Skip to content

Feature 1370: Deployment der Applikation #20

Feature 1370: Deployment der Applikation

Feature 1370: Deployment der Applikation #20

Workflow file for this run

name: Publish K8s
on:
pull_request:
types: [opened, synchronize, reopened]
branches:
- "**"
- "!main"
jobs:
publish-helm:
name: "publish helm"
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
# - name: Troubleshooting
# run: |
# curl -sSL -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL" | \
# jq "{ jwt: .value, role: \"$VAULT_ROLE\" }" > ./token.json
#
# echo 'GitHub Actions Token Claims'
# cat ./token.json | jq -r '.jwt | split(".") | .[1] | @base64d' | jq
#
# echo 'Vault Login Response'
# curl -sSLf -X POST -H "Content-Type: application/json" -H "X-Vault-Namespace: admin" --data @token.json $VAULT_URL/v1/auth/$VAULT_AUTH_PATH/login
#
# # Remove the token file when we're done (if we don't fail)
# rm ./token.json
# env:
# VAULT_URL: https://swisstopo-vault-public-vault-d680830d.382257a9.z1.hashicorp.cloud:8200
# VAULT_AUTH_PATH: jwt
# VAULT_ROLE: ${{ secrets.VAULT_ROLE }}
- name: "Load secrets"
id: load-secrets
uses: hashicorp/vault-action@v2
with:
url: https://swisstopo-vault-public-vault-d680830d.382257a9.z1.hashicorp.cloud:8200
caCertificate: ${{ secrets.VAULT_CA_CERT }}
method: jwt
role: ${{ secrets.VAULT_ROLE }}
namespace: admin/igi/igi-cloud/swisstopo-ngm
secrets: |
kv/data/aws access_key_id | AWS_ACCESS_KEY_ID;
kv/data/aws secret_access_key | AWS_SECRET_ACCESS_KEY;
kv/data/aws region | AWS_REGION;
kv/data/dev/k8s kubeconfig | KUBECONFIG;
kv/data/dev/k8s helm_values | HELM_VALUES;
kv/data/dev/k8s helm_secrets | HELM_SECRETS;
- name: "Checkout repository"
uses: actions/checkout@v4
- name: "Setup kubectl"
uses: azure/setup-kubectl@v4
- name: "Install helm"
uses: azure/setup-helm@v4
- name: "Configure aws credentials"
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: "Write kubeconfig file"
run: |
echo "${{ env.HELM_VALUES }}" > ./k8s/values.yaml
echo "${{ env.HELM_SECRETS }}" > ./k8s/secrets.yaml
echo "${{ env.KUBECONFIG }}" > kubeconfig.yaml
- name: "Deploy helm charts"
env:
KUBECONFIG: ./kubeconfig.yaml
run: |
aws configure list
aws sts get-caller-identity
aws eks get-token --cluster-name dev
kubectl get nodes
helm upgrade --install swissgeol-viewer ./k8s \
--values ./k8s/values.yaml \
--values ./k8s/secrets.yaml \
--kubeconfig $(pwd)/kubeconfig.yaml