-
Notifications
You must be signed in to change notification settings - Fork 2
107 lines (93 loc) · 3.66 KB
/
eks-deploy.yaml
File metadata and controls
107 lines (93 loc) · 3.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
name: "Deploy to EKS"
on:
push:
branches:
- "main"
release:
types:
- "created"
jobs:
deploy:
name: "Setup, Build, Publish, and Deploy"
runs-on: ubuntu-latest
environment: "preview"
env:
# Infrastructure configuration
EKS_CLUSTER: "war-eks-cluster"
EKS_NAMESPACE: "prod"
AWS_REGION: "eu-west-2"
RELEASE_NAME: "watchflow-dev-landing"
PUBLIC_DOMAIN: "watchflow.dev"
ECR_REPOSITORY: "watchflow_dev_landing"
# Certificate configuration
CERT_ISSUER_NAME: "war-cert-issuer"
# Application configuration
PORT: "80"
HELM_PATH: "helm-chart"
JOB_STATUS: "succeeded"
# AWS credentials
AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}"
AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}"
permissions:
contents: "read"
id-token: "write"
packages: "write"
steps:
# Checkout the repository code
- name: "Checkout"
uses: actions/checkout@v4
# Configure AWS credentials for EKS and ECR access
- name: "Configure AWS credentials"
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: "${{ env.AWS_ACCESS_KEY_ID }}"
aws-secret-access-key: "${{ env.AWS_SECRET_ACCESS_KEY }}"
aws-region: "${{ env.AWS_REGION }}"
# Login to Amazon ECR to push Docker images
- name: "Login to Amazon ECR"
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
# Build and push Docker image to ECR
- name: "Build, tag, and push image to Amazon ECR"
id: ecr-push
env:
ECR_REGISTRY: "${{ steps.login-ecr.outputs.registry }}"
ECR_REPOSITORY: "${{ env.ECR_REPOSITORY }}"
IMAGE_TAG: "${{ github.sha }}"
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "image_repository=$ECR_REGISTRY/$ECR_REPOSITORY" >> $GITHUB_OUTPUT
# Update kubeconfig to connect to EKS cluster
- name: "Update kubeconfig"
run: aws eks update-kubeconfig --region "${{ env.AWS_REGION }}" --name "${{ env.EKS_CLUSTER }}"
# Deploy application using Helm chart
- name: "Install or upgrade helm chart"
env:
IMAGE_TAG: "${{ github.sha }}"
IMAGE_REPOSITORY: "${{ steps.ecr-push.outputs.image_repository }}"
run: |-
helm upgrade "${{ env.RELEASE_NAME }}" "${{ env.HELM_PATH }}" --namespace "${{ env.EKS_NAMESPACE }}" \
--values "${{ env.HELM_PATH }}/values.yaml" \
--set image.repository=${{ env.IMAGE_REPOSITORY }} \
--set image.tag=${{ env.IMAGE_TAG }} \
--set ingress.hosts[0].host=${{ env.PUBLIC_DOMAIN }} \
--set ingress.tls[0].secretName=${{ env.RELEASE_NAME }}-tls \
--set ingress.tls[0].hosts[0]=${{ env.PUBLIC_DOMAIN }} \
--set cert.enabled=true \
--set cert.tls.secretName=${{ env.RELEASE_NAME }}-tls \
--set cert.issuerRef.name=${{ env.CERT_ISSUER_NAME }} \
--set cert.issuerRef.kind=ClusterIssuer \
--set cert.commonName=${{ env.PUBLIC_DOMAIN }} \
--set cert.dnsNames.hosts[0]=${{ env.PUBLIC_DOMAIN }} \
--set service.port=${{ env.PORT }} \
--install
shell: bash
# Set status to failed on any's step failure
- name: "Set status to failed on any's step failure"
if: ${{ failure() }}
run: echo "JOB_STATUS=failed" >> $GITHUB_ENV
# Exit with error on failure
- name: "Exit with error on failure"
if: ${{ failure() }}
run: exit 1