Skip to content

test aws credentials #9

test aws credentials

test aws credentials #9

Workflow file for this run

name: Deploy to Kubernetes
on:
push:
branches:
- main
- kustomize
env:
AWS_REGION: ${{ secrets.AWS_REGION }}
EKS_CLUSTER_NAME: ${{ secrets.EKS_CLUSTER_NAME }}
OIDC_ROLE_ARN: ${{ secrets.OIDC_ROLE }}
WEBHOOK_URL: ${{ secrets.WEBHOOK }}
ARGOCD_AUTH_TOKEN: ${{ secrets.ARGOCD_AUTH_TOKEN }}
KUSTOMIZE_REPO: "Project-Catcher/catcher-service-kusto"
DEPLOY_ENV: ${{ github.ref == 'refs/heads/main' && 'PROD' || 'DEV' }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
permissions:
id-token: write
contents: read
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Checkout Kustomize Configs
uses: actions/checkout@v2
with:
repository: ${{ env.KUSTOMIZE_REPO }}
path: 'kustomize-configs'
ref: 'main'
- name: Set up Kubectl and Kustomize
run: |
sudo snap install kubectl --classic
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash
sudo mv kustomize /usr/local/bin/
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
uses: aws-actions/amazon-ecr-login@v1
- name: Set up Kubernetes context
run: aws eks update-kubeconfig --region ${{ env.AWS_REGION }} --name ${{ env.EKS_CLUSTER_NAME }}
- name: Deploy to Kubernetes
run: |
if [ "${{ env.DEPLOY_ENV }}" == "PROD" ]; then
KUSTOMIZE_PATH="k8s/overlays/production"
else
KUSTOMIZE_PATH="k8s/overlays/development"
fi
kustomize edit set image catcher-service=$ECR_REPO_URL:catcher-service
kustomize build ./kustomize-configs/$KUSTOMIZE_PATH | kubectl apply -f -
- name: Sync ArgoCD Application
run: argocd app sync catcher-service
env:
ARGOCD_AUTH_TOKEN: ${{ env.ARGOCD_AUTH_TOKEN }}
- name: Send Notification
if: ${{ always() }}
run: |
if [[ ${{ job.status }} == "success" ]]; then
MESSAGE="🏷 ${{ job.status }} 배포 성공: Catcher-service - by ${{ github.actor }}"
else
MESSAGE="❌ ${{ job.status }} 배포 실패: Catcher-service - by ${{ github.actor }}"
fi
curl -X POST -H "Content-Type: application/json" --data "{\"text\":\"${MESSAGE}\"}" ${{ env.WEBHOOK_URL }}