Try it this way #125
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Chartpress Publish osm-sandbox-dashboard images | |
on: | |
push: | |
branches: | |
- 'main' | |
- 'staging' | |
# - 'develop' | |
jobs: | |
build: | |
runs-on: ubuntu-20.04 | |
timeout-minutes: 120 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GHCR_GITHUB_TOKEN }} | |
- name: Setup python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.7' | |
- name: Setup git | |
run: git config --global user.email "[email protected]" && git config --global user.name "Github Action" | |
- name: Install Chartpress | |
run: | | |
pip install chartpress six ruamel.yaml | |
- name: Run Chartpress | |
run: chartpress --push | |
env: | |
GITHUB_TOKEN: ${{ secrets.GHCR_GITHUB_TOKEN }} | |
- name: Staging - substitute secrets | |
if: github.ref == 'refs/heads/staging' | |
uses: bluwy/substitute-string-action@v3 | |
with: | |
_input-file: 'values.staging.template.yaml' | |
_format-key: '{{key}}' | |
_output-file: 'values.staging.yaml' | |
# Dashboard | |
POSTGRES_PASSWORD: ${{ secrets.STAGING_POSTGRES_PASSWORD }} | |
OSM_CLIENT_ID: ${{ secrets.STAGING_OSM_CLIENT_ID }} | |
OSM_CLIENT_SECRET: ${{ secrets.STAGING_OSM_CLIENT_SECRET }} | |
# Sandbox | |
SANDBOX_PG_DB_PASSWORD: ${{ secrets.STAGING_SANDBOX_PG_DB_PASSWORD }} | |
SANDBOX_PG_DB_NAME: ${{ secrets.STAGING_SANDBOX_PG_DB_NAME }} | |
SANDBOX_OSM_id_key: ${{ secrets.STAGING_SANDBOX_OSM_ID_KEY }} | |
SANDBOX_OAUTH_CLIENT_ID: ${{ secrets.STAGING_SANDBOX_OAUTH_CLIENT_ID }} | |
SANDBOX_OAUTH_KEY: ${{ secrets.STAGING_SANDBOX_OAUTH_KEY }} | |
SANDBOX_BACKUP_FILE_URL: ${{ secrets.STAGING_SANDBOX_BACKUP_FILE_URL }} | |
SANDBOX_TM_OAUTH_CLIENT_ID: ${{ secrets.STAGING_SANDBOX_TM_OAUTH_CLIENT_ID }} | |
SANDBOX_TM_OAUTH_CLIENT_SECRET_HASHED: ${{ secrets.STAGING_SANDBOX_TM_OAUTH_CLIENT_SECRET_HASHED }} | |
# Cluster | |
AWS_REGION: ${{ secrets.AWS_REGION }} | |
EKS_CLUSTER: ${{ secrets.EKS_CLUSTER }} | |
- name: Production - substitute secrets | |
if: github.ref == 'refs/heads/main' | |
uses: bluwy/substitute-string-action@v3 | |
with: | |
_input-file: 'values.production.template.yaml' | |
_format-key: '{{key}}' | |
_output-file: 'values.production.yaml' | |
# Dashboard | |
POSTGRES_PASSWORD: ${{ secrets.PRODUCTION_POSTGRES_PASSWORD }} | |
OSM_CLIENT_ID: ${{ secrets.PRODUCTION_OSM_CLIENT_ID }} | |
OSM_CLIENT_SECRET: ${{ secrets.PRODUCTION_OSM_CLIENT_SECRET }} | |
SECRET_KEY: ${{ secrets.PRODUCTION_SECRET_KEY }} | |
# Sandbox | |
SANDBOX_PG_DB_USER: ${{ secrets.PRODUCTION_SANDBOX_PG_DB_USER }} | |
SANDBOX_PG_DB_PASSWORD: ${{ secrets.PRODUCTION_SANDBOX_PG_DB_PASSWORD }} | |
SANDBOX_PG_DB_NAME: ${{ secrets.PRODUCTION_SANDBOX_PG_DB_NAME }} | |
SANDBOX_OSM_id_key: ${{ secrets.PRODUCTION_SANDBOX_OSM_ID_KEY }} | |
SANDBOX_OAUTH_CLIENT_ID: ${{ secrets.PRODUCTION_SANDBOX_OAUTH_CLIENT_ID }} | |
SANDBOX_OAUTH_KEY: ${{ secrets.PRODUCTION_SANDBOX_OAUTH_KEY }} | |
SANDBOX_BACKUP_FILE_URL: ${{ secrets.PRODUCTION_SANDBOX_BACKUP_FILE_URL }} | |
SANDBOX_TM_OAUTH_CLIENT_ID: ${{ secrets.PRODUCTION_SANDBOX_TM_OAUTH_CLIENT_ID }} | |
SANDBOX_TM_OAUTH_CLIENT_SECRET_HASHED: ${{ secrets.PRODUCTION_SANDBOX_TM_OAUTH_CLIENT_SECRET_HASHED }} | |
# Cluster | |
AWS_REGION: ${{ secrets.AWS_REGION }} | |
EKS_CLUSTER: ${{ secrets.EKS_CLUSTER }} | |
- name: AWS Credentials | |
if: github.ref == 'refs/heads/staging' || github.ref == 'refs/heads/main' | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-east-1 | |
- name: Setup Kubectl and Helm Dependencies | |
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/staging' | |
run: "sudo pip install awscli --ignore-installed six\nsudo curl -L -o /usr/bin/kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.17.7/2020-07-08/bin/linux/amd64/kubectl\nsudo chmod +x /usr/bin/kubectl\nsudo curl -o /usr/bin/aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.17.7/2020-07-08/bin/linux/amd64/aws-iam-authenticator\nsudo chmod +x /usr/bin/aws-iam-authenticator\nwget https://get.helm.sh/helm-v3.5.0-linux-amd64.tar.gz -O helm.tar.gz\ntar -xvzf helm.tar.gz\nsudo mv linux-amd64/helm /usr/local/bin/ \nsudo chmod +x /usr/local/bin/helm\n #magic___^_^___line\n" | |
- name: Update kube-config staging | |
if: github.ref == 'refs/heads/main' | |
run: aws eks --region us-east-1 update-kubeconfig --name osm-us-k8s-staging | |
# - name: Staging - helm deploy | |
# if: github.ref == 'refs/heads/staging' | |
# run: helm upgrade --install staging --wait dashboard-charts/ -f values.staging.yaml -f dashboard-charts/values.yaml | |
- name: Production - helm deploy | |
if: github.ref == 'refs/heads/main' | |
run: helm upgrade --install production --wait dashboard-charts/ -f values.production.yaml -f dashboard-charts/values.yaml |