Deploy OpenCRVS on dev (core: 9d02d88, country: d798f07) #46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy OpenCRVS | |
| run-name: "Deploy OpenCRVS on ${{ inputs.environment }} (core: ${{ inputs.core-image-tag }}, country: ${{ inputs.countryconfig-image-tag }})" | |
| on: | |
| workflow_call: | |
| inputs: | |
| core-image-tag: | |
| type: string | |
| countryconfig-image-tag: | |
| type: string | |
| environment: | |
| type: string | |
| reset: | |
| type: boolean | |
| deploy_mosip: | |
| type: boolean | |
| workflow_dispatch: | |
| inputs: | |
| core-image-tag: | |
| description: "Tag of the core image" | |
| required: true | |
| default: "v1.9.0-beta-1" | |
| countryconfig-image-tag: | |
| description: "Tag of the countryconfig image" | |
| required: true | |
| default: "v1.9.0-beta-1" | |
| environment: | |
| description: "Target environment" | |
| required: true | |
| default: "dev" | |
| type: choice | |
| options: | |
| - demo | |
| - dev | |
| reset: | |
| description: "Reset environment after deploy" | |
| required: false | |
| default: false | |
| type: boolean | |
| deploy_mosip: | |
| description: "Deploy MOSIP integration" | |
| required: false | |
| default: false | |
| type: boolean | |
| jobs: | |
| github-to-k8s-sync-env: | |
| uses: ./.github/workflows/github-to-k8s-sync-env.yml | |
| with: | |
| environment: ${{ inputs.environment }} | |
| secrets: inherit | |
| deploy: | |
| needs: github-to-k8s-sync-env | |
| environment: ${{ inputs.environment }} | |
| env: | |
| ENV: ${{ inputs.environment }} | |
| BRANCH: ${{ github.ref_name }} | |
| CORE_IMAGE_TAG: ${{ inputs.core-image-tag }} | |
| COUNTRYCONFIG_IMAGE_TAG: ${{ inputs.countryconfig-image-tag }} | |
| COUNTRYCONFIG_IMAGE_NAME: ${{ secrets.DOCKERHUB_ACCOUNT || 'opencrvs' }}/${{ secrets.DOCKERHUB_REPO || 'ocrvs-farajaland'}} | |
| runs-on: | |
| - self-hosted | |
| - k8s | |
| - ${{ inputs.environment }} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Generate summary | |
| run: "# set the mark (colored emoji)\nRESET=\"${{ inputs.reset }}\"\nif [ \"$RESET\" = \"true\" ]; then\n RESET_MARK=\"<span style='color:green'>✅ Yes</span>\"\nelse\n RESET_MARK=\"<span style='color:red'>❌ No</span>\"\nfi\n\n# build the summary into a variable (unquoted heredoc so $RESET_MARK expands)\nSUMMARY=$(cat <<EOF\n### Deployment Summary\n\n| Key | Value |\n|-----|-------|\n| \U0001F310 Environment URL | https://${{ vars.DOMAIN }} |\n| \U0001F6E0 Core image tag | \\`${{ inputs.core-image-tag }}\\` |\n| \U0001F4E6 Country config image | \\`${{ inputs.countryconfig-image-tag }}\\` |\n| \U0001F33F Branch name | \\`${{ github.ref_name }}\\` |\n| \U0001F504 Reset environment | $RESET_MARK |\nEOF\n)\n\n# strip the leading 4-space indentation that we used for readability in the workflow,\n# then append the cleaned output to the GitHub Actions summary (single append)\necho \"$SUMMARY\" | sed 's/^ //' >> $GITHUB_STEP_SUMMARY\n" | |
| - name: Deploy OpenCRVS MOSIP API | |
| if: inputs.deploy_mosip | |
| run: | | |
| helm upgrade --install mosip-api oci://ghcr.io/opencrvs/opencrvs-mosip \ | |
| --namespace "opencrvs-${ENV}" \ | |
| -f environments/${ENV}/mosip-api/values.yaml \ | |
| --set hostname=${{ vars.DOMAIN }} \ | |
| --create-namespace \ | |
| --atomic | |
| - name: Copy secrets from dependencies into application namespace | |
| # Only redis secret for now needs to be copied | |
| run: | | |
| secrets=( | |
| "redis-opencrvs-users" | |
| ) | |
| for secret in "${secrets[@]}"; do | |
| kubectl get secret $secret -n opencrvs-deps-${ENV} -o yaml \ | |
| | sed "s#namespace: opencrvs-deps-${ENV}#namespace: opencrvs-${ENV}#" \ | |
| | grep -vE 'resourceVersion|uid|creationTimestamp' \ | |
| | kubectl apply -n opencrvs-${ENV} -f - \ | |
| || echo "Secret $secret doesn't exist in opencrvs-deps-${ENV} namespace" | |
| done | |
| - name: Deploy with Helm | |
| run: | | |
| helm upgrade --install opencrvs oci://ghcr.io/opencrvs/opencrvs-services \ | |
| --timeout 15m \ | |
| --namespace "opencrvs-${ENV}" \ | |
| -f environments/${ENV}/opencrvs-services/values.yaml \ | |
| --create-namespace \ | |
| --atomic \ | |
| --wait \ | |
| --wait-for-jobs \ | |
| --set image.tag="$CORE_IMAGE_TAG" \ | |
| --set countryconfig.image.tag="$COUNTRYCONFIG_IMAGE_TAG" \ | |
| --set countryconfig.image.name="$COUNTRYCONFIG_IMAGE_NAME" \ | |
| --set hostname=${{ vars.DOMAIN }} | |
| - name: Cleanup Helm Locks | |
| if: failure() || cancelled() | |
| run: | | |
| kubectl -n "opencrvs-${ENV}" get secrets -l owner=helm -o json | \ | |
| jq -r '.items[] | select(.metadata.labels.status=="pending-install" or .metadata.labels.status=="pending-upgrade") | .metadata.name' | \ | |
| xargs -r kubectl -n "opencrvs-${ENV}" delete secret || \ | |
| echo "No helm locks found, all is good" | |
| reset-data: | |
| if: ${{ inputs.reset }} | |
| needs: deploy | |
| uses: ./.github/workflows/k8s-reset-data.yml | |
| with: | |
| environment: ${{ inputs.environment }} | |
| secrets: inherit |