Merge pull request #57 from kotalco/ci/aws-staging #57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build-Push dashboard | |
on: | |
push: | |
branches: | |
- main | |
- staging | |
tags: | |
- 'v*' | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: update managed-dashboard with secrets values - staging | |
if: github.ref == 'refs/heads/staging' | |
env: | |
NEXT_PUBLIC_WS_API_URL: "${{ secrets.STAGING_NEXT_PUBLIC_WS_API_URL }}" | |
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY: "${{ secrets.STAGING_NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY }}" | |
API_URL: "${{ secrets.STAGING_API_URL }}" | |
run: | | |
envsubst < .env.production > .env.production.tmp | |
mv .env.production.tmp .env.production | |
- name: update managed-dashboard with secrets values - production | |
if: github.ref == 'refs/heads/main' | |
env: | |
NEXT_PUBLIC_WS_API_URL: "${{ secrets.PROD_NEXT_PUBLIC_WS_API_URL }}" | |
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY: "${{ secrets.PROD_NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY }}" | |
API_URL: "${{ secrets.PROD_API_URL }}" | |
run: | | |
envsubst < .env.production > .env.production.tmp | |
mv .env.production.tmp .env.production | |
# - name: Install pnpm | |
# uses: pnpm/action-setup@v2 | |
# with: | |
# version: 7 | |
# - name: Cypress run | |
# uses: cypress-io/github-action@v5 | |
# with: | |
# install-command: yarn --frozen-lockfile --silent | |
# # using the action parameter command causes multiple other parameters to be ignored | |
# #command: yarn cypress:open | |
# component: true | |
# browser: chrome | |
# build: yarn build | |
# start: yarn start | |
# wait-on: "http://localhost:3000" | |
# # wait for 2 minutes for the server to respond | |
# wait-on-timeout: 120 | |
# # Cancel the run after 2 failed tests # run with cloud only | |
# # auto-cancel-after-failures: 2 | |
# - name: Cypress Artifacts | |
# # after the test run completes store videos and any screenshots | |
# # store generated videos and screenshots as CI artifacts. | |
# uses: actions/upload-artifact@v3 | |
# # add the line below to store screenshots only on failures | |
# # if: failure() | |
# with: | |
# name: cypress-screenshots | |
# path: cypress/screenshots | |
# if-no-files-found: ignore # 'warn' or 'error' are also available, defaults to `warn` | |
# - uses: actions/upload-artifact@v3 | |
# with: | |
# name: cypress-videos | |
# path: cypress/videos | |
# if-no-files-found: ignore # 'warn' or 'error' are also available, defaults to `warn` | |
- name: Generate Docker metadata for staging | |
id: meta-staging | |
uses: docker/metadata-action@v3 | |
if: github.ref == 'refs/heads/staging' | |
with: | |
images: | | |
docker.io/kotalco/cloud-dashboard | |
tags: | | |
type=ref,event=tag | |
type=sha,prefix=,suffix=,format=short | |
- name: Generate Docker metadata for production | |
id: meta-production | |
uses: docker/metadata-action@v3 | |
if: github.ref == 'refs/heads/main' | |
with: | |
images: | | |
docker.io/kotalco/cloud-dashboard | |
tags: | | |
type=ref,event=tag | |
type=sha,prefix=,suffix=,format=short | |
flavor: | | |
latest=true | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Login to DockerHub | |
uses: docker/login-action@v2 | |
with: | |
username: kotalco | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Build and push staging | |
uses: docker/build-push-action@v3 | |
if: github.ref == 'refs/heads/staging' | |
with: | |
context: . | |
push: true | |
tags: ${{ steps.meta-staging.outputs.tags }} | |
labels: ${{ steps.meta-staging.outputs.labels }} | |
- name: Build and push production | |
uses: docker/build-push-action@v3 | |
if: github.ref == 'refs/heads/main' | |
with: | |
context: . | |
push: true | |
tags: ${{ steps.meta-production.outputs.tags }} | |
labels: ${{ steps.meta-production.outputs.labels }} | |
deploy_managed-dashboard_k8s-managed-staging: | |
runs-on: ubuntu-latest | |
needs: [build] | |
if: ${{ (github.event_name == 'push') && (github.ref == 'refs/heads/staging') }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Add SHORT_SHA env property with commit short sha | |
run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-7`" >> $GITHUB_ENV | |
- name: Kustomize and validate k8s-manifests | |
uses: yokawasa/action-setup-kube-tools@v0.9.2 | |
with: | |
setup-tools: | | |
kubeconform | |
kustomize | |
kubeconform: '0.5.0' | |
kustomize: '4.5.7' | |
- run: | | |
kustomize build k8s-manifests/environments/staging | kubeconform -verbose | |
kustomize build k8s-manifests/environments/staging > ./staging-managed-dashboard.yaml | |
# environment values are passed in build time, not override in runtime -- replace image tag only in deployment.yaml file | |
- name: update managed-dashboard with secrets values - staging | |
env: | |
NEXT_PUBLIC_WS_API_URL: "${{ secrets.PROD_NEXT_PUBLIC_WS_API_URL }}" | |
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY: "${{ secrets.PROD_NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY }}" | |
API_URL: "${{ secrets.PROD_API_URL }}" | |
run: | | |
envsubst < ./staging-managed-dashboard.yaml | tee staging-managed-dashboard.yaml | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
aws-access-key-id: ${{ secrets.STAGING_AWS_ACCESS_KEY_ID_EKS_ADMIN }} | |
aws-secret-access-key: ${{ secrets.STAGING_AWS_SECRET_ACCESS_KEY_EKS_ADMIN }} | |
aws-region: eu-central-1 | |
- name: K8s-set-context to EKS staging cluster | |
if: github.ref == 'refs/heads/staging' | |
uses: azure/k8s-set-context@v4 | |
with: | |
method: kubeconfig | |
kubeconfig: ${{ secrets.STAGING_KUBECONFIG_EKS_STAGING }} | |
- name: Deploy to the EKS managed-staging cluster | |
uses: azure/k8s-deploy@v5 | |
with: | |
namespace: kotal | |
manifests: | | |
staging-managed-dashboard.yaml | |
deploy_managed-dashboard_k8s-managed-production: | |
runs-on: ubuntu-latest | |
needs: [build] | |
if: ${{ (github.event_name == 'push') && (github.ref == 'refs/heads/main') }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Add SHORT_SHA env property with commit short sha | |
run: echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-7`" >> $GITHUB_ENV | |
- name: Kustomize and validate k8s-manifests | |
uses: yokawasa/action-setup-kube-tools@v0.9.2 | |
with: | |
setup-tools: | | |
kubeconform | |
kustomize | |
kubeconform: '0.5.0' | |
kustomize: '4.5.7' | |
- run: | | |
kustomize build k8s-manifests/environments/production | kubeconform -verbose | |
kustomize build k8s-manifests/environments/production > ./prod-managed-dashboard.yaml | |
- name: update managed-dashboard with secrets values - production | |
env: | |
NEXT_PUBLIC_WS_API_URL: "${{ secrets.PROD_NEXT_PUBLIC_WS_API_URL }}" | |
NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY: "${{ secrets.PROD_NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY }}" | |
API_URL: "${{ secrets.PROD_API_URL }}" | |
run: | | |
envsubst < ./prod-managed-dashboard.yaml | tee prod-managed-dashboard.yaml | |
- name: K8s-set-context to DO managed-production cluster | |
uses: azure/k8s-set-context@v1 | |
with: | |
method: kubeconfig | |
kubeconfig: ${{ secrets.KUBECONFIG_DO_MANAGED_PRODUCTION }} | |
- name: Deploy to the DO managed-production cluster | |
uses: azure/k8s-deploy@v1 | |
with: | |
namespace: kotal | |
manifests: | | |
prod-managed-dashboard.yaml |