Update GitHub Artifact Actions to v4 (major) #235
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build and deploy staging | |
on: | |
pull_request: | |
paths-ignore: | |
- '**.lock' | |
- 'Gemfile' | |
- '**.md' | |
branches: [master] | |
types: | |
- opened | |
- reopened | |
- synchronize | |
- ready_for_review | |
- unlocked | |
jobs: | |
build: | |
if: github.event.pull_request.draft == false | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set image tag | |
run: | | |
SHORT_SHA=$(echo $GITHUB_SHA | cut -c 1-7) #pr-s test commit of merged state | |
echo "TAG=ghcr.io/internetee/rest-whois:RC-$SHORT_SHA" >> $GITHUB_ENV | |
echo "SHORT_TAG=RC-$SHORT_SHA" >> $GITHUB_ENV | |
- name: Setting up application | |
env: | |
ST_A_YML: ${{ secrets.ST_APPLICATION_YML }} | |
run: | | |
echo $ST_A_YML | base64 -di > ./config/application.yml | |
- name: Build image | |
run: | | |
docker build -t $TAG --build-arg RAILS_ENV=staging -f Dockerfile.generic . | |
- name: Push Docker images to gh container registry | |
env: | |
PASSWORD: ${{ secrets.GHCR }} | |
run: | | |
echo $PASSWORD | docker login ghcr.io -u eisbot --password-stdin | |
docker push $TAG | |
- name: Get pull request reference number | |
run: | | |
echo "$GITHUB_REF" | |
echo "PR_REF=$(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number')" >> $GITHUB_ENV | |
echo $(cat /home/runner/work/_temp/_github_workflow/event.json | jq -r '.number') | |
- name: Get repo name | |
run: | | |
OIFS=$IFS | |
IFS='/' | |
read -a parts <<< "$GITHUB_REPOSITORY" | |
IFS=OIFS | |
echo "REPO=${parts[1]}" >> $GITHUB_ENV | |
echo "Repo $REPO" | |
- name: Set deploy config | |
env: | |
OVPN: ${{ secrets.OVPN }} | |
VPN_PWD: ${{ secrets.VPN_PWD }} | |
P12: ${{ secrets.P12 }} | |
K_CONFIG: ${{ secrets.KUBE_CONFIG }} | |
SSH_KEY: ${{ secrets.EISBOT_SSH_KEY }} | |
run: | | |
echo $VPN_PWD | base64 -di > client.pwd | |
chmod 0600 client.pwd | |
echo $OVPN | base64 -di > config.ovpn | |
echo $P12 | base64 -di > cert.p12 | |
mkdir -p ~/.ssh | |
echo $SSH_KEY | base64 -di > ~/.ssh/key | |
chmod 0600 ~/.ssh/key | |
mkdir -p $REPO/$PR_REF | |
cd $REPO/$PR_REF | |
echo $K_CONFIG | base64 -di > kubeconfig | |
chmod 0600 kubeconfig | |
- name: Install Open VPN | |
run: sudo apt-get install openvpn | |
- name: Deploy from remote server | |
timeout-minutes: 5 | |
run: | | |
sudo openvpn --config config.ovpn --askpass client.pwd --auth-nocache --daemon& | |
sleep 20 | |
ping -c 1 192.168.99.12 | |
eval `ssh-agent` | |
touch ~/.ssh/known_hosts | |
ssh-add ~/.ssh/key | |
ssh-keyscan 192.168.99.12 > ~/.ssh/known_hosts | |
rsync -av "$REPO" [email protected]:/home/runner/ | |
ssh -T [email protected] << EOSSH | |
bash | |
cd "$REPO"/"$PR_REF" | |
export KUBECONFIG=./kubeconfig | |
helm repo add eisrepo https://internetee.github.io/helm-charts/ | |
helm repo update | |
helm upgrade --install rwhois-st-"$PR_REF" --set image.tag="$SHORT_TAG",reference="$PR_REF" eisrepo/rest-whois -n rwhois-st | |
rm kubeconfig | |
echo "server obs.tld.ee | |
zone pilv.tld.ee | |
update add rwhois-"$PR_REF".pilv.tld.ee. 3600 CNAME riigi.pilv.tld.ee. | |
send | |
" | nsupdate -k ~/Kgh-runner.infra.tld.ee.+165+27011.key | |
if [ "$?" -eq "0" ]; then | |
echo "CNAME update success" | |
else | |
echo "CNAME update failed" | |
fi | |
EOSSH | |
- name: Notify developers | |
timeout-minutes: 1 | |
env: | |
NOTIFICATION_URL: ${{ secrets.NOTIFICATION_URL}} | |
run: | | |
curl -i -X POST --data-urlencode 'payload={ | |
"text": "##### Build and deploy from pull request has been succesful :tada:\n | |
| Project | Branch | :net: | | |
|:-----------|:----------------------:|:------------------------------------------:| | |
| **'$REPO'**|'${{ github.head_ref }}'| https://rwhois-'$PR_REF'.pilv.tld.ee | | |
" | |
}' $NOTIFICATION_URL |