-
Notifications
You must be signed in to change notification settings - Fork 0
81 lines (68 loc) · 3.65 KB
/
cloud-platform-deploy-release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
name: helm-releases
on:
push:
branches: [NIT-994-alfresco-pipeline-for-deployments-helm, main]
# Ecluding path as they are specifig to building Share container image
paths-ignore:
- 'docker-files/Dockerfile-share'
- '.github/workflows/cloud-platform-build-push-share.yml'
workflow_dispatch:
jobs:
poc-deployment-job:
# Get this GitHub environment populated with action secrets by raising a CP pull request. See docs at:
# https://github.com/ministryofjustice/cloud-platform-terraform-serviceaccount?tab=readme-ov-file#input_github_environments
environment: poc
runs-on: ubuntu-latest
permissions:
id-token: write # This is required for requesting the JWT
contents: read # This is required for actions/checkout
steps:
- name: Checkout current repo
uses: actions/checkout@v3
- name: Configure aws credentials for ECR
uses: aws-actions/[email protected]
with:
role-to-assume: ${{ secrets.SHARE_ECR_ROLE_TO_ASSUME }}
aws-region: ${{ vars.SHARE_ECR_REGION }}
- name: ECR login
uses: aws-actions/amazon-ecr-login@v2
id: login-ecr
- name: Alfresco Enterprise image repository login
run: docker login quay.io -u ${{ secrets.ALFRESCO_QUAY_IO_USERNAME }} -p ${{ secrets.ALFRESCO_QUAY_IO_PASSWORD }}
- name: Install Kubernetes
uses: azure/[email protected]
with:
version: 'v1.26.0' # default is latest stable
id: kubectl_install
- name: Install Helm
uses: azure/[email protected]
with:
version: 'v3.9.0'
id: helm_install
- name: PoC deployment
env:
KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
working-directory: ./alfresco-content-services
run: |
# See this link how github action secrets are created: https://github.com/ministryofjustice/cloud-platform-terraform-serviceaccount
# See this example on how to use github secrets: https://github.com/ministryofjustice/cloud-platform-example-application/blob/main/.github/workflows/deploy.yml#L38
echo "${{ secrets.KUBE_CERT }}" > ca.crt
kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER}
kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN }}
kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${KUBE_NAMESPACE}
kubectl config use-context ${KUBE_CLUSTER}
# For Alfresco, a k8s namespace will be an environment
kubectl config set-context --current --namespace=${KUBE_NAMESPACE}
kubectl get all
# Helm will not deploy unless this secret is present. Create a new one if one does not already exist from env section
export SECRET = $(awk '{print substr($0, 19)}' <<< $(kubectl get secrets alfresco-content-services-alfresco-repository-properties-secret -o jsonpath='{.data.alfresco-global\.properties}' | base64 -d)) 2> /dev/null
# if [ -z ${SECRET} ]
# then
# export SECRET=$(openssl rand -base64 20)
# fi
# # Upgrad an existing release or create a new one if one does not exist
# export BUCKET_NAME = $(awk '{print substr($0, 0)}' <<< $(kubectl get secrets s3-bucket-output -o jsonpath='{.data.bucket_name}' | base64 -d))
# helm upgrade --install alfresco-content-services . --values=./values.yaml \
# --set s3connector.config.bucketName=$BUCKET_NAME \
# --set global.tracking.sharedsecret=$SECRET