name: Base workflow which build and push docker, run prisma migrations and deploy helm to k8s on: workflow_call: inputs: APP_NAME: required: true type: string description: Application name which would be the name of Docker and Helm release # default: GITEA_REGISTRY: required: true type: string default: registry.project-rent-dev.com NAMESPACE: required: true type: string description: Namespace where Helm Release would be install secrets: PRISMA_DB_URL: required: true description: Secret where db url for migration stores REGISTRY_USERNAME: required: true description: Service acc name for registry REGISTRY_PASSWORD: required: true description: Service acc password for registry KUBECONF: required: true description: Kubeconf which allow to deploy Helm release to namespace jobs: ### Build docker image build: runs-on: ubuntu-latest container: image: catthehacker/ubuntu:act-22.04 steps: - name: Checkout code uses: actions/checkout@v2 - name: Set up Docker BuildX uses: docker/setup-buildx-action@v2 - &get_version name: Extract version from tag or set commit SHA id: vars run: | if [ "${{ github.ref_type }}" = "tag" ]; then echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV else VERSION=$(echo "${{ github.sha }}" | cut -c1-7) echo "VERSION=$VERSION" >> $GITHUB_ENV fi - name: Login to Docker registry uses: docker/login-action@v2 with: registry: ${{ env.GITEA_REGISTRY }} username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_PASSWORD }} - name: Build Docker image run: | docker build -t ${{ env.GITEA_REGISTRY }}/${{ secrets.REGISTRY_USERNAME }}/$APP_NAME:${{ env.VERSION }} . - name: Push Docker image if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') run: | docker push ${{ env.GITEA_REGISTRY }}/${{ secrets.REGISTRY_USERNAME }}/$APP_NAME:${{ env.VERSION }} - name: Logout from Docker registry run: docker logout ${{ env.GITEA_REGISTRY }} ### Run prisma migrations migration: runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') # Condition container: image: catthehacker/ubuntu:act-22.04 needs: build steps: - name: Checkout repo uses: actions/checkout@v3 - name: Setup Node uses: actions/setup-node@v3 - name: Install dependencies run: npm install ## TODO: practice to work with vault from CI # - name: Import secret # uses: hashicorp/vault-action@v2 # with: # url: 'https://vault.project-rent-dev.com' # role_id: ${{ secrets.VAULT_ROLE_ID }} # secret_id: ${{ secrets.VAULT_SECRET_ID }} # secrets: cicd/data/prisma/db url | DATABASE_URL - name: Apply all pending migrations to the database run: npx prisma migrate deploy env: DATABASE_URL: ${{ secrets.PRISMA_DB_URL }} deploy: runs-on: ubuntu-latest needs: [migration, build] if: github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') # Condition container: image: catthehacker/ubuntu:act-22.04 steps: - name: Checkout code uses: actions/checkout@v2 - name: Extract version from tag or set commit SHA id: vars run: | if [ "${{ github.ref_type }}" = "tag" ]; then echo "VERSION=${{ github.ref_name }}" >> $GITHUB_ENV else VERSION=$(echo "${{ github.sha }}" | cut -c1-7) echo "VERSION=$VERSION" >> $GITHUB_ENV fi ### TO:DO make something with chart, helm allow only semantic # - name: Package chart # run: | # helm package chart/ --version ${{ env.VERSION }} - name: Install helm uses: azure/setup-helm@v4.2.0 with: version: latest - name: Set up Kubectl uses: azure/k8s-set-context@v4 with: kubeconfig: ${{ secrets.PROD_KUBECONF }} - name: Install chart run: | helm upgrade --install --cleanup-on-fail --atomic --timeout 2m --wait $APP_NAME ./chart \ --create-namespace --namespace $NAMESPACE \ --set image.repository=${{ env.GITEA_REGISTRY }}/${{ secrets.REGISTRY_USERNAME }}/$APP_NAME \ --set image.tag=${{ env.VERSION }} \ -f chart/values-prod.yaml