From 4a79e02290ab1bf3f8a59f069bbe4ff5d76ccbf7 Mon Sep 17 00:00:00 2001 From: bhvishal Date: Wed, 21 Aug 2024 12:06:44 +0200 Subject: [PATCH] Update deployment workflow --- .github/workflows/deploy.yml | 46 ++------- .../workflows/helpers-build-docker-image.yaml | 93 +++++++++++++++++++ .github/workflows/helpers-deploy-argo.yaml | 55 +++++++++++ 3 files changed, 156 insertions(+), 38 deletions(-) create mode 100644 .github/workflows/helpers-build-docker-image.yaml create mode 100644 .github/workflows/helpers-deploy-argo.yaml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index af8c3f5..4f20977 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -1,42 +1,12 @@ name: deploy on: push: - branches: - - production - - main +# branches: +# - production +# - main jobs: - publish-docker-image: - runs-on: ubuntu-latest - steps: - - name: Check out repository code - uses: actions/checkout@v2 - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: eu-central-1 - - name: Publish the Docker image - run: | - docker build . --tag ghcr.io/kittl/vectorizing:${{ github.ref_name }} - docker push ghcr.io/kittl/vectorizing:${{ github.ref_name }} - - name: Deploy vectorizing in staging cluster - uses: kodermax/kubectl-aws-eks@main - env: - KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG }} - if: github.ref_name == 'main' - with: - args: rollout restart deployment/vectorizing --context staging - - name: Deploy vectorizing in production cluster - uses: kodermax/kubectl-aws-eks@main - env: - KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG }} - if: github.ref_name == 'production' - with: - args: rollout restart deployment/vectorizing --context production \ No newline at end of file + deploy-py-server-argo: + name: Deploy PY server Argo + uses: ./.github/workflows/helpers-deploy-argo.yaml + secrets: + GH_PAT: ${{ secrets.GH_PAT }} diff --git a/.github/workflows/helpers-build-docker-image.yaml b/.github/workflows/helpers-build-docker-image.yaml new file mode 100644 index 0000000..2152e5e --- /dev/null +++ b/.github/workflows/helpers-build-docker-image.yaml @@ -0,0 +1,93 @@ +# This callable workflow builds and publish a package docker image + +name: helpers-build-docker-image + +on: + workflow_call: + inputs: + aws-region: + default: eu-central-1 + description: The AWS region to use for ECR + required: false + type: string + aws-role-arn: + description: The AWS role to assume for ECR + required: true + type: string + docker_file_path: + description: > + "The path to the Dockerfile to use for building the image. For example: + `path/to/project/Dockerfile`" + type: string + required: true + extra-image-tags: + default: '' + description: Extra tags to use for the image (one per line) + required: false + type: string + platforms: + default: linux/amd64 + description: The platforms to build for + required: false + type: string + outputs: + image-tag: + description: The docker image tag + value: ${{ jobs.build.outputs.image-tag }} + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: read + id-token: write + packages: read + +jobs: + build: + name: Build docker image and push to ECR + runs-on: ubuntu-latest + outputs: + image-tag: ${{ steps.get-image-tag.outputs.image-tag }} + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ inputs.aws-region }} + role-to-assume: ${{ inputs.aws-role-arn }} + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + - name: Get image tag output + shell: bash + id: get-image-tag + run: echo "image-tag=sha-${GITHUB_SHA:0:7}" >> $GITHUB_OUTPUT + - name: Docker meta tags + id: meta + uses: docker/metadata-action@v5 + with: + flavor: | + latest=false + images: | + ${{ format('{0}/{1}', steps.login-ecr.outputs.registry, github.event.repository.name) }} + tags: | + type=semver,pattern={{version}} + type=sha + ${{ inputs.extra-image-tags }} + - name: Build and push + uses: docker/build-push-action@v6 + with: + cache-from: type=gha + cache-to: type=gha,mode=max + context: . + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + platforms: ${{ inputs.platforms }} + provenance: false + push: true + file: ${{ inputs.docker_file_path }} diff --git a/.github/workflows/helpers-deploy-argo.yaml b/.github/workflows/helpers-deploy-argo.yaml new file mode 100644 index 0000000..26d3194 --- /dev/null +++ b/.github/workflows/helpers-deploy-argo.yaml @@ -0,0 +1,55 @@ +# This callable workflow builds and publish a package docker image via the helpers-build-docker-image workflow, +# and then updates the image tag in the Helm chart values file in the development-application-config repo. + +name: helpers-deploy-argo + +on: + workflow_call: + secrets: + GH_PAT: + description: "The GitHub Personal Access Token to use for checking out the helm-config repository" + required: true + +permissions: + contents: write + id-token: write + packages: read + +jobs: + build-docker-image: + uses: ./.github/workflows/helpers-build-docker-image.yaml + name: Build Docker image + with: + aws-role-arn: ${{ github.ref == 'refs/heads/production' && vars.PRODUCTION_ECR_ROLE_ARN || vars.STAGING_ECR_ROLE_ARN }} + docker_file_path: Dockerfile + + update-helm-values: + name: Update Helm values + runs-on: ubuntu-latest + needs: build-docker-image + env: + ENVIRONMENT: ${{ github.ref == 'refs/heads/production' && 'production' || 'staging' }} + REPOSITORY: ${{ github.event.repository.name }} + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Checkout helm config Repository + uses: actions/checkout@v4 + with: + repository: Kittl/development-applications-config + ref: main + path: helm-config + token: ${{ secrets.GH_PAT }} + persist-credentials: false + - name: Update Image Version in the related HelmChart values.yaml + uses: fjogeleit/yaml-update-action@v0.14.0 + with: + valueFile: ${{ format('{0}/{1}/values.yaml', env.ENVIRONMENT, env.REPOSITORY) }} + propertyPath: 'deployment.image.tag' + value: ${{ needs.build-docker-image.outputs.image-tag }} + repository: Kittl/development-applications-config + branch: main + createPR: false + message: 'Update Image Version to ${{ needs.build-docker-image.outputs.image-tag }}' + token: ${{ secrets.GH_PAT }} + workDir: helm-config