site/.github/workflows/kubernetes-cd.yml

66 lines
2.4 KiB
YAML

name: "CI/CD"
on:
push:
branches:
- master
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build/Push Docker Image
run: |
docker login --username $DOCKER_USERNAME --password $DOCKER_PASSWORD
docker build . -t xena/christinewebsite:$(echo $GITHUB_SHA | head -c7)
docker push xena/christinewebsite:$(echo $GITHUB_SHA | head -c7)
env:
DOCKER_USERNAME: "xena"
DOCKER_PASSWORD: "${{ secrets.DOCKER_PASSWORD }}"
- name: Download secrets
run: |
mkdir ~/.ssh
echo $FILE_DATA | base64 -d > ~/.ssh/id_rsa
md5sum ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
git clone git@git.xeserv.us:xena/within-terraform-secret
env:
FILE_DATA: ${{ secrets.SSH_PRIVATE_KEY }}
GIT_SSH_COMMAND: "ssh -i ~/.ssh/id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
- name: Install/Configure/Use Dyson
run: |
curl https://xena.greedo.xeserv.us/files/dyson-linux-amd64-0.1.0.tgz | tar xz
cp ./dyson-linux-amd64-0.1.0/dyson .
rm -rf dyson-linux-amd64-0.1.0
mkdir -p ~/.config/dyson
echo '[DigitalOcean]
Token = ""
[Cloudflare]
Email = ""
Token = ""
[Secrets]
GitCheckout = "./within-terraform-secret"' > ~/.config/dyson/dyson.ini
./dyson manifest \
--name=christinewebsite \
--domain=christine.website \
--dockerImage=xena/christinewebsite:$(echo $GITHUB_SHA | head -c7) \
--containerPort=5000 \
--replicas=1 \
--useProdLE=true > deploy.yml
- name: Configure/Deploy/Verify Kubernetes
run: |
curl -L https://github.com/digitalocean/doctl/releases/download/v1.30.0/doctl-1.30.0-linux-amd64.tar.gz | tar xz
./doctl auth init -t $DIGITALOCEAN_ACCESS_TOKEN
./doctl kubernetes cluster kubeconfig show kubermemes > .kubeconfig
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
chmod +x kubectl
./kubectl --kubeconfig .kubeconfig apply -n apps -f deploy.yml
sleep 2
./kubectl --kubeconfig .kubeconfig rollout -n apps status deployment/christinewebsite
env:
DIGITALOCEAN_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}