diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 00000000..3db492e2 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,69 @@ +--- +name: DeployToGKE +concurrency: production + +on: + release: + types: + - created + push: + branches: + - 'releases/*' + tags: + - '*-rc' + workflow_dispatch: + inputs: + containerTag: + required: true + description: 'The docker tag for a container already in GCP' + +env: + GCP_REGION: us-central1 + GKE_CLUSTER_NAME: fnf-apps + +jobs: + deploy: + name: TicketBoothDeploy + runs-on: ubuntu-latest + environment: ${{ vars.ENVIRONMENT }} + permissions: + contents: 'read' + id-token: 'write' + steps: + # This step is only required because the Helm chart is in this repo + - id: checkout + name: TicketBooth checkout + uses: actions/checkout@v4 + with: + ref: ${{ github.event_name == "workflow_dispatch" && 'main' || github.ref }} + fetch-depth: 1 + + - id: gcpAuth + uses: google-github-actions/auth@v2 + with: + workload_identity_provider: "projects/${{ vars.GCP_PROJECT_ID }}/locations/global/workloadIdentityPools" + service_account: ${{ vars.GCP_SERVICE_ACCOUNT_ID }} + + - id: gkeLogin + name: GKE Login + uses: google-github-actions/get-gke-credentials@v2 + with: + cluster_name: ${{ env.GKE_CLUSTER_NAME }} + location: ${{ env.GCP_REGION }} + + - id: runHelm + name: Helm Update + uses: deliverybot/helm@v1 + with: + release: ${{ vars.HELM_RELEASE }} + namespace: default + chart: deployment/chart + token: ${{ github.token }} + values: | + image.tag: ${{ github.event_name == "workflow_dispatch" && inputs.containerTag || github.ref_name }} + value-files: >- + [ + "deployment/env/base.yaml", + "deployment/${{ environment }}.yaml" + ] + atomic: ${{ github.event_name == "workflow_dispatch" && false || true }}