Build, Publish and Deploy to Gamma #32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build, Publish and Deploy to Gamma | |
on: [workflow_dispatch] | |
jobs: | |
infisical-image: | |
name: Build backend image | |
runs-on: ubuntu-latest | |
steps: | |
- name: ☁️ Checkout source | |
uses: actions/checkout@v3 | |
- name: 📦 Install dependencies to test all dependencies | |
run: npm ci --only-production | |
working-directory: backend | |
# - name: 🧪 Run tests | |
# run: npm run test:ci | |
# working-directory: backend | |
- name: Save commit hashes for tag | |
id: commit | |
uses: pr-mpt/actions-commit-hash@v2 | |
- name: 🔧 Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: 🐋 Login to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Set up Depot CLI | |
uses: depot/setup-action@v1 | |
- name: 📦 Build backend and export to Docker | |
uses: depot/build-push-action@v1 | |
with: | |
project: 64mmf0n610 | |
token: ${{ secrets.DEPOT_PROJECT_TOKEN }} | |
load: true | |
context: . | |
file: Dockerfile.standalone-infisical | |
tags: infisical/infisical:test | |
# - name: ⏻ Spawn backend container and dependencies | |
# run: | | |
# docker compose -f .github/resources/docker-compose.be-test.yml up --wait --quiet-pull | |
# - name: 🧪 Test backend image | |
# run: | | |
# ./.github/resources/healthcheck.sh infisical-backend-test | |
# - name: ⏻ Shut down backend container and dependencies | |
# run: | | |
# docker compose -f .github/resources/docker-compose.be-test.yml down | |
- name: 🏗️ Build backend and push | |
uses: depot/build-push-action@v1 | |
with: | |
project: 64mmf0n610 | |
token: ${{ secrets.DEPOT_PROJECT_TOKEN }} | |
push: true | |
context: . | |
file: Dockerfile.standalone-infisical | |
tags: | | |
infisical/staging_infisical:${{ steps.commit.outputs.short }} | |
infisical/staging_infisical:latest | |
platforms: linux/amd64,linux/arm64 | |
build-args: | | |
POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }} | |
INFISICAL_PLATFORM_VERSION=${{ steps.extract_version.outputs.version }} | |
postgres-migration: | |
name: Run latest migration files | |
runs-on: ubuntu-latest | |
needs: [infisical-image] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Setup Node.js environment | |
uses: actions/setup-node@v2 | |
with: | |
node-version: "20" | |
- name: Change directory to backend and install dependencies | |
env: | |
DB_CONNECTION_URI: ${{ secrets.DB_CONNECTION_URI }} | |
run: | | |
cd backend | |
npm install | |
npm run migration:latest | |
# - name: Run postgres DB migration files | |
# env: | |
# DB_CONNECTION_URI: ${{ secrets.DB_CONNECTION_URI }} | |
# run: npm run migration:latest | |
gamma-deployment: | |
name: Deploy to gamma | |
runs-on: ubuntu-latest | |
needs: [postgres-migration] | |
steps: | |
- name: ☁️ Checkout source | |
uses: actions/checkout@v3 | |
- name: Install Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: v3.10.0 | |
- name: Install infisical helm chart | |
run: | | |
helm repo add infisical-helm-charts 'https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/' | |
helm repo update | |
- name: Install kubectl | |
uses: azure/setup-kubectl@v3 | |
- name: Install doctl | |
uses: digitalocean/action-doctl@v2 | |
with: | |
token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} | |
- name: Save DigitalOcean kubeconfig with short-lived credentials | |
run: doctl kubernetes cluster kubeconfig save --expiry-seconds 600 infisical-gamma-postgres | |
- name: switch to gamma namespace | |
run: kubectl config set-context --current --namespace=gamma | |
- name: test kubectl | |
run: kubectl get ingress | |
- name: Download helm values to file and upgrade gamma deploy | |
run: | | |
wget https://raw.githubusercontent.com/Infisical/infisical/main/.github/values.yaml | |
helm upgrade infisical infisical-helm-charts/infisical-standalone --values values.yaml --wait --install | |
if [[ $(helm status infisical) == *"FAILED"* ]]; then | |
echo "Helm upgrade failed" | |
exit 1 | |
else | |
echo "Helm upgrade was successful" | |
fi |