lithium 3.5.2 #162
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Staging Deployment | |
| on: | |
| push: | |
| branches: | |
| - staging | |
| env: | |
| SERVICE_NAME: roman | |
| # common setup | |
| GKE_PROJECT: wire-bot | |
| GKE_ZONE: europe-west1-c | |
| GCR_REPOSITORY: eu.gcr.io | |
| GKE_CLUSTER: dagobah | |
| NAMESPACE: staging | |
| jobs: | |
| publish: | |
| name: Deploy to staging | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Setup Environment | |
| run: | | |
| echo "RELEASE_VERSION=${GITHUB_SHA}" >> $GITHUB_ENV | |
| echo "DOCKER_IMAGE=${{ env.GCR_REPOSITORY }}/${{ env.GKE_PROJECT }}/${{ env.SERVICE_NAME }}" >> $GITHUB_ENV | |
| echo "DEPLOYMENT=${{ env.SERVICE_NAME }}-app" >> $GITHUB_ENV | |
| echo "CONTAINER=${{ env.SERVICE_NAME }}" >> $GITHUB_ENV | |
| - name: Create tags and labels | |
| id: docker_meta | |
| uses: crazy-max/ghaction-docker-meta@v1 | |
| with: | |
| images: ${{ env.DOCKER_IMAGE }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v1 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Login to GCR | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ${{ env.GCR_REPOSITORY }} | |
| username: _json_key | |
| password: ${{ secrets.GCR_ACCESS_JSON }} | |
| - name: Build and push | |
| id: docker_build | |
| uses: docker/build-push-action@v2 | |
| with: | |
| platforms: linux/amd64 | |
| tags: ${{ steps.docker_meta.outputs.tags }} | |
| labels: ${{ steps.docker_meta.outputs.labels }} | |
| push: true | |
| build-args: | | |
| release_version=${{ env.RELEASE_VERSION }} | |
| - name: Prepare new name of the image | |
| run: | | |
| echo "NEW_IMAGE=${{ env.DOCKER_IMAGE }}@${{ steps.docker_build.outputs.digest }}" >> $GITHUB_ENV | |
| - name: Enable auth plugin | |
| run: | | |
| echo "USE_GKE_GCLOUD_AUTH_PLUGIN=True" >> $GITHUB_ENV | |
| # Auth to GKE | |
| - name: Authenticate to GKE | |
| uses: google-github-actions/auth@v1 | |
| with: | |
| project_id: wire-bot | |
| credentials_json: ${{ secrets.GKE_SA_KEY }} | |
| service_account: kubernetes-deployment-agent@wire-bot.iam.gserviceaccount.com | |
| # Setup gcloud CLI | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v1 | |
| # Prepare components | |
| - name: Prepare gcloud components | |
| run: | | |
| gcloud components install gke-gcloud-auth-plugin | |
| gcloud components update | |
| gcloud --quiet auth configure-docker | |
| - name: Login to K8s | |
| run: | | |
| gcloud container clusters get-credentials "${GKE_CLUSTER}" --zone "${GKE_ZONE}"; | |
| kubectl config set-context --current --namespace="${NAMESPACE}"; | |
| - name: Deploy the Service | |
| run: | | |
| kubectl set image deployment "${DEPLOYMENT}" "${CONTAINER}=${NEW_IMAGE}"; | |
| - name: Check that the service started | |
| id: deployment_check | |
| continue-on-error: true | |
| env: | |
| TIMEOUT: 5m | |
| run: | | |
| kubectl rollout status deployment "${DEPLOYMENT}" -w --timeout="${TIMEOUT}"; | |
| - name: Undo Failed Deployment | |
| if: steps.deployment_check.outcome == 'failure' | |
| run: | | |
| kubectl rollout undo deployment "${DEPLOYMENT}" | |
| - name: Indicate failure if the deployment check failed | |
| if: steps.deployment_check.outcome == 'failure' | |
| run: | | |
| echo "steps.deployment_check failed!" | |
| exit 1 | |
| - name: Webhook to Wire | |
| uses: 8398a7/action-slack@v2 | |
| with: | |
| status: ${{ job.status }} | |
| author_name: ${{ env.SERVICE_NAME }} Staging Deployment | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.WEBHOOK_CI }} | |
| if: always() | |
| quay_publish: | |
| name: Quay Publish Pipeline | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Set Release Version | |
| run: echo "RELEASE_VERSION=${GITHUB_SHA}" >> $GITHUB_ENV | |
| # extract metadata for labels https://github.com/crazy-max/ghaction-docker-meta | |
| - name: Docker meta | |
| id: docker_meta | |
| uses: crazy-max/ghaction-docker-meta@v1 | |
| with: | |
| images: quay.io/wire/${{ env.SERVICE_NAME }} | |
| # setup docker actions https://github.com/docker/build-push-action | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v1 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v1 | |
| # login to GCR repo | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: quay.io | |
| username: wire+roman_github_actions | |
| password: ${{ secrets.QUAY_PASSWORD }} | |
| - name: Build and push | |
| id: docker_build | |
| uses: docker/build-push-action@v2 | |
| with: | |
| tags: ${{ steps.docker_meta.outputs.tags }} | |
| labels: ${{ steps.docker_meta.outputs.labels }} | |
| push: true | |
| build-args: | | |
| release_version=${{ env.RELEASE_VERSION }} | |
| # Send webhook to Wire using Slack Bot | |
| - name: Webhook to Wire | |
| uses: 8398a7/action-slack@v2 | |
| with: | |
| status: ${{ job.status }} | |
| author_name: ${{ env.SERVICE_NAME }} Quay Staging Publish | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.WEBHOOK_RELEASE }} | |
| # Send message only if previous step failed | |
| if: always() |