update secret #64
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build, Test and Deploy Backend | |
# triggers for our workflow | |
on: | |
# opening a pull request to master and develop branch will be a trigger | |
pull_request: | |
branches: | |
- main | |
- dev | |
# any code pushed to master and develop branch will also be a trigger | |
push: | |
branches: | |
- main | |
- dev | |
jobs: | |
health-check-job: # health check job for testing and code formatting check | |
runs-on: ubuntu-latest # os for running the job | |
services: | |
postgres: # we need a postgres docker image to be booted a side car service to run the tests that needs a db | |
image: postgres | |
env: # the environment variable must match with app/settings.py if block of DATBASES variable otherwise test will fail due to connectivity issue. | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: postgres | |
POSTGRES_DB: github-actions | |
ports: | |
- 5432:5432 # exposing 5432 port for application to use | |
# needed because the postgres container does not provide a healthcheck | |
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 | |
steps: | |
- name: Checkout code # checking our the code at current commit that triggers the workflow | |
uses: actions/checkout@v3 | |
- name: Cache dependency # caching dependency will make our build faster. | |
uses: actions/cache@v3 # for more info checkout pip section documentation at https://github.com/actions/cache | |
with: | |
path: ~/.cache/pip | |
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} | |
restore-keys: | | |
${{ runner.os }}-pip- | |
- name: Setup python environment # setting python environment to 3.10 | |
uses: actions/setup-python@v3 | |
with: | |
python-version: '3.10' # if you want multiple python version run just use matrix strategy in job config. See the documentation of GitHub Actions | |
- name: Check Python version # checking the python version to see if 3.x is installed. | |
run: python --version | |
- name: Install requirements # install application requirements | |
run: pip install -r requirements.txt | |
- name: Check Syntax # check code formatting | |
run: pycodestyle --statistics . | |
- name: Run Migrations # run migrations to create table in side car db container | |
run: python manage.py migrate | |
- name: Run Test # running tests | |
run: python manage.py test | |
package-job: # package job for building and publishing docker images | |
runs-on: ubuntu-latest | |
needs: [health-check-job] # will be fired if and only if health-check-job is passed. | |
if: ${{ github.event_name == 'push' }} # will be fired if the trigger event is a push event. | |
steps: | |
- name: Checkout Code # checking out code. | |
uses: actions/checkout@v3 | |
- name: Build & Publish Image # we are using a public GitHub Action to build and publish docker image to our GCR registry. | |
uses: docker/build-push-action@v2 | |
env: | |
app_name: app | |
with: | |
username: _json_key # default for gcr.io | |
password: ${{ secrets.GCP_CREDENTIALS2 }} # service account json data | |
registry: gcr.io # gcr Artifactory registry domain | |
repository: ${{secrets.GKE_PROJECT}}/github-django-actions/app # GKE_PROJECT is the GCP Project id to be set as secret. | |
tag_with_sha: true # this will tag our image with commit id. For example our image our be gcr.io/project-id/github-django-actions/app:sha-7865423 where 7865423 is the short sha of our commit. | |
deploy-job: # deploy job is for deploying our code to google cloud cluster. | |
runs-on: ubuntu-latest | |
needs: [package-job] # will require package-job to be successful for triggering | |
if: ${{ github.event_name == 'push' }} # will be fire if the trigger event is a push event. | |
steps: | |
- name: Checkout code # checking out code. | |
uses: actions/checkout@v3 | |
- id: auth | |
uses: google-github-actions/auth@v1 | |
with: | |
credentials_json: ${{ secrets.GCP_CREDENTIALS2 }} | |
- name: Set up Cloud SDK | |
uses: google-github-actions/setup-gcloud@v1 | |
- name: Use gcloud CLI | |
run: gcloud info | |
- name: Install gke-gcloud-auth-plugin | |
run: | | |
gcloud components install gke-gcloud-auth-plugin | |
# Configure Docker to use the gcloud command-line tool as a credential | |
# helper for authentication | |
- run: | | |
gcloud --quiet auth configure-docker | |
- name: Set Repo Location # steps required to find the image id of our image from GCP Artifactory container registry | |
id: repo | |
run: echo "repo_name=gcr.io/${{secrets.GKE_PROJECT}}/github-django-actions/app:sha-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
# run: echo "::set-output name=repo_name::gcr.io/${{secrets.GKE_PROJECT}}/github-django-actions/app:sha-$(git rev-parse --short HEAD)" # we are setting the image location as output to be used in later step | |
- name: Check Repo Location | |
run: echo ${{ steps.repo.outputs.repo_name }} # checking our repo location | |
- name: Install Helm # helm installation in our runner for deploying. | |
run: | | |
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | |
chmod 700 get_helm.sh | |
./get_helm.sh | |
- name: Connect to kubernetes cluster | |
run: | | |
gcloud container clusters get-credentials ${{secrets.GKE_CLUSTER}} --zone ${{secrets.GKE_ZONE}} --project ${{secrets.GKE_PROJECT}} | |
- name: List Helm releases | |
run: helm list --all | |
# - name: Rollback pending Helm install | |
# run: helm rollback app | |
- name: Helm Deploy # deploying our helm chart to our cluster | |
run: > | |
helm upgrade | |
--install | |
--set image=${{ steps.repo.outputs.repo_name }} | |
--set user=${{ secrets.DB_USER }} | |
--set password=${{ secrets.DB_PASSWORD }} | |
--set host=${{ secrets.DB_HOST }} | |
--set port=${{ secrets.DB_PORT }} | |
--set name=${{ secrets.DB_NAME }} | |
--wait | |
--atomic | |
app | |
./k8s | |
- name: Check pods # checking pod list to see if they are running. | |
run: kubectl get pods |