-
Notifications
You must be signed in to change notification settings - Fork 0
114 lines (98 loc) · 4.86 KB
/
google_gke.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
name: Build and Deploy to GKE
on:
push:
branches: [ "main" ]
env:
GAR_LOCATION: northamerica-northeast1
GKE_CLUSTER: civviebot-cluster
GKE_ZONE: northamerica-northeast1
jobs:
deploy-to-gke:
name: Deploy to GKE
runs-on: ubuntu-latest
environment: production
permissions:
contents: 'read'
packages: 'write'
id-token: 'write'
steps:
- name: Checkout
uses: actions/checkout@v3
# https://github.com/sigstore/cosign-installer
- name: Install cosign
uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
with:
cosign-release: 'v1.13.1'
# Workaround: https://github.com/docker/build-push-action/issues/461
- name: Setup Docker buildx
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
# https://github.com/docker/login-action
- name: Log into registry ghcr.io
uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Extract metadata (tags, labels) for Docker
# https://github.com/docker/metadata-action
- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
with:
images: ghcr.io/civviebot
# Build the Docker image
- name: Build
run: |-
docker build -t docker.pkg.github.com/${{ github.repository }}/civviebot:${{ github.sha }} .
- name: Log in to GitHub Packages
run: |-
echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin
- name: Push Docker image to GitHub Packages
run: |-
docker push docker.pkg.github.com/${{ github.repository }}/civviebot:${{ github.sha }}
# Configure Workload Identity Federation and generate an access token.
- id: 'auth'
name: 'Authenticate to Google Cloud'
uses: 'google-github-actions/auth@v0'
with:
token_format: 'access_token'
workload_identity_provider: 'projects/516245687605/locations/global/workloadIdentityPools/civviebot/providers/civviebot-provider'
service_account: '[email protected]'
# Get the GKE credentials so we can deploy to the cluster
- name: Set up GKE credentials
uses: google-github-actions/get-gke-credentials@v0
with:
cluster_name: ${{ env.GKE_CLUSTER }}
location: ${{ env.GKE_ZONE }}
# Set up kustomize
- name: Set up Kustomize
run: |-
curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64
chmod u+x ./kustomize
# Deploy the Docker image to the GKE cluster
- name: Deploy
run: |-
# Create secrets
kubectl delete secret civviebot-db-dialect --ignore-not-found
kubectl create secret generic civviebot-db-dialect --from-literal=db-dialect='${{ secrets.CIVVIEBOT_DB_DIALECT }}'
kubectl delete secret civviebot-db-driver --ignore-not-found
kubectl create secret generic civviebot-db-driver --from-literal=db-driver='${{ secrets.CIVVIEBOT_DB_DRIVER }}'
kubectl delete secret civviebot-db-url-database --ignore-not-found
kubectl create secret generic civviebot-db-url-database --from-literal=db-url-database='${{ secrets.CIVVIEBOT_DB_URL_DATABASE }}'
kubectl delete secret civviebot-db-url-host --ignore-not-found
kubectl create secret generic civviebot-db-url-host --from-literal=db-url-host='${{ secrets.CIVVIEBOT_DB_URL_HOST }}'
kubectl delete secret civviebot-db-url-password --ignore-not-found
kubectl create secret generic civviebot-db-url-password --from-literal=db-url-password='${{ secrets.CIVVIEBOT_DB_URL_PASSWORD }}'
kubectl delete secret civviebot-db-url-port --ignore-not-found
kubectl create secret generic civviebot-db-url-port --from-literal=db-url-port='${{ secrets.CIVVIEBOT_DB_URL_PORT }}'
kubectl delete secret civviebot-db-url-username --ignore-not-found
kubectl create secret generic civviebot-db-url-username --from-literal=db-url-username='${{ secrets.CIVVIEBOT_DB_URL_USERNAME }}'
kubectl delete secret discord-client-id --ignore-not-found
kubectl create secret generic discord-client-id --from-literal=client-id='${{ secrets.DISCORD_CLIENT_ID }}'
kubectl delete secret discord-token --ignore-not-found
kubectl create secret generic discord-token --from-literal=token='${{ secrets.DISCORD_TOKEN }}'
# Specify the image uploaded to gchr.io
./kustomize edit set image civviebot=ghcr.io/${{ github.repository }}/civviebot:${{ github.sha }}
./kustomize build . | kubectl apply -f -
kubectl rollout status deployment/civviebot
kubectl get services -o wide