-
Notifications
You must be signed in to change notification settings - Fork 2
115 lines (115 loc) · 4.34 KB
/
deploy-opencrvs.yml
File metadata and controls
115 lines (115 loc) · 4.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
name: Deploy OpenCRVS
run-name: "Deploy OpenCRVS on ${{ inputs.environment }} (core: ${{ inputs.core-image-tag }}, country: ${{ inputs.countryconfig-image-tag }})"
on:
workflow_call:
inputs:
core-image-tag:
type: string
countryconfig-image-tag:
type: string
environment:
type: string
reset:
type: boolean
workflow_dispatch:
inputs:
core-image-tag:
description: "Tag of the core image"
required: true
default: "develop"
countryconfig-image-tag:
description: "Tag of the countryconfig image"
required: true
default: "develop"
environment:
description: "Target environment"
required: true
default: "dev"
type: choice
options:
- demo
- dev
- backup
- qa
- staging
reset:
description: "Reset environment after deploy"
required: false
default: false
type: boolean
jobs:
deploy:
environment: ${{ inputs.environment }}
env:
ENV: ${{ inputs.environment }}
BRANCH: ${{ github.ref_name }}
CORE_IMAGE_TAG: ${{ inputs.core-image-tag }}
COUNTRYCONFIG_IMAGE_TAG: ${{ inputs.countryconfig-image-tag }}
runs-on:
- self-hosted
- k8s
- ${{ inputs.environment }}
steps:
- name: Generate summary
run: |
echo "Deploying environment to https://${{ vars.DOMAIN }}" >> $GITHUB_STEP_SUMMARY
echo "Core image tag: ${{ inputs.core-image-tag }}" >> $GITHUB_STEP_SUMMARY
echo "Country config image tag: ${{ inputs.countryconfig-image-tag }}" >> $GITHUB_STEP_SUMMARY
echo "Reset environment: ${{ inputs.reset }}" >> $GITHUB_STEP_SUMMARY
- name: Print deployment parameters
run: |
echo "Environment: $ENV"
echo "Core Image: $CORE_IMAGE_TAG"
echo "Country Config Image: $COUNTRYCONFIG_IMAGE_TAG"
echo "base_ref: ${{ github.base_ref }}"
echo "branch: ${BRANCH}"
- name: Deploy OpenCRVS MOSIP API
run: |
helm upgrade --install mosip-api oci://ghcr.io/opencrvs/opencrvs-mosip \
--namespace "opencrvs-${ENV}" \
-f https://raw.githubusercontent.com/opencrvs/infrastructure/refs/heads/${{ github.ref_name }}/examples/${ENV}/mosip-api/values.yaml \
--set hostname=${{ vars.DOMAIN }} \
--create-namespace \
--atomic
- name: Copy secrets from dependencies into application namespace
run: |
secrets=(
"elasticsearch-admin-user"
"redis-opencrvs-users"
"minio-opencrvs-users"
"mongodb-admin-user"
"postgres-admin-user"
)
for secret in "${secrets[@]}"; do
kubectl get secret $secret -n opencrvs-deps-${ENV} -o yaml \
| sed "s#namespace: opencrvs-deps-${ENV}#namespace: opencrvs-${ENV}#" \
| grep -vE 'resourceVersion|uid|creationTimestamp' \
| kubectl apply -n opencrvs-${ENV} -f - \
|| echo "Secret $secret doesn't exist in opencrvs-deps-${ENV} namespace"
done
- name: Deploy with Helm
run: |
helm upgrade --install opencrvs oci://ghcr.io/opencrvs/opencrvs-services \
--timeout 15m \
--namespace "opencrvs-${ENV}" \
-f https://raw.githubusercontent.com/opencrvs/infrastructure/refs/heads/${{ github.ref_name }}/examples/${ENV}/opencrvs-services/values.yaml \
--create-namespace \
--atomic \
--set image.tag="$CORE_IMAGE_TAG" \
--set countryconfig.image.tag="$COUNTRYCONFIG_IMAGE_TAG" \
--set hostname=${{ vars.DOMAIN }}
- name: Cleanup Helm Locks
if: failure() || cancelled()
run: |
kubectl -n "opencrvs-${ENV}" get secrets -l owner=helm -o json | \
jq -r '.items[] | select(.metadata.labels.status=="pending-install" or .metadata.labels.status=="pending-upgrade") | .metadata.name' | \
xargs -r kubectl -n "opencrvs-${ENV}" delete secret || \
echo "No helm locks found, all is good"
reset-data:
if: ${{ inputs.reset }}
needs: deploy
uses: ./.github/workflows/k8s-reset-data.yml
with:
namespace: "opencrvs-${{ inputs.environment }}"
environment: ${{ inputs.environment }}
secrets: inherit