Merge pull request #78 from roodjong/dependabot/npm_and_yarn/src/them… #51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Docker Image and Deploy to Kubernetes | |
on: | |
push: | |
branches: | |
- main | |
permissions: | |
contents: read | |
packages: write | |
id-token: write # This is required for requesting the JWT | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
outputs: | |
imageTags: ${{ steps.meta.outputs.json }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: DeterminateSystems/nix-installer-action@main | |
- uses: DeterminateSystems/magic-nix-cache-action@main | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
# list of Docker images to use as base name for tags | |
images: | | |
ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }} | |
# generate Docker tags based on the following events/attributes | |
tags: | | |
type=schedule | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern={{major}} | |
type=sha | |
- name: Log in to the GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build Docker image | |
run: | | |
nix run '.#symfexit-docker' | docker load | |
echo "FROM symfexit:$(nix run '.#symfexit-docker-tag')" > Dockerfile | |
- name: Build Docker image | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
push: ${{ github.event_name != 'pull_request' }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
deploy-staging: | |
name: Deploy to staging | |
if: github.ref == 'refs/heads/main' | |
environment: | |
name: staging | |
url: https://symfexit-staging.yele.dev/ | |
runs-on: ubuntu-latest | |
needs: [build] | |
steps: | |
- name: Prepare kubeconfig | |
uses: actions/github-script@v7 | |
id: idtoken | |
with: | |
script: | | |
let id_token = await core.getIDToken(process.env.K8S_AUDIENCE) | |
let kubeConfig = JSON.parse(process.env.KUBECONFIG) | |
kubeConfig.users[0].user.token = id_token | |
const output = JSON.stringify(kubeConfig) | |
core.setOutput('kubeconfig', output) | |
core.setSecret(output) | |
env: | |
KUBECONFIG: ${{ secrets.K8S_KUBECONFIG }} | |
K8S_AUDIENCE: ${{ secrets.K8S_AUDIENCE }} | |
- name: Setup Kube Context | |
uses: azure/k8s-set-context@v4 | |
with: | |
kubeconfig: ${{ steps.idtoken.outputs.kubeconfig }} | |
- name: Extract the image tag | |
id: image | |
run: | | |
echo '${{ needs.build.outputs.imageTags }}' | jq -r '.tags[] | select(test("ghcr.io/[a-z]+/[a-z]+:sha")) | "imageTag=\(.)"' >> "$GITHUB_OUTPUT" | |
- name: Set the image for the deployments | |
run: | | |
kubectl set image deployment/symfexit symfexit=${{ steps.image.outputs.imageTag }} symfexit-migrations=${{ steps.image.outputs.imageTag }} | |
kubectl set image deployment/symfexit-worker symfexit-worker=${{ steps.image.outputs.imageTag }} | |
kubectl set image deployment/symfexit-nginx nginx=${{ steps.image.outputs.imageTag }} |