name: helm-deploy description: Deploy a service to Kubernetes via Helm over SSH inputs: service-name: description: Helm release name required: true helm-host: description: SSH target (e.g., dsp1-stage.schmalzgroup.net) required: true overrides-file: description: Local path to Helm values override file required: false default: kubernetes/overrides-pu.yaml image-tag: description: Docker image tag to deploy required: true ssh-key: description: Private SSH key content required: true namespace: description: Kubernetes namespace required: false default: dsp helm-repo: description: Helm chart repository name required: false default: nexus-helm-repository helm-chart: description: Chart name in the repo required: false default: DSP-Blueprint runs: using: composite steps: - name: Setup SSH key shell: bash env: SSH_KEY: ${{ inputs.ssh-key }} run: | set -euo pipefail SSH_KEY_FILE=$(mktemp) printf '%s\n' "$SSH_KEY" > "$SSH_KEY_FILE" chmod 600 "$SSH_KEY_FILE" echo "SSH_KEY_FILE=$SSH_KEY_FILE" >> "$GITHUB_ENV" - name: Copy overrides file shell: bash env: HELM_HOST: ${{ inputs.helm-host }} SERVICE_NAME: ${{ inputs.service-name }} OVERRIDES_FILE: ${{ inputs.overrides-file }} run: | set -euo pipefail scp -i "$SSH_KEY_FILE" \ -o StrictHostKeyChecking=no \ -o BatchMode=yes \ -o ConnectTimeout=10 \ "$OVERRIDES_FILE" \ "root@${HELM_HOST}:/tmp/${SERVICE_NAME}-overrides.yaml" - name: Helm deploy shell: bash env: HELM_HOST: ${{ inputs.helm-host }} SERVICE_NAME: ${{ inputs.service-name }} NAMESPACE: ${{ inputs.namespace }} HELM_REPO: ${{ inputs.helm-repo }} HELM_CHART: ${{ inputs.helm-chart }} IMAGE_TAG: ${{ inputs.image-tag }} run: | set -euo pipefail ssh -i "$SSH_KEY_FILE" \ -o StrictHostKeyChecking=no \ -o BatchMode=yes \ -o ConnectTimeout=10 \ -o ServerAliveInterval=30 \ -o ServerAliveCountMax=5 \ "root@${HELM_HOST}" \ "helm repo update && \ helm upgrade --install --create-namespace \ -n '${NAMESPACE}' \ '${SERVICE_NAME}' \ '${HELM_REPO}/${HELM_CHART}' \ -f '/tmp/${SERVICE_NAME}-overrides.yaml' \ --set image.tag='${IMAGE_TAG}' \ --atomic --debug" - name: Cleanup SSH key if: always() shell: bash run: rm -f "$SSH_KEY_FILE"