Update workflows for external sub clusters. (#211) #123
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ------------------------------------------------------------ | |
# Copyright (c) Microsoft Corporation. | |
# Licensed under the MIT License. | |
# ------------------------------------------------------------ | |
name: build-pubsub-workflow | |
on: | |
push: | |
branches: | |
- master | |
paths: | |
- 'pubsub-workflow/**' | |
- '.github/workflows/dapr-deploy.yml' | |
- '.github/workflows/pubsub-workflow-build.yml' | |
pull_request: | |
branches: | |
- master | |
paths: | |
- 'pubsub-workflow/**' | |
- '.github/workflows/pubsub-workflow-build.yml' | |
jobs: | |
build: | |
name: build pubsub-workflow | |
runs-on: ubuntu-latest | |
env: | |
APP_REGISTRY: daprtests.azurecr.io | |
APP_IMAGE_NAME: pubsub-workflow | |
# TODO: APP_VER needs to be versioned correctly | |
APP_VER: dev | |
APP_DIR: ./pubsub-workflow | |
ARTIFACT_DIR: ./deploy_artifact | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v2 | |
- name: docker login | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v1 | |
with: | |
registry: ${{ secrets.DOCKER_REGISTRY }} | |
username: ${{ secrets.DOCKER_REGISTRY_ID }} | |
password: ${{ secrets.DOCKER_REGISTRY_PASS }} | |
- name: Build pubsub-workflow docker image | |
run: | | |
docker-compose build ${{ env.APP_IMAGE_NAME }} | |
docker tag ${{ env.APP_IMAGE_NAME }} ${{ env.APP_REGISTRY }}/${{ env.APP_IMAGE_NAME }}:${{ env.APP_VER }} | |
- name: Push pubsub-workflow image to dockerhub | |
if: github.event_name != 'pull_request' | |
run: | | |
docker push ${{ env.APP_REGISTRY }}/${{ env.APP_IMAGE_NAME }}:${{ env.APP_VER }} | |
- name: Copy deployment yaml to archive | |
run: | | |
mkdir -p ${{ env.ARTIFACT_DIR }} | |
cp ./longhaul-test/*.yml ${{ env.ARTIFACT_DIR }} | |
- name: Upload artifacts | |
uses: actions/upload-artifact@master | |
with: | |
name: longhaul-test | |
path: ${{ env.ARTIFACT_DIR }} | |
deploy: | |
name: deploy pubsub-workflow to test cluster | |
needs: build | |
if: github.event_name != 'pull_request' | |
runs-on: ubuntu-latest | |
env: | |
APP_NAMESPACE: longhaul-test | |
TEST_CLUSTER_NAME: dapr-release-longhaul | |
TEST_RESOURCE_GROUP: dapr-test | |
ARTIFACT_DIR: ./deploy_artifact | |
steps: | |
- name: download artifacts | |
uses: actions/download-artifact@master | |
with: | |
name: longhaul-test | |
path: ${{ env.ARTIFACT_DIR }} | |
- name: Login Azure | |
run: | | |
az login --service-principal -u ${{ secrets.AZURE_LOGIN_USER }} -p ${{ secrets.AZURE_LOGIN_PASS }} --tenant ${{ secrets.AZURE_TENANT }} --output none | |
- name: Set up kubeconf for longhaul test environment | |
run: | | |
az aks get-credentials -n ${{ env.TEST_CLUSTER_NAME }} -g ${{ env.TEST_RESOURCE_GROUP }} | |
- name: Set up azure keyvault certificate secret | |
run: | | |
az keyvault secret download --vault-name longhaul-kv --name longhaul-cert --encoding base64 --file longhaul-cert.pfx | |
kubectl delete secret longhaulcert -n longhaul-test --ignore-not-found | |
kubectl create secret generic longhaulcert -n longhaul-test --from-file=longhaulcert=./longhaul-cert.pfx | |
- name: Deploy apps to longhaul test environment | |
run: | | |
kubectl apply -n ${{ env.APP_NAMESPACE }} -f ${{ env.ARTIFACT_DIR }}/secret-access-role.yml | |
kubectl apply -n ${{ env.APP_NAMESPACE }} -f ${{ env.ARTIFACT_DIR }}/secret-access-role-binding.yml | |
kubectl apply -n ${{ env.APP_NAMESPACE }} -f ${{ env.ARTIFACT_DIR }}/azure-keyvault.yml | |
kubectl apply -n ${{ env.APP_NAMESPACE }} -f ${{ env.ARTIFACT_DIR }}/azure-service-bus-pubsub.yml | |
kubectl apply -n ${{ env.APP_NAMESPACE }} -f ${{ env.ARTIFACT_DIR }}/pubsub-workflow-deploy.yml & kubectl rollout restart -n ${{ env.APP_NAMESPACE }} deploy/pubsub-workflow-app |