Skip to content

Instantly share code, notes, and snippets.

@digitalronin
Created February 16, 2021 07:15
Show Gist options
  • Save digitalronin/98819329227b6b2f6fb0e9de679ba8b3 to your computer and use it in GitHub Desktop.
Save digitalronin/98819329227b6b2f6fb0e9de679ba8b3 to your computer and use it in GitHub Desktop.
name: Continuous Deployment
on:
push:
branches:
- 'main'
jobs:
main:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Build content-api image
run: |
cd content-api
docker build -t content-api .
- name: Push content-api to ECR
uses: jwalton/gh-ecr-push@v1
with:
access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
region: eu-west-2
local-image: content-api
image: ${{ secrets.ECR_NAME }}:content-api-${{ github.sha }}
- name: Build worker image
run: |
cd worker
docker build -t worker .
- name: Push worker to ECR
uses: jwalton/gh-ecr-push@v1
with:
access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
region: eu-west-2
local-image: worker
image: ${{ secrets.ECR_NAME }}:worker-${{ github.sha }}
- name: Build rails-app image
run: |
cd rails-app
docker build -t rails-app .
- name: Push rails-app to ECR
uses: jwalton/gh-ecr-push@v1
with:
access-key-id: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
secret-access-key: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
region: eu-west-2
local-image: rails-app
image: ${{ secrets.ECR_NAME }}:rails-app-${{ github.sha }}
- name: Update `values.yaml`
run: |
export GITHUB_SHA=${{ github.sha }}
export ECR_URL=${{ secrets.ECR_URL }}
cat helm_deploy/multi-container-app/values.tpl \
| envsubst > helm_deploy/multi-container-app/values.yaml
- name: Authenticate to the cluster
env:
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
run: |
echo "${{ secrets.KUBE_CERT }}" > ca.crt
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://api.${KUBE_CLUSTER}
kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN }}
kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${{ secrets.KUBE_NAMESPACE }}
kubectl config use-context ${KUBE_CLUSTER}
- name: Upgrade the Helm chart
run: |
cd helm_deploy/multi-container-app/
helm upgrade myapplication . \
--values values.yaml \
--namespace ${{ secrets.KUBE_NAMESPACE }}
# Default values for multi-container-app.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
databaseUrlSecretName: rds-instance-output
contentapiurl: "http://content-api-service:4567/image_url.json"
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
hosts:
- host: helm-cd.apps.live-1.cloud-platform.service.justice.gov.uk
paths: []
# Update tls for custom domain and update secretName where certificate is stored
# tls:
# - secretName: <CERTIFICATE-SECRET-NAME>
# hosts:
# - <DNS-PREFIX>.apps.live-1.cloud-platform.service.justice.gov.uk
postgresql:
enabled: true
existingSecret: container-postgres-secrets
postgresqlDatabase: multi_container_demo_app
persistence:
enabled: false
contentapi:
replicaCount: 1
image:
repository: ${ECR_URL}
tag: content-api-${GITHUB_SHA}
pullPolicy: IfNotPresent
containerPort: 4567
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
service:
type: ClusterIP
port: 4567
targetPort: 4567
railsapp:
replicaCount: 1
image:
repository: ${ECR_URL}
tag: rails-app-${GITHUB_SHA}
pullPolicy: IfNotPresent
containerPort: 3000
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
service:
type: ClusterIP
port: 3000
targetPort: 3000
job:
backoffLimit: 4
restartPolicy: OnFailure
worker:
replicaCount: 1
image:
repository: ${ECR_URL}
tag: worker-${GITHUB_SHA}
pullPolicy: IfNotPresent
containerPort: 4567
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment