From 6a114b6d313c6a560406ab42f6f63be1dfe982cb Mon Sep 17 00:00:00 2001 From: Samuel Olwe Date: Tue, 4 Mar 2025 11:32:08 +0300 Subject: [PATCH] feat: added prod deployment --- .github/workflows/deploy.yaml | 44 ++++++++++++++++++++++++++++++++--- 1 file changed, 41 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index dcfa49c..58bbc46 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -1,4 +1,4 @@ -name: Deploy site +name: Deploy on: push: @@ -83,7 +83,7 @@ jobs: - name: Push to GHCR run: skopeo --insecure-policy copy oci-archive:$(ls *.rock) docker://${{ steps.set_image_url.outputs.image_url }} --dest-creds "canonical:${{ secrets.GITHUB_TOKEN }}" - deploy: + deploy-staging: runs-on: [self-hosted, self-hosted-linux-amd64-jammy-private-endpoint-medium] needs: [pack-charm, publish-image] steps: @@ -115,8 +115,46 @@ jobs: PASSWORD=$(vault read -field=password "${VAULT_SECRET_PATH_ROLE}/juju") printf "controllers:\n juju-controller-36-staging-ps6:\n user: %s\n password: %s\n" "$USERNAME" "$PASSWORD" > ~/.local/share/juju/accounts.yaml - - name: Deploy Application + - name: Deploy Application to staging run: | export JUJU_MODEL=admin/stg-cs-canonical-com juju refresh cs-canonical-com --path ./cs-canonical-com_ubuntu-22.04-amd64.charm --resource flask-app-image=${{ needs.publish-image.outputs.image_url }} juju wait-for application cs-canonical-com --query='name=="cs-canonical-com" && (status=="active" || status=="idle")' + + deploy-production: + runs-on: [self-hosted, self-hosted-linux-amd64-jammy-private-endpoint-medium] + needs: [pack-charm, publish-image] + steps: + - name: Checkout Code + uses: actions/checkout@v3 + + - name: Install Dependencies + run: | + sudo snap install juju --channel=3.6/stable --classic + sudo snap install vault --classic + + - name: Download Charm Artifact + uses: actions/download-artifact@v4 + with: + name: cs-canonical-com-charm + + - name: Configure Vault and Juju + run: | + export VAULT_ADDR=https://vault.admin.canonical.com:8200 + export TF_VAR_login_approle_role_id=${{ secrets.PROD_VAULT_APPROLE_ROLE_ID }} + export TF_VAR_login_approle_secret_id=${{ secrets.PROD_VAULT_APPROLE_SECRET_ID }} + export VAULT_SECRET_PATH_ROLE=secret/prodstack6/roles/prod-cs-canonical-com + export VAULT_SECRET_PATH_COMMON=secret/prodstack6/juju/common + VAULT_TOKEN=$(vault write -f -field=token auth/approle/login role_id=${TF_VAR_login_approle_role_id} secret_id=${TF_VAR_login_approle_secret_id}) + export VAULT_TOKEN + mkdir -p ~/.local/share/juju + vault read -field=controller_config "${VAULT_SECRET_PATH_COMMON}/controllers/juju-controller-36-production-ps6" | base64 -d > ~/.local/share/juju/controllers.yaml + USERNAME=$(vault read -field=username "${VAULT_SECRET_PATH_ROLE}/juju") + PASSWORD=$(vault read -field=password "${VAULT_SECRET_PATH_ROLE}/juju") + printf "controllers:\n juju-controller-36-production-ps6:\n user: %s\n password: %s\n" "$USERNAME" "$PASSWORD" > ~/.local/share/juju/accounts.yaml + + - name: Deploy Application to production + run: | + export JUJU_MODEL=admin/prod-cs-canonical-com + juju refresh cs-canonical-com --path ./cs-canonical-com_ubuntu-22.04-amd64.charm --resource flask-app-image=${{ needs.publish-image.outputs.image_url }} + juju wait-for application cs-canonical-com --query='name=="cs-canonical-com" && (status=="active" || status=="idle")'