105 lines
3.1 KiB
YAML
105 lines
3.1 KiB
YAML
name: helm-deploy
|
|
description: Deploy a service to Kubernetes via Helm over SSH
|
|
|
|
inputs:
|
|
service-name:
|
|
description: Helm release name
|
|
required: true
|
|
helm-cluster:
|
|
description: Name of the target Kubernetes cluster to deploy to
|
|
required: true
|
|
overrides-file:
|
|
description: Local path to Helm values override file
|
|
required: false
|
|
default: kubernetes/overrides-pu.yaml
|
|
image-tag:
|
|
description: Docker image tag to deploy
|
|
required: true
|
|
ssh-key:
|
|
description: Private SSH key content
|
|
required: true
|
|
namespace:
|
|
description: Kubernetes namespace
|
|
required: false
|
|
default: dsp
|
|
helm-repo:
|
|
description: Helm chart repository name
|
|
required: false
|
|
default: nexus-helm-repository
|
|
helm-chart:
|
|
description: Chart name in the repo
|
|
required: false
|
|
default: DSP-Blueprint
|
|
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
- name: Setup SSH key
|
|
shell: bash
|
|
env:
|
|
SSH_KEY: ${{ inputs.ssh-key }}
|
|
run: |
|
|
set -euo pipefail
|
|
SSH_KEY_FILE=$(mktemp)
|
|
printf '%s\n' "$SSH_KEY" > "$SSH_KEY_FILE"
|
|
chmod 600 "$SSH_KEY_FILE"
|
|
echo "SSH_KEY_FILE=$SSH_KEY_FILE" >> "$GITHUB_ENV"
|
|
|
|
- name: Map cluster name to target host
|
|
id: map-host
|
|
shell: bash
|
|
env:
|
|
HELM_CLUSTER: ${{ inputs.helm-cluster }}
|
|
run: |
|
|
case "$HELM_CLUSTER" in
|
|
internal_stage) echo "host=dsp1-stage.schmalzgroup.net" ;;
|
|
internal_prod) echo "host=dsp1.schmalzgroup.net" ;;
|
|
*) echo "Invalid cluster '$HELM_CLUSTER'. Must be 'internal_stage' or 'internal_prod'." && exit 1 ;;
|
|
esac >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Copy overrides file
|
|
shell: bash
|
|
env:
|
|
HELM_HOST: ${{ steps.map-host.outputs.host }}
|
|
SERVICE_NAME: ${{ inputs.service-name }}
|
|
OVERRIDES_FILE: ${{ inputs.overrides-file }}
|
|
run: |
|
|
set -euo pipefail
|
|
scp -i "$SSH_KEY_FILE" \
|
|
-o StrictHostKeyChecking=no \
|
|
-o BatchMode=yes \
|
|
-o ConnectTimeout=10 \
|
|
"$OVERRIDES_FILE" \
|
|
"root@${HELM_HOST}:/tmp/${SERVICE_NAME}-overrides.yaml"
|
|
|
|
- name: Helm deploy
|
|
shell: bash
|
|
env:
|
|
HELM_HOST: ${{ steps.map-host.outputs.host }}
|
|
SERVICE_NAME: ${{ inputs.service-name }}
|
|
NAMESPACE: ${{ inputs.namespace }}
|
|
HELM_REPO: ${{ inputs.helm-repo }}
|
|
HELM_CHART: ${{ inputs.helm-chart }}
|
|
IMAGE_TAG: ${{ inputs.image-tag }}
|
|
run: |
|
|
set -euo pipefail
|
|
ssh -i "$SSH_KEY_FILE" \
|
|
-o StrictHostKeyChecking=no \
|
|
-o BatchMode=yes \
|
|
-o ConnectTimeout=10 \
|
|
-o ServerAliveInterval=30 \
|
|
-o ServerAliveCountMax=5 \
|
|
"root@${HELM_HOST}" \
|
|
"helm repo update && \
|
|
helm upgrade --install --create-namespace \
|
|
-n '${NAMESPACE}' \
|
|
'${SERVICE_NAME}' \
|
|
'${HELM_REPO}/${HELM_CHART}' \
|
|
-f '/tmp/${SERVICE_NAME}-overrides.yaml' \
|
|
--set image.tag='${IMAGE_TAG}' \
|
|
--atomic --debug"
|
|
|
|
- name: Cleanup SSH key
|
|
if: always()
|
|
shell: bash
|
|
run: rm -f "$SSH_KEY_FILE"
|