Skip to content
Test and deploy to GKE

server: adjust runner hook secret checking #96

Sign in to view logs

server: adjust runner hook secret checking

server: adjust runner hook secret checking #96

Workflow file for this run

.github/workflows/main.yml at 75702b9
name: Test and deploy to GKE
on:
push:
branches:
- main
pull_request:
permissions:
contents: read
jobs:
checks:
runs-on: ubuntu-latest
env:
BUNDLE_WITH: development
steps:
- name: Checkout
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: "3.2"
bundler-cache: true
- name: Run RuboCop
run: bundle exec rubocop
deploy:
needs: checks
if: github.repository_owner == 'Homebrew' && github.event_name == 'push'
runs-on: ubuntu-latest
environment: production
concurrency: production
env:
IMAGE: us-central1-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/homebrew-docker/ci-orchestrator:${{ github.sha }}
permissions:
contents: read
id-token: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Authenticate to Google Cloud
id: gcloud-auth
uses: google-github-actions/auth@v1
with:
token_format: access_token
workload_identity_provider: projects/${{ secrets.GCP_PROJECT_NUM }}/locations/global/workloadIdentityPools/ci-orchestrator-deploy/providers/github-actions
service_account: ci-orchestrator-deploy@${{ secrets.GCP_PROJECT_ID }}.iam.gserviceaccount.com
- name: Configure Docker
run: |-
echo ${{ steps.gcloud-auth.outputs.access_token }} | docker login -u oauth2accesstoken --password-stdin https://us-central1-docker.pkg.dev
- name: Build Docker image
run: |-
docker build --tag "$IMAGE" .
- name: Publish Docker image
run: |-
docker push "$IMAGE"
- name: Get GKE credentials
uses: google-github-actions/get-gke-credentials@v1
with:
cluster_name: ci-orchestrator
location: us-central1-c
- name: Deploy Kubernetes
working-directory: deployment
env:
CERTBOT_EMAIL: ${{ secrets.CERTBOT_EMAIL }}
DOMAIN: ${{ secrets.DOMAIN }}
PUBLIC_IP: ${{ secrets.PUBLIC_IP }}
ORKA_BASE_URL: ${{ secrets.ORKA_BASE_URL }}
GITHUB_APP_ID: ${{ secrets.GITHUBAPP_ID }}
GITHUB_CLIENT_ID: ${{ secrets.GITHUBCLIENT_ID }}
GITHUB_ORGANISATION: ${{ github.repository_owner }}
GITHUB_INSTALLATION_ID: ${{ secrets.GITHUBAPP_INSTALLATION_ID }}
run: |-
sed -f /dev/stdin deployment.yml.in > deployment.yml <<SED_SCRIPT
s|@IMAGE@|$IMAGE|g
s|@CERTBOT_EMAIL@|$CERTBOT_EMAIL|g
SED_SCRIPT
sed -f /dev/stdin config.yml.in > config.yml <<SED_SCRIPT
s|@DOMAIN@|$DOMAIN|g
s|@PUBLIC_IP@|$PUBLIC_IP|g
s|@ORKA_BASE_URL@|$ORKA_BASE_URL|g
s|@GITHUB_APP_ID@|$GITHUB_APP_ID|g
s|@GITHUB_CLIENT_ID@|$GITHUB_CLIENT_ID|g
s|@GITHUB_ORGANISATION@|$GITHUB_ORGANISATION|g
s|@GITHUB_INSTALLATION_ID@|$GITHUB_INSTALLATION_ID|g
SED_SCRIPT
kubectl apply -f .
kubectl rollout status statefulset/ci-orchestrator