-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feature(actions): Added Deploy Actions and Manifests.
Moved ``pr.yaml`` to ``build.yaml``. Removed ``builder.yaml``.
- Loading branch information
1 parent
6f10fea
commit fe45a81
Showing
6 changed files
with
224 additions
and
54 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,66 @@ | ||
| name: Build and Deploy | ||
| on: | ||
| workflow_dispatch: | ||
| jobs: | ||
| # NOTE: See [the example](https://github.com/marketplace/actions/build-and-push-docker-images). | ||
| build: | ||
| name: Build Server | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout. | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Login to Docker Hub | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
| password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
|
|
||
| - name: Setup Docker Buildx. | ||
| uses: docker/setup-buildx-action@v3 | ||
|
|
||
| - name: Build Server Image. | ||
| uses: docker/build-push-action@v5 | ||
| with: | ||
| context: . | ||
| file: ./docker/dockerfile | ||
| target: builder | ||
| tags: acederberg/blog:latest | ||
| push: true | ||
| cache-from: type=gha | ||
| cache-to: type=gha,mode=max | ||
| load: true | ||
|
|
||
| kube: | ||
| name: Deploy to Kubernetes | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| actions: read | ||
| steps: | ||
| - name: Checkout. | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| # NOTE: It is required to apply ``./docker/manifests/sa.yaml`` and | ||
| # generate credentials for that service account, e.g. | ||
| # ``kubectl create token ...``. | ||
| - uses: azure/k8s-set-context@v1 | ||
| with: | ||
| method: serviceaccount | ||
| k8s-url: ${{ secrets.K8S_URL }} | ||
| k8s-secret: ${{ secrets.K8S_SA_TOKEN }} | ||
| id: setcontext | ||
|
|
||
| # NOTE: Correct imagePullPolicy is necessary for this step to work. | ||
| # Specifying the image version requires special permissions so that | ||
| # the action can modify workflow files, thus the latest tag is | ||
| # used. | ||
| - uses: Azure/k8s-deploy@v5 | ||
| with: | ||
| namespace: blog | ||
| manifests: docker/manifests/ci.yaml |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| --- | ||
| apiVersion: apps/v1 | ||
| metadata: | ||
| namespace: blog | ||
| name: blog | ||
| labels: | ||
| acederberg.io/tier: browser | ||
| acederberg.io/from: kubectl | ||
| acederberg.io/component: blog | ||
| kind: Deployment | ||
| spec: | ||
| selector: | ||
| matchLabels: | ||
| acederberg.io/tier: browser | ||
| acederberg.io/from: kubectl | ||
| acederberg.io/component: blog | ||
| template: | ||
| metadata: | ||
| labels: | ||
| acederberg.io/tier: browser | ||
| acederberg.io/from: kubectl | ||
| acederberg.io/component: blog | ||
| spec: | ||
| containers: | ||
| - name: blog | ||
| image: acederberg/blog:latest | ||
| imagePullPolicy: Always | ||
| ports: | ||
| - name: captura-http | ||
| containerPort: 8080 | ||
| readinessProbe: | ||
| failureThreshold: 3 | ||
| httpGet: | ||
| path: / | ||
| port: 8080 | ||
| scheme: HTTP | ||
| periodSeconds: 10 | ||
| successThreshold: 1 | ||
| timeoutSeconds: 1 | ||
|
|
||
|
|
||
|
|
||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,110 @@ | ||
| --- | ||
| apiVersion: v1 | ||
| kind: Namespace | ||
| metadata: | ||
| name: blog | ||
| annotations: | ||
| kubernetes.io/enforce-mountable-secrets: "true" | ||
| labels: | ||
| acederberg.io/tier: browser | ||
| acederberg.io/from: kubectl | ||
| acederberg.io/component: blog | ||
|
|
||
|
|
||
| --- | ||
| apiVersion: v1 | ||
| kind: ServiceAccount | ||
| metadata: | ||
| name: blog-gh-act | ||
| namespace: blog | ||
| labels: | ||
| acederberg.io/tier: browser | ||
| acederberg.io/from: kubectl | ||
| acederberg.io/component: blog | ||
|
|
||
|
|
||
| --- | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: ClusterRole | ||
| metadata: | ||
| name: blog-gh-act | ||
| namespace: blog | ||
| rules: | ||
| - apiGroups: | ||
| - '' | ||
| - apps | ||
| resourceNames: | ||
| - blog | ||
| resources: | ||
| - deployments | ||
| - replicasets | ||
| verbs: | ||
| - create | ||
| - get | ||
| - update | ||
| - watch | ||
|
|
||
|
|
||
| --- | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| kind: ClusterRoleBinding | ||
| metadata: | ||
| name: blog-gh-act | ||
| namespace: blog | ||
| roleRef: | ||
| kind: ClusterRole | ||
| name: blog-gh-act | ||
| subjects: | ||
| - kind: ServiceAccount | ||
| name: blog-gh-act | ||
| namespace: blog | ||
|
|
||
|
|
||
|
|
||
| --- | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: blog | ||
| namespace: blog | ||
| labels: | ||
| acederberg.io/tier: browser | ||
| acederberg.io/from: kubectl | ||
| acederberg.io/component: blog | ||
| spec: | ||
| selector: | ||
| acederberg.io/tier: browser | ||
| acederberg.io/from: kubectl | ||
| acederberg.io/component: blog | ||
| ports: | ||
| - targetPort: 8080 | ||
| port: 80 | ||
|
|
||
| --- | ||
| apiVersion: traefik.io/v1alpha1 | ||
| kind: IngressRoute | ||
| metadata: | ||
| name: blog | ||
| namespace: blog | ||
| labels: | ||
| acederberg.io/tier: browser | ||
| acederberg.io/from: kubectl | ||
| acederberg.io/component: blog | ||
| spec: | ||
| tls: | ||
| certResolver: letsencrypt | ||
| entryPoints: | ||
| - websecure | ||
| routes: | ||
| - kind: Rule | ||
| match: HOST(`blog.acederberg.io`) | ||
| middlewares: | ||
| - name: traefik-ratelimit | ||
| namespace: traefik | ||
| - name: traefik-error-pages | ||
| namespace: traefik | ||
| services: | ||
| - kind: Service | ||
| name: blog | ||
| namespace: blog | ||
| port: 80 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| apiVersion: authentication.k8s.io/v1 | ||
| kind: TokenReview | ||
| spec: | ||
| # token: eyJhbGciOiJSUzI1NiIsImtpZCI6InhtR0V0WHR2MzFTWFNvZmxYOTNPQVBLVF9qN1BtTV9PeWt0cTdVVGdkakkifQ.eyJhdWQiOlsia3ViZXJuZXRlcy5kZWZhdWx0LnN2YyJdLCJleHAiOjE3MjczMDM3NDEsImlhdCI6MTcyNzMwMDE0MSwiaXNzIjoiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiLCJrdWJlcm5ldGVzLmlvIjp7Im5hbWVzcGFjZSI6ImJsb2ciLCJzZXJ2aWNlYWNjb3VudCI6eyJuYW1lIjoiYmxvZy1zZXJ2aWNlLWFjY291bnQtcHJvZHVjdGlvbiIsInVpZCI6Ijk5NTk1ZTIwLTk5ODgtNDBkOS04ZDI5LTVjMmU5NWI1NTZhYSJ9fSwibmJmIjoxNzI3MzAwMTQxLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6YmxvZzpibG9nLXNlcnZpY2UtYWNjb3VudC1wcm9kdWN0aW9uIn0.3yO220lTWg8Ou2t8jwpNDeEVPyAnY2ofqRt4GWiyF0NStMTeQPlDE6EVnS294SoHITn6ZlhkmNXmjiSg4x0boc8aggSQ2gJc2R3nUYMAKTmuyIBF34j16gsENp1mUUmqsQC-7Ln6e65E_3bHmTkZDSAJC1XgSaUcSkN1QrxZBRiq895vHazC51LLdYymD-JT0ATs12_m9s9m6KK1bCnkEA3o-JtNFAhQImb2Erd-RvIwfhUz2LrY7wOAAQsQb5H6S7hs_qYD-nECU_Ue8nSy8ZL0wKkmJKL18sSAFZLO2RDfGAEoIH6z9wgmpZJZumvZnM41YPIAO4zLonJkuyb7qw | ||
| token: eyJhbGciOiJSUzI1NiIsImtpZCI6InhtR0V0WHR2MzFTWFNvZmxYOTNPQVBLVF9qN1BtTV9PeWt0cTdVVGdkakkifQ.eyJhdWQiOlsia3ViZXJuZXRlcy5kZWZhdWx0LnN2YyJdLCJleHAiOjE3MjczMDU2MTQsImlhdCI6MTcyNzMwMjAxNCwiaXNzIjoiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiLCJrdWJlcm5ldGVzLmlvIjp7Im5hbWVzcGFjZSI6ImJsb2ciLCJzZXJ2aWNlYWNjb3VudCI6eyJuYW1lIjoiYmxvZy1naC1hY3QiLCJ1aWQiOiJiMzlmZmEyYy04M2IwLTQzODYtYThkOS0yYWExOGFhNWQzNjAifX0sIm5iZiI6MTcyNzMwMjAxNCwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmJsb2c6YmxvZy1naC1hY3QifQ.ld0KH20hhLO-8FHI4-j2b2DoXdbg2mWo-kSbFvegXWtWHlG6yNpDWfwobEYHy_cYAViWBpxQEjtbOKisOm24UcQwG9ygQvt0ppfTHTOjRURWcmhgE-4Vn0MejlA2HTP1CD6AcX2Z00p-bRJCaFynSfO1dcM0lfNQZi-OurTYyv4CVk2a9hazPEwMCSdDTfw9iFB-acZYTGI8fx7dAsYjYzlonTccKwkFBXNRXP0LwNby8AmiL7IECUxyMqLosy4tca7yleB3fOmSVSBHQ2PidphxUJpXEDHgc1KHw0OcnwNvLE4iwT4S4a5AclI0YGmlAwiWiA-aZBSyn8_mX0hCZg |