-
Notifications
You must be signed in to change notification settings - Fork 0
206 lines (182 loc) · 9.21 KB
/
cicd-deploy-hono-api-dev.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
name: Manually deploy hono api to hono-api-dev env/namespace on microk8s
on: workflow_dispatch # run manually
jobs:
check-changes:
runs-on: ubuntu-latest
outputs:
source_changes: ${{ steps.set_changes.outputs.source_changes }}
deployment_changes: ${{ steps.set_changes.outputs.deployment_changes }}
steps:
- name: Determine if this is a PR or a push to main
id: determine_context
run: |
echo "event name: ${{ github.event_name }}"
echo "git ref: ${{ github.ref }}"
if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
if [[ "${{ github.ref }}" == "refs/heads/main" || "${{ github.ref }}" == "refs/heads/master" ]]; then
echo "context=main" >> $GITHUB_ENV
else
echo "context=pr" >> $GITHUB_ENV
fi
fi
# Conditionally checkout the code based on the context (PR or main branch)
- name: Checkout code for PR
if: env.context == 'pr'
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }} # Checkout the exact commit from the PR branch
fetch-depth: 3 # Fetch enough commit history to get the previous commits
- name: Checkout code for main branch
if: env.context == 'main'
uses: actions/checkout@v4
with:
fetch-depth: 3 # Fetch enough commit history to get the previous commits
- name: show git log
run: git log -5 --oneline
- name: Get the correct commits to compare
id: get_commits
run: |
# This is a push to main, compare HEAD (latest) and HEAD~1 (previous)
LATEST_COMMIT=$(git rev-parse HEAD)
PREV_COMMIT=$(git rev-parse HEAD~1)
echo "LATEST_COMMIT=$LATEST_COMMIT" >> $GITHUB_ENV
echo "PREV_COMMIT=$PREV_COMMIT" >> $GITHUB_ENV
# TODO: DEBUG
echo "sha head $(git rev-parse HEAD)"
echo "sha head^ $(git rev-parse HEAD^)"
echo "sha head~0 $(git rev-parse HEAD~0)"
echo "sha head~1 $(git rev-parse HEAD~1)"
echo 'pull request head sha: ${{ github.event.pull_request.head.sha }}'
- name: Check for changes in deployment or source code
run: |
# Debugging: Print the commits being compared
echo "Latest Commit: ${{ env.LATEST_COMMIT }}"
echo "Commit Before Latest: ${{ env.PREV_COMMIT }}"
- name: Check for changes in deployment or source code
id: set_changes
run: |
# Check if files in the deployment directory have changed
if git diff --name-only ${{ env.PREV_COMMIT }} ${{ env.LATEST_COMMIT }} | grep '^k8s-hono-api/'; then
echo "deployment_changes=true"
echo "deployment_changes=true" >> $GITHUB_OUTPUT
else
echo "deployment_changes=false"
echo "deployment_changes=false" >> $GITHUB_OUTPUT
fi
# Check if source code files have changed (apps/api, Dockerfile.api)
if git diff --name-only ${{ env.PREV_COMMIT }} ${{ env.LATEST_COMMIT }} | grep -E '^(apps/api/|Dockerfile.api)'; then
echo "source_changes=true"
echo "source_changes=true" >> $GITHUB_OUTPUT
else
echo "source_changes=false"
echo "source_changes=false" >> $GITHUB_OUTPUT
fi
deploy-dev:
needs: check-changes
name: Deploy to hono api dev
environment:
name: hono-api-dev
runs-on: ubuntu-latest
if: needs.check-changes.outputs.deployment_changes =='true' || needs.check-changes.outputs.source_changes =='true'
steps:
- name: Kubectl tool installer
uses: Azure/setup-kubectl@v3
- name: Setup kubectl
env:
MICROK8S_CONFIG: ${{ secrets.MICROK8S_CONFIG }}
run: |
mkdir -p $HOME/.kube
echo "${MICROK8S_CONFIG}" | base64 --decode > $HOME/.kube/config
- name: Check kubectl get node
run: kubectl get nodes -o wide
- name: Check out code
uses: actions/checkout@v4
- name: Install jq
run: sudo apt-get update && sudo apt-get install -y jq
- name: Check for changes in deployment or source code
run: |
echo "deployment changes needs: ${{ needs.check-changes.outputs.deployment_changes }}"
echo "source changes needs: ${{ needs.check-changes.outputs.source_changes }}"
- name: deploy secrets hono-api-dev env
env:
REGISTRY: ghcr.io
run: |
# Check if the namespace 'hono-api-dev' is already created, if not, create it.
NAMESPACE=$(kubectl get namespaces -o jsonpath="{.items[?(@.metadata.name=='hono-api-dev')].metadata.name}")
if [ -z "$NAMESPACE" ]; then
echo "Namespace $NAMESPACE does not exist. Creating namespace..."
kubectl apply -f k8s-hono-api/hono-api-dev/namespace.yaml
else
echo "Namespace $NAMESPACE already exists. Skipping creation."
fi
function manage_kube_secret {
local secret_name=$1
local secret_key=$2
local secret_value=$3
local secret_type=${4:-generic}
if [ "$secret_name" == "regcred" ]; then
# Special handling for Github container registry secret
if ! kubectl -n hono-api-dev get secret "$secret_name"; then
echo "Creating Github container registry secret $secret_name..."
kubectl -n hono-api-dev create secret "$secret_type" "$secret_name" \
--docker-username=${{ github.actor }} \
--docker-password="$secret_value" \
--docker-server=${{ env.REGISTRY }}
else
echo "Checking if Github container registry secret $secret_name needs to be updated..."
existing_pass=$(kubectl -n hono-api-dev get secret "$secret_name" --template='{{index .data ".dockerconfigjson" | base64decode}}' | jq -r '.auths["ghcr.io"].password')
if [[ "$existing_pass" != "$secret_value" ]]; then
echo "Updating Github registry secret $secret_name..."
kubectl -n hono-api-dev delete secret "$secret_name"
kubectl -n hono-api-dev create secret "$secret_type" "$secret_name" \
--docker-username=${{ github.actor }} \
--docker-password="$secret_value" \
--docker-server=${{ env.REGISTRY }}
else
echo "Github container registry secret $secret_name is up-to-date, no action required."
fi
fi
else
# General handling for other secrets using passed parameters
if ! kubectl -n hono-api-dev get secret "$secret_name"; then
echo "Creating secret $secret_name..."
kubectl -n hono-api-dev create secret "$secret_type" "$secret_name" --from-literal="$secret_key"="$secret_value"
else
echo "Checking if secret $secret_name needs to be updated..."
existing_value=$(kubectl -n hono-api-dev get secret "$secret_name" --template="{{index .data \"$secret_key\" | base64decode}}")
if [[ "$existing_value" != "$secret_value" ]]; then
echo "Updating secret $secret_name..."
kubectl -n hono-api-dev delete secret "$secret_name"
kubectl -n hono-api-dev create secret "$secret_type" "$secret_name" --from-literal="$secret_key"="$secret_value"
else
echo "Secret $secret_name is up-to-date, no action required."
fi
fi
fi
}
# Handle secrets using the generic function
manage_kube_secret "regcred" ".dockerconfigjson" "${{ secrets.GHCR_PAT }}" "docker-registry"
manage_kube_secret "esapikeycred" "esApiKey" "${{ secrets.ES_APIKEY }}"
manage_kube_secret "esobserveapikeycred" "esObserveApiKey" "${{ secrets.OBSERVE_ES_APIKEY }}"
manage_kube_secret "apieswritetokencred" "apiEsWriteToken" "${{ secrets.API_ES_WRITE_TOKEN }}"
- name: deploy hono-api-dev env if develoyment configuration changes
if: needs.check-changes.outputs.deployment_changes =='true'
run: |
# Deloy/update application
DEPLOYMENT_NAME="hono-api"
NAMESPACE="hono-api-dev"
echo "Applying deployment $DEPLOYMENT_NAME for namespace $NAMESPACE ..."
kubectl apply -k k8s-hono-api/$NAMESPACE -n "$NAMESPACE"
# Always refresh deployment if source code changed
- name: Force Kubernetes to pull latest image if source code changed
if: needs.check-changes.outputs.source_changes =='true'
run: |
DEPLOYMENT_NAME="hono-api"
NAMESPACE="hono-api-dev"
echo "Forcing Kubernetes to pull the latest image..."
kubectl patch deployment "$DEPLOYMENT_NAME" -n "$NAMESPACE" \
-p "{\"spec\":{\"template\":{\"metadata\":{\"annotations\":{\"kubectl.kubernetes.io/restartedAt\":\"$(date +%s)\"}}}}}"
- name: Wait For Deployment To Start
run: sleep 10s
- name: Wait For Pods To Start
run: kubectl wait --for=condition=ready pod -l app=hono-api -n hono-api-dev --timeout=10m