fix/ci: build with environment specific API URI value (#4) #69

Workflow file for this run

.github/workflows/ci_pipeline.yml at 325285d

	name: CI/CD Pipeline

	on:
	push:
	branches:
	- "**"
	tags:
	- "v..*"
	pull_request:
	branches:
	- "main"

	env:
	APP_VERSION: ${{ github.ref_name }}

	jobs:
	build-and-upload-artifact:
	name: Build and upload artifact
	runs-on: [self-hosted-linux]
	steps:
	- name: Checkout the repository
	uses: actions/checkout@v4

	- name: Set up Node.js
	uses: actions/setup-node@v4
	with:
	node-version: "20"
	cache: "npm"

	- name: Install dependencies
	run: npm install

	- name: Build application
	run: npm run build:production

	- name: Compress build output
	run: tar czvf dist.tar.gz dist/

	- name: Upload build artifact
	uses: actions/upload-artifact@v4
	with:
	name: angular-build
	path: dist.tar.gz


	build-and-publish:
	name: Create and push Docker image
	needs: build-and-upload-artifact
	if: github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/tags/v')
	runs-on: [self-hosted-linux]
	outputs:
	image_version: ${{ steps.meta.outputs.version }}
	steps:
	- name: Checkout the repository
	uses: actions/checkout@v4

	- name: Download build artifact
	uses: actions/download-artifact@v4
	with:
	name: angular-build
	path: ./artifacts

	- name: Extract build artifact
	run: tar xzf ./artifacts/dist.tar.gz -C .

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3
	with:
	driver: docker

	- name: Import secrets
	id: import-secrets
	uses: hashicorp/vault-action@v3
	with:
	url: ${{ secrets.VAULT_URL }}
	method: approle
	roleId: ${{ secrets.VAULT_ROLE_ID }}
	secretId: ${{ secrets.VAULT_SECRET_ID }}
	secrets: \|
	kv/team/text/data/harbor *

	- name: Log in to Harbor
	uses: docker/login-action@v3
	with:
	registry: ${{ steps.import-secrets.outputs.HARBOR_URL }}
	username: ${{ steps.import-secrets.outputs.HARBOR_USERNAME }}
	password: ${{ steps.import-secrets.outputs.HARBOR_PASSWORD }}

	- name: Extract metadata (tags, labels) for Docker
	id: meta
	uses: docker/metadata-action@v5
	with:
	images: ${{ steps.import-secrets.outputs.HARBOR_URL }}/tekst/moki
	tags: \|
	type=semver,pattern={{version}}
	type=ref,event=branch
	type=ref,event=pr

	- name: Build and push image
	uses: docker/build-push-action@v5
	with:
	push: true
	context: .
	tags: ${{ steps.meta.outputs.tags }}
	labels: ${{ steps.meta.outputs.labels }}
	build-args: \|
	HTTP_PROXY=${{ secrets.HTTP_PROXY }}
	HTTPS_PROXY=${{ secrets.HTTPS_PROXY }}

	deploy-to-stage:
	name: Deploy stage environment
	needs: build-and-publish
	runs-on: [self-hosted-linux]
	if: github.ref == 'refs/heads/main'
	environment: stage
	steps:
	- name: Checkout the repository
	uses: actions/checkout@v4

	- name: Import k8s secrets
	id: import-k8s-secrets
	uses: hashicorp/vault-action@v3
	with:
	url: ${{ secrets.VAULT_URL }}
	method: approle
	roleId: ${{ secrets.VAULT_ROLE_ID }}
	secretId: ${{ secrets.VAULT_SECRET_ID }}
	secrets: \|
	kv/team/text/data/k8s-text-stage *

	- name: Import harbor secrets
	id: import-harbor-secrets
	uses: hashicorp/vault-action@v3
	with:
	url: ${{ secrets.VAULT_URL }}
	method: approle
	roleId: ${{ secrets.VAULT_ROLE_ID }}
	secretId: ${{ secrets.VAULT_SECRET_ID }}
	secrets: \|
	kv/team/text/data/harbor *

	- name: Set up kubectl
	uses: azure/setup-kubectl@v4
	with:
	version: 'v1.26.5'

	- name: Deploy to stage cluster
	run: \|
	echo "Deploying to stage version ${{ env.APP_VERSION }}"
	sed -i "s\|<image>\|${{ steps.import-harbor-secrets.outputs.HARBOR_URL }}/tekst/moki:${{ needs.build-and-publish.outputs.image_version }}\|g" k8s/stage/moki.yml
	sed -i "s/<api_host_url>/${{ steps.import-k8s-secrets.outputs.K8S_HOST_URL }}/g" k8s/stage/moki.yml
	sed -i "s/<host_url>/${{ steps.import-k8s-secrets.outputs.K8S_HOST_URL }}/g" k8s/stage/moki.yml
	kubectl config set-cluster stagecl --server=${{ steps.import-k8s-secrets.outputs.K8S_STAGE_SERVER }}
	kubectl config set clusters.stagecl.certificate-authority-data ${{ steps.import-k8s-secrets.outputs.K8S_STAGE_NB_NO_CA }}
	kubectl config set-credentials ${{ steps.import-k8s-secrets.outputs.K8S_STAGE_USER }} --token=${{ steps.import-k8s-secrets.outputs.K8S_STAGE_NB_NO_TOKEN }}
	kubectl config set-context tekst --cluster=stagecl --user=${{ steps.import-k8s-secrets.outputs.K8S_STAGE_USER }} --namespace=tekst-stage
	kubectl config use-context tekst
	kubectl config view
	kubectl version
	kubectl apply -f k8s/stage
	kubectl rollout restart deployment moki-deployment

	deploy-to-prod:
	name: Deploy production environment
	needs: build-and-publish
	runs-on: [self-hosted-linux]
	if: startsWith(github.ref, 'refs/tags/v')
	environment: production
	steps:
	- name: Checkout the repository
	uses: actions/checkout@v4

	- name: Import k8s secrets
	id: import-k8s-secrets
	uses: hashicorp/vault-action@v3
	with:
	url: ${{ secrets.VAULT_URL }}
	method: approle
	roleId: ${{ secrets.VAULT_ROLE_ID }}
	secretId: ${{ secrets.VAULT_SECRET_ID }}
	secrets: \|
	kv/team/text/data/k8s-text-prod *

	- name: Import harbor secrets
	id: import-harbor-secrets
	uses: hashicorp/vault-action@v3
	with:
	url: ${{ secrets.VAULT_URL }}
	method: approle
	roleId: ${{ secrets.VAULT_ROLE_ID }}
	secretId: ${{ secrets.VAULT_SECRET_ID }}
	secrets: \|
	kv/team/text/data/harbor *

	- name: Set up kubectl
	uses: azure/setup-kubectl@v4
	with:
	version: 'v1.26.5'

	- name: Deploy to production cluster
	run: \|
	echo "Deploying to production version ${{ env.APP_VERSION }}"
	sed -i "s\|<image>\|${{ steps.import-harbor-secrets.outputs.HARBOR_URL }}/tekst/moki:${{ needs.build-and-publish.outputs.image_version }}\|g" k8s/prod/moki.yml
	sed -i "s/<api_host_url>/${{ steps.import-k8s-secrets.outputs.K8S_HOST_URL }}/g" k8s/prod/moki.yml
	sed -i "s/<host_url>/${{ steps.import-k8s-secrets.outputs.K8S_PRODUCTION_HOST_URL }}/g" k8s/prod/moki.yml
	kubectl config set-cluster prodcl --server=${{ steps.import-k8s-secrets.outputs.K8S_PROD_SERVER }}
	kubectl config set clusters.prodcl.certificate-authority-data ${{ steps.import-k8s-secrets.outputs.K8S_PROD_NB_NO_CA }}
	kubectl config set-credentials ${{ steps.import-k8s-secrets.outputs.K8S_PROD_USER }} --token=${{ steps.import-k8s-secrets.outputs.K8S_PROD_NB_NO_TOKEN }}
	kubectl config set-context tekst --cluster=prodcl --user=${{ steps.import-k8s-secrets.outputs.K8S_PROD_USER }} --namespace=tekst-prod
	kubectl config use-context tekst
	kubectl config view
	kubectl version
	kubectl apply -f k8s/prod
	kubectl rollout restart deployment moki-deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix/ci: build with environment specific API URI value (#4) #69

Workflow file

fix/ci: build with environment specific API URI value (#4) #69

Uh oh!

Jobs

Run details

Workflow file for this run