@@ -2,6 +2,11 @@ name: 'K8: Deploy'
22
33on :
44 workflow_call :
5+ inputs :
6+ environment :
7+ required : true
8+ type : string
9+
510
611# Special permissions required for OIDC authentication
712permissions :
@@ -10,86 +15,87 @@ permissions:
1015 actions : read
1116
1217jobs :
13- az-acr-push :
14- name : " Docker: Build & Push "
18+ k8-deploy :
19+ name : ' K8: Deploy '
1520 runs-on : ubuntu-latest
16- environment : ${{ github.event_name == 'release' && 'prod' || 'dev' }}
21+ environment : ${{ inputs.environment }}
1722 env :
18- DOCKERFILE : ${{ vars.DOCKERFILE }}
19- AZURE_CONTAINER_REGISTRY : ${{ vars.AZURE_CONTAINER_REGISTRY }}
20- ACR_LOGIN_USERNAME : ${{ secrets.ACR_LOGIN_USERNAME }}
21- ACR_LOGIN_PASSWORD : ${{ secrets.ACR_LOGIN_PASSWORD }}
23+ KUBELOGIN_VERSION : " v0.0.25"
24+ KUBERNETES_CLUSTER_REPO_NAME : " ${{ vars.KUBERNETES_CLUSTER_REPO_NAME }}"
25+ KUBERNETES_CLUSTER_NAME : " ${{ vars.KUBERNETES_CLUSTER_NAME }}"
26+ KUBERNETES_NAMESPACE : " ${{ vars.KUBERNETES_NAMESPACE }}"
27+ KUBERNETES_MANIFEST_PATH : " ${{ vars.KUBERNETES_MANIFEST_PATH }}"
28+ AZURE_RESOURCE_GROUP : " ${{ vars.AZURE_RESOURCE_GROUP }}"
29+ AZURE_CONTAINER_REGISTRY : " ${{ vars.AZURE_CONTAINER_REGISTRY }}"
2230 IMAGE_TAG : ${{ github.event_name == 'release' && github.event.release.tag_name || 'amd64' }}
2331 steps :
24- - name : Checkout repository
25- uses : actions/checkout@v4
26- - name : Set up Docker Buildx
27- uses : docker/setup-buildx-action@v3
28- - name : Log into registry
29- uses : docker/login-action@v3
30- with :
31- registry : " ${{ env.AZURE_CONTAINER_REGISTRY }}"
32- username : " ${{ env.ACR_LOGIN_USERNAME }}"
33- password : " ${{ env.ACR_LOGIN_PASSWORD }}"
34-
35- - name : Build & Push :${{ env.IMAGE_TAG }}
36- uses : docker/build-push-action@v5
37- with :
38- cache-from : type=gha
39- cache-to : type=gha,mode=max
40- file : ${{ env.DOCKERFILE }}
41- tags : ${{ env.AZURE_CONTAINER_REGISTRY }}/${{ github.event.repository.name }}:${{ env.IMAGE_TAG }}
42- push : true
43- build-args : platform=linux/amd64
32+ # Checkout the repository to the GitHub Actions runner
33+ - name : Checkout
34+ uses : actions/checkout@v4
35+ with :
36+ token : ${{ secrets.TOKEN_GITHUB }}
37+ repository : ${{ github.repository_owner }}/${{ env.KUBERNETES_CLUSTER_REPO_NAME }}
38+ ref : refs/heads/dev
4439
45- - name : Build & Push :latest
46- uses : docker/build-push-action@v5
47- with :
48- cache-from : type=gha
49- cache-to : type=gha,mode=max
50- file : ${{ env.DOCKERFILE }}
51- tags : ${{ env.AZURE_CONTAINER_REGISTRY }}/${{ github.event.repository.name }}:latest
52- push : true
53- build-args : platform=linux/amd64
40+ # Install the latest version of Kubernetes CLI and configure the Kubernetes CLI configuration file with a Kubernetes Cloud user API token
41+ - name : Azure Cloud Login
42+ uses : Azure/login@v2
43+ with :
44+ client-id : ${{ secrets.AZURE_CLIENT_ID }}
45+ tenant-id : ${{ secrets.AZURE_TENANT_ID }}
46+ subscription-id : ${{ secrets.AZURE_SUBSCRIPTION_ID }}
5447
55- k8-deploy :
56- uses : code-kern-ai/cicd-deployment-scripts/.github/workflows/_k8s_deploy.yml@dev
57- needs : [az-acr-push]
58- secrets : inherit
59- with :
60- environment : ${{ github.event_name == 'release' && 'prod' || 'dev' }}
61-
62- gh-release-publish :
63- name : ' GitHub: Publish Release'
64- runs-on : ubuntu-latest
65- needs : [k8-deploy]
66- if : github.event_name == 'release' && success()
67- env :
68- GH_TOKEN : ${{ secrets.TOKEN_GITHUB }}
69- steps :
70- - name : Publish Release
71- run : |
72- gh release edit ${{ github.event.release.tag_name }} \
73- --prerelease=false \
74- --draft=false \
75- --latest \
76- --repo ${{ github.repository }}
77-
78- echo "::notice::Release Published"
48+ # Use kubelogin to configure your kubeconfig for Azure auth
49+ - name : Set up kubelogin for non-interactive login
50+ uses : azure/use-kubelogin@v1
51+ with :
52+ kubelogin-version : ${{ env.KUBELOGIN_VERSION }}
7953
80- gh-release-delete :
81- name : ' GitHub: Delete Prerelease'
82- runs-on : ubuntu-latest
83- needs : [k8-deploy]
84- if : github.event_name == 'release' && failure() || cancelled()
85- env :
86- GH_TOKEN : ${{ secrets.TOKEN_GITHUB }}
87- steps :
88- - name : Delete Prerelease
89- run : |
90- gh release delete ${{ github.event.release.tag_name }} \
91- --cleanup-tag \
92- --yes \
93- --repo ${{ github.repository }}
94-
95- echo "::error::Prerelease and Tag Deleted"
54+ - uses : azure/aks-set-context@v3
55+ with :
56+ resource-group : ${{ env.AZURE_RESOURCE_GROUP }}
57+ cluster-name : ${{ env.KUBERNETES_CLUSTER_NAME }}
58+ admin : ' false'
59+ use-kubelogin : ' true'
60+
61+ - name : Generate Kustomization
62+ shell : bash
63+ env :
64+ KUBECTL_EXTERNAL_DIFF : " colordiff -N -u"
65+ run : |
66+ kubectl kustomize ${{ env.KUBERNETES_MANIFEST_PATH }} --output apply.yml
67+ kubectl diff --filename apply.yml || true
68+
69+ - name : Generate Deployment
70+ uses : Azure/k8s-deploy@v5
71+ timeout-minutes : 10
72+ with :
73+ namespace : ${{ env.KUBERNETES_NAMESPACE }}
74+ manifests : apply.yml
75+ pull-images : false
76+ images : ${{ env.AZURE_CONTAINER_REGISTRY }}/${{ github.event.repository.name }}:${{ env.IMAGE_TAG }}
77+ strategy : canary
78+ action : deploy
79+ percentage : 20
80+
81+ - name : Promote Deployment
82+ uses : Azure/k8s-deploy@v5
83+ if : success()
84+ with :
85+ namespace : ${{ env.KUBERNETES_NAMESPACE }}
86+ manifests : apply.yml
87+ pull-images : false
88+ images : ${{ env.AZURE_CONTAINER_REGISTRY }}/${{ github.event.repository.name }}:${{ env.IMAGE_TAG }}
89+ strategy : canary
90+ action : promote
91+
92+ - name : Reject Deployment
93+ uses : Azure/k8s-deploy@v5
94+ if : failure() || cancelled()
95+ with :
96+ namespace : ${{ env.KUBERNETES_NAMESPACE }}
97+ manifests : apply.yml
98+ pull-images : false
99+ images : ${{ env.AZURE_CONTAINER_REGISTRY }}/${{ github.event.repository.name }}:${{ env.IMAGE_TAG }}
100+ strategy : canary
101+ action : reject
0 commit comments