Merge pull request #169 from fileverse/INS-21-Deploy-storage-service #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Docker image and deploy to EKS | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - development | |
| env: | |
| AWS_REGION: eu-north-1 | |
| ECR_REPOSITORY: fileverse/fileverse-storage | |
| EKS_DEV_CLUSTER_NAME: fileverse-dev-cluster | |
| EKS_PROD_CLUSTER_NAME: fileverse-prod-cluster | |
| jobs: | |
| # Development deployment job | |
| deploy-dev: | |
| name: Build and deploy DEV | |
| runs-on: ubuntu-latest | |
| environment: development | |
| if: github.ref == 'refs/heads/development' | |
| steps: | |
| # Checkout the code from the repository | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| # Set up Docker Buildx for advanced build features | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| # Cache Docker layers to speed up the build | |
| - name: Cache Docker layers | |
| uses: actions/cache@v3 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| # Build Docker image | |
| - name: Build, tag, and push image to Amazon ECR | |
| id: build-image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT | |
| - name: Inject version number and env into files | |
| uses: dominicwatson/github-action-envsubst@v1 | |
| with: | |
| files: k8s/fileverse-storage.yaml k8s/fileverse-storage-sa.yaml | |
| env: | |
| IMAGE_TAG: ${{ github.sha }} | |
| ENVIRONMENT: development | |
| SERVICE_ACCOUNT: arn:aws:iam::367148490862:role/FileverseDevelopmentFileverseStorageServiceRole | |
| - name: Install kubectl | |
| run: | | |
| curl -LO "https://dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubectl" | |
| chmod +x ./kubectl | |
| sudo mv ./kubectl /usr/local/bin/kubectl | |
| - name: Update kube config | |
| run: aws eks update-kubeconfig --name ${{ env.EKS_DEV_CLUSTER_NAME }} --region ${{ env.AWS_REGION }} | |
| - name: Verify kubeconfig context | |
| run: | | |
| kubectl config use-context arn:aws:eks:${{ env.AWS_REGION }}:$(aws sts get-caller-identity | jq -r ".Account"):cluster/${{ env.EKS_DEV_CLUSTER_NAME }} | |
| - name: Install Secrets Store CSI Driver and AWS Provider | |
| run: | | |
| helm repo add secrets-store-csi-driver https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts | |
| helm upgrade --install -n kube-system csi-secrets-store secrets-store-csi-driver/secrets-store-csi-driver | |
| helm repo add aws-secrets-manager https://aws.github.io/secrets-store-csi-driver-provider-aws | |
| helm upgrade --install -n kube-system secrets-provider-aws aws-secrets-manager/secrets-store-csi-driver-provider-aws | |
| - name: Install AWS load-balancer-controller | |
| run: | | |
| helm repo add eks https://aws.github.io/eks-charts | |
| helm repo update | |
| helm upgrade --install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=${{ env.EKS_DEV_CLUSTER_NAME }} | |
| - name: Deploy to EKS | |
| env: | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| kubectl apply -f k8s/ | |
| # Send Slack notification on success | |
| - name: Slack Notification (success) | |
| if: success() | |
| run: | | |
| curl -X POST -H 'Content-type: application/json' --data '{ | |
| "text": "New deployment to EKS cluster :rocket:", | |
| "attachments": [ | |
| { | |
| "color": "#36a64f", | |
| "title": "Deployment Info", | |
| "fields": [ | |
| { | |
| "title": "Repository", | |
| "value": "${{ github.repository }}", | |
| "short": true | |
| }, | |
| { | |
| "title": "Deployed SHA", | |
| "value": "${{ github.sha }}", | |
| "short": true | |
| }, | |
| { | |
| "title": "Branch", | |
| "value": "${{ github.ref }}", | |
| "short": true | |
| }, | |
| { | |
| "title": "Cluster", | |
| "value": "${{ secrets.EKS_DEV_CLUSTER_NAME }}", | |
| "short": true | |
| } | |
| ] | |
| } | |
| ] | |
| }' ${{ secrets.SLACK_WEBHOOK_URL }} | |
| # Send Slack notification on failure | |
| - name: Slack Notification (Failure) | |
| if: failure() | |
| run: | | |
| curl -X POST -H 'Content-type: application/json' --data '{ | |
| "text": "Deployment to EKS cluster failed :x:", | |
| "attachments": [ | |
| { | |
| "color": "#FF0000", | |
| "title": "Deployment Failed", | |
| "fields": [ | |
| { | |
| "title": "Repository", | |
| "value": "${{ github.repository }}", | |
| "short": true | |
| }, | |
| { | |
| "title": "Failed SHA", | |
| "value": "${{ github.sha }}", | |
| "short": true | |
| }, | |
| { | |
| "title": "Branch", | |
| "value": "${{ github.ref }}", | |
| "short": true | |
| }, | |
| { | |
| "title": "Cluster", | |
| "value": "${{ secrets.EKS_DEV_CLUSTER_NAME }}", | |
| "short": true | |
| } | |
| ] | |
| } | |
| ] | |
| }' ${{ secrets.SLACK_WEBHOOK_URL }} | |
| # Production deployment job | |
| deploy-production: | |
| name: Build and deploy PROD | |
| runs-on: ubuntu-latest | |
| environment: production | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| # Checkout the code from the repository | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| # Set up Docker Buildx for advanced build features | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| # Cache Docker layers to speed up the build | |
| - name: Cache Docker layers | |
| uses: actions/cache@v3 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| # Build Docker image | |
| - name: Build, tag, and push image to Amazon ECR | |
| id: build-image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT | |
| - name: Inject version number and env into files | |
| uses: dominicwatson/github-action-envsubst@v1 | |
| with: | |
| files: k8s/fileverse-storage.yaml k8s/fileverse-storage-sa.yaml | |
| env: | |
| IMAGE_TAG: ${{ github.sha }} | |
| ENVIRONMENT: production | |
| SERVICE_ACCOUNT: arn:aws:iam::367148490862:role/FileverseProductionFileverseStorageServiceRole | |
| - name: Install kubectl | |
| run: | | |
| curl -LO "https://dl.k8s.io/release/v1.31.0/bin/linux/amd64/kubectl" | |
| chmod +x ./kubectl | |
| sudo mv ./kubectl /usr/local/bin/kubectl | |
| - name: Update kube config | |
| run: aws eks update-kubeconfig --name ${{ env.EKS_PROD_CLUSTER_NAME }} --region ${{ env.AWS_REGION }} | |
| - name: Verify kubeconfig context | |
| run: | | |
| kubectl config use-context arn:aws:eks:${{ env.AWS_REGION }}:$(aws sts get-caller-identity | jq -r ".Account"):cluster/${{ env.EKS_PROD_CLUSTER_NAME }} | |
| - name: Install Secrets Store CSI Driver and AWS Provider | |
| run: | | |
| helm repo add secrets-store-csi-driver https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts | |
| helm upgrade --install -n kube-system csi-secrets-store secrets-store-csi-driver/secrets-store-csi-driver | |
| helm repo add aws-secrets-manager https://aws.github.io/secrets-store-csi-driver-provider-aws | |
| helm upgrade --install -n kube-system secrets-provider-aws aws-secrets-manager/secrets-store-csi-driver-provider-aws | |
| - name: Install AWS load-balancer-controller | |
| run: | | |
| helm repo add eks https://aws.github.io/eks-charts | |
| helm repo update | |
| helm upgrade --install aws-load-balancer-controller eks/aws-load-balancer-controller -n kube-system --set clusterName=${{ env.EKS_PROD_CLUSTER_NAME }} | |
| - name: Deploy to EKS | |
| env: | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| kubectl apply -f k8s/ | |
| # Send Slack notification | |
| - name: Slack Notification | |
| if: success() | |
| run: | | |
| curl -X POST -H 'Content-type: application/json' --data '{ | |
| "text": "New deployment to EKS cluster :rocket:", | |
| "attachments": [ | |
| { | |
| "color": "#36a64f", | |
| "title": "Deployment Info", | |
| "fields": [ | |
| { | |
| "title": "Repository", | |
| "value": "${{ github.repository }}", | |
| "short": true | |
| }, | |
| { | |
| "title": "Deployed SHA", | |
| "value": "${{ github.sha }}", | |
| "short": true | |
| }, | |
| { | |
| "title": "Branch", | |
| "value": "${{ github.ref }}", | |
| "short": true | |
| }, | |
| { | |
| "title": "Cluster", | |
| "value": "${{ secrets.EKS_PROD_CLUSTER_NAME }}", | |
| "short": true | |
| } | |
| ] | |
| } | |
| ] | |
| }' ${{ secrets.SLACK_WEBHOOK_URL }} | |
| # Send Slack notification on failure | |
| - name: Slack Notification (Failure) | |
| if: failure() | |
| run: | | |
| curl -X POST -H 'Content-type: application/json' --data '{ | |
| "text": "Deployment to EKS cluster failed :x:", | |
| "attachments": [ | |
| { | |
| "color": "#FF0000", | |
| "title": "Deployment Failed", | |
| "fields": [ | |
| { | |
| "title": "Repository", | |
| "value": "${{ github.repository }}", | |
| "short": true | |
| }, | |
| { | |
| "title": "Failed SHA", | |
| "value": "${{ github.sha }}", | |
| "short": true | |
| }, | |
| { | |
| "title": "Branch", | |
| "value": "${{ github.ref }}", | |
| "short": true | |
| }, | |
| { | |
| "title": "Cluster", | |
| "value": "${{ secrets.EKS_PROD_CLUSTER_NAME }}", | |
| "short": true | |
| } | |
| ] | |
| } | |
| ] | |
| }' ${{ secrets.SLACK_WEBHOOK_URL }} |