Merge pull request #137 from ministryofjustice/demo #185
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Dev - Continuous Deployment | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - 'main' | |
| env: | |
| KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE_DEV }} | |
| jobs: | |
| main: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }} | |
| aws-region: ${{ vars.ECR_REGION }} | |
| - uses: aws-actions/amazon-ecr-login@v1 | |
| id: login-ecr | |
| - name: Build | |
| env: | |
| REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build \ | |
| --label build.git.sha=${{ github.sha }} \ | |
| --label build.git.branch=${{ github.ref }} \ | |
| -f ChapsDotNET/Dockerfile \ | |
| -t $REGISTRY/$REPOSITORY:$IMAGE_TAG -t $REGISTRY/$REPOSITORY:dev-chaps.latest . | |
| docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
| deploy-dev: | |
| runs-on: ubuntu-latest | |
| needs: main | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE_DEV }} | |
| AWS_REGION: ${{ vars.ECR_REGION }} | |
| REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }} | |
| aws-region: ${{ vars.ECR_REGION }} | |
| - name: login to ECR_URL | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| id: login-ecr | |
| - name: Set registry URL | |
| run: | | |
| echo "REGISTRY=${{ steps.login-ecr.outputs.registry }}" >> $GITHUB_ENV | |
| - name: Debug Image Tag | |
| run: | | |
| IMAGE_TAG=${{ github.sha }} | |
| echo "Debug: IMAGE_TAG = $IMAGE_TAG" | |
| - name: Update image tag | |
| run: | | |
| export IMAGE_TAG=${{ github.sha }} | |
| REGISTRY=${{ steps.login-ecr.outputs.registry }} | |
| sed -i "s|${{ vars.ECR_REPOSITORY }}:.*$|${REGISTRY}${{ vars.ECR_REPOSITORY }}:${IMAGE_TAG}|g" kubectl_deploy/deployment.tpl | |
| echo "Updated image reference: ${REGISTRY}/${{ vars.ECR_REPOSITORY }}:${IMAGE_TAG}" | |
| # Generate the YAML deployment file | |
| cat kubectl_deploy/deployment.tpl | envsubst > kubectl_deploy/deployment.yaml | |
| - name: Authenticate to the cluster | |
| env: | |
| KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER_DEV }} | |
| run: | | |
| echo "${{ secrets.KUBE_CERT_DEV }}" > ca.crt | |
| kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER} | |
| kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN_DEV }} | |
| kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${{ secrets.KUBE_NAMESPACE_DEV}} | |
| kubectl config use-context ${KUBE_CLUSTER} | |
| - name: Apply the updated manifest | |
| run: | | |
| kubectl -n ${KUBE_NAMESPACE} apply -f kubectl_deploy | |
| deploy-staging: | |
| runs-on: ubuntu-latest | |
| needs: deploy-dev | |
| environment: staging | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE_STAGING }} | |
| AWS_REGION: ${{ vars.ECR_REGION }} | |
| REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: configure AWS set-credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }} | |
| aws-region: ${{ vars.ECR_REGION }} | |
| - name: login to ECR_URL | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| id: login-ecr | |
| - name: Set registry URL | |
| run: | | |
| echo "REGISTRY=${{ steps.login-ecr.outputs.registry }}" >> $GITHUB_ENV | |
| - name: Update image tag | |
| run: export IMAGE_TAG=${{ github.sha }} && cat kubectl_staging/deployment.tpl | envsubst > kubectl_staging/deployment.yaml | |
| - name: Authenticate to the cluster | |
| env: | |
| KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER_STAGING }} | |
| run: | | |
| echo "${{ secrets.KUBE_CERT_STAGING }}" > ca.crt | |
| kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER} | |
| kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN_STAGING }} | |
| kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${{ secrets.KUBE_NAMESPACE_STAGING }} | |
| kubectl config use-context ${KUBE_CLUSTER} | |
| - name: Debug print deployment.yaml | |
| run: cat kubectl_staging/deployment.yaml | |
| - name: Apply the updated manifest | |
| run: | | |
| kubectl -n ${KUBE_NAMESPACE} apply -f kubectl_staging | |
| deploy-production: | |
| runs-on: ubuntu-latest | |
| needs: deploy-staging | |
| environment: production | |
| permissions: | |
| id-token: write | |
| contents: read | |
| env: | |
| KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE_PRODUCTION }} | |
| AWS_REGION: ${{ vars.ECR_REGION }} | |
| REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: configure AWS set-credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: login to ECR_URL | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| id: login-ecr | |
| - name: Set registry URL | |
| run: | | |
| echo "REGISTRY=${{ steps.login-ecr.outputs.registry }}" >> $GITHUB_ENV | |
| - name: Update image tag | |
| run: export IMAGE_TAG=${{ github.sha }} && cat kubectl_production/deployment.tpl | envsubst > kubectl_production/deployment.yaml | |
| - name: Authenticate to the cluster | |
| env: | |
| KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER_PRODUCTION }} | |
| run: | | |
| echo "${{ secrets.KUBE_CERT_PRODUCTION }}" > ca.crt | |
| kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER} | |
| kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN_PRODUCTION }} | |
| kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${{ secrets.KUBE_NAMESPACE_PRODUCTION }} | |
| kubectl config use-context ${KUBE_CLUSTER} | |
| - name: Apply the updated manifest | |
| run: | | |
| kubectl -n ${KUBE_NAMESPACE} apply -f kubectl_production |