-
Notifications
You must be signed in to change notification settings - Fork 0
149 lines (145 loc) · 6.86 KB
/
ci-cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
name: Build, Test and Deploy Backend
# triggers for our workflow
on:
# opening a pull request to master and develop branch will be a trigger
pull_request:
branches:
- main
- dev
# any code pushed to master and develop branch will also be a trigger
push:
branches:
- main
- dev
jobs:
health-check-job: # health check job for testing and code formatting check
runs-on: ubuntu-latest # os for running the job
services:
postgres: # we need a postgres docker image to be booted a side car service to run the tests that needs a db
image: postgres
env: # the environment variable must match with app/settings.py if block of DATBASES variable otherwise test will fail due to connectivity issue.
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: github-actions
ports:
- 5432:5432 # exposing 5432 port for application to use
# needed because the postgres container does not provide a healthcheck
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
steps:
- name: Checkout code # checking our the code at current commit that triggers the workflow
uses: actions/checkout@v3
with:
ref: main
- name: Cache dependency # caching dependency will make our build faster.
uses: actions/cache@v3 # for more info checkout pip section documentation at https://github.com/actions/cache
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: Setup python environment # setting python environment to 3.10
uses: actions/setup-python@v3
with:
python-version: '3.10' # if you want multiple python version run just use matrix strategy in job config. See the documentation of GitHub Actions
- name: Check Python version # checking the python version to see if 3.x is installed.
run: python --version
- name: Install requirements # install application requirements
run: pip install -r requirements.txt
- name: Check Syntax # check code formatting
run: pycodestyle --statistics .
- name: Run Migrations # run migrations to create table in side car db container
run: python manage.py migrate
- name: Run Test # running tests
run: python manage.py test
package-job: # package job for building and publishing docker images
runs-on: ubuntu-latest
needs: [health-check-job] # will be fired if and only if health-check-job is passed.
if: ${{ github.event_name == 'push' }} # will be fired if the trigger event is a push event.
steps:
- name: Checkout Code # checking out code.
uses: actions/checkout@v3
with:
ref: main
- id: auth
name: Authenticate to Google Cloud
uses: google-github-actions/auth@v1
with:
token_format: access_token
credentials_json: ${{ secrets.GH_GCR_SERVICE_ACCT }}
- name: Login to Google Artifact Registry - using docker login action
uses: docker/login-action@v2
with:
registry: gcr.io # us-central1-docker.pkg.dev/atlantean-site-393904/github-action-aifinance # gcr.io # or REGION-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
# This example runs "docker login" directly to Artifact Registry.
# - name: Running "docker login" directly to Artifact Registry
# run: |
# echo '${{ steps.auth.outputs.access_token }}' | docker login -u oauth2accesstoken --password-stdin https://us-central1-docker.pkg.dev/atlantean-site-393904/github-action-aifinance
- name: Build & Publish Image # we are using a public GitHub Action to build and publish docker image to our GCR registry.
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile
push: true
tags: github-action-aifinance/app:latest
deploy-job: # deploy job is for deploying our code to google cloud cluster.
runs-on: ubuntu-latest
needs: [package-job] # will require package-job to be successful for triggering
if: ${{ github.event_name == 'push' }} # will be fire if the trigger event is a push event.
steps:
- name: Checkout code # checking out code.
uses: actions/checkout@v3
with:
ref: main
- id: auth
uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GH_GCR_SERVICE_ACCT }}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v1
- name: Use gcloud CLI
run: gcloud info
- name: Install gke-gcloud-auth-plugin
run: |
gcloud components install gke-gcloud-auth-plugin
# Configure Docker to use the gcloud command-line tool as a credential
# helper for authentication
- run: |
gcloud --quiet auth configure-docker
- name: Set Repo Location # steps required to find the image id of our image from GCP Artifactory container registry
id: repo
run: echo "repo_name=gcr.io/${{secrets.GKE_PROJECT}}/github-django-action/app:sha-$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
# run: echo "::set-output name=repo_name::gcr.io/${{secrets.GKE_PROJECT}}/github-django-action/app:sha-$(git rev-parse --short HEAD)" # we are setting the image location as output to be used in later step
- name: Check Repo Location
run: echo ${{ steps.repo.outputs.repo_name }} # checking our repo location
- name: Install Helm # helm installation in our runner for deploying.
run: |
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
- name: Connect to kubernetes cluster
run: |
gcloud container clusters get-credentials ${{secrets.GKE_CLUSTER}} --zone ${{secrets.GKE_ZONE}} --project ${{secrets.GKE_PROJECT}}
- name: List Helm releases
run: helm list --all
# - name: Rollback pending Helm install
# run: helm rollback app
# - name: add repo
# run: helm repo add argo https://argoproj.github.io/argo-helm
- name: Helm Deploy # deploying our helm chart to our cluster
run: >
helm upgrade
--install
--set image=${{ steps.repo.outputs.repo_name }}
--set user=${{ secrets.DB_USER }}
--set password=${{ secrets.DB_PASSWORD }}
--set host=${{ secrets.DB_HOST }}
--set port=${{ secrets.DB_PORT }}
--set name=${{ secrets.DB_NAME }}
--wait
--atomic
app
./k8s
- name: Check pods # checking pod list to see if they are running.
run: kubectl get pods