fix(deploy): bump Envoy sidecar past stale-image gate, expose pod ann… #123
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Deployment | |
| on: | |
| push: | |
| branches: [main] | |
| concurrency: | |
| group: deploy-main | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| packages: write | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_PREFIX: ghcr.io/kagenti/humr | |
| jobs: | |
| build-images: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| strategy: | |
| matrix: | |
| include: | |
| - component: controller | |
| dockerfile: packages/controller/Dockerfile | |
| context: packages/controller | |
| - component: api-server | |
| dockerfile: packages/api-server/Dockerfile | |
| context: . | |
| - component: ui | |
| dockerfile: packages/ui/Dockerfile | |
| context: . | |
| - component: humr-base | |
| dockerfile: packages/humr-base/Dockerfile | |
| context: . | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-qemu-action@v3 | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE_PREFIX }}/${{ matrix.component }} | |
| tags: type=sha,prefix=,format=long | |
| - uses: docker/build-push-action@v6 | |
| with: | |
| context: ${{ matrix.context }} | |
| file: ${{ matrix.dockerfile }} | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha,scope=${{ matrix.component }} | |
| cache-to: type=gha,mode=max,scope=${{ matrix.component }} | |
| build-claude-code: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| needs: build-images | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-qemu-action@v3 | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE_PREFIX }}/claude-code | |
| tags: type=sha,prefix=,format=long | |
| - uses: docker/build-push-action@v6 | |
| with: | |
| context: packages/agents/claude-code | |
| file: packages/agents/claude-code/Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| build-args: | | |
| BASE_IMAGE=${{ env.IMAGE_PREFIX }}/humr-base:${{ github.sha }} | |
| cache-from: type=gha,scope=claude-code | |
| cache-to: type=gha,mode=max,scope=claude-code | |
| build-google-workspace-agent: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| needs: build-images | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-qemu-action@v3 | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE_PREFIX }}/google-workspace-agent | |
| tags: type=sha,prefix=,format=long | |
| - uses: docker/build-push-action@v6 | |
| with: | |
| context: packages/agents/google-workspace | |
| file: packages/agents/google-workspace/Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| build-args: | | |
| BASE_IMAGE=${{ env.IMAGE_PREFIX }}/humr-base:${{ github.sha }} | |
| cache-from: type=gha,scope=google-workspace-agent | |
| cache-to: type=gha,mode=max,scope=google-workspace-agent | |
| build-code-guardian: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| needs: build-images | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-qemu-action@v3 | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE_PREFIX }}/code-guardian | |
| tags: type=sha,prefix=,format=long | |
| - uses: docker/build-push-action@v6 | |
| with: | |
| context: packages/agents/code-guardian | |
| file: packages/agents/code-guardian/Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| build-args: | | |
| BASE_IMAGE=${{ env.IMAGE_PREFIX }}/humr-base:${{ github.sha }} | |
| cache-from: type=gha,scope=code-guardian | |
| cache-to: type=gha,mode=max,scope=code-guardian | |
| build-pi-agent: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| needs: build-images | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: docker/setup-qemu-action@v3 | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.IMAGE_PREFIX }}/pi-agent | |
| tags: type=sha,prefix=,format=long | |
| - uses: docker/build-push-action@v6 | |
| with: | |
| context: packages/agents/pi-agent | |
| file: packages/agents/pi-agent/Dockerfile | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| build-args: | | |
| BASE_IMAGE=${{ env.IMAGE_PREFIX }}/humr-base:${{ github.sha }} | |
| cache-from: type=gha,scope=pi-agent | |
| cache-to: type=gha,mode=max,scope=pi-agent | |
| helm-package: | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| needs: [build-images, build-claude-code, build-google-workspace-agent, build-code-guardian, build-pi-agent] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: azure/setup-helm@v4 | |
| - name: Log in to GHCR OCI | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | helm registry login ghcr.io --username ${{ github.actor }} --password-stdin | |
| - name: Package Helm chart (SHA-pinned) | |
| run: helm package deploy/helm/humr --version 0.0.0-${{ github.sha }} --app-version ${{ github.sha }} | |
| - name: Push SHA-pinned chart | |
| run: helm push humr-0.0.0-${{ github.sha }}.tgz oci://ghcr.io/kagenti/humr/charts | |
| - name: Package Helm chart (main floating tag) | |
| run: helm package deploy/helm/humr --version 0.0.0-main --app-version ${{ github.sha }} | |
| - name: Push main-floating chart | |
| run: helm push humr-0.0.0-main.tgz oci://ghcr.io/kagenti/humr/charts | |
| deploy: | |
| runs-on: arc-runner-set | |
| timeout-minutes: 10 | |
| needs: helm-package | |
| environment: | |
| name: Development | |
| env: | |
| HOME: /tmp | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: azure/setup-helm@v4 | |
| - name: Deploy via Helm | |
| run: | | |
| helm upgrade ${{ vars.HELM_RELEASE }} \ | |
| oci://ghcr.io/kagenti/humr/charts/humr \ | |
| --version 0.0.0-${{ github.sha }} \ | |
| --namespace ${{ vars.HELM_NAMESPACE }} \ | |
| --reset-then-reuse-values \ | |
| --timeout 5m | |
| - uses: azure/setup-kubectl@v4 | |
| - name: Wait for rollout | |
| run: | | |
| kubectl rollout status statefulset --namespace ${{ vars.HELM_NAMESPACE }} --timeout=5m | |
| kubectl rollout status deployment --namespace ${{ vars.HELM_NAMESPACE }} --timeout=5m |