-
Notifications
You must be signed in to change notification settings - Fork 0
151 lines (147 loc) · 6.58 KB
/
ci-cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: Build, Test and Deploy Backend
# triggers for our workflow
on:
# opening a pull request to master and develop branch will be a trigger
pull_request:
branches:
- main
- dev
# any code pushed to master and develop branch will also be a trigger
push:
branches:
- main
- dev
jobs:
health-check-job: # health check job for testing and code formatting check
runs-on: ubuntu-latest # os for running the job
services:
postgres: # we need a postgres docker image to be booted a side car service to run the tests that needs a db
image: postgres
env: # the environment variable must match with app/settings.py if block of DATABASES variable otherwise test will fail due to connectivity issue.
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: github-actions
ports:
- 5432:5432 # exposing 5432 port for application to use
# needed because the postgres container does not provide a healthcheck
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
steps:
- name: Checkout code # checking our the code at current commit that triggers the workflow
uses: actions/checkout@v3
with:
ref: main
- name: Cache dependency # caching dependency will make our build faster
uses: actions/cache@v3 # for more info checkout pip section documentation at https://github.com/actions/cache
with:
path: ~/.cache/pip
key: ${{runner.os}}-pip-${{ hashFiles('**/requirements.txt') }}
restore-keys: |
${{runner.os}}-pip-
- name: Setup python environment # setting python environment to 3.10
uses: actions/setup-python@v3
with:
python-version: '3.10' # if you want multiple python version run just use matrix strategy in job config. See the documentation of GitHub Actions
- name: Check Python version # checking the python version to see if 3.x is installed.
run: python --version
- name: Install requirements # install application requirements
run: pip install -r requirements.txt
- name: Check Syntax # check code formatting
run: pycodestyle --statistics .
- name: Run Migrations # run migrations to create table in side car db container
run: python manage.py migrate
- name: Run Test # running tests
run: python manage.py test
package-job: # package job for building and publishing docker images
runs-on: ubuntu-latest
needs: [health-check-job] # will be fired if and only if health-check-job is passed
if: ${{ github.event_name == 'push' }} # will be fired if the trigger event is a push event
steps:
- name: Checkout Code # checking out code
uses: actions/checkout@v3
with:
ref: main
- name: Set Image Name
id: image
run: echo "image_name=app:sha-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Set Repo Location
id: repo
run: echo "repo_name=${{secrets.ARTIFACT_LOC1}}-docker.pkg.dev/${{secrets.GKE_PROJECT}}/github-action-aifinance/${{steps.image.outputs.image_name}}" >> $GITHUB_OUTPUT
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v1
with:
token_format: access_token
credentials_json: ${{secrets.GH_GCR_SERVICE_ACCT}}
- name: Login to Google Cloud Artifact Registry - using docker login action
uses: docker/login-action@v2
with:
registry: ${{secrets.ARTIFACT_LOC1}}-docker.pkg.dev
username: oauth2accesstoken
password: ${{steps.auth.outputs.access_token}}
- name: Build Docker Image
run: |
docker build -t ${{steps.image.outputs.image_name}} .
- name: Tag Image to Artifact Registry
run: |
docker tag ${{steps.image.outputs.image_name}} ${{steps.repo.outputs.repo_name}}
- name: Publish Image
run: |
docker image push ${{steps.repo.outputs.repo_name}}
deploy-job: # deploy job is for deploying the code to Google Cloud k8s cluster
runs-on: ubuntu-latest
needs: [package-job] # will require package-job to be successful for triggering
if: ${{ github.event_name == 'push' }} # will be fire if the trigger event is a push event.
steps:
- name: Checkout code # checking out code
uses: actions/checkout@v3
with:
ref: main
- name: Set Image Name
id: image
run: echo "image_name=app:sha-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Set Repo Location
id: repo
run: echo "repo_name=${{secrets.ARTIFACT_LOC1}}-docker.pkg.dev/${{secrets.GKE_PROJECT}}/github-action-aifinance/${{steps.image.outputs.image_name}}" >> $GITHUB_OUTPUT
- name: Check Repo Location
run: echo ${{ steps.repo.outputs.repo_name }} # checking the repo location
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v1
with:
credentials_json: ${{secrets.GH_GCR_SERVICE_ACCT}}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v1
- name: Use gcloud CLI
run: gcloud info
- name: Install gke-gcloud-auth-plugin
run: |
gcloud components install gke-gcloud-auth-plugin
- name: Configure Docker to use the gcloud CLI tool as a credential helper for auth
run: |
gcloud --quiet auth configure-docker
- name: Install Helm # helm installation in this runner for deploying
run: |
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
- name: Connect to Google Cloud kubernetes cluster
run: |
gcloud container clusters get-credentials ${{secrets.GKE_CLUSTER}} --zone ${{secrets.GKE_ZONE}} --project ${{secrets.GKE_PROJECT}}
- name: List Helm releases
run: helm list --all
- name: Helm Deploy # deploying helm chart to Google Cloud k8s cluster
run: >
helm upgrade
--install
--set image=${{steps.repo.outputs.repo_name}}
--set user=${{secrets.DB_USER}}
--set password=${{secrets.DB_PASSWORD}}
--set host=${{secrets.DB_HOST}}
--set port=${{secrets.DB_PORT}}
--set name=${{secrets.DB_NAME}}
--wait
--atomic
app
./k8s
- name: Check pods # checking pod list to see if they are running
run: kubectl get pods