fix secret path for vault credential #13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Primaza Push Build | |
on: | |
push: | |
branches: [ ci-vault ] | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
java: [ | |
{ 'version': '17', 'opts': '' } | |
] | |
name: build with jdk ${{matrix.java.version}} | |
steps: | |
- uses: actions/checkout@v3 | |
name: checkout | |
- uses: actions/setup-java@v3 | |
name: set up jdk ${{matrix.java.version}} | |
with: | |
distribution: temurin | |
java-version: ${{matrix.java.version}} | |
cache: maven | |
- name: build with maven | |
run: mvn clean install -Pvalidate-format | |
verify-e2e-example-in-kubernetes: | |
name: Verify Atomic Fruits in Kubernetes | |
runs-on: ubuntu-latest | |
needs: [ build ] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: 17 | |
cache: 'maven' | |
- name: Kubernetes KinD Cluster | |
uses: container-tools/kind-action@v2 | |
with: | |
version: v0.11.1 | |
registry: true | |
- name: Start Primaza | |
run: .github/install_primaza.sh ${{ github.repository }} ${{ github.event.pull_request.head.sha }} | |
- name: Install vault | |
run: | | |
VAULT_NAMESPACE=vault | |
kubectl create namespace $VAULT_NAMESPACE | |
helm repo add hashicorp https://helm.releases.hashicorp.com | |
.github/minimalvault.sh | |
kubectl -n vault exec vault-0 -- vault kv put secret/primaza/fruits username=healthy password=healthy database=fruits-database | |
- name: Install the Atomic Fruits application | |
run: | | |
KUBERNETES_NAMESPACE=app | |
kubectl create namespace $KUBERNETES_NAMESPACE | |
git clone https://github.com/halkyonio/atomic-fruits-service | |
cd atomic-fruits-service | |
cat > src/main/resources/application.properties << "EOF" | |
hello.message=Hola | |
quarkus.datasource.db-kind=postgresql | |
quarkus.hibernate-orm.database.generation=drop-and-create | |
quarkus.hibernate-orm.sql-load-script=import.sql | |
quarkus.http.port=8080 | |
quarkus.container-image.name=atomic-fruits | |
#quarkus.container-image.image=localhost:5001/grocery/atomic-fruits:1.0.0 | |
quarkus.container-image.group=grocery | |
quarkus.container-image.tag=1.0.0 | |
quarkus.kubernetes.deployment-target=kubernetes | |
quarkus.container-image.insecure=true | |
EOF | |
# install application | |
mvn clean package -DskipTests \ | |
-Dquarkus.container-image.push=true \ | |
-Dquarkus.container-image.registry=$KIND_REGISTRY \ | |
-Dquarkus.kubernetes.namespace=$KUBERNETES_NAMESPACE \ | |
-Dquarkus.kubernetes.deploy=true | |
- name: Register Kind cluster in Primaza | |
run: .github/register_local_kind_cluster_in_primaza.sh kube-system,sb | |
- name: Wait until atomic-fruits is registered in Primaza | |
run: | | |
PRIMAZA_KUBERNETES_NAMESPACE=sb | |
POD_NAME=$(kubectl get pod -l app.kubernetes.io/name=primaza-app -n $PRIMAZA_KUBERNETES_NAMESPACE -o name) | |
APPLICATION=$(kubectl exec -i $POD_NAME --container primaza-app -n $PRIMAZA_KUBERNETES_NAMESPACE -- sh -c "curl -H 'Accept: application/json' -s localhost:8080/applications/name/atomic-fruits") | |
if [ $(echo "$APPLICATION" | jq -r '.name') != "atomic-fruits" ] | |
then | |
echo "Primaza didn't discovery the atomic-fruits application: $APPLICATION" | |
exit 1 | |
fi | |
- name: Create Postgresql Service in Primaza | |
run: | | |
KUBERNETES_NAMESPACE=app | |
USERNAME=healthy | |
PASSWORD=healthy | |
TYPE=postgresql | |
DATABASE_NAME=fruits-database | |
# First, we install Postgresql via Helm. | |
helm repo add bitnami https://charts.bitnami.com/bitnami | |
helm install postgresql bitnami/postgresql --namespace $KUBERNETES_NAMESPACE --version 11.9.1 --set auth.username=$USERNAME --set auth.password=$PASSWORD --set auth.database=$DATABASE_NAME | |
## the service endpoint should be: "tcp:5432" | |
# Next, we register the Postgresql service in Primaza | |
.github/register_service_in_primaza.sh postgresql 11 tcp:5432 $TYPE | |
# And finally the credentials | |
.github/register_service_vault_credential_in_primaza.sh postgresql-credentials postgresql primaza/fruits | |
- name: Register claim | |
run: .github/register_claim_in_primaza.sh fruitsClaimDb postgresql-11 | |
- name: Bind application to claim | |
run: .github/bind_application_to_claim_in_primaza.sh atomic-fruits fruitsClaimDb | |
- id: wait-for-atomic-fruits | |
name: atomic-fruits should now be up and running | |
run: | | |
KUBERNETES_NAMESPACE=app | |
# Ready means that the application is now binded with the service, so we're ok! | |
kubectl wait --timeout=160s --for=condition=available deployment atomic-fruits -n $KUBERNETES_NAMESPACE | |
- name: (Only if it failed) Log Primaza traces at failures | |
if: failure() | |
run: .github/print_PRIMAZA_logs.sh | |
- name: (Only if it failed) Log Atomic Fruits traces at failures | |
if: failure() | |
run: | | |
KUBERNETES_NAMESPACE=app | |
echo "Deployment resource:" | |
kubectl get deployment atomic-fruits -o yaml -n $KUBERNETES_NAMESPACE | |
echo "Logs of the deployment:" | |
kubectl logs deploy/atomic-fruits --all-containers=true -n $KUBERNETES_NAMESPACE | |
echo "Print secret: " | |
kubectl get secret atomic-fruits-secret -o yaml -n $KUBERNETES_NAMESPACE | |
POD_NAME=$(kubectl get pod -l app.kubernetes.io/name=atomic-fruits -n $KUBERNETES_NAMESPACE -o name) | |
echo "Describe pod:" | |
kubectl describe $POD_NAME -n $KUBERNETES_NAMESPACE | |
echo "Logs of running pod:" | |
kubectl logs $POD_NAME -n $KUBERNETES_NAMESPACE | |
echo "Logs of terminated pod:" | |
kubectl logs -p $POD_NAME -n $KUBERNETES_NAMESPACE |