-
Notifications
You must be signed in to change notification settings - Fork 0
/
action.yml
206 lines (182 loc) · 7.11 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
name: Kustomize Deploy
description: Deploy to Kubernetes cluster using a Kustomize config
author: Jacob Magnusson
branding:
icon: arrow-up-right
color: blue
inputs:
kubeconfig:
description: Contents of the cluster's kubeconfig
required: true
kustomization-dir:
description: Path to the kustomize directory to apply / deploy (e.g. `kustomize/overlays/production`)
required: true
docker-repo:
description: Docker repository/image to deploy, if any (e.g. `my-org/my-app`)
required: false
docker-tag:
description: Docker image tag to deploy, if any (e.g. `0.9.14`)
required: false
docker-server:
description: Docker server, if any (e.g. `docker.io`)
required: false
docker-username:
description: Docker user, if any (e.g. `my-username`)
required: false
docker-password:
description: Docker password, if any (e.g. `abc123`)
required: false
pre-deploy-delete-job-selector:
description: Delete jobs with `status.successful=1` and the given label (e.g. `autodelete-successful-on-deploy=yes`), before doing the deploy. Useful for cleaning up completed db migration jobs and similar.
required: false
default: ""
kustomization-base-dir:
description: Path to base kustomize directory
required: true
default: "kustomize/base"
age-secret-key:
description: Secret key to decrypt deploy secrets with (e.g. `AGE-SECRET-KEY-123456`)
required: false
default: ""
encrypted-filename:
description: Filename/subpath inside `kustomization-dir` to a file with age encrypted secrets to decrypt
required: true
default: "secrets.env"
decrypted-filename:
description: Filename/subpath inside `kustomization-dir` to which the age encrypted secrets will be decrypted to
required: true
default: "secrets.env.dec"
create-k8s-namespace:
description: Create Kubernetes namespace if it does not exist
required: true
default: "true"
create-image-pull-secret:
description: Create an image pull secret named "rg.`$region`.scw.cloud", to be referenced in `imagePullSecrets` in a k8s deployment/job
required: true
default: "true"
kubectl:
description: Version of kubectl
required: true
default: latest
kubectl-dry-run:
description: Used to set `kubectl` option `--dry-run` Valid values are `none` (default), `client` and `server`.
required: true
default: "none"
runs:
using: composite
steps:
- uses: actions/checkout@v4
with:
clean: false
- name: Parse base kustomization.yaml
uses: juliojimenez/[email protected]
id: kustomization_base
if: ${{ hashFiles(inputs.kustomization-base-dir) != '' }}
with:
yaml-file: ${{ inputs.kustomization-base-dir }}/kustomization.yaml
multidoc: false
- name: Parse overlay kustomization.yaml
uses: juliojimenez/[email protected]
id: kustomization_overlay
with:
yaml-file: ${{ inputs.kustomization-dir }}/kustomization.yaml
multidoc: false
- name: Print steps (including output from yamler)
shell: bash
if: ${{ env.DEBUG == 'true' }}
run: |
echo '${{ toJSON(steps) }}'
- name: Decrypt secrets with `age`
uses: jacobsvante/age-decrypt-action@v0
if: ${{ inputs.age-secret-key != '' && inputs.kustomization-dir != '' && inputs.encrypted-filename != '' }}
with:
secret-key: ${{ inputs.age-secret-key }}
input-file: ${{ inputs.kustomization-dir }}/${{ inputs.encrypted-filename }}
output-file: ${{ inputs.kustomization-dir }}/${{ inputs.decrypted-filename }}
- name: Substitute newTag
shell: bash
if: ${{ inputs.docker-tag && steps.kustomization_base.outputs.images__0__newtag }}
env:
IMAGE_TAG: ${{ inputs.docker-tag }}
KUSTOMIZE_FILE: ${{ inputs.kustomization-base-dir }}/kustomization.yaml
run: |
sed -i.bkp "s/newTag: .*/newTag: \"$IMAGE_TAG\"/g" $KUSTOMIZE_FILE
- name: Substitute newName
shell: bash
if: ${{ inputs.docker-server && inputs.docker-repo && steps.kustomization_base.outputs.images__0__newname }}
env:
DOCKER_SERVER: ${{ inputs.docker-server }}
DOCKER_REPO: ${{ inputs.docker-repo }}
KUSTOMIZE_FILE: ${{ inputs.kustomization-base-dir }}/kustomization.yaml
run: |
sed -i.bkp "s|newName: .*|newName: \"$DOCKER_SERVER/$DOCKER_REPO\"|" $KUSTOMIZE_FILE
- name: Setup kubeconfig
shell: bash
env:
KUBECONFIG: "${{ inputs.kubeconfig }}"
run: |
mkdir ~/.kube || true
if [[ "$KUBECONFIG_DRY_RUN" != "true" ]]; then
echo "$KUBECONFIG" > ~/.kube/config
fi
- name: Setup kubectl
uses: azure/setup-kubectl@v4
with:
version: "${{ inputs.kubectl }}"
- name: Get kustomize output
shell: bash
run: |
kubectl kustomize ${{ inputs.kustomization-dir }} > output.yaml
cat output.yaml
- name: Create k8s namespace
shell: bash
if: ${{ inputs.create-k8s-namespace && steps.kustomization_overlay.outputs.namespace }}
env:
K8S_NAMESPACE: ${{ steps.kustomization_overlay.outputs.namespace }}
run: |
[[ ${{ inputs.kubectl-dry-run }} != 'none' ]] \
&& echo "[dry run] Creating namespace $K8S_NAMESPACE if it doesn't exist..."
kubectl get namespace $K8S_NAMESPACE \
|| kubectl create namespace \
--dry-run=${{ inputs.kubectl-dry-run }} \
--output=yaml \
$K8S_NAMESPACE
- name: Create image pull secret
shell: bash
if: ${{ inputs.docker-server && inputs.docker-username && inputs.docker-password && inputs.create-image-pull-secret == 'true' }}
env:
SECRET_NAME: ${{ inputs.docker-server }}
K8S_NAMESPACE: ${{ steps.kustomization_overlay.outputs.namespace || 'default' }}
run: |
[[ ${{ inputs.kubectl-dry-run }} != 'none' ]] \
&& echo "[dry run] Creating k8s docker-registry secret..."
kubectl get secret \
--namespace $K8S_NAMESPACE \
$SECRET_NAME \
|| kubectl create secret docker-registry \
$SECRET_NAME \
--namespace $K8S_NAMESPACE \
--docker-server=${{ inputs.docker-server }} \
--docker-username=${{ inputs.docker-username }} \
--docker-password=${{ inputs.docker-password }} \
--dry-run=${{ inputs.kubectl-dry-run }} \
--output=yaml
- name: Remove successful jobs
shell: bash
if: ${{ inputs.pre-deploy-delete-job-selector }} != '' }}
env:
K8S_NAMESPACE: ${{ steps.kustomization_overlay.outputs.namespace || 'default' }}
run: |
kubectl delete job \
--namespace $K8S_NAMESPACE \
--field-selector status.successful=1 \
--selector '${{ inputs.pre-deploy-delete-job-selector }}'
- name: Deploy
shell: bash
run: |
[[ ${{ inputs.kubectl-dry-run }} != 'none' ]] \
&& echo "[dry run] Applying kustomization ${{ inputs.kustomization-dir }}..."
kubectl apply \
--kustomize=${{ inputs.kustomization-dir }} \
--dry-run=${{ inputs.kubectl-dry-run }} \
--output=yaml