Set up automatic deployment to k8s #18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: [push] | |
| jobs: | |
| deploy: | |
| name: Publish container and deploy | |
| if: github.event_name != 'pull_request' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: docker/setup-buildx-action@v3 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| images: | | |
| httptoolkit/anonymizing-reverse-proxy | |
| ghcr.io/httptoolkit/anonymizing-reverse-proxy | |
| tags: | | |
| type=raw,value=prod,enable={{is_default_branch}} | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=sha | |
| - name: Build & publish image to registries | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| build-args: VERSION=${{ github.sha }} | |
| - name: Configure Kubectl | |
| run: | | |
| kubectl config set-cluster scw-cluster \ | |
| --server="${{ vars.K8S_SERVER_ADDRESS }}" \ | |
| --certificate-authority=<(echo "${{ vars.K8S_CA_CERT }}" | base64 -d) \ | |
| --embed-certs=true | |
| kubectl config set-credentials deployer --token="${{ secrets.K8S_DEPLOY_TOKEN }}" | |
| kubectl config set-context default --cluster=scw-cluster --user=deployer | |
| kubectl config use-context default | |
| - name: Deploy to Kubernetes | |
| run: | | |
| sed "s|/anonymizing-reverse-proxy:latest|/anonymizing-reverse-proxy:sha-${GITHUB_SHA::7}|g" deploy/deployment.yaml | \ | |
| kubectl apply -f - \ | |
| -f deploy/service.yaml \ | |
| -f deploy/routes.yaml | |
| - name: Redeploy SCW container | |
| uses: httptoolkit/scaleway-serverless-container-deploy-action@v1 | |
| with: | |
| container_id: ${{ vars.SCW_API_CONTAINER_ID }} | |
| secret_key: ${{ secrets.SCW_SECRET_KEY }} | |
| registry_image_url: "ghcr.io/httptoolkit/anonymizing-reverse-proxy:prod" |