-
Notifications
You must be signed in to change notification settings - Fork 0
66 lines (57 loc) · 2.95 KB
/
prod-gke.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
name: Build and Deploy to GKE
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
on:
push:
branches: ["main"]
# Publish semver tags as releases.
tags: ["v*.*.*"]
env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
jobs:
build-deploy:
runs-on: ubuntu-latest
environment: production
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Google Cloud Auth
id: auth
uses: google-github-actions/auth@v0
with:
credentials_json: ${{ secrets.GCLOUD_SERVICE_KEY }}
- name: Build and push image to gcr.io
uses: RafikFarhad/push-to-gcr-github-action@v5-beta
with:
registry: gcr.io
project_id: kraikub
image_name: oauth2
image_tag: latest
dockerfile: ./Dockerfile
context: ./
build_args: NEXT_PUBLIC_ACCOUNTS_API_CLIENT_ID_ARG=${{ secrets.NEXT_PUBLIC_ACCOUNTS_API_CLIENT_ID }},MONGODB_URL_ARG=${{ secrets.MONGODB_URL }},MYKU_APPKEY_ARG=${{ secrets.MYKU_APPKEY }},NEXT_PUBLIC_SERVER_DOMAIN_ARG=${{ secrets.NEXT_PUBLIC_SERVER_DOMAIN }}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v1
# Get the GKE credentials so we can deploy to the cluster
- run: |-
gcloud components install gke-gcloud-auth-plugin
gcloud container clusters get-credentials "${{ secrets.GKE_CLUSTER_NAME }}" --region "${{ secrets.GKE_CLUSTER_REGION }}" --project "${{ secrets.GCP_PROJECT_ID }}"
echo "deleting secret"
kubectl delete secret oauth2-secret || echo "oauth2-secret not existed"
echo "applying secret"
kubectl create secret generic oauth2-secret --from-literal=JWT_SECRET=${{ secrets.JWT_SECRET }} --from-literal=IDENTITY_SECRET=${{ secrets.IDENTITY_SECRET }} --from-literal=MONGODB_URL="${{ secrets.MONGODB_URL }}" --from-literal=MYKU_APPKEY=${{ secrets.MYKU_APPKEY }} --from-literal=MYKU_AUTH_URL="${{ secrets.MYKU_AUTH_URL }}" --from-literal=NEXT_PUBLIC_ACCOUNTS_API_CLIENT_ID=${{ secrets.NEXT_PUBLIC_ACCOUNTS_API_CLIENT_ID }} --from-literal=SHARE_ACCESS_DOMAIN="${{ secrets.SHARE_ACCESS_DOMAIN }}" --from-literal=REDIS_PASSWORD="${{ secrets.REDIS_PASSWORD }}" --from-literal=REDIS_HOST=${{ secrets.REDIS_HOST }} --from-literal=NEXT_PUBLIC_SERVER_DOMAIN="https://accounts.kraikub.com" --from-literal=MAIL_SERVICE_HOST="mail-service-svc"
echo "applying deployment"
kubectl apply -f k8s/deployment.yaml
echo "applying service"
kubectl apply -f k8s/service.yaml