-
Notifications
You must be signed in to change notification settings - Fork 0
132 lines (107 loc) · 3.52 KB
/
deploy.yml
File metadata and controls
132 lines (107 loc) · 3.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Build and deploy
on:
push:
branches:
- dev
- main
tags:
- 'v*'
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
if: |
!contains(github.event.head_commit.message, 'skip build')
permissions: write-all
runs-on: ubicloud-standard-16
steps:
- name: Checkout your repository using git
uses: actions/checkout@v4
- name: Setup PNPM
uses: pnpm/action-setup@v4
with:
version: latest
package_json_file: ./package.json
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version: 20
cache: "pnpm"
- name: Install
run: pnpm install
- name: Build
run: pnpm run build
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Docker Login
uses: docker/login-action@v3.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Prepare build
run: |
echo "SANITIZED_REF=$(echo "${GITHUB_REF##*/}" | tr '/' '-' | tr -d '.')" >> $GITHUB_ENV
- id: commit
uses: prompt/actions-commit-hash@v3
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
push: true
file: Dockerfile
tags: |
ghcr.io/renlabs-dev/torus-docs:${{ steps.commit.outputs.short }}
ghcr.io/renlabs-dev/torus-docs:${{ env.SANITIZED_REF }}
clean-stale:
runs-on: ubicloud-standard-2
container:
image: ghcr.io/renlabs-dev/devops-ci:latest
env:
VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
VAULT_ROLE_ID: ${{ secrets.VAULT_ROLE_ID }}
VAULT_SECRET_ID: ${{ secrets.VAULT_SECRET_ID }}
steps:
- name: Setup Kubernetes authentication
run: /apps/k8s_auth_w_approle_sa.sh
- name: Clean stale releases
run: |
/apps/clean_stale_releases.sh torus-docs
deploy:
needs: [build, clean-stale]
runs-on: ubicloud-standard-2
environment: ${{ github.ref_name }}
container:
image: ghcr.io/renlabs-dev/devops-ci:latest
env:
VAULT_ADDR: ${{ secrets.VAULT_ADDR }}
VAULT_ROLE_ID: ${{ secrets.VAULT_ROLE_ID }}
VAULT_SECRET_ID: ${{ secrets.VAULT_SECRET_ID }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup Kubernetes authentication
run: /apps/k8s_auth_w_approle_sa.sh
- name: Add and update Helm repositories
run: |
helm repo add renlabs https://charts.renlabs.dev/
helm repo update
- id: commit
uses: prompt/actions-commit-hash@v3
- name: Set environment variables
run: |
echo "SANITIZED_REF=$(echo "${GITHUB_REF##*/}" | tr '/' '-' | tr -d '.' )" >> $GITHUB_ENV
- name: Deploy application (Branch)
if: github.ref_type == 'branch'
run: |
helmfile sync -e ${{ github.ref_name == 'main' && 'prod' || 'dev' }} \
--set deployment.image.tag=${{ steps.commit.outputs.short }}
- name: Deploy application (Tag)
if: github.ref_type == 'tag'
run: |
helmfile sync \
--state-values-set releaseName="${{ env.SANITIZED_REF }}-torus-docs" \
--state-values-set ingressHost="${{ env.SANITIZED_REF }}.docs.torus.network" \
--set deployment.image.tag=${{ steps.commit.outputs.short }}