schmalz/shared-actions
15
0
Fork 0
Code Issues Pull requests 2 Releases Packages Activity Actions
shared-actions/helm-deploy/action.yml
Michael Seele 4deaa505e0
All checks were successful
Aikido Security PR Check / Aikido Security Scan (pull_request) Successful in 1m4s
Details
validate-shared-actions / validate-shared-actions (pull_request) Successful in 51s
Details
feat: add helm-deploy action
2026-05-05 12:47:00 +00:00

93 lines
2.6 KiB
YAML
Raw Blame History

name: helm-deploy
description: Deploy a service to Kubernetes via Helm over SSH
inputs:
service-name:
description: Helm release name
required: true
helm-host:
description: SSH target (e.g., dsp1-stage.schmalzgroup.net)
required: true
overrides-file:
description: Local path to Helm values override file
required: false
default: kubernetes/overrides-pu.yaml
image-tag:
description: Docker image tag to deploy
required: true
ssh-key:
description: Private SSH key content
required: true
namespace:
description: Kubernetes namespace
required: false
default: dsp
helm-repo:
description: Helm chart repository name
required: false
default: nexus-helm-repository
helm-chart:
description: Chart name in the repo
required: false
default: DSP-Blueprint
runs:
using: composite
steps:
- name: Setup SSH key
shell: bash
env:
SSH_KEY: ${{ inputs.ssh-key }}
run: |
set -euo pipefail
SSH_KEY_FILE=$(mktemp)
printf '%s\n' "$SSH_KEY" > "$SSH_KEY_FILE"
chmod 600 "$SSH_KEY_FILE"
echo "SSH_KEY_FILE=$SSH_KEY_FILE" >> "$GITHUB_ENV"
- name: Copy overrides file
shell: bash
env:
HELM_HOST: ${{ inputs.helm-host }}
SERVICE_NAME: ${{ inputs.service-name }}
OVERRIDES_FILE: ${{ inputs.overrides-file }}
run: |
set -euo pipefail
scp -i "$SSH_KEY_FILE" \
-o StrictHostKeyChecking=no \
-o BatchMode=yes \
-o ConnectTimeout=10 \
"$OVERRIDES_FILE" \
"root@${HELM_HOST}:/tmp/${SERVICE_NAME}-overrides.yaml"
- name: Helm deploy
shell: bash
env:
HELM_HOST: ${{ inputs.helm-host }}
SERVICE_NAME: ${{ inputs.service-name }}
NAMESPACE: ${{ inputs.namespace }}
HELM_REPO: ${{ inputs.helm-repo }}
HELM_CHART: ${{ inputs.helm-chart }}
IMAGE_TAG: ${{ inputs.image-tag }}
run: |
set -euo pipefail
ssh -i "$SSH_KEY_FILE" \
-o StrictHostKeyChecking=no \
-o BatchMode=yes \
-o ConnectTimeout=10 \
-o ServerAliveInterval=30 \
-o ServerAliveCountMax=5 \
"root@${HELM_HOST}" \
"helm repo update && \
helm upgrade --install --create-namespace \
-n '${NAMESPACE}' \
'${SERVICE_NAME}' \
'${HELM_REPO}/${HELM_CHART}' \
-f '/tmp/${SERVICE_NAME}-overrides.yaml' \
--set image.tag='${IMAGE_TAG}' \
--atomic --debug"
- name: Cleanup SSH key
if: always()
shell: bash
run: rm -f "$SSH_KEY_FILE"
View git blame Copy permalink