isaac Adams
# Licensed under the MIT License. See LICENSE file in the project root for full license information.
name: Deploy to Kubernetes (prod)
on:
workflow_run:
workflows: ["Build Image"]
types:
- completed
branches:
- main
jobs:
deploy-home-k3s:
permissions:
contents: 'read'
id-token: 'write'
packages: 'write'
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: main
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: 20
- name: Set up SSH
uses: webfactory/ssh-agent@v0.5.3
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- name: Install Cloudflared
run: |
sudo mkdir -p --mode=0755 /usr/share/keyrings
curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null
# Add this repo to your apt repositories
echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared jammy main' | sudo tee /etc/apt/sources.list.d/cloudflared.list
# install cloudflared
sudo apt-get update && sudo apt-get install cloudflared
- name: Authenticate with GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Tag and Push Image as Latest
run: |
docker pull ghcr.io/${{ github.repository }}/crank:${{ github.sha }}
docker tag ghcr.io/${{ github.repository }}/crank:${{ github.sha }} ghcr.io/${{ github.repository }}/crank:latest
docker push ghcr.io/${{ github.repository }}/crank:latest
- name: Deploy to Kubernetes
run: |
# Copy crank.yml to the remote system
scp -o ProxyCommand='cloudflared access ssh --hostname %h' -o StrictHostKeyChecking=no ./k8s/crank.yml ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }}:/tmp/crank.yml
scp -o ProxyCommand='cloudflared access ssh --hostname %h' -o StrictHostKeyChecking=no ./k8s/crank-configmap.yml ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }}:/tmp/crank-configmap.yml
# Apply the copied crank.yml
ssh -o ProxyCommand='cloudflared access ssh --hostname %h' -o StrictHostKeyChecking=no ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }} <<EOF
export GITHUB_SHA=${{ github.sha }}
envsubst < /tmp/crank.yml | k3s kubectl apply -f -
envsubst < /tmp/crank-configmap.yml | k3s kubectl apply -f -
EOF