.github/workflows/kubernetes-cd.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

name: "CI/CD"
on: 
  push:
    branches:
    - master
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v1
    - name: Build container image
      run: |
        docker build -t xena/christinewebsite:$(echo $GITHUB_SHA | head -c7) .
        echo $DOCKER_PASSWORD | docker login -u $DOCKER_USERNAME --password-stdin
        docker push xena/christinewebsite
      env:
        DOCKER_USERNAME: "xena"
        DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
    - name: Download secrets/Install/Configure/Use Dyson
      run: |
        mkdir ~/.ssh
        echo $FILE_DATA | base64 -d > ~/.ssh/id_rsa
        md5sum ~/.ssh/id_rsa 
        chmod 600 ~/.ssh/id_rsa
        git clone git@ssh.tulpa.dev:cadey/within-terraform-secret
        curl https://xena.greedo.xeserv.us/files/dyson-linux-amd64-0.1.0.tgz | tar xz 
        cp ./dyson-linux-amd64-0.1.1/dyson .
        rm -rf dyson-linux-amd64-0.1.1
        mkdir -p ~/.config/dyson
        
        echo '[DigitalOcean]
        Token = ""
        
        [Cloudflare]
        Email = ""
        Token = ""
        
        [Secrets]
        GitCheckout = "./within-terraform-secret"' > ~/.config/dyson/dyson.ini
        
        ./dyson manifest \
          --name=christinewebsite \
          --domain=christine.website \
          --dockerImage=xena/christinewebsite:$(echo $GITHUB_SHA | head -c7) \
          --containerPort=5000 \
          --replicas=1 \
          --useProdLE=true > $GITHUB_WORKSPACE/deploy.yml
      env:
        FILE_DATA: ${{ secrets.SSH_PRIVATE_KEY }}
        GIT_SSH_COMMAND: "ssh -i ~/.ssh/id_rsa -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
    - name: Save DigitalOcean kubeconfig
      uses: digitalocean/action-doctl@master
      env:
        DIGITALOCEAN_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_TOKEN }}
      with:
        args: kubernetes cluster kubeconfig show kubermemes > $GITHUB_WORKSPACE/.kubeconfig
    - name: Deploy to DigitalOcean Kubernetes
      uses: docker://lachlanevenson/k8s-kubectl
      with:
        args: --kubeconfig=/github/workspace/.kubeconfig apply -n apps -f /github/workspace/deploy.yml
    - name: Verify deployment
      uses: docker://lachlanevenson/k8s-kubectl
      with:
        args: --kubeconfig=/github/workspace/.kubeconfig rollout status -n apps deployment/christinewebsite
    - name: Ping Google
      uses: docker://lachlanevenson/k8s-kubectl
      with:
        args: --kubeconfig=/github/workspace/.kubeconfig apply -f /github/workspace/k8s/job.yml
    - name: Sleep
      run: |
        sleep 5
    - name: Don't Ping Google
      uses: docker://lachlanevenson/k8s-kubectl
      with:
        args: --kubeconfig=/github/workspace/.kubeconfig delete -f /github/workspace/k8s/job.yml
    - name: POSSE
      env:
        MI_TOKEN: ${{ secrets.MI_TOKEN }}
      run: |
        curl -H "Authorization: $MI_TOKEN" --data "https://christine.website/blog.json" https://mi.within.website/blog/refresh