infinity-grid/.github/workflows/_helm_pr_deploy.yaml at 3ee5c23d9537384fae5ccc741aa48307a5a4af99 · btschwertfeger/infinity-grid · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# -*- mode: yaml; coding: utf-8 -*-
#
# Copyright (C) 2025 Benjamin Thomas Schwertfeger
# All rights reserved.
# https://github.com/btschwertfeger
#
# Template file for deploying the infinity-grid Helm Chart to Kubernetes
# for pull request testing.
#

name: Helm Review Deployment

on:
  workflow_call:
    inputs:
      pr_number:
        description: "Pull request number for tagging"
        required: true
        type: string
    secrets:
      KUBECONFIG:
        required: true
      INFINITY_GRID_API_PUBLIC_KEY:
        required: true
      INFINITY_GRID_API_SECRET_KEY:
        required: true
      INFINITY_GRID_RUN_DB_PASSWORD:
        required: true
      INFINITY_GRID_RUN_DB_USER:
        required: true

permissions:
  contents: read
  pull-requests: write

jobs:
  Review-Deployment:
    runs-on: ubuntu-latest
    environment: Review Deployment
    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
        with:
          disable-sudo: true
          egress-policy: block
          allowed-endpoints: >
            api.github.com:443
            get.helm.sh:443
            github.com:443
            ultimate-bots.com:6443

      - name: Checkout repository
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0 # IMPORTANT: otherwise the current tag does not get fetched and the build version gets worse

      - name: Set up Kubernetes config
        env:
          KUBECONFIG: ${{ secrets.KUBECONFIG }}
        run: |
          mkdir -p ~/.kube
          chmod go-rwx ~/.kube
          echo "$KUBECONFIG" > ~/.kube/config

      - name: Set up Helm
        uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4.3.1
        with:
          version: "latest"

      - name: Generate release name
        id: release-name
        run: |
          RELEASE_NAME="infinity-grid-pr-${{ inputs.pr_number }}"
          echo "name=$RELEASE_NAME" >> $GITHUB_OUTPUT
          echo "Release name: $RELEASE_NAME"

      - name: Deploy with Helm
        run: |
          helm upgrade --install "${{ steps.release-name.outputs.name }}" helm/infinity-grid/ \
            --namespace infinity-grid \
            --values tests/deployment/values.yaml \
            --set-string infinityGrid.apiPublicKey="${{ secrets.INFINITY_GRID_API_PUBLIC_KEY }}" \
            --set-string infinityGrid.apiSecretKey="${{ secrets.INFINITY_GRID_API_SECRET_KEY }}" \
            --set-string infinityGrid.userref="${{ inputs.pr_number }}" \
            --set-string database.password="${{ secrets.INFINITY_GRID_RUN_DB_PASSWORD }}" \
            --set-string database.username="${{ secrets.INFINITY_GRID_RUN_DB_USER }}" \
            --set image.repository="ghcr.io/btschwertfeger/infinity-grid" \
            --set image.tag="pr-${{ inputs.pr_number }}" \
            --timeout 10m \
            --atomic

      - name: Verify deployment
        run: |
          echo "=== Checking deployment status ==="
          kubectl get pods -n infinity-grid -l app.kubernetes.io/instance="${{ steps.release-name.outputs.name }}"

          echo "=== Checking services ==="
          kubectl get services -n infinity-grid -l app.kubernetes.io/instance="${{ steps.release-name.outputs.name }}"

          echo "=== Checking deployment logs ==="
          kubectl logs -n infinity-grid -l app.kubernetes.io/instance="${{ steps.release-name.outputs.name }}" --tail=50 || true

      - name: Comment on PR with deployment info
        uses: actions/github-script@v8
        with:
          script: |
            const releaseName = '${{ steps.release-name.outputs.name }}';
            const namespace = 'infinity-grid';
            const prNumber = '${{ inputs.pr_number }}';

            const comment = `## 🚀 Deployment Status

            **Release Name:** \`${releaseName}\`
            **Namespace:** \`${namespace}\`
            **Docker Image:** \`ghcr.io/btschwertfeger/infinity-grid:pr-${prNumber}\`
            **Status:** ✅ Successfully deployed

            The infinity-grid application has been deployed to the Kubernetes cluster using the PR-specific Docker image.

            **Commands to check the deployment:**
            \`\`\`bash
            kubectl get pods -n ${namespace} -l app.kubernetes.io/instance=${releaseName}
            kubectl logs -n ${namespace} -l app.kubernetes.io/instance=${releaseName}
            kubectl describe deployment -n ${namespace} -l app.kubernetes.io/instance=${releaseName}
            \`\`\`

            The deployment will be automatically cleaned up when this PR is closed.`;

            github.rest.issues.createComment({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: comment
            });