digitalronin/cd.yaml

## cd.yaml
name: Continuous Deployment

on:
  push:
    branches:
      - 'main'

jobs:
  main:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Build content-api image
        run: |
          cd content-api
          docker build -t content-api .
      - name: Push content-api to ECR
        uses: jwalton/gh-ecr-push@v1
        with:
          access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
          secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
          region: eu-west-2
          local-image: content-api
          image: ${{ secrets.ECR_NAME }}:content-api-${{ github.sha }}
      - name: Build worker image
        run: |
          cd worker
          docker build -t worker .
      - name: Push worker to ECR
        uses: jwalton/gh-ecr-push@v1
        with:
          access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
          secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
          region: eu-west-2
          local-image: worker
          image: ${{ secrets.ECR_NAME }}:worker-${{ github.sha }}
      - name: Build rails-app image
        run: |
          cd rails-app
          docker build -t rails-app .
      - name: Push rails-app to ECR
        uses: jwalton/gh-ecr-push@v1
        with:
          access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
          secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
          region: eu-west-2
          local-image: rails-app
          image: ${{ secrets.ECR_NAME }}:rails-app-${{ github.sha }}
      - name: Update `values.yaml`
        run: |
          export GITHUB_SHA=${{ github.sha }}
          export ECR_URL=${{ secrets.ECR_URL }}
          cat helm_deploy/multi-container-app/values.tpl \
            | envsubst > helm_deploy/multi-container-app/values.yaml
      - name: Authenticate to the cluster
        env:
          KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
        run: |
          echo "${{ secrets.KUBE_CERT }}" > ca.crt
          kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://api.${KUBE_CLUSTER}
          kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN }}
          kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${{ secrets.KUBE_NAMESPACE }}
          kubectl config use-context ${KUBE_CLUSTER}
      - name: Upgrade the Helm chart
        run: |
          cd helm_deploy/multi-container-app/
          helm upgrade myapplication . \
            --values values.yaml \
            --namespace ${{ secrets.KUBE_NAMESPACE }}

## values.tpl
# Default values for multi-container-app.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

databaseUrlSecretName: rds-instance-output
contentapiurl: "http://content-api-service:4567/image_url.json"

ingress:
  enabled: true
  annotations:
    kubernetes.io/ingress.class: nginx
    kubernetes.io/tls-acme: "true"
  hosts:
    - host: helm-cd.apps.live-1.cloud-platform.service.justice.gov.uk
      paths: []
  # Update tls for custom domain and update secretName where certificate is stored
  # tls:
  #   - secretName: <CERTIFICATE-SECRET-NAME>
  #     hosts:
  #       - <DNS-PREFIX>.apps.live-1.cloud-platform.service.justice.gov.uk

postgresql:
  enabled: true
  existingSecret: container-postgres-secrets
  postgresqlDatabase: multi_container_demo_app
  persistence:
    enabled: false

contentapi:
  replicaCount: 1
  image:
    repository: ${ECR_URL}
    tag: content-api-${GITHUB_SHA}
    pullPolicy: IfNotPresent
  containerPort: 4567
  imagePullSecrets: []
  nameOverride: ""
  fullnameOverride: ""
  service:
    type: ClusterIP
    port: 4567
    targetPort: 4567

railsapp:
  replicaCount: 1
  image:
    repository: ${ECR_URL}
    tag: rails-app-${GITHUB_SHA}
    pullPolicy: IfNotPresent
  containerPort: 3000
  imagePullSecrets: []
  nameOverride: ""
  fullnameOverride: ""
  service:
    type: ClusterIP
    port: 3000
    targetPort: 3000
  job:
    backoffLimit: 4
    restartPolicy: OnFailure

worker:
  replicaCount: 1
  image:
    repository: ${ECR_URL}
    tag: worker-${GITHUB_SHA}
    pullPolicy: IfNotPresent
  containerPort: 4567
  imagePullSecrets: []
  nameOverride: ""
  fullnameOverride: ""
	name: Continuous Deployment

	on:
	push:
	branches:
	- 'main'

	jobs:
	main:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v2
	- name: Build content-api image
	run: \|
	cd content-api
	docker build -t content-api .
	- name: Push content-api to ECR
	uses: jwalton/gh-ecr-push@v1
	with:
	access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
	secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
	region: eu-west-2
	local-image: content-api
	image: ${{ secrets.ECR_NAME }}:content-api-${{ github.sha }}
	- name: Build worker image
	run: \|
	cd worker
	docker build -t worker .
	- name: Push worker to ECR
	uses: jwalton/gh-ecr-push@v1
	with:
	access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
	secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
	region: eu-west-2
	local-image: worker
	image: ${{ secrets.ECR_NAME }}:worker-${{ github.sha }}
	- name: Build rails-app image
	run: \|
	cd rails-app
	docker build -t rails-app .
	- name: Push rails-app to ECR
	uses: jwalton/gh-ecr-push@v1
	with:
	access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
	secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
	region: eu-west-2
	local-image: rails-app
	image: ${{ secrets.ECR_NAME }}:rails-app-${{ github.sha }}
	- name: Update `values.yaml`
	run: \|
	export GITHUB_SHA=${{ github.sha }}
	export ECR_URL=${{ secrets.ECR_URL }}
	cat helm_deploy/multi-container-app/values.tpl \
	\| envsubst > helm_deploy/multi-container-app/values.yaml
	- name: Authenticate to the cluster
	env:
	KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
	run: \|
	echo "${{ secrets.KUBE_CERT }}" > ca.crt
	kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://api.${KUBE_CLUSTER}
	kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN }}
	kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${{ secrets.KUBE_NAMESPACE }}
	kubectl config use-context ${KUBE_CLUSTER}
	- name: Upgrade the Helm chart
	run: \|
	cd helm_deploy/multi-container-app/
	helm upgrade myapplication . \
	--values values.yaml \
	--namespace ${{ secrets.KUBE_NAMESPACE }}
	# Default values for multi-container-app.
	# This is a YAML-formatted file.
	# Declare variables to be passed into your templates.

	databaseUrlSecretName: rds-instance-output
	contentapiurl: "http://content-api-service:4567/image_url.json"

	ingress:
	enabled: true
	annotations:
	kubernetes.io/ingress.class: nginx
	kubernetes.io/tls-acme: "true"
	hosts:
	- host: helm-cd.apps.live-1.cloud-platform.service.justice.gov.uk
	paths: []
	# Update tls for custom domain and update secretName where certificate is stored
	# tls:
	# - secretName: <CERTIFICATE-SECRET-NAME>
	# hosts:
	# - <DNS-PREFIX>.apps.live-1.cloud-platform.service.justice.gov.uk

	postgresql:
	enabled: true
	existingSecret: container-postgres-secrets
	postgresqlDatabase: multi_container_demo_app
	persistence:
	enabled: false

	contentapi:
	replicaCount: 1
	image:
	repository: ${ECR_URL}
	tag: content-api-${GITHUB_SHA}
	pullPolicy: IfNotPresent
	containerPort: 4567
	imagePullSecrets: []
	nameOverride: ""
	fullnameOverride: ""
	service:
	type: ClusterIP
	port: 4567
	targetPort: 4567

	railsapp:
	replicaCount: 1
	image:
	repository: ${ECR_URL}
	tag: rails-app-${GITHUB_SHA}
	pullPolicy: IfNotPresent
	containerPort: 3000
	imagePullSecrets: []
	nameOverride: ""
	fullnameOverride: ""
	service:
	type: ClusterIP
	port: 3000
	targetPort: 3000
	job:
	backoffLimit: 4
	restartPolicy: OnFailure

	worker:
	replicaCount: 1
	image:
	repository: ${ECR_URL}
	tag: worker-${GITHUB_SHA}
	pullPolicy: IfNotPresent
	containerPort: 4567
	imagePullSecrets: []
	nameOverride: ""
	fullnameOverride: ""