forked from phpdocker-io/phpdocker.io
-
Notifications
You must be signed in to change notification settings - Fork 0
103 lines (82 loc) · 3.15 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
name: Deploy application
on:
# Ensure we're run after tests
workflow_run:
workflows: [ "Test application" ]
branches: [ "master" ]
types:
- completed
# Allow workflow to be manually run from the GitHub UI
workflow_dispatch:
# Also, re-deploy once per week to ensure we refresh our versions
# of the app's runtime
schedule:
- cron: "0 0 * * 0"
env:
TEST_URL: https://phpdocker.io/
jobs:
deploy:
# We only deploy master
if: ${{ github.ref == 'refs/heads/master' }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Set up QEMU (required for arm build)
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
# We could build-and-push deploy, but it makes that step on the pipeline too
# complex to follow effectively. Instead, set BUILD_TAG here so that we can
# run build, push and deploy separately
- name: Set build tag
run: |
echo "BUILD_TAG=$(date +'%Y-%m-%d-%H-%M-%S')-$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- name: Build containers
run: make build-and-push -e BUILD_TAG=${BUILD_TAG}
- name: Run the Anchore container scan (php container)
uses: anchore/scan-action@main
with:
image: "phpdockerio/site-php:latest"
acs-report-enable: true
fail-build: false
- name: Upload Anchore Scan Report (php container)
uses: github/codeql-action/upload-sarif@v1
if: always()
continue-on-error: true
with:
sarif_file: results.sarif
- name: Set up wireguard tunnel configuration
run: |
sudo apt install wireguard resolvconf
echo '${{ secrets.WIRE_CONFIG }}' | sudo tee -a /etc/wireguard/tunnel.conf > /dev/null
- name: Open wireguard tunnel
run: sudo wg-quick up tunnel
- name: Export kubeconfig
run: |
mkdir -p ~/.kube/
echo '${{ secrets.KUBE_CONFIG }}' > ~/.kube/config
kubectl get pods --namespace=${{ secrets.KUBE_NS }}
- name: Deploy application
run: make deploy -e BUILD_TAG=${BUILD_TAG}
- name: Wait for deployment success
run: kubectl rollout status deployment ${{ secrets.KUBE_DEPLOYMENT }} --namespace=${{ secrets.KUBE_NS }}
- name: Check website is responding correctly, or rollback
run: |
set +e
curl --fail -sSL -D - ${{ env.TEST_URL }} -o /dev/null
if [[ "$?" != 0 ]]; then
echo "Website is not properly online, rolling back"
kubectl rollout undo deployment.v1.apps/${{ secrets.KUBE_DEPLOYMENT }} --namespace=${{ secrets.KUBE_NS }}
kubectl rollout status deployment ${{ secrets.KUBE_DEPLOYMENT }} --namespace=${{ secrets.KUBE_NS }}
exit 1
fi
set -e
- name: Disconnect from tunnel
if: always()
run: wg-quick down tunnel