Add deploy stage and make it always run for now
Some checks failed
Podman Rootless Demo / test-backend (push) Has been skipped
Podman Rootless Demo / test-frontend (push) Has been skipped
Podman Rootless Demo / build-backend (push) Has been skipped
Podman Rootless Demo / build-frontend (push) Has been skipped
Podman Rootless Demo / deploy-prod (push) Failing after 23s
Some checks failed
Podman Rootless Demo / test-backend (push) Has been skipped
Podman Rootless Demo / test-frontend (push) Has been skipped
Podman Rootless Demo / build-backend (push) Has been skipped
Podman Rootless Demo / build-frontend (push) Has been skipped
Podman Rootless Demo / deploy-prod (push) Failing after 23s
This commit is contained in:
parent
c2d3897acf
commit
861eb34c41
2 changed files with 52 additions and 5 deletions
|
|
@ -128,6 +128,7 @@ jobs:
|
||||||
|
|
||||||
test-frontend:
|
test-frontend:
|
||||||
runs-on: [ci]
|
runs-on: [ci]
|
||||||
|
if: false
|
||||||
#needs: test-backend
|
#needs: test-backend
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
|
@ -139,6 +140,7 @@ jobs:
|
||||||
|
|
||||||
build-backend:
|
build-backend:
|
||||||
runs-on: [ci]
|
runs-on: [ci]
|
||||||
|
if: false
|
||||||
#needs: [test-backend, test-frontend]
|
#needs: [test-backend, test-frontend]
|
||||||
needs: [test-frontend]
|
needs: [test-frontend]
|
||||||
|
|
||||||
|
|
@ -174,6 +176,7 @@ jobs:
|
||||||
|
|
||||||
build-frontend:
|
build-frontend:
|
||||||
runs-on: [ci]
|
runs-on: [ci]
|
||||||
|
if: false
|
||||||
#needs: [test-backend, test-frontend]
|
#needs: [test-backend, test-frontend]
|
||||||
needs: [test-frontend]
|
needs: [test-frontend]
|
||||||
|
|
||||||
|
|
@ -206,3 +209,47 @@ jobs:
|
||||||
run: |
|
run: |
|
||||||
podman --remote push "$FRONTEND_IMAGE:${{ github.sha }}"
|
podman --remote push "$FRONTEND_IMAGE:${{ github.sha }}"
|
||||||
podman --remote push "$FRONTEND_IMAGE:latest"
|
podman --remote push "$FRONTEND_IMAGE:latest"
|
||||||
|
|
||||||
|
deploy-prod:
|
||||||
|
runs-on: [prod]
|
||||||
|
#needs: [build-backend, build-frontend]
|
||||||
|
|
||||||
|
env:
|
||||||
|
CONTAINER_HOST: unix:///run/user/1001/podman/podman.sock
|
||||||
|
XDG_RUNTIME_DIR: /tmp
|
||||||
|
RUN_ID: ${{ github.run_id }}
|
||||||
|
APP_NAME: ${{ github.repository }}
|
||||||
|
REGISTRY_HOST: ${{ secrets.REGISTRY_HOST }}
|
||||||
|
IMAGE_TAG: ${{ github.sha }}
|
||||||
|
POSTGRES_DATABASE_NAME: ${{ secrets.PROD_DB_DATABASE_NAME }}
|
||||||
|
POSTGRES_USERNAME: ${{ secrets.PROD_DB_USERNAME }}
|
||||||
|
POSTGRES_PASSWORD: ${{ secrets.PROD_DB_PASSWORD }}
|
||||||
|
POSTGRES_PORT: ${{ secrets.PROD_DB_PORT }}
|
||||||
|
PROD_BACKEND_PORT: ${{ secrets.PROD_BACKEND_PORT }}
|
||||||
|
PROD_FRONTEND_PORT: ${{ secrets.PROD_FRONTEND_PORT }}
|
||||||
|
PROD_BACKEND_HOST: ${{ secrets.PROD_BACKEND_HOST }}
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: Checkout code
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Login to container registry with PAT
|
||||||
|
run: |
|
||||||
|
echo "${{ secrets.REGISTRY_TOKEN }}" | podman --remote login \
|
||||||
|
-u "${{ secrets.REGISTRY_USERNAME }}" \
|
||||||
|
--password-stdin \
|
||||||
|
"${{ secrets.REGISTRY_HOST }}"
|
||||||
|
|
||||||
|
- name: Pull production images
|
||||||
|
run: |
|
||||||
|
podman --remote pull "$REGISTRY_HOST/$APP_NAME/sharenet-backend-api-postgres:$IMAGE_TAG"
|
||||||
|
podman --remote pull "$REGISTRY_HOST/$APP_NAME/sharenet-frontend:$IMAGE_TAG"
|
||||||
|
|
||||||
|
- name: Install envsubst
|
||||||
|
run: |
|
||||||
|
apt-get update && apt-get install -y gettext-base
|
||||||
|
|
||||||
|
- name: Deploy production pod
|
||||||
|
run: |
|
||||||
|
# Process the pod template with environment variables
|
||||||
|
envsubst < deploy/prod-pod.yml | podman --remote kube play -
|
||||||
|
|
@ -11,7 +11,7 @@ spec:
|
||||||
|
|
||||||
containers:
|
containers:
|
||||||
- name: postgres
|
- name: postgres
|
||||||
image: ${REGISTRY_HOST}/${APP_NAME}/postgres:${IMAGE_TAG}
|
image: docker.io/postgres:16
|
||||||
# Security: drop all capabilities, read-only root filesystem except data volume
|
# Security: drop all capabilities, read-only root filesystem except data volume
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
|
|
@ -60,7 +60,7 @@ spec:
|
||||||
cpu: "500m"
|
cpu: "500m"
|
||||||
|
|
||||||
- name: backend
|
- name: backend
|
||||||
image: ${REGISTRY_HOST}/${APP_NAME}/backend:${IMAGE_TAG}
|
image: ${REGISTRY_HOST}/${APP_NAME}/sharenet-backend-api-postgres:${IMAGE_TAG}
|
||||||
# Security: drop all capabilities, read-only root filesystem
|
# Security: drop all capabilities, read-only root filesystem
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
|
|
@ -109,7 +109,7 @@ spec:
|
||||||
cpu: "250m"
|
cpu: "250m"
|
||||||
|
|
||||||
- name: frontend
|
- name: frontend
|
||||||
image: ${REGISTRY_HOST}/${APP_NAME}/frontend:${IMAGE_TAG}
|
image: ${REGISTRY_HOST}/${APP_NAME}/sharenet-frontend:${IMAGE_TAG}
|
||||||
# Security: drop all capabilities, read-only root filesystem
|
# Security: drop all capabilities, read-only root filesystem
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
|
|
@ -142,7 +142,7 @@ spec:
|
||||||
cpu: "250m"
|
cpu: "250m"
|
||||||
|
|
||||||
- name: nginx
|
- name: nginx
|
||||||
image: ${REGISTRY_HOST}/${APP_NAME}/nginx:${IMAGE_TAG}
|
image: docker.io/nginx:alpine
|
||||||
# Security: drop all capabilities, read-only root filesystem
|
# Security: drop all capabilities, read-only root filesystem
|
||||||
securityContext:
|
securityContext:
|
||||||
readOnlyRootFilesystem: true
|
readOnlyRootFilesystem: true
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue