devops/gitea-actions-templates
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added default workflows

Browse Source
This commit is contained in:
devops 2025-01-07 16:23:51 +03:00
parent 7dabe9f65c
commit aea2e1729e
4 changed files with 237 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

154
.gitea/workflows/base.yaml
View File

@ -1,154 +0,0 @@
name: Base workflow which build and push docker, run prisma migrations and deploy helm to k8s
on:
workflow_call:
inputs:
APP_NAME:
required: true
type: string
description: Application name which would be the name of Docker and Helm release
# default:
GITEA_REGISTRY:
required: true
type: string
default: registry.project-rent-dev.com
NAMESPACE:
required: true
type: string
description: Namespace where Helm Release would be install
secrets:
PRISMA_DB_URL:
required: true
description: Secret where db url for migration stores
REGISTRY_USERNAME:
required: true
description: Service acc name for registry
REGISTRY_PASSWORD:
required: true
description: Service acc password for registry
KUBECONF:
required: true
description: Kubeconf which allow to deploy Helm release to namespace
jobs:
### Build docker image
build:
runs-on: ubuntu-latest
container:
image: catthehacker/ubuntu:act-22.04
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Docker BuildX
uses: docker/setup-buildx-action@v2
- &get_version
name: Extract version from tag or set commit SHA
id: vars
run: |
if [ "${{ github.ref_type }}" = "tag" ]; then
echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV
else
VERSION=$(echo "${{ github.sha }}" | cut -c1-7)
echo "VERSION=$VERSION" >> $GITHUB_ENV
fi
- name: Login to Docker registry
uses: docker/login-action@v2
with:
registry: ${{ env.GITEA_REGISTRY }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_PASSWORD }}
- name: Build Docker image
run: |
docker build -t ${{ env.GITEA_REGISTRY }}/${{ secrets.REGISTRY_USERNAME }}/$APP_NAME:${{ env.VERSION }} .
- name: Push Docker image
if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')
run: |
docker push ${{ env.GITEA_REGISTRY }}/${{ secrets.REGISTRY_USERNAME }}/$APP_NAME:${{ env.VERSION }}
- name: Logout from Docker registry
run: docker logout ${{ env.GITEA_REGISTRY }}
### Run prisma migrations
migration:
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') # Condition
container:
image: catthehacker/ubuntu:act-22.04
needs: build
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v3
- name: Install dependencies
run: npm install
## TODO: practice to work with vault from CI
# - name: Import secret
# uses: hashicorp/vault-action@v2
# with:
# url: 'https://vault.project-rent-dev.com'
# role_id: ${{ secrets.VAULT_ROLE_ID }}
# secret_id: ${{ secrets.VAULT_SECRET_ID }}
# secrets: cicd/data/prisma/db url | DATABASE_URL
- name: Apply all pending migrations to the database
run: npx prisma migrate deploy
env:
DATABASE_URL: ${{ secrets.PRISMA_DB_URL }}
deploy:
runs-on: ubuntu-latest
needs: [migration, build]
if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') # Condition
container:
image: catthehacker/ubuntu:act-22.04
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Extract version from tag or set commit SHA
id: vars
run: |
if [ "${{ github.ref_type }}" = "tag" ]; then
echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV
else
VERSION=$(echo "${{ github.sha }}" | cut -c1-7)
echo "VERSION=$VERSION" >> $GITHUB_ENV
fi
### TO:DO make something with chart, helm allow only semantic
# - name: Package chart
# run: |
# helm package chart/ --version ${{ env.VERSION }}
- name: Install helm
uses: azure/setup-helm@v4.2.0
with:
version: latest
- name: Set up Kubectl
uses: azure/k8s-set-context@v4
with:
kubeconfig: ${{ secrets.PROD_KUBECONF }}
- name: Install chart
run: |
helm upgrade --install --cleanup-on-fail --atomic --timeout 2m --wait $APP_NAME ./chart \
--create-namespace --namespace $NAMESPACE \
--set image.repository=${{ env.GITEA_REGISTRY }}/${{ secrets.REGISTRY_USERNAME }}/$APP_NAME \
--set image.tag=${{ env.VERSION }} \
-f chart/values-prod.yaml

78
.gitea/workflows/docker-build-and-push.yaml Normal file
View File

@ -0,0 +1,78 @@
name: Workflow to build and push docker image to registry
on:
workflow_call:
inputs:
APP_NAME:
required: true
type: string
description: Application name which would be the name of Docker and Helm release
REGISTRY:
required: true
type: string
DOCKERFILE_PATH:
type: string
default: Dockerfile
USER_FOR_IMAGE_STORE:
type: string
default: registry-bot
secrets:
VAULT_TOKEN:
required: true
jobs:
build:
runs-on: ubuntu-latest
container:
image: catthehacker/ubuntu:act-22.04
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Import Secrets
uses: hashicorp/vault-action@v2
with:
url: https://vault.project-rent-dev.com
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
cicd/data/docker password | REGISTRY_PASSWORD ;
cicd/data/docker username | REGISTRY_USERNAME ;
- name: Set up Docker BuildX
uses: docker/setup-buildx-action@v2
with:
driver-opts: network=host
config-inline: |
[registries.insecure]
"${{ inputs.REGISTRY }}" = true
- &get_version
name: Extract version from tag or set commit SHA
id: vars
run: |
if [ "${{ github.ref_type }}" = "tag" ]; then
echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV
else
VERSION=$(echo "${{ github.sha }}" | cut -c1-7)
echo "VERSION=$VERSION" >> $GITHUB_ENV
fi
- name: Login to Docker registry
uses: docker/login-action@v2
with:
registry: ${{ inputs.REGISTRY }}
username: ${{ env.REGISTRY_USERNAME }}
password: ${{ env.REGISTRY_PASSWORD }}
- name: Build Docker image
run: |
docker build -t ${{ inputs.REGISTRY }}/${{ inputs.USER_FOR_IMAGE_STORE }}/${{ inputs.APP_NAME }}:${{ env.VERSION }} .
- name: Push Docker image
run: |
docker push ${{ inputs.REGISTRY }}/${{ inputs.USER_FOR_IMAGE_STORE }}/${{ inputs.APP_NAME }}:${{ env.VERSION }}
- name: Logout from Docker registry
run: docker logout ${{ inputs.REGISTRY }}

106
.gitea/workflows/k8s-deploy.yml Normal file
View File

@ -0,0 +1,106 @@
name: Workflow for deploy helm to k8s
on:
workflow_call:
inputs:
APP_NAME:
required: true
type: string
description: Application name which would be the name of Docker and Helm release
REGISTRY:
required: true
type: string
default: registry.project-rent-dev.com
PROD_NAMESPACE:
required: true
type: string
description: Namespace where PROD Helm Release would be install
default: greedy
DEV_NAMESPACE:
required: true
type: string
description: Namespace where DEV Helm Release would be install
default: greedy-dev
PROD_VALUES_FILE:
required: true
type: string
description: Prod values file location in repo
default: chart/values-prod.yaml
DEV_VALUES_FILE:
required: true
type: string
description: Dev values file location in repo
default: chart/values-dev.yaml
REGISTRY_USER:
type: string
default: registry-bot
description: Because of gitea registry specific docker images path we need that var
DEV_KUBECONF_SECRET_PATH:
required: true
type: string
description: Kubeconf secret path in vault for dev
PROD_KUBECONF_SECRET_PATH:
required: true
type: string
description: Kubeconf secret path in vault for prod
secrets:
VAULT_TOKEN:
required: true
jobs:
deploy:
runs-on: ubuntu-latest
container:
image: catthehacker/ubuntu:act-22.04
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Extract version from tag or set commit SHA
id: vars
run: |
if [ "${{ github.ref_type }}" = "tag" ]; then
echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV
else
VERSION=$(echo "${{ github.sha }}" | cut -c1-7)
echo "VERSION=$VERSION" >> $GITHUB_ENV
fi
- name: Export secrets for deploy
run: |
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
echo "NAMESPACE=${{ inputs.PROD_NAMESPACE }}" >> $GITHUB_ENV
echo "VALUES_FILE=${{ inputs.PROD_VALUES_FILE }}" >> $GITHUB_ENV
echo "KUBECONF=${{ inputs.PROD_KUBECONF_SECRET_PATH }}" >> $GITHUB_ENV
else
echo "NAMESPACE=${{ inputs.DEV_NAMESPACE }}" >> $GITHUB_ENV
echo "VALUES_FILE=${{ inputs.DEV_VALUES_FILE }}" >> $GITHUB_ENV
echo "KUBECONF=${{ inputs.DEV_KUBECONF_SECRET_PATH }}" >> $GITHUB_ENV
fi
- name: Import config of k8s
uses: hashicorp/vault-action@v2
with:
url: https://vault.project-rent-dev.com
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
${{ env.KUBECONF }} | KUBECONFIG;
- name: Install helm
uses: azure/setup-helm@v4.2.0
with:
version: latest
- name: Set up Kubectl
uses: azure/k8s-set-context@v4
with:
kubeconfig: ${{ env.KUBECONFIG }}
- name: Install chart
run: |
helm upgrade --install --cleanup-on-fail --atomic --timeout 2m --wait ${{ inputs.APP_NAME }} ./chart \
--create-namespace --namespace ${{ env.NAMESPACE }} \
--set image.repository=${{ inputs.REGISTRY }}/${{ inputs.REGISTRY_USER }}/${{ inputs.APP_NAME }} \
--set image.tag=${{ env.VERSION }} \
-f ${{ env.VALUES_FILE }}

53
.gitea/workflows/prisma-migrate.yaml Normal file
View File

@ -0,0 +1,53 @@
name: Workflow for prisma migrations
on:
workflow_call:
inputs:
PROD_PRISMA_SECRET_DB_PATH:
required: true
type: string
description: Prisma db url secret path in vault for prod
DEV_PRISMA_SECRET_DB_PATH:
required: true
type: string
description: Prisma db url secret path in vault for dev
secrets:
VAULT_TOKEN:
required: true
jobs:
migration:
runs-on: ubuntu-latest
container:
image: catthehacker/ubuntu:act-22.04
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v3
- name: Install dependencies
run: npm install
- name: Export secrets for prisma
run: |
if [ "${{ github.ref }}" == "refs/heads/main" ]; then
echo "PRISMA_DB_SECRET_PATH=${{ inputs.PROD_PRISMA_SECRET_DB_PATH }}" >> $GITHUB_ENV
else
echo "PRISMA_DB_SECRET_PATH=${{ inputs.DEV_PRISMA_SECRET_DB_PATH }}" >> $GITHUB_ENV
fi
- name: Import prisma db url
uses: hashicorp/vault-action@v2
with:
url: https://vault.project-rent-dev.com
token: ${{ secrets.VAULT_TOKEN }}
secrets: |
${{ env.PRISMA_DB_SECRET_PATH }} | PRISMA_DB_URL;
- name: Apply all pending migrations to the database
run: npx prisma migrate deploy
env:
DATABASE_URL: ${{ env.PRISMA_DB_URL }}