Deploy application #338
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | name: Deploy application | |
| on: | |
| # Ensure we're run after tests | |
| workflow_run: | |
| workflows: [ "Test application" ] | |
| branches: [ "master" ] | |
| types: | |
| - completed | |
| # Allow workflow to be manually run from the GitHub UI | |
| workflow_dispatch: | |
| # Also, re-deploy once per week to ensure we refresh our versions | |
| # of the app's runtime | |
| schedule: | |
| - cron: "0 0 * * 0" | |
| env: | |
| TEST_URL: https://phpdocker.io/ | |
| jobs: | |
| deploy: | |
| # We only deploy master | |
| if: ${{ github.ref == 'refs/heads/master' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up QEMU (required for arm build) | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # We could build-and-push deploy, but it makes that step on the pipeline too | |
| # complex to follow effectively. Instead, set BUILD_TAG here so that we can | |
| # run build, push and deploy separately | |
| - name: Set build tag | |
| run: | | |
| echo "BUILD_TAG=$(date +'%Y-%m-%d-%H-%M-%S')-$(git rev-parse --short HEAD)" >> $GITHUB_ENV | |
| - name: Build containers | |
| run: make build-and-push -e BUILD_TAG=${BUILD_TAG} | |
| - name: Set up wireguard tunnel configuration | |
| run: | | |
| sudo apt install wireguard resolvconf | |
| echo '${{ secrets.WIRE_CONFIG }}' | sudo tee -a /etc/wireguard/tunnel.conf > /dev/null | |
| - name: Open wireguard tunnel | |
| run: sudo wg-quick up tunnel | |
| - name: Export kubeconfig | |
| run: | | |
| mkdir -p ~/.kube/ | |
| echo '${{ secrets.KUBE_CONFIG }}' > ~/.kube/config | |
| kubectl get pods --namespace=${{ secrets.KUBE_NS }} | |
| - name: Deploy application | |
| run: make deploy -e BUILD_TAG=${BUILD_TAG} | |
| - name: Wait for deployment success | |
| run: kubectl rollout status deployment ${{ secrets.KUBE_DEPLOYMENT }} --namespace=${{ secrets.KUBE_NS }} | |
| - name: Check website is responding correctly, or rollback | |
| run: | | |
| set +e | |
| curl --fail -sSL -D - ${{ env.TEST_URL }} -o /dev/null | |
| if [[ "$?" != 0 ]]; then | |
| echo "Website is not properly online, rolling back" | |
| kubectl rollout undo deployment.v1.apps/${{ secrets.KUBE_DEPLOYMENT }} --namespace=${{ secrets.KUBE_NS }} | |
| kubectl rollout status deployment ${{ secrets.KUBE_DEPLOYMENT }} --namespace=${{ secrets.KUBE_NS }} | |
| exit 1 | |
| fi | |
| set -e | |
| - name: Disconnect from tunnel | |
| if: always() | |
| run: wg-quick down tunnel |