-
Notifications
You must be signed in to change notification settings - Fork 8
93 lines (75 loc) · 3.2 KB
/
cicd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# This workflow builds and deploys a GitHub Actions self hosted runner to Anthos GKE.
#
# REQUIREMENTS:
# - Setup steps in README, including adding appropriate secrets to repository
name: Self Hosted Runner CI/CD
on:
push:
branches:
- master
pull_request:
env:
GITHUB_REPO: ${{ secrets.REPO }} # Should be a private repository, see https://help.github.com/en/actions/hosting-your-own-runners/adding-self-hosted-runners
TOKEN: ${{ secrets.TOKEN }} # Personal Access Token used to register and deregister runners since GITHUB_TOKEN is only valid for one hour.
GCP_PROJECT: ${{ secrets.GCP_PROJECT }}
GKE_CLUSTER: self-hosted-runner-test-cluster
GKE_SECRETS: self-hosted-runner-creds
GCP_ZONE: us-west1-a
IMAGE: self-hosted-runner
jobs:
# Test and build
test:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
# Insert other testing and linting steps here, eg. container analysis (https://cloud.google.com/container-registry/docs/container-analysis)
# Ensure Docker image can be built
- name: Build image
run: docker build . -t gcr.io/"$GCP_PROJECT"/"$IMAGE":"$GITHUB_SHA"
# Build and publish image, apply Kubernetes manifest to deploy image to cluster
deploy:
needs: test
runs-on: ubuntu-latest
# Only on push to master (a merged PR)
if: github.ref == 'refs/heads/master' && github.event_name == 'push'
steps:
- name: Checkout
uses: actions/checkout@v2
# Configure Google Cloud credentials
- name: Configure Google Cloud credentials
uses: google-github-actions/[email protected]
with:
service_account_key: ${{ secrets.GCP_KEY }}
project_id: ${{ secrets.GCP_PROJECT }}
# Use gcloud CLI to configure docker authentication for subsequent push
- run: |
gcloud auth configure-docker
# Build Docker image
- name: Build image
run: docker build . -t gcr.io/"$GCP_PROJECT"/"$IMAGE":"$GITHUB_SHA"
# Configure Kubernetes
- name: Configure Kubernetes
run: |
gcloud container clusters get-credentials $GKE_CLUSTER --zone $GCP_ZONE
# Push the Docker image to Google Container Registry
- name: Publish
run: |
docker push gcr.io/"$GCP_PROJECT"/"$IMAGE":"$GITHUB_SHA"
# Set up kustomize
- name: Set up Kustomize
run: |-
curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64
chmod u+x ./kustomize
# Optional: Update secrets in Google Kubernetes Engine (GKE) cluster (to change repo the runner is available to or authentication token)
- name: Update secrets
run: |
kubectl get secrets $GKE_SECRETS -o json |
jq --arg repo "$(echo -n $GITHUB_REPO | base64)" '.data["GITHUB_REPO"]=$repo' |
jq --arg token "$(echo -n $TOKEN | base64)" '.data["TOKEN"]=$token' |
kubectl apply -f -
# Deploy to Google Kubernetes Engine (GKE) cluster
- name: Deploy
run: |-
./kustomize edit set image gcr.io/PROJECT_ID/IMAGE:TAG=gcr.io/$GCP_PROJECT/$IMAGE:$GITHUB_SHA
./kustomize build . | kubectl apply -f -