actions/.gitea/workflows/werf-deploy-template.yml

on:
  workflow_call:
    inputs:
      stand_name:
        description: 'Stand name, has influence on addresses and settings.'
        required: true
        type: string
      kube_namespace:
        required: true
        type: string
      docker_repo_path:
        default: private.docker.wilix.dev
        required: false
        type: string
      docker_images_path:
        required: true
        type: string
      has_secrets:
        default: true
        required: false
        type: boolean
      werf_secret_key_vault_location:
        required: true
        type: string
      werf_debug:
        default: false
        required: false
        type: boolean
    secrets:
      VAULT_ROLE_ID:
        required: true
      VAULT_SECRET_ID:
        required: true

# FIXME Убрать хардкод для токена оповещений и канала оповещений

jobs:
  converge:
    name: Deploy stand
    runs-on: ubuntu-latest
    steps:

      - name: Checkout code
        uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - id: import-secrets
        uses: https://github.com/hashicorp/vault-action@v2
        with:
          url: https://vault.wilix.dev
          method: approle
          roleId: ${{ secrets.VAULT_ROLE_ID }}
          secretId: ${{ secrets.VAULT_SECRET_ID }}
          secrets: |
            dev/wilix/main/data/ci local_cluster_kube_config_base64 ;
            dev/wilix/main/data/ci docker_registry_username ;
            dev/wilix/main/data/ci docker_registry_password ;
            dev/wilix/loop/data/ci/loop-vizor notification_url | MATTERMOST_WEBHOOK_URL ;

      - name: Login to nexus docker
        uses: https://github.com/docker/login-action@v2
        with:
          registry: ${{ inputs.docker_repo_path }}
          username: ${{ steps.import-secrets.outputs.docker_registry_username }}
          password: ${{ steps.import-secrets.outputs.docker_registry_password }}

      - name: Install werf
        uses: https://github.com/werf/actions/install@v1.2

      - name: Add helm repositories
        run: |
          werf helm repo add wilix-dysnix https://artifacts.wilix.dev/repository/helm-dysnix
          werf helm repo add wilix-bitnami https://artifacts.wilix.dev/repository/helm-bitnami

      - name: Get werf secret key if needed
        if: ${{ inputs.has_secrets }}
        uses: https://github.com/hashicorp/vault-action@v2
        with:
          url: https://vault.wilix.dev
          method: approle
          roleId: ${{ secrets.VAULT_ROLE_ID }}
          secretId: ${{ secrets.VAULT_SECRET_ID }}
          secrets: |
            ${{ inputs.werf_secret_key_vault_location }} | WERF_SECRET_KEY ;

      - name: Setup secrets if need
        if: ${{ inputs.has_secrets }}
        run: echo "WERF_SECRET_VALUES_STAND=.helm/secret-values-${{ inputs.stand_name }}.yaml" >> "$GITHUB_ENV"

      - name: Setup debug if need
        if: ${{ inputs.werf_debug }}
        run: echo "WERF_LOG_DEBUG=true" >> "$GITHUB_ENV"

      - name: Deploy
        run: werf converge
        env:
          WERF_ENV: ${{ inputs.stand_name }}
          WERF_VALUES_STAND: '.helm/values-${{ inputs.stand_name }}.yaml'
          WERF_NAMESPACE: ${{ inputs.kube_namespace }}
          WERF_REPO: ${{ inputs.docker_repo_path }}/${{ inputs.docker_images_path }}
          WERF_KUBECONFIG_BASE64: ${{ steps.import-secrets.outputs.local_cluster_kube_config_base64 }}

      - name: prepare success notification body
        uses: https://github.com/finnp/create-file-action@master
        env:
          FILE_NAME: "mattermost.json"
          FILE_DATA: |
            {
              "channel": "project_loop_notifications",
              "attachments": [
                {
                  "fallback": "Деплой прошел успешно для ${{ gitea.repository }}",
                  "text": "Деплой прошел успешно для ${{ gitea.repository }} в ${{ inputs.stand_name }}",
                  "color": "#00FF00",
                  "fields": [
                    {
                      "short": true,
                      "title": "Сборка",
                      "value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
                    }
                  ]
                }
              ]
            }

      - name: prepare failed notification body
        uses: https://github.com/finnp/create-file-action@master
        if: failure()
        env:
          FILE_NAME: "mattermost.json"
          FILE_DATA: |
            {
              "channel": "project_loop_notifications",
              "attachments": [
                {
                  "fallback": "Деплой упал для ${{ gitea.repository }}",
                  "text": "Деплой упал для ${{ gitea.repository }} в ${{ inputs.stand_name }}",
                  "color": "#FF0000",
                  "fields": [
                    {
                      "short": true,
                      "title": "Сборка",
                      "value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
                    }
                  ]
                }
              ]
            }

      - name: loop fail notification
        uses: https://github.com/mattermost/action-mattermost-notify@master
        if: ${{ job.status == 'success' || job.status == 'failure' }}
Moved drone deploy template. 2023-05-29 16:19:32 +00:00			`on:`
			`workflow_call:`
			`inputs:`
			`stand_name:`
			`description: 'Stand name, has influence on addresses and settings.'`
			`required: true`
			`type: string`
			`kube_namespace:`
			`required: true`
			`type: string`
			`docker_repo_path:`
			`default: private.docker.wilix.dev`
			`required: false`
			`type: string`
			`docker_images_path:`
			`required: true`
			`type: string`
			`has_secrets:`
			`default: true`
			`required: false`
			`type: boolean`
			`werf_secret_key_vault_location:`
			`required: true`
			`type: string`
			`werf_debug:`
			`default: false`
			`required: false`
			`type: boolean`
			`secrets:`
			`VAULT_ROLE_ID:`
			`required: true`
			`VAULT_SECRET_ID:`
			`required: true`

			`# FIXME Убрать хардкод для токена оповещений и канала оповещений`

			`jobs:`
			`converge:`
			`name: Deploy stand`
			`runs-on: ubuntu-latest`
			`steps:`

			`- name: Checkout code`
			`uses: actions/checkout@v3`
			`with:`
			`fetch-depth: 0`

			`- id: import-secrets`
			`uses: https://github.com/hashicorp/vault-action@v2`
			`with:`
			`url: https://vault.wilix.dev`
			`method: approle`
			`roleId: ${{ secrets.VAULT_ROLE_ID }}`
			`secretId: ${{ secrets.VAULT_SECRET_ID }}`
			`secrets: \|`
			`dev/wilix/main/data/ci local_cluster_kube_config_base64 ;`
			`dev/wilix/main/data/ci docker_registry_username ;`
			`dev/wilix/main/data/ci docker_registry_password ;`
			`dev/wilix/loop/data/ci/loop-vizor notification_url \| MATTERMOST_WEBHOOK_URL ;`

			`- name: Login to nexus docker`
			`uses: https://github.com/docker/login-action@v2`
			`with:`
			`registry: ${{ inputs.docker_repo_path }}`
			`username: ${{ steps.import-secrets.outputs.docker_registry_username }}`
			`password: ${{ steps.import-secrets.outputs.docker_registry_password }}`

			`- name: Install werf`
			`uses: https://github.com/werf/actions/install@v1.2`

			`- name: Add helm repositories`
			`run: \|`
			`werf helm repo add wilix-dysnix https://artifacts.wilix.dev/repository/helm-dysnix`
			`werf helm repo add wilix-bitnami https://artifacts.wilix.dev/repository/helm-bitnami`

			`- name: Get werf secret key if needed`
			`if: ${{ inputs.has_secrets }}`
			`uses: https://github.com/hashicorp/vault-action@v2`
			`with:`
			`url: https://vault.wilix.dev`
			`method: approle`
			`roleId: ${{ secrets.VAULT_ROLE_ID }}`
			`secretId: ${{ secrets.VAULT_SECRET_ID }}`
			`secrets: \|`
			`${{ inputs.werf_secret_key_vault_location }} \| WERF_SECRET_KEY ;`

			`- name: Setup secrets if need`
			`if: ${{ inputs.has_secrets }}`
			`run: echo "WERF_SECRET_VALUES_STAND=.helm/secret-values-${{ inputs.stand_name }}.yaml" >> "$GITHUB_ENV"`

			`- name: Setup debug if need`
			`if: ${{ inputs.werf_debug }}`
			`run: echo "WERF_LOG_DEBUG=true" >> "$GITHUB_ENV"`

			`- name: Deploy`
			`run: werf converge`
			`env:`
			`WERF_ENV: ${{ inputs.stand_name }}`
			`WERF_VALUES_STAND: '.helm/values-${{ inputs.stand_name }}.yaml'`
			`WERF_NAMESPACE: ${{ inputs.kube_namespace }}`
			`WERF_REPO: ${{ inputs.docker_repo_path }}/${{ inputs.docker_images_path }}`
			`WERF_KUBECONFIG_BASE64: ${{ steps.import-secrets.outputs.local_cluster_kube_config_base64 }}`

			`- name: prepare success notification body`
			`uses: https://github.com/finnp/create-file-action@master`
			`env:`
			`FILE_NAME: "mattermost.json"`
			`FILE_DATA: \|`
			`{`
			`"channel": "project_loop_notifications",`
			`"attachments": [`
			`{`
			`"fallback": "Деплой прошел успешно для ${{ gitea.repository }}",`
			`"text": "Деплой прошел успешно для ${{ gitea.repository }} в ${{ inputs.stand_name }}",`
			`"color": "#00FF00",`
			`"fields": [`
			`{`
			`"short": true,`
			`"title": "Сборка",`
			`"value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"`
			`}`
			`]`
			`}`
			`]`
			`}`

			`- name: prepare failed notification body`
			`uses: https://github.com/finnp/create-file-action@master`
			`if: failure()`
			`env:`
			`FILE_NAME: "mattermost.json"`
			`FILE_DATA: \|`
			`{`
			`"channel": "project_loop_notifications",`
			`"attachments": [`
			`{`
			`"fallback": "Деплой упал для ${{ gitea.repository }}",`
			`"text": "Деплой упал для ${{ gitea.repository }} в ${{ inputs.stand_name }}",`
			`"color": "#FF0000",`
			`"fields": [`
			`{`
			`"short": true,`
			`"title": "Сборка",`
			`"value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"`
			`}`
			`]`
			`}`
			`]`
			`}`

			`- name: loop fail notification`
			`uses: https://github.com/mattermost/action-mattermost-notify@master`
			`if: ${{ job.status == 'success' \|\| job.status == 'failure' }}`