roleypoly/v3
1
0
Fork 0
mirror of https://github.com/roleypoly/roleypoly.git synced 2025-04-24 19:39:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
v3/.github/workflows/deploy.yml

150 lines
5.6 KiB
YAML
Raw Blame History

name: Deploy
on:
workflow_dispatch:
inputs:
environment:
description: 'One of: stage, prod'
required: true
default: stage
ui_tag:
description: 'tag/digest reference to a UI container build'
required: false
default: ':main'
bot_tag:
description: 'tag/digest reference to a UI container build'
required: false
default: ':main'
worker_tag:
description: 'bucket key to fetch worker from'
required: false
default: '' # Empty will try using current main branch hash
jobs:
docker_sync:
runs-on: ubuntu-latest
outputs:
ui_tag: steps.tags.ui_tag
bot_tag: steps.tags.bot_tag
steps:
- uses: actions/checkout@master
- uses: docker/setup-buildx-action@v1
id: buildx
with:
install: true
- name: Login to GHCR
uses: docker/login-action@v1
with:
registry: ghcr.io
username: roleypoly
password: ${{ secrets.GHCR_PAT }}
- name: Login to GAR US
uses: docker/login-action@v1
with:
registry: us-docker.pkg.dev
username: _json_key
password: ${{ secrets.GAR_JSON_KEY }}
- name: Login to GAR Europe
uses: docker/login-action@v1
with:
registry: europe-docker.pkg.dev
username: _json_key
password: ${{ secrets.GAR_JSON_KEY }}
- name: Login to GAR Asia
uses: docker/login-action@v1
with:
registry: asia-docker.pkg.dev
username: _json_key
password: ${{ secrets.GAR_JSON_KEY }}
- name: Retag
id: tags
run: |
retag_push() {
docker tag $1 $2
docker push $2
}
UI_IMAGE_SRC=ghcr.io/roleypoly/ui${{github.event.inputs.ui_tag}}
UI_IMAGE_DEST_BASE=docker.pkg.dev/roleypoly/roleypoly/ui:${{github.event.inputs.environment}}
docker pull $UI_IMAGE_SRC
retag_push $UI_IMAGE_SRC us-$UI_IMAGE_DEST_BASE
retag_push $UI_IMAGE_SRC europe-$UI_IMAGE_DEST_BASE
retag_push $UI_IMAGE_SRC asia-$UI_IMAGE_DEST_BASE
echo ::set-output name=ui_tag::@$(docker inspect $UI_IMAGE_SRC -f '{{.Id}}')
BOT_IMAGE_SRC=ghcr.io/roleypoly/bot${{github.event.inputs.bot_tag}}
BOT_IMAGE_DEST_BASE=docker.pkg.dev/roleypoly/roleypoly/bot:${{github.event.inputs.environment}}
docker pull $BOT_IMAGE_SRC
retag_push $BOT_IMAGE_SRC us-$BOT_IMAGE_DEST_BASE
echo ::set-output name=bot_tag::@$(docker inspect $BOT_IMAGE_SRC -f '{{.Id}}')
deploy_terraform:
runs-on: ubuntu-latest
needs:
- docker_sync
steps:
- uses: actions/checkout@master
- uses: hashicorp/setup-terraform@v1
with:
terraform_version: ^0.14.0
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@master
with:
project_id: ${{ secrets.GCS_PROJECT_ID }}
service_account_key: ${{ secrets.GCS_TF_KEY }}
export_default_credentials: true
- name: Get Google Secrets (they keep them in a box under a tree)
id: secrets
uses: google-github-actions/get-secretmanager-secrets@main
with:
secrets: |-
secretJSON:${{ secrets.GCS_PROJECT_ID }}/${{github.event.inputs.environment}}-tfvars
- name: Pull necessary artifacts
working-directory: ./terraform
run: |
currentHash=${{ github.sha }}
targetArtifact=${{ github.event.inputs.worker_tag }}
selected="${targetArtifact:-$currentHash}"
mkdir worker-dist
gsutil cp gs://roleypoly-artifacts/backend-worker/$selected/script.js worker-dist/backend-worker.js
- name: Terraform init
working-directory: ./terraform
run: |
terraform init --backend-config "prefix=${{github.event.inputs.environment}}"
- name: Write *.auto.tfvars.json files
working-directory: ./terraform
run: |
echo '{"ui_tag": "${{needs.docker_sync.outputs.ui_tag}}", "bot_tag": "${{needs.docker_sync.outputs.bot_tag}}", "api_path_to_worker": "./worker-dist/backend-worker.js"}' | jq . | tee tags.tfvars.auto.json
echo ${SECRET_TFVARS} > secrets.auto.tfvars.json
env:
SECRET_TFVARS: ${{ steps.secrets.outputs.secretJSON }}
- name: Terraform plan
working-directory: ./terraform
run: |
terraform plan \
-var-file variables/global.tfvars \
-var-file variables/${{github.event.inputs.environment}}.tfvars \
-out=./deployment.tfplan
- name: Terraform apply
working-directory: ./terraform
run: |
terraform apply \
-auto-approve \
deployment.tfplan
Reference in a new issue View git blame Copy permalink