feat: added python deploy

filipeforattini · Aug 2, 2022 · d49e0dd · d49e0dd
1 parent 5a2bbb4
commit d49e0dd
Showing 1 changed file with 151 additions and 2 deletions.
diff --git a/.github/workflows/svc.yml b/.github/workflows/svc.yml
@@ -536,11 +536,160 @@ jobs:
 
 
   #--------------------------------------------------#
-  #                      Deploy                      # 
+  #                      Deploy JS                   # 
   #--------------------------------------------------#
-  Deploy:
+  Deploy-Node:
     runs-on: ubuntu-latest
     environment: ${{needs.Setup.outputs.Environment}}
+    if: needs.Setup.outputs.Language == 'javascript'
+
+    needs:
+      - Setup
+      - Build-Node
+
+    steps:
+
+      # pre-job
+      - name: Setup | Cloning repository
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Setup | Cloning tools
+        uses: actions/checkout@v3
+        with:
+          ref: main
+          path: .pipeline
+          repository: filipeforattini/ff-iac-github-actions
+
+      - name: Setup | Dependencies
+        uses: filipeforattini/ff-iac-github-actions/.github/actions/setup-binaries@main
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          docker-qmeu: true
+          docker-buildx: true
+          kubectl: true
+          ytt: true
+          yq: true
+
+      - name: Pipeline config scrapper
+        id: analysis
+        uses: filipeforattini/ff-iac-github-actions/.github/actions/config-scrapper@main
+
+      - name: Config | Version
+        id: versioning
+        run: |
+          NEXT_VERSION=$(git for-each-ref --sort=authordate --format '%(refname)' refs/tags | tail -n 1 | sed -n -e 's/^.*refs\/tags\/v//p')
+          echo "next version = $NEXT_VERSION"
+          echo "::set-output name=version::$NEXT_VERSION"
+
+      - name: Config | Kubectl config file
+        env:
+          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
+        run: |
+          mkdir -p ~/.kube
+          echo "$KUBE_CONFIG" | base64 -d > ~/.kube/config
+
+      # dependencies
+      - name: Create k8s dependencies
+        uses: filipeforattini/ff-iac-github-actions/.github/actions/k8s-install-dependencies@main
+        with:
+          writeSummary: true
+          kubeConfig: ${{secrets.KUBE_CONFIG}}
+          cloneTools: false
+
+      # configs
+      - name: K8s create config-map
+        if: steps.deploy_setup.outputs.feature_has_configs == 'true'
+        run: |
+          kubectl create configmap -n ${{steps.analysis.outputs.deploy_namespace}} ${{steps.analysis.outputs.repository}} --from-env-file=${{steps.analysis.outputs.deploy_configs_file}} --dry-run=client --validate=false --output=yaml | kubectl apply -f -
+          kubectl create configmap -n ${{steps.analysis.outputs.deploy_namespace}} ${{steps.analysis.outputs.repository}}-${{steps.versioning.outputs.version}} --from-env-file=${{steps.analysis.outputs.deploy_configs_file}} --dry-run=client --validate=false --output=yaml | kubectl apply -f -
+          kubectl get configmap -n ${{steps.analysis.outputs.deploy_namespace}} ${{steps.analysis.outputs.repository}} -o jsonpath='{.data}' | jq -r 'keys[]' |  tr '\n' '~' | sed 's/~/,/g;s/,$//' > ./manifests/k8s-configs-keys.txt
+
+      # secrets
+      - name: Decrypt DEV secrets
+        if: steps.analysis.outputs.feature_has_secrets == 'true'
+        run: |
+          gpg \
+            --yes --batch --quiet --decrypt \
+            --passphrase="${{ secrets.GPG_PASSPHRASE }}" \
+            --output ./manifests/k8s-secrets.env \
+            ${{steps.analysis.outputs.deploy_secrets_file}}
+
+      - name: K8s create secrets
+        if: steps.analysis.outputs.feature_has_secrets == 'true'
+        run: |
+          kubectl create secret generic -n ${{steps.analysis.outputs.deploy_namespace}} ${{steps.analysis.outputs.repository}} --from-env-file=./manifests/k8s-secrets.env --dry-run=client --validate=false --output=yaml | kubectl apply -f -
+          kubectl create secret generic -n ${{steps.analysis.outputs.deploy_namespace}} ${{steps.analysis.outputs.repository}}-${{steps.versioning.outputs.version}} --from-env-file=./manifests/k8s-secrets.env --dry-run=client --validate=false --output=yaml | kubectl apply -f -
+          kubectl get secret -n ${{steps.analysis.outputs.deploy_namespace}} ${{steps.analysis.outputs.repository}} -o jsonpath='{.data}' | jq -r 'keys[]' |  tr '\n' '~' | sed 's/~/,/g;s/,$//' > ./manifests/k8s-secrets-keys.txt
+
+      # secrets for registry auth
+      - name: Config | Login to Container Registry
+        uses: docker/login-action@v2
+        with:
+          logout: false
+          registry: ${{ inputs.containerRegistry }}
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
+      - name: Config | Gives runner access to docker config file 
+        run: |
+          sudo chown $(whoami):docker /home/$(whoami)/.docker/config.json
+          cp /home/$(whoami)/.docker/config.json ./manifests/docker-config.json
+
+      - name: K8s create registry-token secret
+        run: kubectl create secret generic -n ${{steps.analysis.outputs.deploy_namespace}} registry-token --type=kubernetes.io/dockerconfigjson --from-file=.dockerconfigjson=./manifests/docker-config.json --dry-run=client --validate=false --output=yaml | kubectl apply -f -
+
+      # generate k8s manifests
+      - name: K8s generates final yml
+        run: |
+          CONFIGS_LIST=$(if test -f ./manifests/k8s-configs-keys.txt; then cat ./manifests/k8s-configs-keys.txt; else echo ''; fi)
+          SECRETS_LIST=$(if test -f ./manifests/k8s-secrets-keys.txt; then cat ./manifests/k8s-secrets-keys.txt; else echo ''; fi)
+          DEPENDENCIES_LIST=$(if test -f ./manifests/k8s-dependencies.yml; then (cat ./manifests/k8s-dependencies.yml | yq -P '.dependencies'); else echo '' ; fi)
+          ytt \
+            -f ./.pipeline/deploy/as-k8s/service.schema.yml \
+            -f ./.pipeline/deploy/as-k8s/service \
+            -f ./manifests/k8s.yml \
+            --data-value                                      ecosystem=${{steps.analysis.outputs.ecosystem}} \
+            --data-value                                   organization=${{steps.analysis.outputs.organization}} \
+            --data-value                                     repository=${{steps.analysis.outputs.repository}} \
+            --data-value                              containerRegistry=${{inputs.containerRegistry}} \
+            --data-value                                            tag=${{steps.analysis.outputs.deploy_tag}} \
+            --data-value-yaml               deployment.imagePullSecrets=true \
+            --data-value-yaml                            envFromSecrets="[$SECRETS_LIST]" \
+            --data-value-yaml                         envFromConfigMaps="[$CONFIGS_LIST]" \
+            --data-value-yaml                       envFromDependencies="[$DEPENDENCIES_LIST]" \
+            --data-value                       pipelineControl.datetime=${{steps.analysis.outputs.run_started_at}} \
+            --data-value-yaml  pipelineControl.environmentsAsNamespaces=${{inputs.environmentsAsNamespaces}} \
+              > ./manifests/k8s-to-apply.yml
+
+      - name: Docs | K8s summary
+        run: |
+          CONFIGS_LIST=$(if test -f ./manifests/k8s-configs-keys.txt; then cat ./manifests/k8s-configs-keys.txt; else echo ''; fi)
+          SECRETS_LIST=$(if test -f ./manifests/k8s-secrets-keys.txt; then cat ./manifests/k8s-secrets-keys.txt; else echo ''; fi)
+          DEPENDENCIES_LIST=$(if test -f ./manifests/k8s-dependencies.yml; then (cat ./manifests/k8s-dependencies.yml | yq -P '.dependencies'); else echo ''; fi)
+          echo -e "### k8s\n\n" >> $GITHUB_STEP_SUMMARY
+          echo -e "| param | value |" >> $GITHUB_STEP_SUMMARY
+          echo -e "| --- | :---: |" >> $GITHUB_STEP_SUMMARY
+          echo -e "| secrets | $SECRETS_LIST |" >> $GITHUB_STEP_SUMMARY
+          echo -e "| configs | $CONFIGS_LIST |" >> $GITHUB_STEP_SUMMARY
+          echo -e "| dependencies | $DEPENDENCIES_LIST |" >> $GITHUB_STEP_SUMMARY
+          echo -e "<details><summary>kubefile</summary>\n\n\`\`\`yml \n$(cat ./manifests/k8s-to-apply.yml)\n \`\`\`\n </details>\n\n" >> $GITHUB_STEP_SUMMARY
+
+      - name: K8s apply yml
+        run: |
+          kubectl apply -f ./manifests/k8s-to-apply.yml
+          kubectl get pods -n ${{steps.analysis.outputs.deploy_namespace}}
+
+
+  #--------------------------------------------------#
+  #                      Deploy PY                   # 
+  #--------------------------------------------------#
+  Deploy-Python:
+    runs-on: ubuntu-latest
+    environment: ${{needs.Setup.outputs.Environment}}
+    if: needs.Setup.outputs.Language == 'python'
 
     needs:
       - Setup