- Publishes a Docker image when the version changes.
- Tags the repo with that version.
- Applies Kubernetes manifests for each app.
- Syncs configuration from etcd and configmap dir before deployment.
- Runs init jobs (apps with
init: true) ahead of the main rollout. - If configmap or secret changed, but version has not, deployment will be restarted to load changes.
- Waits for deployment rollout.
- Copy
.github/workflows/build-and-deploy.yamlinto your repo. Add [ci skip] to commit message to avoid triggering cicd. - Copy
examples/k8sinto your repo root. Edit manifests underk8s/<env>/to match your services. - Ensure a Dockerfile exists for every app (default path
docker/Dockerfile.<app>unless you overridedockerfile). - Fill out
k8s/cicd-inputs.yaml. - Commit the version source files referenced in
version_file(for exampleCargo.toml,package.json). - Push to
developfor staging deployment and tomainfor production. Other branches will be blocked.
Upload the configuration file to etcd before the workflow runs. The workflow reads /etcd_root/k8s_env/app_name/.env and writes it into <app_name>-secret.
The secret is mounted into the container and configuration is accessible as system envs.
If you place files in k8s/<env>/<app>-configmap/, they will be pulled into an config map object that can be mounted into the container as files.
- When deploying a new app - a namespace has to be created.
- When deploying a new ingress - a dns entry has to created.
- Pipeline can be trigger manualy via github ui - not only by a commit.
- Share a Dockerfile by assigning the same
dockerfilevalue to multiple entries inapp_names. - Each app can use shared version source or a dedicated one, to be set in cicd_inputs.
- If the pipeline failed, check the logs before messaging ppl :)
- Mark init-only apps with
init: true; they will be build and deployed before standard apps. Those apps need to run to completition, else they will block the pipeline - so they have to be a job or pod, not a deployment.