CI

tact-lang · Nov 2, 2024 · 24b5b71 · 24b5b71
1 parent 170ff2a
commit 24b5b71
Show file tree

Hide file tree

Showing 8 changed files with 89 additions and 77 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
diff --git a/.github/workflows/rollback.yml b/.github/workflows/rollback.yml
@@ -0,0 +1,63 @@
+name: Rollback Kubernetes Deployment
+
+on:
+  workflow_dispatch:
+    inputs:
+      app_env:
+        description: "Select the environment"
+        required: true
+        default: production
+        type: choice
+        options:
+          - production
+          - staging
+      revision:
+        description: "Choose the Helm revision to rollback to"
+        required: false
+
+jobs:
+  rollback:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Apply AWS k8s config
+        run: aws eks update-kubeconfig --name ${{ vars.AWS_CLUSTER }} --region ${{ vars.AWS_REGION }}
+
+      - name: Fetch Helm history
+        run: |
+          helm history ${{ vars.APP_NAME }} --namespace ${{ vars.APP_NAME }}-${{ github.event.inputs.app_env }}
+
+      - name: Get revision number
+        if: github.event.inputs.revision == ''
+        run: |
+          echo "No revision provided. Exiting."
+          exit 1
+
+      - name: Perform Helm rollback
+        run: |
+          helm rollback ${{ vars.APP_NAME }} ${{ github.event.inputs.revision }} --namespace ${{ vars.APP_NAME }}-${{ github.event.inputs.app_env }} ${{ github.event.inputs.revision }}
+
+      - name: Verify rollback
+        run: |
+          kubectl -n ${{ vars.APP_NAME }}-${{ github.event.inputs.app_env }} rollout status deployment/${{ vars.APP_NAME }}-${{ github.event.inputs.app_env }}
+
+      - name: Show Helm history
+        run: |
+          helm history ${{ vars.APP_NAME }} --namespace ${{ vars.APP_NAME }}-${{ github.event.inputs.app_env }}
+
+      - name: Telegram Notify
+        uses: appleboy/telegram-action@v1.0.0
+        with:
+          to: ${{ secrets.TELEGRAM_DEPLOY_CHAT_ID }}
+          token: ${{ secrets.TELEGRAM_DEPLOY_TOKEN }}
+          format: markdown
+          message: |
+            🔄 The deployment {{ app_env }} has been rolled back by [${{ github.actor }}](https://github.com/${{ github.actor }}) to revision ${{ github.event.inputs.revision }}.
+            🏗️ [GitHub Actions Run](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
diff --git a/helm/app/templates/deployment.yaml b/helm/app/templates/deployment.yaml
@@ -26,6 +26,8 @@ spec:
           labelSelector:
             matchLabels:
               app: {{ .Values.appName }}-{{ .Values.deployEnv }}
+          matchLabelKeys:
+            - pod-template-hash
       containers:
         - name: {{ .Values.appName }}-{{ .Values.deployEnv}}
           image: "{{  .Values.imageRepo }}:{{ .Values.imageTag }}"

diff --git a/helm/app/templates/ingress.yaml b/helm/app/templates/ingress.yaml
@@ -10,10 +10,13 @@ metadata:
     nginx.ingress.kubernetes.io/proxy-connect-timeout: "10s"
     nginx.ingress.kubernetes.io/proxy-read-timeout: "15s"
     nginx.ingress.kubernetes.io/proxy-send-timeout: "15s"
+    nginx.ingress.kubernetes.io/from-to-www-redirect: "true"
     nginx.ingress.kubernetes.io/proxy-next-upstream: "error timeout http_502 http_503 http_504"
     nginx.ingress.kubernetes.io/proxy-next-upstream-tries: "3"
+    cert-manager.io/cluster-issuer: {{ .Values.tlsIssuer }}
     {{- if eq .Values.deployEnv "canary" }}
     nginx.ingress.kubernetes.io/canary: "true"
+    nginx.ingress.kubernetes.io/canary-by-cookie: {{ .Values.canaryCookie | quote }}
     nginx.ingress.kubernetes.io/canary-weight: {{ .Values.canaryWeight | quote }}
     {{- end }}
     nginx.ingress.kubernetes.io/server-snippet: |
@@ -40,4 +43,4 @@ spec:
                 name: {{ .Values.appName }}-{{ .Values.deployEnv }}
                 port:
                   name: http
-{{- end }}
+{{- end }}
diff --git a/helm/app/values-canary.yaml b/helm/app/values-canary.yaml
@@ -0,0 +1,10 @@
+deployEnv: canary
+replicaCount: 2
+imageTag: "canary"
+canaryWeight: 10
+
+minReplicas: 1
+maxReplicas: 1
+
+memoryLimit: 120Mi
+memoryRequest: 100Mi
diff --git a/helm/app/values-production.yaml b/helm/app/values-production.yaml
@@ -1,9 +1,9 @@
 deployEnv: production
-defaultReplicaCount: 6
+defaultReplicaCount: 2
 imageTag: "production"
 
-minReplicas: 1
-maxReplicas: 1
+minReplicas: 2
+maxReplicas: 4
 
 memoryLimit: 120Mi
 memoryRequest: 100Mi
diff --git a/helm/app/values-staging.yaml b/helm/app/values-staging.yaml
@@ -1,5 +1,5 @@
 deployEnv: staging
-defaultReplicaCount: 6
+replicaCount: 1
 imageTag: "staging"
 
 minReplicas: 1

diff --git a/helm/app/values.yaml b/helm/app/values.yaml
@@ -25,6 +25,12 @@ ghcrSecret: ""
 tlsCert: ""
 tlsKey: ""
 
+canaryCookie: "canary_tPIzU7rz5ecBWK2gFOs72o5s2qr0kz"
+
+# do not change
+tlsIssuer: "letsencrypt"
+certIssuingMode: false
+
 # http
 publicService: true
 sslRedirect: false