adding project initilization workflow #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Cloudzilla | |
| on: | |
| push: | |
| branches: [main] | |
| workflow_dispatch: | |
| env: | |
| IMAGE_PREFIX: registry.cloudzilla.ai/lens-local-glenn-project-2522da7a09/ | |
| jobs: | |
| build-push: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: https://registry.cloudzilla.ai/ | |
| username: 'robot$lens-local-glenn-project-2522da7a09+imageuser' | |
| password: '${{ secrets.DOCKER_PASSWORD }}' | |
| - name: downcase REPO | |
| run: | | |
| image="${GITHUB_REPOSITORY#*/}" | |
| echo "IMAGE_NAME=${image,,}" >>${GITHUB_ENV} | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE_PREFIX }}${{ env.IMAGE_NAME }} | |
| - name: Valiate existing .env file | |
| run: | | |
| # Path to your .env file | |
| ENV_FILE=".env" | |
| # Check if the .env file exists | |
| if [ ! -f "$ENV_FILE" ]; then | |
| # If the .env file doesn't exist, exit the script | |
| exit 0 | |
| fi | |
| # Read the .env file line by line | |
| while IFS= read -r line || [ -n "$line" ]; do | |
| # Remove leading and trailing whitespace | |
| line="$(echo "$line" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')" | |
| # Skip empty lines | |
| if [ -z "$line" ]; then | |
| continue | |
| fi | |
| # Skip comment lines starting with # | |
| if [[ "$line" == \#* ]]; then | |
| continue | |
| fi | |
| # Check if the line matches KEY=VALUE format | |
| if ! [[ "$line" =~ ^[A-Za-z_][A-Za-z0-9_]*=.*$ ]]; then | |
| echo "Your existing .env file is not valid. Environment variable names (keys) must consist solely of letters, digits, and the underscore ( _ ) and must not begin with a digit according to the .env file specification" | |
| exit 1 | |
| fi | |
| done < "$ENV_FILE" | |
| - name: Put down .env file | |
| run: | | |
| echo "writing .env file..." | |
| echo "# This file is generated or updated by the cloudzilla deploy workflow" >> .env | |
| # remove duplicates keeping the items at the bottom of the file | |
| tac .env | awk -F'=' '!seen[$1]++' | tac > .env.tmp2 && mv .env.tmp2 .env | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: true | |
| file: .github/workflows/cloudzilla/Dockerfile | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| - name: Deploy on Section | |
| env: | |
| SECTION_K8S_API_URL: '${{ secrets.SECTION_K8S_API_URL }}' | |
| SECTION_API_TOKEN: '${{ secrets.SECTION_API_TOKEN }}' | |
| DOCKER_SERVER: 'registry.cloudzilla.ai' | |
| DOCKER_USERNAME: 'robot$lens-local-glenn-project-2522da7a09+imageuser' | |
| DOCKER_PASSWORD: '${{ secrets.DOCKER_PASSWORD }}' | |
| FULL_IMAGE_WITH_TAG: '${{ env.DOCKER_METADATA_OUTPUT_TAGS }}' | |
| POD_NAME: '${{ env.IMAGE_NAME }}' | |
| DEBUG: 1 | |
| run: | | |
| #!/bin/bash | |
| test -z "${DEBUG}" || set -o xtrace | |
| set -o errexit | |
| cd "$(dirname "$0")" | |
| cert=/etc/ssl/certs/ca-certificates.crt | |
| main() { | |
| setCluster | |
| kubectl create secret generic console-project-env-secret --from-env-file=${GITHUB_WORKSPACE}/.env --dry-run=client -o yaml | kubectl apply -f - | |
| kubectl create secret docker-registry regcred --docker-server="${DOCKER_SERVER}" --docker-username="${DOCKER_USERNAME}" --docker-password="${DOCKER_PASSWORD}" --dry-run=client -o yaml | kubectl apply -f - | |
| kubectl apply -f ${GITHUB_WORKSPACE}/.github/workflows/cloudzilla/k8s/ingress-upstream.yaml | |
| envsubst '$FULL_IMAGE_WITH_TAG $POD_NAME' < ${GITHUB_WORKSPACE}/.github/workflows/cloudzilla/k8s/deploy.yaml | kubectl apply -f - | |
| kubectl rollout restart deployment "section-project-deployment" | |
| } | |
| setCluster() { | |
| # Configure kubectl to talk to Section | |
| # change the cert path depending on OS. | |
| if [[ "$OSTYPE" == "darwin"* ]]; then | |
| cert=/usr/local/etc/ca-certificates/cert.pem | |
| fi | |
| kubectl config set-cluster section \ | |
| --server=$SECTION_K8S_API_URL \ | |
| --certificate-authority=$cert | |
| kubectl config set-credentials section-user --token=$SECTION_API_TOKEN | |
| kubectl config set-context my-section-application --cluster=section --user=section-user --namespace=default | |
| kubectl config use-context my-section-application | |
| kubectl version | |
| } | |
| main | |
| "$@" |