forked from pagopa-archive/template-java-microservice
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathcd_deploy_with_github_runner.yml
More file actions
107 lines (95 loc) · 3.63 KB
/
cd_deploy_with_github_runner.yml
File metadata and controls
107 lines (95 loc) · 3.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: Deploy on AKS
on:
workflow_call:
inputs:
environment:
required: true
description: The name of the environment where to deploy
type: string
branch:
required: false
default: ${{ github.ref_name }}
type: string
suffix_name:
required: false
default: ''
type: string
traffic_weight:
required: false
type: string
default: "0"
description: 'The percentage of traffic to be sent to the canary version'
is_canary:
type: boolean
description: 'Mark the release as canary on AKS'
default: false
env:
NAMESPACE: <domain>
APP_NAME: <app-name> #TODO: set app name
permissions:
id-token: write
contents: read
jobs:
deploy:
runs-on: [ self-hosted-job, "${{ inputs.environment }}" ]
name: Deploy on AKS
environment: ${{ inputs.environment }}
steps:
- name: Deploy
uses: pagopa/github-actions-template/aks-deploy@main
with:
branch: ${{ inputs.branch }}
client_id: ${{ secrets.CD_CLIENT_ID }}
subscription_id: ${{ secrets.SUBSCRIPTION_ID }}
tenant_id: ${{ secrets.TENANT_ID }}
env: ${{ inputs.environment }}
namespace: ${{ vars.NAMESPACE }}
cluster_name: ${{ vars.CLUSTER_NAME }}
resource_group: ${{ vars.CLUSTER_RESOURCE_GROUP }}
app_name: ${{ env.APP_NAME }}${{inputs.suffix_name}}
helm_upgrade_options: "--debug --set microservice-chart.azure.workloadIdentityClientId=${{vars.WORKLOAD_IDENTITY_ID}} --set microservice-chart.canaryDelivery.ingress.weightPercent=${{ inputs.traffic_weight }} --set microservice-chart.canaryDelivery.create=${{ inputs.is_canary }}" # TODO review according to chart app name
timeout: '10m0s'
update_openapi:
needs: [ deploy ]
runs-on: ubuntu-latest
name: Update OpenAPI
environment: ${{ inputs.environment }}
steps:
- name: Checkout
id: checkout
# from https://github.com/actions/checkout/commits/main
uses: actions/checkout@1f9a0c22da41e6ebfa534300ef656657ea2c6707
with:
persist-credentials: false
- name: Setup Terraform
# from https://github.com/hashicorp/setup-terraform/commits/main
uses: hashicorp/setup-terraform@8feba2b913ea459066180f9cb177f58a881cf146
with:
terraform_version: ${{ vars.TERRAFORM_VERSION }}
- name: Login
id: login
# from https://github.com/Azure/login/commits/master
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
with:
client-id: ${{ secrets.CD_CLIENT_ID }}
tenant-id: ${{ secrets.TENANT_ID }}
subscription-id: ${{ secrets.SUBSCRIPTION_ID }}
- name: Verify Environment Input
shell: bash
env:
ENV: ${{ inputs.environment }}
run: |
if [[ "$ENV" != "dev" && "$ENV" != "uat" && "$ENV" != "prod" ]]; then
echo "Input environment is invalid"
exit 0
fi
- name: Terraform Apply
shell: bash
run: |
export ARM_CLIENT_ID=$(az account show --query clientId --output tsv)
export ARM_SUBSCRIPTION_ID=$(az account show --query id --output tsv)
export ARM_TENANT_ID=$(az account show --query tenantId --output tsv)
export ARM_USE_OIDC=true
export ARM_ACCESS_KEY=$(az storage account keys list --resource-group io-infra-rg --account-name pagopainfraterraform${{inputs.environment}} --query '[0].value' -o tsv)
cd ./infra
bash ./terraform.sh apply weu-${{ inputs.environment }} -auto-approve