merge stage (#62) #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Prod CI/CD Pipeline | |
| on: | |
| push: | |
| branches: ['prod'] | |
| env: | |
| PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} | |
| GAR_LOCATION: us-west1 | |
| GKE_CLUSTER: leap-prod | |
| GKE_ZONE: us-west1 | |
| DEPLOYMENT_NAME: observatory-service-prod | |
| IMAGE: observatory-service | |
| REPOSITORY: backend | |
| jobs: | |
| setup-build-publish-deploy: | |
| name: Setup, Build, Publish, and Deploy | |
| runs-on: ubuntu-latest | |
| environment: prod | |
| permissions: | |
| contents: 'read' | |
| id-token: 'write' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Authenticate with Google Cloud | |
| uses: google-github-actions/[email protected] | |
| with: | |
| credentials_json: ewogICJ0eXBlIjogInNlcnZpY2VfYWNjb3VudCIsCiAgInByb2plY3RfaWQiOiAibGVhcC0zOTM1MDgiLAogICJwcml2YXRlX2tleV9pZCI6ICJlMDljNjUzMmY4MjA1MTRmNWNlMTc0ODZlMTU0ZGNkNzM3YmRlYjIxIiwKICAicHJpdmF0ZV9rZXkiOiAiLS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tXG5NSUlFdkFJQkFEQU5CZ2txaGtpRzl3MEJBUUVGQUFTQ0JLWXdnZ1NpQWdFQUFvSUJBUUNNVWhSNHIwZjlDbllCXG5yUHVKQU9tSUNOSEp2YWs5VDNZdWpiNHFpNkhZL01sc2VMTWpNRVlGUEZJbjB5QTYrVi83VVZBMDdhdkZGYWF0XG5ON1B0WXNLY1dXOVpPVm1qUWJJZS9lOGcyYkRuUEhJck5CQW03eS9Da2pheDlDa1QxMkF3RUZnKzMzR1NuUXIxXG5VL0dIT2c4LzJtTXI0TWp5eXZzazQxV01CZUs5UnpVdSsrelk1VUIxMzV3WHNkSHBTY3UybFFQbVBPT0E5RVdaXG5hcjFFbFZkS1BidU9kQTY1T1RjdlhPei9IVmk0eFM5cnN6Q0xrL0RQc2ZkRUxlakcrM1F4UTBhNjZCVVlDQStZXG5UdlJXYzNDWUMvbmtyNjRrR2R6STgycmdMREIzMVEwUW9xYi9CVEg5UTY0T2F0Y0tDandtR3BBVFQ3ZDBYZWN4XG5LdWJ4NFJ6eEFnTUJBQUVDZ2dFQUF4d2IwK21qRDF1bXJqNXpuK2Q5TlhpSUVUZjJ4dXNDbWhFbVAzWkRJTTVuXG41cU4xYVdTTHpiaUdzOWNmRUEySUsvZERMendiOWlFRzVkQjk2R2M3bThoVDRscmw5cHM1Yjh4R0N5RGw5YmI2XG5Td1N6TGJDMyt0Qi9uYkdsQWltQUdrcVhjUlBGeGlkOHQxK01FeGlWWDA5M1NwRDNsU0ZzWDlhNXRmSG9zclFIXG5sVm5uRWpNd0NMb3A0OEdUOU5ad1hFT3luYkFMNVFWcXhzSU5HOGIvZGJNaGNFcE16YlVLRnAyM2I3R1pRVmxEXG5ndFRRdUtCa2d3d1BjOVdnNjVyS1JONXhKYmJ3dGttcUhUK3VFQk80d3JPY0o0aDM3a29CQzhNcDVzN1JVWS9LXG5ML0p2RkJDNmtFREZwMFpzRU5mSWJsZml1RFBUSzhWRDZTT2JKWitONFFLQmdRREN0TnE3aWEwY05ReWVtV1d2XG4yMHNwSFo4dExrY1k4d0d5QklRL25qZVRKVnVCdEpWUTlEUHlsUmduQU4wdTVFWlNVQkszYnEvNURiVG5Mb2pXXG42Q01uRXhOazNCYWs2Zm4zNVB4TUhnQ014cDZTbXRIU3VFd2pqRXUzbTZsZE4vdHhuT1V2ZXA1UTFXK0tMVmUvXG5EcnlqYVJUei9WR1A1ZHpTRlFlV1N1VTJVUUtCZ1FDNGZsY1lyb1JSMzlPcDRxTHlCMmRPbGtNZFlsazA4aDJwXG5uYUlqWkt1YmRkaWJUKzRnQlEwUEszaXVzdjZTZzFadFFkRVdtM29YUzh2bzRBOVVOaW9ZVXN1T215ejR4VTNRXG5yMUQ0eWtBQXRGWEJhd0RGNTlVekQwRWZya1VNSXBWaXN6OXdrOGYyYUprMTBONG9Mdmo5WkJtdVJNMkU4YmJYXG5hbE9KWGJtMG9RS0JnQ05FblNaQkx2RWdEdFFmbHhLK2x5T3djT2UvTFRPd3VNcmxGSXR0ZmtXU0M3dzMyS0FjXG5TOWlSOXhrQmlBNzVYRitHajQxWWFGbWxpUElqTkxnd3ZrVlNxRDJwdkJSTktYRWtzaXFiZUtBSFRpdmlEVVd0XG5DbVdhQVJFV0NoeVBpbVV1OVRpZmJsUFlCV2N6QldUZkozNDJCNHlXZ3hLY29WNFFYeHB6SUlleEFvR0FSME91XG5HditXWnhYaGFkYjhnQ2J4OWI0L01JT0QxOXJLTUhHT1pzT0ZNaWpFUWNJUFJsa05JVlgyYU8wRlBzenl2b05VXG40N21zNElETHhDbUFZbFFGMEoxeXVhUWhLL3J5d3ZCbGc2U0VNb0YyT3A4OWpqU3QrdW9paXIxRE9KdkhQbmZrXG53blNqSWdCblpnMUhNeGhwMzE4aU9GbWxWWHdVMTRMZnY4anZhZUVDZ1lBNDRJdUhjdHZTL0p5WFI2T2k3Sm5nXG52SExwSmw2d1c0Mm1GWkFyUFdxQXk5S3NlTFgwR0J0YWR4MEJaanl5ZzQrdnFtQUtDL0VOa1VNNGRkQXpIWG9rXG5lb3EwZHNrQjJtOWFTRkNibjQ5TStrWFpxVGZicW9RNVFGVlVVZTFlK3F0aElNRG15dUpiT0RYWk1NbVMveWUxXG5lKy8vZW0wRmZ0aE9tcHY0UXFiVENBPT1cbi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS1cbiIsCiAgImNsaWVudF9lbWFpbCI6ICJna2Utb3BlcmF0b3JAbGVhcC0zOTM1MDguaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLAogICJjbGllbnRfaWQiOiAiMTEwODE3MzU5MjMxNTAxOTYwMzQ2IiwKICAiYXV0aF91cmkiOiAiaHR0cHM6Ly9hY2NvdW50cy5nb29nbGUuY29tL28vb2F1dGgyL2F1dGgiLAogICJ0b2tlbl91cmkiOiAiaHR0cHM6Ly9vYXV0aDIuZ29vZ2xlYXBpcy5jb20vdG9rZW4iLAogICJhdXRoX3Byb3ZpZGVyX3g1MDlfY2VydF91cmwiOiAiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vb2F1dGgyL3YxL2NlcnRzIiwKICAiY2xpZW50X3g1MDlfY2VydF91cmwiOiAiaHR0cHM6Ly93d3cuZ29vZ2xlYXBpcy5jb20vcm9ib3QvdjEvbWV0YWRhdGEveDUwOS9na2Utb3BlcmF0b3IlNDBsZWFwLTM5MzUwOC5pYW0uZ3NlcnZpY2VhY2NvdW50LmNvbSIsCiAgInVuaXZlcnNlX2RvbWFpbiI6ICJnb29nbGVhcGlzLmNvbSIKfQo= | |
| - name: Configure Docker | |
| run: gcloud auth configure-docker ${{ env.GAR_LOCATION }}-docker.pkg.dev | |
| - name: Set up GKE credentials | |
| uses: google-github-actions/get-gke-credentials@v2 | |
| with: | |
| cluster_name: ${{ env.GKE_CLUSTER }} | |
| location: ${{ env.GKE_ZONE }} | |
| project_id: ${{ env.PROJECT_ID }} | |
| - name: Build Docker image | |
| run: docker build -t ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.IMAGE }}:$GITHUB_SHA . | |
| - name: Push Docker image to Artifact Registry | |
| run: docker push ${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.IMAGE }}:$GITHUB_SHA | |
| - name: Deploy to GKE (Production) | |
| run: | | |
| cd k8s/production | |
| sed -i "s|gcr.io/PROJECT_ID/observatory-service:TAG|${{ env.GAR_LOCATION }}-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPOSITORY }}/${{ env.IMAGE }}:$GITHUB_SHA|" deployment.yaml | |
| kubectl apply -f configmap.yaml | |
| kubectl apply -f deployment.yaml | |
| kubectl apply -f service.yaml | |
| kubectl rollout status deployment/$DEPLOYMENT_NAME | |
| kubectl get services -o wide | |
| - name: Deploy HPA | |
| run: kubectl apply -f k8s/production/hpa.yaml |