Merge pull request #21 from wireapp/fix-logging-sensitive-data-v2 #27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Staging Deployment | |
on: | |
push: | |
branches: | |
- staging | |
env: | |
DOCKER_IMAGE: wire-bot/poll | |
SERVICE_NAME: polls | |
jobs: | |
publish: | |
name: Deploy to staging | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
# use latest tag as release version in the docker container | |
- name: Set Release Version | |
run: echo "RELEASE_VERSION=${GITHUB_SHA}" >> $GITHUB_ENV | |
# extract metadata for labels https://github.com/crazy-max/ghaction-docker-meta | |
- name: Docker meta | |
id: docker_meta | |
uses: crazy-max/ghaction-docker-meta@v1 | |
with: | |
images: eu.gcr.io/${{ env.DOCKER_IMAGE }} | |
# setup docker actions https://github.com/docker/build-push-action | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
# login to GCR repo | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
registry: eu.gcr.io | |
username: _json_key | |
password: ${{ secrets.GCR_ACCESS_JSON }} | |
- name: Build and push | |
id: docker_build | |
uses: docker/build-push-action@v2 | |
with: | |
tags: ${{ steps.docker_meta.outputs.tags }} | |
labels: ${{ steps.docker_meta.outputs.labels }} | |
push: true | |
build-args: | | |
release_version=${{ env.RELEASE_VERSION }} | |
# Setup gcloud CLI | |
- name: Set up Cloud SDK | |
uses: google-github-actions/setup-gcloud@v0 | |
with: | |
service_account_email: [email protected] | |
service_account_key: ${{ secrets.GKE_SA_KEY }} | |
project_id: wire-bot | |
export_default_credentials: true | |
# Configure Docker to use the gcloud command-line tool | |
- name: Configure Docker Google cloud | |
run: | | |
gcloud --quiet auth configure-docker | |
# Get the GKE credentials so we can deploy to the cluster | |
- name: Obtain k8s credentials | |
env: | |
GKE_CLUSTER: dagobah | |
GKE_ZONE: europe-west1-c | |
run: | | |
gcloud container clusters get-credentials "$GKE_CLUSTER" --zone "$GKE_ZONE" | |
# K8s is set up, deploy the app | |
- name: Deploy the Service | |
env: | |
SERVICE: ${{ env.SERVICE_NAME }} | |
run: | | |
kubectl delete pod -l app=$SERVICE -n staging | |
kubectl describe pod -l app=$SERVICE -n staging | |
# Send webhook to Wire using Slack Bot | |
- name: Webhook to Wire | |
uses: 8398a7/action-slack@v2 | |
with: | |
status: ${{ job.status }} | |
author_name: ${{ env.SERVICE_NAME }} staging pipeline | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.WEBHOOK_CI }} | |
# Send message only if previous step failed | |
if: always() | |