Skip to content

use database url from env #120

use database url from env

use database url from env #120

Workflow file for this run

name: CI/CD Pipeline
on:
push:
branches:
- "**"
tags:
- "v*.*.*"
pull_request:
branches:
- "main"
env:
APP_VERSION: ${{ github.ref_name }}
jobs:
lint-and-test:
name: Run linter and tests
runs-on: [self-hosted-linux]
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
cache: "npm"
- name: Install dependencies
run: npm install
- name: Linting
run: npm run lint
- name: Build application
run: npm run build
build-and-publish:
name: Create and push Docker image
needs: lint-and-test
if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')
runs-on: [self-hosted-linux]
outputs:
image_version: ${{ steps.meta.outputs.version }}
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver: docker
- name: Import secrets
id: import-secrets
uses: hashicorp/vault-action@v3
with:
url: ${{ secrets.VAULT_URL }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
kv/team/text/data/harbor * ;
kv/team/text/data/ammo-stage * ;
kv/team/text/data/ci-proxy *
- name: Log in to Harbor
uses: docker/login-action@v3
with:
registry: ${{ steps.import-secrets.outputs.HARBOR_URL }}
username: ${{ steps.import-secrets.outputs.HARBOR_USERNAME }}
password: ${{ steps.import-secrets.outputs.HARBOR_PASSWORD }}
- name: Set .env variables
run: |
touch .env.production
echo "NEXT_PUBLIC_IMAGE_API_PATH=${{ steps.import-secrets.outputs.IMAGE_API_PATH }}" >> .env.production
echo "NEXT_PUBLIC_KEYCLOAK_BASE_URL=${{ steps.import-secrets.outputs.KEYCLOAK_BASE_URL }}" >> .env.production
echo "NEXT_PUBLIC_KEYCLOAK_CLIENT_ID=${{ steps.import-secrets.outputs.KEYCLOAK_CLIENT_ID }}" >> .env.production
echo "NEXT_PUBLIC_KEYCLOAK_REALM=${{ steps.import-secrets.outputs.KEYCLOAK_REALM }}" >> .env.production
echo "AUTH_API_PATH=${{ steps.import-secrets.outputs.AUTH_API_PATH }}" >> .env.production
echo "CATALOG_API_PATH=${{ steps.import-secrets.outputs.CATALOG_API_PATH }}" >> .env.production
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ steps.import-secrets.outputs.HARBOR_URL }}/tekst/ammo
tags: |
type=semver,pattern={{version}}
type=ref,event=branch
type=ref,event=pr
- name: Build and push image
uses: docker/build-push-action@v5
with:
push: true
context: .
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
file: Dockerfile
build-args: |
HTTP_PROXY=${{ steps.import-secrets.outputs.HTTP_PROXY }}
HTTPS_PROXY=${{ steps.import-secrets.outputs.HTTPS_PROXY }}
deploy-to-stage:
name: Deploy stage environment
needs: build-and-publish
runs-on: [self-hosted-linux]
if: github.ref == 'refs/heads/main'
environment: stage
steps:
- name: Checkout the repository
uses: actions/checkout@v4
- name: Import secrets
id: import-secrets
uses: hashicorp/vault-action@v3
with:
url: ${{ secrets.VAULT_URL }}
method: approle
roleId: ${{ secrets.VAULT_ROLE_ID }}
secretId: ${{ secrets.VAULT_SECRET_ID }}
secrets: |
kv/team/text/data/k8s-text-stage * ;
kv/team/text/data/harbor *
- name: Set up kubectl
uses: azure/setup-kubectl@v4
with:
version: 'v1.26.5'
- name: Deploy to stage cluster
run: |
echo "Deploying to stage version ${{ env.APP_VERSION }}"
sed -i "s|<image>|${{ steps.import-secrets.outputs.HARBOR_URL }}/tekst/ammo:${{ needs.build-and-publish.outputs.image_version }}|g" k8s/stage/deployment.yml
sed -i "s/<host_url>/${{ steps.import-secrets.outputs.K8S_HOST_URL }}/g" k8s/stage/ingress.yml
kubectl config set-cluster stagecl --server=${{ steps.import-secrets.outputs.K8S_STAGE_SERVER }}
kubectl config set clusters.stagecl.certificate-authority-data ${{ steps.import-secrets.outputs.K8S_STAGE_NB_NO_CA }}
kubectl config set-credentials ${{ steps.import-secrets.outputs.K8S_STAGE_USER }} --token=${{ steps.import-secrets.outputs.K8S_STAGE_NB_NO_TOKEN }}
kubectl config set-context tekst --cluster=stagecl --user=${{ steps.import-secrets.outputs.K8S_STAGE_USER }} --namespace=tekst-stage
kubectl config use-context tekst
kubectl config view
kubectl version
kubectl apply -f k8s/stage
kubectl rollout restart deployment ammo-deployment