Add K8s deploy workflow #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy to Kubernetes | |
on: | |
push: | |
branches: ["development", "stable"] | |
pull_request: | |
branches: ["development", "stable"] | |
workflow_dispatch: | |
jobs: | |
deploy: | |
env: | |
BRANCH_NAME: ${{ github.head_ref || github.ref_name }} | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
NAMESPACE: "gn-demo-${{ github.head_ref || github.ref_name }}" | |
KUBECONFIG: "${{ github.workspace }}/.kube/config" | |
runs-on: ubuntu-24.04 | |
permissions: | |
contents: read | |
packages: write | |
attestations: write | |
id-token: write | |
steps: | |
- name: Branch safety check | |
run: '[ "${{ env.BRANCH_NAME }}" = "development" ] || [ "${{ env.BRANCH_NAME }}" = "stable" ]' | |
- id: lowercase_image_name | |
run: echo "IMAGE_NAME_LC=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> ${GITHUB_OUTPUT} | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Log in to the Container registry | |
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push Docker image | |
id: push | |
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671 | |
with: | |
context: . | |
file: ./Dockerfile | |
push: true | |
tags: ${{ env.REGISTRY }}/${{ steps.lowercase_image_name.outputs.IMAGE_NAME_LC }}:${{ env.BRANCH_NAME }} | |
- name: "Write to $KUBECONFIG" | |
run: | | |
mkdir -p '${{ github.workspace }}/.kube' && umask 177 | |
if [ "${{ env.BRANCH_NAME }}" = "development" ]; then | |
printf "%s" '${{ secrets.K8S_CONFIG_DEVELOPMENT }}' > "$KUBECONFIG" | |
elif [ "${{ env.BRANCH_NAME }}" = "stable" ]; then | |
printf "%s" '${{ secrets.K8S_CONFIG_STABLE }}' > "$KUBECONFIG" | |
fi | |
- run: | | |
kubectl version \ | |
&& kubectl -n ${{ env.NAMESPACE }} get pods | |
- name: Checkout Helm chart repo | |
uses: actions/checkout@v4 | |
with: | |
repository: geosolutions-it/geonode-k8s | |
path: geonode-k8s | |
- name: Read Helm values from secret | |
working-directory: ./geonode-k8s | |
run: | | |
# HACK: GitHub secrets are limited to 48 KB, so we compress the file. | |
# cat custom-values.yaml | gzip | base64 -w0 | |
if [ "${{ env.BRANCH_NAME }}" = "development" ]; then | |
printf "%s" "${{ secrets.HELM_VALUES_DEVELOPMENT }}" | base64 -d | gunzip > custom-values.yaml | |
elif [ "${{ env.BRANCH_NAME }}" = "stable" ]; then | |
printf "%s" "${{ secrets.HELM_VALUES_STABLE }}" | base64 -d | gunzip > custom-values.yaml | |
fi | |
- name: Deploy to Kubernetes | |
working-directory: ./geonode-k8s | |
run: | | |
helm version \ | |
&& helm list -n ${{ env.NAMESPACE }} \ | |
&& helm dependency build --namespace ${{ env.NAMESPACE }} charts/geonode \ | |
&& helm upgrade --cleanup-on-fail --install --namespace ${{ env.NAMESPACE }} --values custom-values.yaml gn-demo-${{ env.BRANCH_NAME }} charts/geonode |