diff --git a/.gitea/workflows/base.yaml b/.gitea/workflows/base.yaml deleted file mode 100644 index a32bd5b..0000000 --- a/.gitea/workflows/base.yaml +++ /dev/null @@ -1,154 +0,0 @@ -name: Base workflow which build and push docker, run prisma migrations and deploy helm to k8s -on: - workflow_call: - inputs: - APP_NAME: - required: true - type: string - description: Application name which would be the name of Docker and Helm release - # default: - GITEA_REGISTRY: - required: true - type: string - default: registry.project-rent-dev.com - NAMESPACE: - required: true - type: string - description: Namespace where Helm Release would be install - secrets: - PRISMA_DB_URL: - required: true - description: Secret where db url for migration stores - REGISTRY_USERNAME: - required: true - description: Service acc name for registry - REGISTRY_PASSWORD: - required: true - description: Service acc password for registry - KUBECONF: - required: true - description: Kubeconf which allow to deploy Helm release to namespace - - - -jobs: - -### Build docker image - build: - runs-on: ubuntu-latest - container: - image: catthehacker/ubuntu:act-22.04 - - steps: - - - name: Checkout code - uses: actions/checkout@v2 - - - name: Set up Docker BuildX - uses: docker/setup-buildx-action@v2 - - - &get_version - name: Extract version from tag or set commit SHA - id: vars - run: | - if [ "${{ github.ref_type }}" = "tag" ]; then - echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV - else - VERSION=$(echo "${{ github.sha }}" | cut -c1-7) - echo "VERSION=$VERSION" >> $GITHUB_ENV - fi - - - name: Login to Docker registry - uses: docker/login-action@v2 - with: - registry: ${{ env.GITEA_REGISTRY }} - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} - - - name: Build Docker image - run: | - docker build -t ${{ env.GITEA_REGISTRY }}/${{ secrets.REGISTRY_USERNAME }}/$APP_NAME:${{ env.VERSION }} . - - - name: Push Docker image - if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') - run: | - docker push ${{ env.GITEA_REGISTRY }}/${{ secrets.REGISTRY_USERNAME }}/$APP_NAME:${{ env.VERSION }} - - - name: Logout from Docker registry - run: docker logout ${{ env.GITEA_REGISTRY }} - -### Run prisma migrations - migration: - runs-on: ubuntu-latest - if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') # Condition - container: - image: catthehacker/ubuntu:act-22.04 - needs: build - steps: - - - name: Checkout repo - uses: actions/checkout@v3 - - - name: Setup Node - uses: actions/setup-node@v3 - - - name: Install dependencies - run: npm install - - ## TODO: practice to work with vault from CI - # - name: Import secret - # uses: hashicorp/vault-action@v2 - # with: - # url: 'https://vault.project-rent-dev.com' - # role_id: ${{ secrets.VAULT_ROLE_ID }} - # secret_id: ${{ secrets.VAULT_SECRET_ID }} - # secrets: cicd/data/prisma/db url | DATABASE_URL - - - name: Apply all pending migrations to the database - run: npx prisma migrate deploy - env: - DATABASE_URL: ${{ secrets.PRISMA_DB_URL }} - - deploy: - runs-on: ubuntu-latest - needs: [migration, build] - if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') # Condition - container: - image: catthehacker/ubuntu:act-22.04 - - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Extract version from tag or set commit SHA - id: vars - run: | - if [ "${{ github.ref_type }}" = "tag" ]; then - echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV - else - VERSION=$(echo "${{ github.sha }}" | cut -c1-7) - echo "VERSION=$VERSION" >> $GITHUB_ENV - fi - - ### TO:DO make something with chart, helm allow only semantic - # - name: Package chart - # run: | - # helm package chart/ --version ${{ env.VERSION }} - - - name: Install helm - uses: azure/setup-helm@v4.2.0 - with: - version: latest - - - name: Set up Kubectl - uses: azure/k8s-set-context@v4 - with: - kubeconfig: ${{ secrets.PROD_KUBECONF }} - - - name: Install chart - run: | - helm upgrade --install --cleanup-on-fail --atomic --timeout 2m --wait $APP_NAME ./chart \ - --create-namespace --namespace $NAMESPACE \ - --set image.repository=${{ env.GITEA_REGISTRY }}/${{ secrets.REGISTRY_USERNAME }}/$APP_NAME \ - --set image.tag=${{ env.VERSION }} \ - -f chart/values-prod.yaml \ No newline at end of file diff --git a/.gitea/workflows/docker-build-and-push.yaml b/.gitea/workflows/docker-build-and-push.yaml new file mode 100644 index 0000000..266a696 --- /dev/null +++ b/.gitea/workflows/docker-build-and-push.yaml @@ -0,0 +1,78 @@ +name: Workflow to build and push docker image to registry +on: + workflow_call: + inputs: + APP_NAME: + required: true + type: string + description: Application name which would be the name of Docker and Helm release + REGISTRY: + required: true + type: string + DOCKERFILE_PATH: + type: string + default: Dockerfile + USER_FOR_IMAGE_STORE: + type: string + default: registry-bot + secrets: + VAULT_TOKEN: + required: true + +jobs: + + build: + runs-on: ubuntu-latest + container: + image: catthehacker/ubuntu:act-22.04 + + steps: + + - name: Checkout code + uses: actions/checkout@v2 + + - name: Import Secrets + uses: hashicorp/vault-action@v2 + with: + url: https://vault.project-rent-dev.com + token: ${{ secrets.VAULT_TOKEN }} + secrets: | + cicd/data/docker password | REGISTRY_PASSWORD ; + cicd/data/docker username | REGISTRY_USERNAME ; + + - name: Set up Docker BuildX + uses: docker/setup-buildx-action@v2 + with: + driver-opts: network=host + config-inline: | + [registries.insecure] + "${{ inputs.REGISTRY }}" = true + + - &get_version + name: Extract version from tag or set commit SHA + id: vars + run: | + if [ "${{ github.ref_type }}" = "tag" ]; then + echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV + else + VERSION=$(echo "${{ github.sha }}" | cut -c1-7) + echo "VERSION=$VERSION" >> $GITHUB_ENV + fi + + - name: Login to Docker registry + uses: docker/login-action@v2 + with: + registry: ${{ inputs.REGISTRY }} + username: ${{ env.REGISTRY_USERNAME }} + password: ${{ env.REGISTRY_PASSWORD }} + + - name: Build Docker image + run: | + docker build -t ${{ inputs.REGISTRY }}/${{ inputs.USER_FOR_IMAGE_STORE }}/${{ inputs.APP_NAME }}:${{ env.VERSION }} . + + - name: Push Docker image + run: | + docker push ${{ inputs.REGISTRY }}/${{ inputs.USER_FOR_IMAGE_STORE }}/${{ inputs.APP_NAME }}:${{ env.VERSION }} + + - name: Logout from Docker registry + run: docker logout ${{ inputs.REGISTRY }} diff --git a/.gitea/workflows/k8s-deploy.yml b/.gitea/workflows/k8s-deploy.yml new file mode 100644 index 0000000..83e3544 --- /dev/null +++ b/.gitea/workflows/k8s-deploy.yml @@ -0,0 +1,106 @@ +name: Workflow for deploy helm to k8s +on: + workflow_call: + inputs: + APP_NAME: + required: true + type: string + description: Application name which would be the name of Docker and Helm release + REGISTRY: + required: true + type: string + default: registry.project-rent-dev.com + PROD_NAMESPACE: + required: true + type: string + description: Namespace where PROD Helm Release would be install + default: greedy + DEV_NAMESPACE: + required: true + type: string + description: Namespace where DEV Helm Release would be install + default: greedy-dev + PROD_VALUES_FILE: + required: true + type: string + description: Prod values file location in repo + default: chart/values-prod.yaml + DEV_VALUES_FILE: + required: true + type: string + description: Dev values file location in repo + default: chart/values-dev.yaml + REGISTRY_USER: + type: string + default: registry-bot + description: Because of gitea registry specific docker images path we need that var + DEV_KUBECONF_SECRET_PATH: + required: true + type: string + description: Kubeconf secret path in vault for dev + PROD_KUBECONF_SECRET_PATH: + required: true + type: string + description: Kubeconf secret path in vault for prod + secrets: + VAULT_TOKEN: + required: true + +jobs: + + deploy: + runs-on: ubuntu-latest + container: + image: catthehacker/ubuntu:act-22.04 + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Extract version from tag or set commit SHA + id: vars + run: | + if [ "${{ github.ref_type }}" = "tag" ]; then + echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV + else + VERSION=$(echo "${{ github.sha }}" | cut -c1-7) + echo "VERSION=$VERSION" >> $GITHUB_ENV + fi + + - name: Export secrets for deploy + run: | + if [ "${{ github.ref }}" == "refs/heads/main" ]; then + echo "NAMESPACE=${{ inputs.PROD_NAMESPACE }}" >> $GITHUB_ENV + echo "VALUES_FILE=${{ inputs.PROD_VALUES_FILE }}" >> $GITHUB_ENV + echo "KUBECONF=${{ inputs.PROD_KUBECONF_SECRET_PATH }}" >> $GITHUB_ENV + else + echo "NAMESPACE=${{ inputs.DEV_NAMESPACE }}" >> $GITHUB_ENV + echo "VALUES_FILE=${{ inputs.DEV_VALUES_FILE }}" >> $GITHUB_ENV + echo "KUBECONF=${{ inputs.DEV_KUBECONF_SECRET_PATH }}" >> $GITHUB_ENV + fi + + - name: Import config of k8s + uses: hashicorp/vault-action@v2 + with: + url: https://vault.project-rent-dev.com + token: ${{ secrets.VAULT_TOKEN }} + secrets: | + ${{ env.KUBECONF }} | KUBECONFIG; + + - name: Install helm + uses: azure/setup-helm@v4.2.0 + with: + version: latest + + - name: Set up Kubectl + uses: azure/k8s-set-context@v4 + with: + kubeconfig: ${{ env.KUBECONFIG }} + + - name: Install chart + run: | + helm upgrade --install --cleanup-on-fail --atomic --timeout 2m --wait ${{ inputs.APP_NAME }} ./chart \ + --create-namespace --namespace ${{ env.NAMESPACE }} \ + --set image.repository=${{ inputs.REGISTRY }}/${{ inputs.REGISTRY_USER }}/${{ inputs.APP_NAME }} \ + --set image.tag=${{ env.VERSION }} \ + -f ${{ env.VALUES_FILE }} \ No newline at end of file diff --git a/.gitea/workflows/prisma-migrate.yaml b/.gitea/workflows/prisma-migrate.yaml new file mode 100644 index 0000000..e18b156 --- /dev/null +++ b/.gitea/workflows/prisma-migrate.yaml @@ -0,0 +1,53 @@ +name: Workflow for prisma migrations +on: + workflow_call: + inputs: + PROD_PRISMA_SECRET_DB_PATH: + required: true + type: string + description: Prisma db url secret path in vault for prod + DEV_PRISMA_SECRET_DB_PATH: + required: true + type: string + description: Prisma db url secret path in vault for dev + secrets: + VAULT_TOKEN: + required: true + +jobs: + + migration: + runs-on: ubuntu-latest + container: + image: catthehacker/ubuntu:act-22.04 + steps: + + - name: Checkout repo + uses: actions/checkout@v3 + + - name: Setup Node + uses: actions/setup-node@v3 + + - name: Install dependencies + run: npm install + + - name: Export secrets for prisma + run: | + if [ "${{ github.ref }}" == "refs/heads/main" ]; then + echo "PRISMA_DB_SECRET_PATH=${{ inputs.PROD_PRISMA_SECRET_DB_PATH }}" >> $GITHUB_ENV + else + echo "PRISMA_DB_SECRET_PATH=${{ inputs.DEV_PRISMA_SECRET_DB_PATH }}" >> $GITHUB_ENV + fi + + - name: Import prisma db url + uses: hashicorp/vault-action@v2 + with: + url: https://vault.project-rent-dev.com + token: ${{ secrets.VAULT_TOKEN }} + secrets: | + ${{ env.PRISMA_DB_SECRET_PATH }} | PRISMA_DB_URL; + + - name: Apply all pending migrations to the database + run: npx prisma migrate deploy + env: + DATABASE_URL: ${{ env.PRISMA_DB_URL }} \ No newline at end of file