├── README.md └── .github └── workflows └── branch.yml /README.md: -------------------------------------------------------------------------------- 1 | # FSF CI Workflow 2 | 3 | This workflow describes the steps outlined in First Street's deployment pipeline. 4 | 5 | From branches, deployments are handled directly if the branch name matches expected patterns. 6 | 7 | From tags, deployments are sent to production if the tag is signed by the correct authority. 8 | 9 | 10 | -------------------------------------------------------------------------------- /.github/workflows/branch.yml: -------------------------------------------------------------------------------- 1 | name: Build and Deploy Branch 2 | on: 3 | workflow_call: 4 | inputs: 5 | appname: 6 | required: true 7 | type: string 8 | helm_name: 9 | required: true 10 | type: string 11 | dev_ns: 12 | required: true 13 | type: string 14 | stg_ns: 15 | required: true 16 | type: string 17 | prod_ns: 18 | required: true 19 | type: string 20 | use_ssm: 21 | default: true 22 | required: false 23 | type: boolean 24 | simple_deploy: 25 | default: false 26 | required: false 27 | type: boolean 28 | dockerfile: 29 | default: "Dockerfile" 30 | required: false 31 | type: string 32 | secrets: 33 | AWS_ACCESS_KEY_ID: 34 | required: true 35 | AWS_SECRET_ACCESS_KEY: 36 | required: true 37 | 38 | env: 39 | REGISTRY: ghcr.io 40 | IMAGE_NAME: ${{ github.repository }} 41 | APP_NAME: ${{ inputs.appname }} 42 | HELM_NAME: ${{ inputs.helm_name }} 43 | DEV_NS: ${{ inputs.dev_ns }} 44 | STG_NS: ${{ inputs.stg_ns }} 45 | PROD_NS: ${{ inputs.prod_ns }} 46 | SIMPLE_DEPLOY: ${{ inputs.simple_deploy }} 47 | USE_SSM: ${{ inputs.use_ssm }} 48 | DOCKERFILE: ${{ inputs.dockerfile }} 49 | 50 | jobs: 51 | Build: 52 | runs-on: [self-hosted, buildbox] 53 | permissions: 54 | contents: read 55 | packages: write 56 | # outputs: 57 | # appenv: ${{ steps.setappenv.outputs.env }} 58 | 59 | steps: 60 | - name: checkout 61 | uses: actions/checkout@v2 62 | 63 | - name: Setup buildx 64 | uses: docker/setup-buildx-action@v1 65 | id: buildx 66 | with: 67 | install: true 68 | 69 | - name: Cache Docker layers 70 | uses: actions/cache@v2 71 | with: 72 | path: /tmp/.buildx-cache 73 | key: ${{ runner.os }}-buildx-${{ github.sha }}-v2 74 | restore-keys: | 75 | ${{ runner.os }}-buildx-${{ github.sha }}-v2 76 | 77 | - name: Log in to the Container registry 78 | uses: docker/login-action@v1 79 | with: 80 | registry: ${{ env.REGISTRY }} 81 | username: ${{ github.actor }} 82 | password: ${{ secrets.GITHUB_TOKEN }} 83 | 84 | - name: Extract metadata (tags, labels) for Docker 85 | id: meta 86 | uses: docker/metadata-action@v3 87 | with: 88 | images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} 89 | tags: | 90 | type=ref,event=branch 91 | type=ref,event=pr 92 | type=sha,format=long 93 | 94 | - name: Build and push Docker image 95 | uses: docker/build-push-action@v2 96 | with: 97 | context: . 98 | push: ${{ github.event_name != 'pull_request' }} 99 | file: ${{ env.DOCKERFILE }} 100 | tags: ${{ steps.meta.outputs.tags }} 101 | labels: ${{ steps.meta.outputs.labels }} 102 | cache-from: type=local,src=/tmp/.buildx-cache 103 | cache-to: type=local,dest=/tmp/.buildx-cache-new 104 | 105 | - name: Move cache 106 | run: | 107 | rm -rf /tmp/.buildx-cache 108 | mv /tmp/.buildx-cache-new /tmp/.buildx-cache 109 | 110 | # This only works for pub repos 111 | # - id: setappenv 112 | # run: | 113 | # if [[ "$GITHUB_REF_NAME" == *"develop"* ]]; then 114 | # echo "::set-output name=DEPLOY_ENV::development" 115 | # elif [[ "$GITHUB_REF_NAME" == *"master"* ]]; then 116 | # echo "::set-output name=DEPLOY_ENV::production" 117 | # fi 118 | 119 | Deploy: 120 | needs: [Build] 121 | runs-on: [self-hosted, linux] 122 | # environment: ${{needs.Build.outputs.appenv}} 123 | steps: 124 | - uses: actions/checkout@v2 125 | 126 | - name: Prepare deployment 127 | env: 128 | GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} 129 | 130 | run: | 131 | # Release .dev tags and `master` branch puches to develop 132 | if [[ "$GITHUB_REF_NAME" == *"develop"* ]]; then 133 | echo "VALUES=_k/${HELM_NAME}/values-dev.yaml" >> $GITHUB_ENV 134 | echo "CONF_ENV=dev" >> $GITHUB_ENV 135 | echo "NAMESPACE=${DEV_NS}" >> $GITHUB_ENV 136 | elif [[ "$GITHUB_REF_NAME" == *"master"* ]]; then 137 | echo "VALUES=_k/${HELM_NAME}/values-prod.yaml" >> $GITHUB_ENV 138 | echo "CONF_ENV=prod" >> $GITHUB_ENV 139 | echo "NAMESPACE=${PROD_NS}" >> $GITHUB_ENV 140 | fi 141 | 142 | - uses: azure/setup-kubectl@v1 143 | with: 144 | version: "v1.22.4" 145 | 146 | - uses: actions/setup-node@v2 147 | - uses: azure/setup-helm@v1 148 | with: 149 | version: "v3.2.1" # default is latest stable 150 | 151 | - name: AWS Credentials 152 | uses: aws-actions/configure-aws-credentials@v1 153 | with: 154 | aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} 155 | aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} 156 | aws-region: us-east-1 157 | 158 | - name: Deploying Namespace 159 | run: | 160 | echo $NAMESPACE 161 | echo $VALUES 162 | 163 | - name: Deploy 164 | run: | 165 | aws eks update-kubeconfig --name fsf-prod 166 | if [[ $USE_SSM == true ]]; then 167 | helm plugin remove ssm || true 168 | helm plugin add https://github.com/seripap/helm-ssm || true 169 | helm ssm -f $VALUES 170 | fi 171 | 172 | sed -i "s/^appVersion:.*$/appVersion: \"$(git describe)\"/" _k/$APP_NAME/Chart.yaml 173 | 174 | if [[ $SIMPLE_DEPLOY == true ]]; then 175 | helm upgrade $APP_NAME _k/$APP_NAME --install --namespace $NAMESPACE --set app.image.tag=sha-$GITHUB_SHA -f $VALUES --wait --timeout 60s 176 | else 177 | helm upgrade $APP_NAME _k/$APP_NAME --install --namespace $NAMESPACE --set app.config=$CONF_ENV,volume.path=$CONF_ENV.conf,app.image.tag=sha-$GITHUB_SHA -f $VALUES --wait --timeout 60s --debug 178 | fi 179 | --------------------------------------------------------------------------------