Skip to content

Commit 3d3b559

Browse files
mucsi96mucsi96
authored
Merge pull request #8 from mucsi96/claude/update-deployment-secrets-vB3oZ
Externalize Docker Hub username and Azure Key Vault endpoint
2 parents d3317ba + ef9758e commit 3d3b559

2 files changed

Lines changed: 17 additions & 13 deletions

File tree

.github/workflows/pipeline.yml

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -64,14 +64,14 @@ jobs:
6464
if: steps.get_next_version.outputs.hasNextVersion == 'true'
6565
uses: docker/login-action@v4
6666
with:
67-
username: ${{ github.repository_owner }}
67+
username: ${{ secrets.DOCKERHUB_USERNAME }}
6868
password: ${{ secrets.DOCKERHUB_TOKEN }}
6969

7070
- name: Build and push server image
7171
if: steps.get_next_version.outputs.hasNextVersion == 'true'
7272
run: |
73-
docker build -t ${{ github.repository_owner }}/skeleton-app-server:${{ steps.get_next_version.outputs.version }} server
74-
docker push ${{ github.repository_owner }}/skeleton-app-server:${{ steps.get_next_version.outputs.version }}
73+
docker build -t ${{ secrets.DOCKERHUB_USERNAME }}/skeleton-app-server:${{ steps.get_next_version.outputs.version }} server
74+
docker push ${{ secrets.DOCKERHUB_USERNAME }}/skeleton-app-server:${{ steps.get_next_version.outputs.version }}
7575
7676
- name: Create release
7777
if: steps.get_next_version.outputs.hasNextVersion == 'true'
@@ -104,14 +104,14 @@ jobs:
104104
if: steps.get_next_version.outputs.hasNextVersion == 'true'
105105
uses: docker/login-action@v4
106106
with:
107-
username: ${{ github.repository_owner }}
107+
username: ${{ secrets.DOCKERHUB_USERNAME }}
108108
password: ${{ secrets.DOCKERHUB_TOKEN }}
109109

110110
- name: Build and push client image
111111
if: steps.get_next_version.outputs.hasNextVersion == 'true'
112112
run: |
113-
docker build -t ${{ github.repository_owner }}/skeleton-app-client:${{ steps.get_next_version.outputs.version }} client
114-
docker push ${{ github.repository_owner }}/skeleton-app-client:${{ steps.get_next_version.outputs.version }}
113+
docker build -t ${{ secrets.DOCKERHUB_USERNAME }}/skeleton-app-client:${{ steps.get_next_version.outputs.version }} client
114+
docker push ${{ secrets.DOCKERHUB_USERNAME }}/skeleton-app-client:${{ steps.get_next_version.outputs.version }}
115115
116116
- name: Create release
117117
if: steps.get_next_version.outputs.hasNextVersion == 'true'
@@ -137,4 +137,6 @@ jobs:
137137
K8S_CONFIG: ${{ secrets.K8S_CONFIG }}
138138
HOSTNAME: ${{ secrets.HOSTNAME }}
139139
API_CLIENT_ID: ${{ secrets.API_CLIENT_ID }}
140+
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
141+
AZURE_KEYVAULT_ENDPOINT: ${{ secrets.AZURE_KEYVAULT_ENDPOINT }}
140142
run: scripts/deploy.sh

scripts/deploy.sh

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@ set -e # Exit immediately if a command exits with a non-zero status
55
: "${K8S_CONFIG:?Environment variable K8S_CONFIG is required}"
66
: "${HOSTNAME:?Environment variable HOSTNAME is required}"
77
: "${API_CLIENT_ID:?Environment variable API_CLIENT_ID is required}"
8+
: "${DOCKERHUB_USERNAME:?Environment variable DOCKERHUB_USERNAME is required}"
9+
: "${AZURE_KEYVAULT_ENDPOINT:?Environment variable AZURE_KEYVAULT_ENDPOINT is required}"
810

911
# Create a temporary file in /dev/shm (RAM) to avoid writing to disk
1012
KUBECONFIG_FILE=$(mktemp /dev/shm/kubeconfig.XXXXXX)
@@ -16,28 +18,28 @@ export KUBECONFIG="$KUBECONFIG_FILE"
1618
trap 'rm -f "$KUBECONFIG_FILE"' EXIT
1719

1820
# Get latest tags for both server and client
19-
serverLatestTag=$(curl -s "https://registry.hub.docker.com/v2/repositories/mucsi96/skeleton-app-server/tags" | jq -r '.results | map(select(.name != "latest")) | sort_by(.last_updated) | reverse | .[0].name')
20-
clientLatestTag=$(curl -s "https://registry.hub.docker.com/v2/repositories/mucsi96/skeleton-app-client/tags" | jq -r '.results | map(select(.name != "latest")) | sort_by(.last_updated) | reverse | .[0].name')
21+
serverLatestTag=$(curl -s "https://registry.hub.docker.com/v2/repositories/$DOCKERHUB_USERNAME/skeleton-app-server/tags" | jq -r '.results | map(select(.name != "latest")) | sort_by(.last_updated) | reverse | .[0].name')
22+
clientLatestTag=$(curl -s "https://registry.hub.docker.com/v2/repositories/$DOCKERHUB_USERNAME/skeleton-app-client/tags" | jq -r '.results | map(select(.name != "latest")) | sort_by(.last_updated) | reverse | .[0].name')
2123

2224
echo "Updating Helm repositories..."
2325
helm repo add mucsi96 https://mucsi96.github.io/k8s-helm-charts --force-update
2426

2527
springAppChartVersion=$(helm search repo mucsi96/spring-app --output json | jq -r '.[0].version')
2628
clientAppChartVersion=$(helm search repo mucsi96/client-app --output json | jq -r '.[0].version')
2729

28-
echo "Deploying server: mucsi96/skeleton-app-server:$serverLatestTag to $HOSTNAME using spring-app chart $springAppChartVersion"
30+
echo "Deploying server: $DOCKERHUB_USERNAME/skeleton-app-server:$serverLatestTag to $HOSTNAME using spring-app chart $springAppChartVersion"
2931

3032
helm upgrade hello-server mucsi96/spring-app \
3133
--install \
3234
--version $springAppChartVersion \
3335
--namespace hello \
34-
--set image=mucsi96/skeleton-app-server:$serverLatestTag \
36+
--set image=$DOCKERHUB_USERNAME/skeleton-app-server:$serverLatestTag \
3537
--set entryPoint=web \
3638
--set host=$HOSTNAME \
3739
--set basePath=/api \
3840
--set clientId=$API_CLIENT_ID \
3941
--set serviceAccountName=hello-api-workload-identity \
40-
--set env.AZURE_KEYVAULT_ENDPOINT=https://p06-hello.vault.azure.net \
42+
--set env.AZURE_KEYVAULT_ENDPOINT=$AZURE_KEYVAULT_ENDPOINT \
4143
--set env.STORAGE_DIRECTORY=/app/storage \
4244
--set persistentVolumeClaims[0].name=hello-pvc \
4345
--set persistentVolumeClaims[0].accessMode=ReadWriteOnce \
@@ -51,13 +53,13 @@ helm upgrade hello-server mucsi96/spring-app \
5153
--set resources.limits.cpu=2 \
5254
--wait
5355

54-
echo "Deploying client: mucsi96/skeleton-app-client:$clientLatestTag to $HOSTNAME using client-app chart $clientAppChartVersion"
56+
echo "Deploying client: $DOCKERHUB_USERNAME/skeleton-app-client:$clientLatestTag to $HOSTNAME using client-app chart $clientAppChartVersion"
5557

5658
helm upgrade hello-client mucsi96/client-app \
5759
--install \
5860
--version $clientAppChartVersion \
5961
--namespace hello \
60-
--set image=mucsi96/skeleton-app-client:$clientLatestTag \
62+
--set image=$DOCKERHUB_USERNAME/skeleton-app-client:$clientLatestTag \
6163
--set host=$HOSTNAME \
6264
--set entryPoint=web \
6365
--wait

0 commit comments

Comments
 (0)