Deploy OpenCRVS on euanland (core: v1.9.0-beta-6, country: v1.9.0-beta-6) #61
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy OpenCRVS | |
| run-name: "Deploy OpenCRVS on ${{ inputs.environment }} (core: ${{ inputs.core-image-tag }}, country: ${{ inputs.countryconfig-image-tag }})" | |
| on: | |
| workflow_call: | |
| inputs: | |
| core-image-tag: | |
| type: string | |
| countryconfig-image-tag: | |
| type: string | |
| environment: | |
| type: string | |
| reset: | |
| type: boolean | |
| deploy_mosip: | |
| type: boolean | |
| workflow_dispatch: | |
| inputs: | |
| core-image-tag: | |
| description: "Tag of the core image" | |
| required: true | |
| default: "v1.9.0-beta-6" | |
| countryconfig-image-tag: | |
| description: "Tag of the countryconfig image" | |
| required: true | |
| default: "v1.9.0-beta-6" | |
| environment: | |
| description: "Target environment" | |
| required: true | |
| default: "dev" | |
| type: choice | |
| options: | |
| - euanland | |
| reset: | |
| description: "Reset environment after deploy" | |
| required: false | |
| default: false | |
| type: boolean | |
| deploy_mosip: | |
| description: "Deploy MOSIP integration" | |
| required: false | |
| default: false | |
| type: boolean | |
| jobs: | |
| github-to-k8s-sync-env: | |
| uses: ./.github/workflows/github-to-k8s-sync-env.yml | |
| with: | |
| environment: ${{ inputs.environment }} | |
| secrets: inherit | |
| deploy: | |
| needs: github-to-k8s-sync-env | |
| environment: ${{ inputs.environment }} | |
| env: | |
| ENV: ${{ inputs.environment }} | |
| BRANCH: ${{ github.ref_name }} | |
| CORE_IMAGE_TAG: ${{ inputs.core-image-tag }} | |
| COUNTRYCONFIG_IMAGE_TAG: ${{ inputs.countryconfig-image-tag }} | |
| COUNTRYCONFIG_IMAGE_NAME: ${{ secrets.DOCKERHUB_ACCOUNT || 'opencrvs' }}/${{ secrets.DOCKERHUB_REPO || 'ocrvs-farajaland'}} | |
| runs-on: | |
| - self-hosted | |
| - k8s | |
| - ${{ inputs.environment }} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Generate summary | |
| env: | |
| PUBLIC_DOMAIN: ${{ vars.DOMAIN }} | |
| run: | | |
| RESET="${{ inputs.reset }}" | |
| if [ "$RESET" = "true" ]; then | |
| RESET_MARK="<span style='color:green'>⚠️ Yes</span>" | |
| else | |
| RESET_MARK="<span style='color:red'>✅ No</span>" | |
| fi | |
| SUMMARY=$(cat <<EOF | |
| ### Deployment Summary | |
| | Key | Value | | |
| |-----|-------| | |
| | Environment URL | https://$PUBLIC_DOMAIN | | |
| | Core image tag | \`${{ inputs.core-image-tag }}\` | | |
| | Country config image | \`${{ inputs.countryconfig-image-tag }}\` | | |
| | Branch name | \`${{ github.ref_name }}\` | | |
| | Reset environment | $RESET_MARK | | |
| EOF | |
| ) | |
| echo "$SUMMARY" | sed 's/^ //' >> $GITHUB_STEP_SUMMARY | |
| - name: Deploy OpenCRVS MOSIP API | |
| if: inputs.deploy_mosip | |
| run: | | |
| helm upgrade --install mosip-api oci://ghcr.io/opencrvs/opencrvs-mosip \ | |
| --namespace "opencrvs-${ENV}" \ | |
| -f environments/${ENV}/mosip-api/values.yaml \ | |
| --set hostname=${{ vars.DOMAIN }} \ | |
| --create-namespace \ | |
| --atomic | |
| - name: Copy secrets from dependencies into application namespace | |
| # Only redis secret for now needs to be copied | |
| run: | | |
| secrets=( | |
| "redis-opencrvs-users" | |
| ) | |
| for secret in "${secrets[@]}"; do | |
| kubectl get secret $secret -n opencrvs-deps-${ENV} -o yaml \ | |
| | sed "s#namespace: opencrvs-deps-${ENV}#namespace: opencrvs-${ENV}#" \ | |
| | grep -vE 'resourceVersion|uid|creationTimestamp' \ | |
| | kubectl apply -n opencrvs-${ENV} -f - \ | |
| || echo "Secret $secret doesn't exist in opencrvs-deps-${ENV} namespace" | |
| done | |
| - name: Deploy with Helm | |
| run: | | |
| helm upgrade --install opencrvs oci://ghcr.io/opencrvs/opencrvs-services \ | |
| --timeout 15m \ | |
| --namespace "opencrvs-${ENV}" \ | |
| -f environments/${ENV}/opencrvs-services/values.yaml \ | |
| --create-namespace \ | |
| --atomic \ | |
| --wait \ | |
| --wait-for-jobs \ | |
| --set image.tag="$CORE_IMAGE_TAG" \ | |
| --set countryconfig.image.tag="$COUNTRYCONFIG_IMAGE_TAG" \ | |
| --set countryconfig.image.name="$COUNTRYCONFIG_IMAGE_NAME" \ | |
| --set hostname=${{ vars.DOMAIN }} | |
| - name: Cleanup Helm Locks | |
| if: failure() || cancelled() | |
| run: | | |
| kubectl -n "opencrvs-${ENV}" get secrets -l owner=helm -o json | \ | |
| jq -r '.items[] | select(.metadata.labels.status=="pending-install" or .metadata.labels.status=="pending-upgrade") | .metadata.name' | \ | |
| xargs -r kubectl -n "opencrvs-${ENV}" delete secret || \ | |
| echo "No helm locks found, all is good" | |
| reset-data: | |
| if: ${{ inputs.reset }} | |
| needs: deploy | |
| uses: ./.github/workflows/k8s-reset-data.yml | |
| with: | |
| environment: ${{ inputs.environment }} | |
| secrets: inherit |