-
Notifications
You must be signed in to change notification settings - Fork 1
85 lines (78 loc) · 3.97 KB
/
_deploy.yml
File metadata and controls
85 lines (78 loc) · 3.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
name: Deploy
on:
workflow_call:
inputs:
image_tag:
description: "Image tag to deploy"
required: true
type: string
deployment_name:
description: "Deployment name. Used as Kubernetes namespace and release name"
required: true
type: string
environment:
description: "GitHub environment (prod or dev)"
required: true
type: string
domain:
description: "Domain override"
required: false
type: string
default: ""
vector_host_path:
description: "Enable Vector hostPath volume for pod log collection. Enabling this violates the default pod security policy"
required: false
type: boolean
default: true
database_size:
description: "Database volume size override (e.g. 10Gi). Uses chart default if not set."
required: false
type: string
jobs:
deploy:
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Helm
uses: azure/setup-helm@v4
- name: Deploy with Helm
env:
KUBE_CONFIG_DATA: ${{ secrets.KUBECONFIG }}
run: |
KUBECONFIG="$(mktemp)"
(echo "$KUBE_CONFIG_DATA" | base64 -d 2>/dev/null || echo "$KUBE_CONFIG_DATA") > "$KUBECONFIG"
export KUBECONFIG
HELM_EXTRA_ARGS=()
[ -n "${{ inputs.database_size }}" ] && HELM_EXTRA_ARGS+=(--set-string "database.size=${{ inputs.database_size }}")
# For PR deployments, `domain` is the PR-specific hostname (e.g. pr664.dev.kernel-labs.org),
# but VELA_CLOUDFLARE__DOMAIN_SUFFIX must be the base domain (e.g. dev.kernel-labs.org) so
# that branch hostnames are <branch_id>.<base_domain> rather than <branch_id>.<pr_domain>.
# vars.DOMAIN holds the base domain for the current environment.
[ -n "${{ vars.DOMAIN }}" ] && HELM_EXTRA_ARGS+=(--set-string "domainSuffix=${{ vars.DOMAIN }}")
helm upgrade --install '${{ inputs.deployment_name }}' ./chart \
--namespace '${{ inputs.deployment_name }}' \
--create-namespace \
--wait \
--timeout 10m \
--set-string domain='${{ inputs.domain || vars.DOMAIN }}' \
--set database.replicas=${{ inputs.environment == 'prod' && 3 || 1 }} \
--set-string database.cpu="${{ inputs.environment == 'prod' && '1' || '500m' }}" \
--set-string database.memory="${{ inputs.environment == 'prod' && '1Gi' || '0.5Gi' }}" \
--set vector.useHostPath=${{ inputs.vector_host_path }} \
--set-string controller.image.tag='${{ inputs.image_tag }}' \
--set-string controller.env.VELA_DEPLOYMENT_NAMESPACE_PREFIX='${{ inputs.deployment_name }}' \
--set-string controller.env.VELA_CLOUDFLARE_API_TOKEN='${{ secrets.VELA_CLOUDFLARE_API_TOKEN }}' \
--set-string controller.env.VELA_CLOUDFLARE_ZONE_ID='${{ secrets.VELA_CLOUDFLARE_ZONE_ID }}' \
--set-string controller.env.VELA_KEYCLOAK_ADMIN_NAME='${{ secrets.VELA_KEYCLOAK_ADMIN_NAME }}' \
--set-string controller.env.VELA_KEYCLOAK_ADMIN_SECRET='${{ secrets.VELA_KEYCLOAK_ADMIN_SECRET }}' \
--set-string controller.env.VELA_BRANCH_REF='${{ vars.VELA_BRANCH_REF }}' \
--set-string controller.env.VELA_BRANCH_DB_REF='${{ vars.VELA_BRANCH_DB_REF }}' \
--set-string controller.env.VELA_ENABLE_DB_EXTERNAL_IPV6_LOADBALANCER='${{ vars.ENABLE_DB_EXTERNAL_IPV6_LOADBALANCER }}' \
--set-string controller.env.VELA_SIMPLYBLOCK_CSI_NAMESPACE='${{ vars.SIMPLYBLOCK_CSI_NAMESPACE }}' \
--set-string studio.image.tag="${{ inputs.environment == 'prod' && 'latest' || 'dev' }}" \
--set-string monitoring.VELA_GRAFANA_SECURITY_ADMIN_PASSWORD='${{ secrets.VELA_GRAFANA_SECURITY_ADMIN_PASSWORD }}' \
"${HELM_EXTRA_ARGS[@]}"