Deploy #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| workflow_dispatch: | |
| jobs: | |
| deploy: | |
| name: Deploy to Google Kubernetes Engine | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: 'Get Previous tag' | |
| id: previoustag | |
| uses: "WyriHaximus/github-action-get-previous-tag@v1" | |
| with: | |
| fallback: 1.0.8 | |
| - id: 'auth' | |
| uses: 'google-github-actions/auth@v2' | |
| with: | |
| workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ secrets.SERVICE_ACCOUNT }} | |
| - name: 'Set up Cloud SDK' | |
| uses: 'google-github-actions/setup-gcloud@v2' | |
| with: | |
| version: '>= 363.0.0' | |
| - name: 'Use gcloud CLI' | |
| run: 'gcloud info' | |
| - name: Setup Terraform CLI | |
| uses: hashicorp/setup-terraform@v2.0.2 | |
| - name: Terraform init | |
| id: init | |
| run: terraform init | |
| working-directory: ./.terraform | |
| - name: Terraform plan | |
| id: plan | |
| run: terraform plan -no-color -var "project=${{vars.PROJECT_ID}}" | |
| continue-on-error: true | |
| working-directory: ./.terraform | |
| - uses: actions/github-script@v6 | |
| env: | |
| PLAN: "terraform\n${{ steps.plan.outputs.stdout }}" | |
| with: | |
| script: | | |
| const output = `#### Terraform Format and Style \`${{ steps.fmt.outcome }}\` | |
| #### Terraform Initialization \`${{ steps.init.outcome }}\` | |
| #### Terraform Validation \`${{ steps.validate.outcome }}\` | |
| #### Terraform Plan \`${{ steps.plan.outcome }}\` | |
| <details><summary>Show Plan</summary> | |
| \`\`\`\n | |
| ${process.env.PLAN} | |
| \`\`\` | |
| </details> | |
| *Created by: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`; | |
| - name: Terraform Plan Status | |
| if: steps.plan.outcome == 'failure' | |
| run: exit 1 | |
| - name: Terraform Apply | |
| if: github.ref == 'refs/heads/master' | |
| run: | | |
| terraform apply -auto-approve -var "project=${{vars.PROJECT_ID}}" | |
| continue-on-error: true # existing cluster with same resources, other errors are caught in later steps | |
| working-directory: ./.terraform | |
| - name: Install kubectl | |
| run: sudo snap install kubectl --classic | |
| - name: Install helm | |
| run: sudo snap install helm --classic | |
| - name: Configure kubectl | |
| run: | | |
| gcloud components install gke-gcloud-auth-plugin --quiet | |
| gcloud container clusters get-credentials ruettel-report --region europe-west6 | |
| - name: Deploy App | |
| run: | | |
| helm repo add spark-operator https://googlecloudplatform.github.io/spark-on-k8s-operator | |
| helm repo add kong https://charts.konghq.com | |
| helm repo add prometheus-community https://prometheus-community.github.io/helm-charts | |
| helm repo add fusionauth https://fusionauth.github.io/charts | |
| helm repo add bitnami https://charts.bitnami.com/bitnami | |
| helm upgrade --install spark spark-operator/spark-operator --namespace spark-operator --create-namespace -f spark-operator-values.yaml | |
| helm upgrade --install mongodb bitnami/mongodb -f mongodb-values.yaml --set auth.usernames={${{secrets.MONGODB_USER}}} --set auth.passwords={${{secrets.MONGODB_PW}}} --set auth.rootPassword=${{secrets.MONGODB_ROOT_PW}} -n shared --create-namespace | |
| helm upgrade --install kong kong/ingress -n kong --create-namespace | |
| helm upgrade --install promstack prometheus-community/kube-prometheus-stack --namespace monitoring --create-namespace --version 52.1.0 -f values-monitoring.yaml | |
| helm upgrade kong kong/ingress -n kong --set gateway.serviceMonitor.enabled=true --set gateway.serviceMonitor.labels.release=promstack | |
| kubectl apply -f kong-prometheus-plugin.yaml | |
| helm upgrade --install ruettel-chart ./ruettel-chart \ | |
| --set image.tag=${{ steps.previoustag.outputs.tag }} \ | |
| --set analysis.mongoConnectionUri="${{secrets.MONGODB_CONNECTION_URI}}" \ | |
| --set nuxt.mongoConnectionUri="${{secrets.MONGODB_CONNECTION_URI}}" \ | |
| --set nuxt.fusionAuthApiKey="${{secrets.FUSIONAUTH_API_KEY}}" \ | |
| --set nuxt.access_token_signing_key_id_free="${{secrets.ACCESS_TOKEN_SIGNING_KEY_ID_FREE}}" \ | |
| --set nuxt.access_token_signing_key_id_premium="${{secrets.ACCESS_TOKEN_SIGNING_KEY_ID_PREMIUM}}" \ | |
| --set kong.premiumConsumerSecret="${{secrets.KONG_PREMIUM_CONSUMER_SECRET}}" \ | |
| --set kong.freeConsumerSecret="${{secrets.KONG_FREE_CONSUMER_SECRET}}" | |
| helm upgrade --install my-fusion fusionauth/fusionauth -f fa-values.yaml \ | |
| --set database.host="${{vars.GCLOUD_POSTGRES_HOST}}" \ | |
| --set database.root.user="${{secrets.GCLOUD_POSTGRES_USER}}" \ | |
| --set database.root.password="${{secrets.GCLOUD_POSTGRES_PW}}" | |
| working-directory: ./.helm |