Deploy application #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy application | |
on: | |
workflow_dispatch: | |
inputs: | |
image_tag: | |
description: 'Enter a value for image_tag' | |
required: true | |
permissions: | |
contents: read | |
id-token: write | |
env: | |
AWS_ROLE: 'arn:aws:iam::896918338968:role/GitHubActionsApiSkodaRole' | |
VAULT_ADDR: ${{ secrets.VAULT_ADDR }} | |
SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 | |
- name: Setup Node.js environment | |
uses: actions/setup-node@v4.0.2 | |
with: | |
node-version: 20 | |
- name: Import secret | |
id: import-secret | |
uses: hashicorp/vault-action@v3 | |
with: | |
url: ${{ env.VAULT_ADDR }} | |
role: github-actions-secret | |
method: jwt | |
path: github-actions-secret | |
secrets: | | |
github-actions-secret/data/secret CLOUDFLARE_API_KEY | CLOUDFLARE_API_KEY ; | |
github-actions-secret/data/secret CLOUDFLARE_EMAIL | CLOUDFLARE_EMAIL ; | |
github-actions-secret/data/secret K8S_CONFIG | K8S_CONFIG ; | |
github-actions-secret/data/secret PUBLIC_IP | PUBLIC_IP ; | |
github-actions-secret/data/secret DOCKER_CONFIG | DOCKER_CONFIG ; | |
github-actions-secret/data/secret VAULT_TOKEN | VAULT_TOKEN ; | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 | |
with: | |
role-to-assume: ${{ env.AWS_ROLE }} | |
aws-region: eu-west-1 | |
- name: Configure K8S credentials | |
run: | | |
mkdir -p /home/runner/.kube | |
echo $K8S_CONFIG | base64 -d > /home/runner/.kube/config | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1 | |
- name: Terraform Init | |
id: init | |
run: terraform init | |
working-directory: infra/prod | |
- name: Terraform Format | |
id: fmt | |
run: terraform fmt -check | |
working-directory: infra/prod | |
- name: Terraform Validate | |
id: validate | |
run: terraform validate -no-color | |
working-directory: infra/prod | |
- name: Terraform Plan | |
id: plan | |
run: terraform plan -var image_tag=${{ github.event.inputs.image_tag }} -var server_ip=$PUBLIC_IP -var docker_config=$DOCKER_CONFIG -var host_name="nicholasmeyers.be" -var vault_uri=${{ env.VAULT_ADDR }} -var sentry_dsn=${{ env.SENTRY_DSN }} | |
working-directory: infra/prod | |
- name: Terraform Apply | |
id: apply | |
run: terraform apply -var image_tag=${{ github.event.inputs.image_tag }} -var server_ip=$PUBLIC_IP -var docker_config=$DOCKER_CONFIG -var host_name="nicholasmeyers.be" -var vault_uri=${{ env.VAULT_ADDR }} -var sentry_dsn=${{ env.SENTRY_DSN }} -auto-approve | |
working-directory: infra/prod |