Production Deploy #551
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Production Deploy | |
| on: | |
| workflow_dispatch: | |
| env: | |
| CLOUD_ENV: lf-oracle-production | |
| ORACLE_DOCKER_USERNAME: ${{ secrets.ORACLE_DOCKER_USERNAME }} | |
| ORACLE_DOCKER_PASSWORD: ${{ secrets.ORACLE_DOCKER_PASSWORD }} | |
| ORACLE_USER: ${{ secrets.ORACLE_USER }} | |
| ORACLE_TENANT: ${{ secrets.ORACLE_TENANT }} | |
| ORACLE_REGION: ${{ secrets.ORACLE_REGION }} | |
| ORACLE_FINGERPRINT: ${{ secrets.ORACLE_FINGERPRINT }} | |
| ORACLE_KEY: ${{ secrets.ORACLE_KEY }} | |
| ORACLE_KEY_PASSPHRASE: ${{ secrets.ORACLE_KEY_PASSPHRASE }} | |
| ORACLE_CLUSTER: ${{ secrets.ORACLE_PRODUCTION_CLUSTER }} | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup OCI CLI and Kubectl | |
| run: | | |
| # Install OCI CLI | |
| curl -sL https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh | bash -s -- --accept-all-defaults | |
| echo "$HOME/bin" >> $GITHUB_PATH | |
| export PATH="$HOME/bin:$PATH" | |
| # Configure OCI CLI | |
| mkdir -p ~/.oci | |
| echo "${{ env.ORACLE_KEY }}" | base64 --decode > ~/.oci/oci_api_key.pem | |
| chmod 600 ~/.oci/oci_api_key.pem | |
| cat > ~/.oci/config << EOF | |
| [DEFAULT] | |
| user=${{ env.ORACLE_USER }} | |
| fingerprint=${{ env.ORACLE_FINGERPRINT }} | |
| key_file=$HOME/.oci/oci_api_key.pem | |
| tenancy=${{ env.ORACLE_TENANT }} | |
| region=${{ env.ORACLE_REGION }} | |
| pass_phrase=${{ env.ORACLE_KEY_PASSPHRASE }} | |
| EOF | |
| chmod 600 ~/.oci/config | |
| # Get kubeconfig | |
| $HOME/bin/oci ce cluster create-kubeconfig \ | |
| --cluster-id ${{ env.ORACLE_CLUSTER }} \ | |
| --file $HOME/.kube/config \ | |
| --region ${{ env.ORACLE_REGION }} \ | |
| --token-version 2.0.0 \ | |
| --kube-endpoint PUBLIC_ENDPOINT \ | |
| --overwrite | |
| - name: Load all envs from ConfigMap | |
| run: | | |
| kubectl get configmap insights-config-map -n insights -o json \ | |
| | jq -r '.data | to_entries[] | "\(.key)=\(.value)"' >> $GITHUB_ENV | |
| - name: Build docker image | |
| uses: ./.github/actions/build-docker-image | |
| id: build-docker-image | |
| with: | |
| app-env: production | |
| env: | |
| NUXT_REDIS_URL: ${{ env.NUXT_REDIS_URL }} | |
| - name: Update Deployment Image | |
| run: | | |
| kubectl set image deployment/insights-app-dpl frontend=${{ steps.build-docker-image.outputs.image }} -n insights | |
| kubectl rollout status deployment/insights-app-dpl -n insights --timeout=300s | |
| - name: Flush Redis cache | |
| run: | | |
| REDIS_URL=$(kubectl get configmap insights-config-map -n insights -o jsonpath="{.data.NUXT_REDIS_URL}") | |
| PASSWORD=$(echo "$REDIS_URL" | sed -n 's|.*://:\([^@]*\)@.*|\1|p') | |
| kubectl exec -i redis-client -n insights -- \ | |
| redis-cli -h redis-svc -a "$PASSWORD" FLUSHALL |