Staging Deploy #295
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Staging Deploy | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| service: | |
| description: Service to deploy | |
| required: true | |
| type: choice | |
| default: frontend | |
| options: | |
| - frontend | |
| - package-downloads-worker | |
| - search-volume-worker | |
| - vulnerability-enrichment-worker | |
| env: | |
| CLOUD_ENV: lf-oracle-staging | |
| ORACLE_DOCKER_USERNAME: ${{ secrets.ORACLE_DOCKER_USERNAME }} | |
| ORACLE_DOCKER_PASSWORD: ${{ secrets.ORACLE_DOCKER_PASSWORD }} | |
| ORACLE_USER: ${{ secrets.ORACLE_USER }} | |
| ORACLE_TENANT: ${{ secrets.ORACLE_TENANT }} | |
| ORACLE_REGION: ${{ secrets.ORACLE_REGION }} | |
| ORACLE_FINGERPRINT: ${{ secrets.ORACLE_FINGERPRINT }} | |
| ORACLE_KEY: ${{ secrets.ORACLE_KEY }} | |
| ORACLE_KEY_PASSPHRASE: ${{ secrets.ORACLE_KEY_PASSPHRASE }} | |
| ORACLE_CLUSTER: ${{ secrets.ORACLE_STAGING_CLUSTER }} | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Init submodules | |
| run: bash init-submodules.sh --https | |
| - name: Set service config | |
| id: config | |
| run: | | |
| case "${{ inputs.service }}" in | |
| frontend) | |
| echo "dockerfile=frontend/Dockerfile" >> $GITHUB_OUTPUT | |
| echo "image_name=insights-app" >> $GITHUB_OUTPUT | |
| echo "k8s_deployment=insights-app-dpl" >> $GITHUB_OUTPUT | |
| echo "k8s_container=frontend" >> $GITHUB_OUTPUT | |
| ;; | |
| package-downloads-worker) | |
| echo "dockerfile=workers/temporal/package_downloads_worker/Dockerfile" >> $GITHUB_OUTPUT | |
| echo "image_name=package-downloads-worker" >> $GITHUB_OUTPUT | |
| echo "k8s_deployment=package-downloads-worker-dpl" >> $GITHUB_OUTPUT | |
| echo "k8s_container=package-downloads-worker" >> $GITHUB_OUTPUT | |
| ;; | |
| search-volume-worker) | |
| echo "dockerfile=workers/temporal/search_volume_worker/Dockerfile" >> $GITHUB_OUTPUT | |
| echo "image_name=insights-search-volume-worker" >> $GITHUB_OUTPUT | |
| echo "k8s_deployment=search-volume-worker-dpl" >> $GITHUB_OUTPUT | |
| echo "k8s_container=search-volume-worker" >> $GITHUB_OUTPUT | |
| ;; | |
| vulnerability-enrichment-worker) | |
| echo "dockerfile=workers/temporal/vulnerability_enrichment_worker/Dockerfile" >> $GITHUB_OUTPUT | |
| echo "image_name=vulnerability-enrichment-worker" >> $GITHUB_OUTPUT | |
| echo "k8s_deployment=vulnerability-enrichment-worker-dpl" >> $GITHUB_OUTPUT | |
| echo "k8s_container=vulnerability-enrichment-worker" >> $GITHUB_OUTPUT | |
| ;; | |
| *) | |
| echo "::error::Unknown service: ${{ inputs.service }}" | |
| exit 1 | |
| ;; | |
| esac | |
| - name: Setup OCI CLI and Kubectl | |
| run: | | |
| # Install OCI CLI | |
| curl -sL https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh | bash -s -- --accept-all-defaults | |
| echo "$HOME/bin" >> $GITHUB_PATH | |
| export PATH="$HOME/bin:$PATH" | |
| # Configure OCI CLI | |
| mkdir -p ~/.oci | |
| echo "${{ env.ORACLE_KEY }}" | base64 --decode > ~/.oci/oci_api_key.pem | |
| chmod 600 ~/.oci/oci_api_key.pem | |
| cat > ~/.oci/config << EOF | |
| [DEFAULT] | |
| user=${{ env.ORACLE_USER }} | |
| fingerprint=${{ env.ORACLE_FINGERPRINT }} | |
| key_file=$HOME/.oci/oci_api_key.pem | |
| tenancy=${{ env.ORACLE_TENANT }} | |
| region=${{ env.ORACLE_REGION }} | |
| pass_phrase=${{ env.ORACLE_KEY_PASSPHRASE }} | |
| EOF | |
| chmod 600 ~/.oci/config | |
| # Get kubeconfig | |
| $HOME/bin/oci ce cluster create-kubeconfig \ | |
| --cluster-id ${{ env.ORACLE_CLUSTER }} \ | |
| --file $HOME/.kube/config \ | |
| --region ${{ env.ORACLE_REGION }} \ | |
| --token-version 2.0.0 \ | |
| --kube-endpoint PUBLIC_ENDPOINT \ | |
| --overwrite | |
| - name: Load all envs from ConfigMap | |
| run: | | |
| kubectl get configmap insights-config-map -n insights -o json \ | |
| | jq -r '.data | to_entries[] | "\(.key)=\(.value)"' >> $GITHUB_ENV | |
| - name: Build docker image | |
| uses: ./.github/actions/build-docker-image | |
| id: build-docker-image | |
| with: | |
| app-env: staging | |
| dockerfile: ${{ steps.config.outputs.dockerfile }} | |
| image-name: ${{ steps.config.outputs.image_name }} | |
| build-args: ${{ inputs.service == 'frontend' && format('NUXT_REDIS_URL={0}', env.NUXT_REDIS_URL) || '' }} | |
| - name: Update Deployment Image | |
| run: | | |
| kubectl set image deployment/${{ steps.config.outputs.k8s_deployment }} \ | |
| ${{ steps.config.outputs.k8s_container }}=${{ steps.build-docker-image.outputs.image }} \ | |
| -n insights | |
| kubectl rollout status deployment/${{ steps.config.outputs.k8s_deployment }} -n insights --timeout=300s |