-
Notifications
You must be signed in to change notification settings - Fork 0
168 lines (145 loc) · 6.37 KB
/
eks_deploy_with_subdomain.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
name: eks_deploy_with_subdomain
on:
workflow_call:
inputs:
SERVICE_NAME:
required: true
type: string
SERVICE_EKS_NAMESPACE:
required: false
type: string
SERVICE_SUBDOMAIN:
required: false
type: string
SERVICE_SUBDOMAIN_TLS_ENABLED:
required: false
type: string
DOCKERHUB_USERNAME:
required: true
type: string
DOCKERHUB_REPO:
required: true
type: string
HELM_REPO_NAME:
required: false
type: string
default: dooqod/nodeservice
HELM_REPO_VALUES_PATH:
required: false
type: string
default: ./helm/values.yaml
secrets:
AWS_ACCESS_KEY_ID:
required: true
AWS_REGION:
required: true
AWS_SECRET_ACCESS_KEY:
required: true
DOCKERHUB_TOKEN:
required: true
KUBE_CONFIG_DATA:
required: true
SERVICE_DOPPLER_TOKEN:
required: true
HELM_REPO_GITHUB_TOKEN:
required: true
CF_DOMAIN:
required: true
CF_EMAIL:
required: true
CF_TOKEN:
required: true
jobs:
eks_deploy_with_subdomain:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- uses: dopplerhq/cli-action@v2
# Service doppler secrets set to env for main
- name: Login in Doppler, set Doppler env from github action project
run: |
doppler secrets download --no-file --format=docker --token="${{ secrets.SERVICE_DOPPLER_TOKEN }}" | grep ^HELM_CONFIG_ >> $GITHUB_ENV;
# We have one AWS account for github ci
- name: AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
# Extract branch sha name
- name: Extract branch short sha
id: git_extract_branch_sha
shell: bash
run: |
echo "REPO_SHA_SHORT=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
echo "Output for sha_short is: ${{ steps.git_extract_branch_sha.outputs.REPO_SHA_SHORT }}"
# Get hostname
- name: Get hostname
id: hostname
if: inputs.SERVICE_SUBDOMAIN != '' || env.HELM_CONFIG_SERVICE_SUBDOMAIN != ''
uses: koslib/helm-eks-action@v1.26.0
env:
KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG_DATA }}
with:
command: kubectl get svc ingress-nginx-controller -n ingress-nginx -o json | jq -r '.status.loadBalancer.ingress[0].hostname'
# Install python
- name: Setup python
if: inputs.SERVICE_SUBDOMAIN != '' || env.HELM_CONFIG_SERVICE_SUBDOMAIN != ''
uses: actions/setup-python@v4
with:
python-version: 3.8
- name: Install dependencies
run: |
pip install requests
- name: Helm configurations construction as a --set addon
id: helmconfig
run: |
echo "1. Constructing Ingress --set addon based on HELM config"
INGRESS_SET_STR=""
echo "Creating subdomain ${{ inputs.SERVICE_SUBDOMAIN || env.HELM_CONFIG_SERVICE_SUBDOMAIN }} for service ${{ inputs.SERVICE_NAME }} under Cloudflare "
INGRESS_SET_STR+=" --set 'ingress.hosts[0].host=${{ inputs.SERVICE_SUBDOMAIN || env.HELM_CONFIG_SERVICE_SUBDOMAIN }},ingress.hosts[0].paths[0].path=/,ingress.hosts[0].paths[0].pathType=Prefix'"
echo "Dooqod:: Check TLS config and enhance add-on if needed - ${{ inputs.SERVICE_SUBDOMAIN_TLS_ENABLED || env.HELM_CONFIG_SERVICE_SUBDOMAIN_TLS_ENABLED }}"
if [ -n "${{ inputs.SERVICE_SUBDOMAIN_TLS_ENABLED || env.HELM_CONFIG_SERVICE_SUBDOMAIN_TLS_ENABLED }}" ]; then
echo "Dooqod:: Check TLS evaluated to true, should extending with TLS value. "
INGRESS_SET_STR+=" --set 'ingress.tls[0].hosts[0]=${{ inputs.SERVICE_SUBDOMAIN || env.HELM_CONFIG_SERVICE_SUBDOMAIN }}'"
fi
echo "INGRESS_SET_STR value is: ${INGRESS_SET_STR}"
echo "INGRESS_SET_ADDON=$(echo $INGRESS_SET_STR)" >>$GITHUB_OUTPUT
# Create subdomain
- name: Create subdomain if service has that settings under Doppler
id: create_subdomain
if: inputs.SERVICE_SUBDOMAIN != '' || env.HELM_CONFIG_SERVICE_SUBDOMAIN != ''
run: |
echo "Creating subdomain for service"
cf_output=$(python cf-utils.py)
echo "SUBDOMAIN_URL=$(echo -n $cf_output)" >> $GITHUB_OUTPUT
echo "Subdomain ${cf_output} for service ${{ inputs.SERVICE_NAME }} created."
env:
CF_TOKEN: ${{ secrets.CF_TOKEN }}
CF_EMAIL: ${{ secrets.CF_EMAIL }}
CF_DOMAIN: ${{ secrets.CF_DOMAIN }}
SUBDOMAIN: ${{ inputs.SERVICE_SUBDOMAIN || env.HELM_CONFIG_SERVICE_SUBDOMAIN }}
IP: ${{ steps.hostname.outputs.response }}
# Deploying into k8s
- name: Deploy ${{ inputs.SERVICE_NAME }} to kubernetes namespace ${{ inputs.SERVICE_EKS_NAMESPACE || env.HELM_CONFIG_EKS_NAMESPACE }}
id: eksdeploy
# if: secrets.AWS_EKS_NAMESPACE != '' && secrets.SERVICE_NAME != ''
uses: koslib/helm-eks-action@v1.26.0
env:
KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG_DATA }}
with:
command: |
helm repo add dooqod \
--username ${{ secrets.HELM_REPO_GITHUB_TOKEN}} \
--password ${{ secrets.HELM_REPO_GITHUB_TOKEN }} \
"https://raw.githubusercontent.com/dooqod/helm-repo/main/"
helm repo update && helm search repo nodeservice
helm upgrade ${{ inputs.SERVICE_NAME }} --install --wait --atomic \
--create-namespace --namespace=${{ inputs.SERVICE_EKS_NAMESPACE || env.HELM_CONFIG_EKS_NAMESPACE }} \
--set "imageCredentials.username=${{ inputs.DOCKERHUB_USERNAME }},imageCredentials.password=${{ secrets.DOCKERHUB_TOKEN }}" \
--set "image.repository=${{ inputs.DOCKERHUB_USERNAME }}/${{ inputs.DOCKERHUB_REPO || inputs.SERVICE_NAME }}" \
--set "image.tag=${{ steps.git_extract_branch_sha.outputs.REPO_SHA_SHORT }}" \
--set "ghargs.dopplerToken=${{ secrets.SERVICE_DOPPLER_TOKEN }}" \
${{steps.helmconfig.outputs.INGRESS_SET_ADDON}} \
${{ inputs.HELM_REPO_NAME }} -f ${{ inputs.HELM_REPO_VALUES_PATH }}