Deploy OpenCRVS on demo (core: 1522f2a, country: 4714884) #12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy OpenCRVS | |
| run-name: "Deploy OpenCRVS on ${{ inputs.environment }} (core: ${{ inputs.core-image-tag }}, country: ${{ inputs.countryconfig-image-tag }})" | |
| on: | |
| workflow_call: | |
| inputs: | |
| core-image-tag: | |
| type: string | |
| countryconfig-image-tag: | |
| type: string | |
| environment: | |
| type: string | |
| reset: | |
| type: boolean | |
| workflow_dispatch: | |
| inputs: | |
| core-image-tag: | |
| description: "Tag of the core image" | |
| required: true | |
| default: "develop" | |
| countryconfig-image-tag: | |
| description: "Tag of the countryconfig image" | |
| required: true | |
| default: "develop" | |
| environment: | |
| description: "Target environment" | |
| required: true | |
| default: "dev" | |
| type: choice | |
| options: | |
| - demo | |
| - dev | |
| - backup | |
| - qa | |
| - staging | |
| reset: | |
| description: "Reset environment after deploy" | |
| required: false | |
| default: false | |
| type: boolean | |
| jobs: | |
| deploy: | |
| environment: ${{ inputs.environment }} | |
| env: | |
| ENV: ${{ inputs.environment }} | |
| BRANCH: ${{ github.ref_name }} | |
| CORE_IMAGE_TAG: ${{ inputs.core-image-tag }} | |
| COUNTRYCONFIG_IMAGE_TAG: ${{ inputs.countryconfig-image-tag }} | |
| runs-on: | |
| - self-hosted | |
| - k8s | |
| - ${{ inputs.environment }} | |
| steps: | |
| - name: Generate summary | |
| run: | | |
| echo "Deploying environment to https://${{ vars.DOMAIN }}" >> $GITHUB_STEP_SUMMARY | |
| echo "Core image tag: ${{ inputs.core-image-tag }}" >> $GITHUB_STEP_SUMMARY | |
| echo "Country config image tag: ${{ inputs.countryconfig-image-tag }}" >> $GITHUB_STEP_SUMMARY | |
| echo "Reset environment: ${{ inputs.reset }}" >> $GITHUB_STEP_SUMMARY | |
| - name: Print deployment parameters | |
| run: | | |
| echo "Environment: $ENV" | |
| echo "Core Image: $CORE_IMAGE_TAG" | |
| echo "Country Config Image: $COUNTRYCONFIG_IMAGE_TAG" | |
| echo "base_ref: ${{ github.base_ref }}" | |
| echo "branch: ${BRANCH}" | |
| - name: Deploy OpenCRVS MOSIP API | |
| run: | | |
| helm upgrade --install mosip-api oci://ghcr.io/opencrvs/opencrvs-mosip \ | |
| --namespace "opencrvs-${ENV}" \ | |
| -f https://raw.githubusercontent.com/opencrvs/infrastructure/refs/heads/${{ github.ref_name }}/examples/${ENV}/mosip-api/values.yaml \ | |
| --set hostname=${{ vars.DOMAIN }} \ | |
| --create-namespace \ | |
| --atomic | |
| - name: Copy secrets from dependencies into application namespace | |
| run: | | |
| secrets=( | |
| "elasticsearch-admin-user" | |
| "redis-opencrvs-users" | |
| "minio-opencrvs-users" | |
| "mongodb-admin-user" | |
| "postgres-admin-user" | |
| ) | |
| for secret in "${secrets[@]}"; do | |
| kubectl get secret $secret -n opencrvs-deps-${ENV} -o yaml \ | |
| | sed "s#namespace: opencrvs-deps-${ENV}#namespace: opencrvs-${ENV}#" \ | |
| | grep -vE 'resourceVersion|uid|creationTimestamp' \ | |
| | kubectl apply -n opencrvs-${ENV} -f - \ | |
| || echo "Secret $secret doesn't exist in opencrvs-deps-${ENV} namespace" | |
| done | |
| - name: Deploy with Helm | |
| run: | | |
| helm upgrade --install opencrvs oci://ghcr.io/opencrvs/opencrvs-services \ | |
| --timeout 15m \ | |
| --namespace "opencrvs-${ENV}" \ | |
| -f https://raw.githubusercontent.com/opencrvs/infrastructure/refs/heads/${{ github.ref_name }}/examples/${ENV}/opencrvs-services/values.yaml \ | |
| --create-namespace \ | |
| --atomic \ | |
| --set image.tag="$CORE_IMAGE_TAG" \ | |
| --set countryconfig.image.tag="$COUNTRYCONFIG_IMAGE_TAG" \ | |
| --set hostname=${{ vars.DOMAIN }} | |
| - name: Cleanup Helm Locks | |
| if: failure() || cancelled() | |
| run: | | |
| kubectl -n "opencrvs-${ENV}" get secrets -l owner=helm -o json | \ | |
| jq -r '.items[] | select(.metadata.labels.status=="pending-install" or .metadata.labels.status=="pending-upgrade") | .metadata.name' | \ | |
| xargs -r kubectl -n "opencrvs-${ENV}" delete secret || \ | |
| echo "No helm locks found, all is good" | |
| reset-data: | |
| if: ${{ inputs.reset }} | |
| needs: deploy | |
| uses: ./.github/workflows/k8s-reset-data.yml | |
| with: | |
| namespace: "opencrvs-${{ inputs.environment }}" | |
| environment: ${{ inputs.environment }} | |
| secrets: inherit |