Skip to content

publish

publish #5

Workflow file for this run

name: publish
on:
workflow_dispatch:
inputs:
ocelot_version:
description: Ocelot build image version
required: true
type: string
deploy:
description: Deploy to cluster
required: true
type: boolean
jobs:
build-and-push-images:
strategy:
matrix:
app:
- name: backend
file: docker/backend.Dockerfile
- name: webapp
file: docker/webapp.Dockerfile
- name: maintenance
file: docker/maintenance.Dockerfile
runs-on: ubuntu-latest
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}/${{ matrix.app.name }}
permissions:
contents: read
packages: write
attestations: write
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.1.7
- name: Log in to the Container registry
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@70b2cdc6480c1a8b86edf1777157f8f437de2166
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=schedule,prefix=ocelot-${{ inputs.ocelot_version }}--branded-
type=semver,pattern={{version}},prefix=ocelot-${{ inputs.ocelot_version }}--branded-
type=semver,pattern={{major}}.{{minor}},prefix=ocelot-${{ inputs.ocelot_version }}--branded-
type=semver,pattern={{major}},prefix=ocelot-${{ inputs.ocelot_version }}--branded-
type=ref,event=branch,prefix=ocelot-${{ inputs.ocelot_version }}--branded-
type=ref,event=pr,prefix=ocelot-${{ inputs.ocelot_version }}--branded-
type=sha,prefix=ocelot-${{ inputs.ocelot_version }}--branded-sha-
- name: Build and push Docker images
id: push
uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75
with:
file: ${{ matrix.app.file }}
context: .
push: true
build-args: |
OCELOT_VERSION=${{ inputs.ocelot_version }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
deploy-to-kubernetes:
runs-on: ubuntu-latest
if: ${{ inputs.deploy }}
needs: build-and-push-images
steps:
- uses: mdgreenwald/mozilla-sops-action@d9714e521cbaecdae64a89d2fdd576dd2aa97056 # v1.6.0
- uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.1.7
- run: |
mkdir -p ~/.config/sops/age
echo $SOPS_KEY | base64 --decode > ~/.config/sops/age/keys.txt
env:
SOPS_KEY: ${{ secrets.SOPS_KEY }}
- run: |
mkdir -p ~/.kube
sops decrypt ./helmfile/secrets/kubeconfig > ~/.kube/config
chmod 600 ~/.kube/config
- run: echo "IMAGE_TAG=ocelot-${{ inputs.ocelot_version }}--branded-sha-$(echo $GITHUB_SHA | cut -c 1-7)" >> $GITHUB_ENV
- uses: helmfile/helmfile-action@80fbb6408b98822310f94d8d1321a2cacf87f78f #v1.9.2
with:
helmfile-args: apply --environment staging
helmfile-workdirectory: ./helmfile
helm-plugins: >
https://github.com/databus23/helm-diff,
https://github.com/jkroepke/helm-secrets,
https://github.com/aslafy-z/helm-git