Deploy to Kubernetes (prod) #975
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (c) 2024 Isaac Adams | |
# Licensed under the MIT License. See LICENSE file in the project root for full license information. | |
name: Deploy to Kubernetes (prod) | |
on: | |
workflow_run: | |
workflows: ["Build Image"] | |
types: | |
- completed | |
branches: | |
- main | |
jobs: | |
deploy-home-k3s: | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
packages: 'write' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
ref: main | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
- name: Set up SSH | |
uses: webfactory/ssh-agent@v0.5.3 | |
with: | |
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} | |
- name: Install Cloudflared | |
run: | | |
sudo mkdir -p --mode=0755 /usr/share/keyrings | |
curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null | |
# Add this repo to your apt repositories | |
echo 'deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared jammy main' | sudo tee /etc/apt/sources.list.d/cloudflared.list | |
# install cloudflared | |
sudo apt-get update && sudo apt-get install cloudflared | |
- name: Authenticate with GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Tag and Push Image as Latest | |
run: | | |
docker pull ghcr.io/${{ github.repository }}/crank:${{ github.sha }} | |
docker tag ghcr.io/${{ github.repository }}/crank:${{ github.sha }} ghcr.io/${{ github.repository }}/crank:latest | |
docker push ghcr.io/${{ github.repository }}/crank:latest | |
- name: Deploy to Kubernetes | |
run: | | |
# Copy crank.yml to the remote system | |
scp -o ProxyCommand='cloudflared access ssh --hostname %h' -o StrictHostKeyChecking=no ./k8s/crank.yml ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }}:/tmp/crank.yml | |
scp -o ProxyCommand='cloudflared access ssh --hostname %h' -o StrictHostKeyChecking=no ./k8s/crank-configmap.yml ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }}:/tmp/crank-configmap.yml | |
# Apply the copied crank.yml | |
ssh -o ProxyCommand='cloudflared access ssh --hostname %h' -o StrictHostKeyChecking=no ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }} <<EOF | |
export GITHUB_SHA=${{ github.sha }} | |
envsubst < /tmp/crank.yml | k3s kubectl apply -f - | |
envsubst < /tmp/crank-configmap.yml | k3s kubectl apply -f - | |
EOF |