From a1a845cd62f857c34a373e0d407bdb561a19d6e8 Mon Sep 17 00:00:00 2001 From: Stanislav Melnichuk Date: Mon, 29 May 2023 19:19:32 +0300 Subject: [PATCH] Moved drone deploy template. --- .gitea/workflows/werf-deploy-template.yml | 153 ++++++++++++++++++++++ 1 file changed, 153 insertions(+) create mode 100644 .gitea/workflows/werf-deploy-template.yml diff --git a/.gitea/workflows/werf-deploy-template.yml b/.gitea/workflows/werf-deploy-template.yml new file mode 100644 index 0000000..ddcf2dd --- /dev/null +++ b/.gitea/workflows/werf-deploy-template.yml @@ -0,0 +1,153 @@ +on: + workflow_call: + inputs: + stand_name: + description: 'Stand name, has influence on addresses and settings.' + required: true + type: string + kube_namespace: + required: true + type: string + docker_repo_path: + default: private.docker.wilix.dev + required: false + type: string + docker_images_path: + required: true + type: string + has_secrets: + default: true + required: false + type: boolean + werf_secret_key_vault_location: + required: true + type: string + werf_debug: + default: false + required: false + type: boolean + secrets: + VAULT_ROLE_ID: + required: true + VAULT_SECRET_ID: + required: true + +# FIXME Убрать хардкод для токена оповещений и канала оповещений + +jobs: + converge: + name: Deploy stand + runs-on: ubuntu-latest + steps: + + - name: Checkout code + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - id: import-secrets + uses: https://github.com/hashicorp/vault-action@v2 + with: + url: https://vault.wilix.dev + method: approle + roleId: ${{ secrets.VAULT_ROLE_ID }} + secretId: ${{ secrets.VAULT_SECRET_ID }} + secrets: | + dev/wilix/main/data/ci local_cluster_kube_config_base64 ; + dev/wilix/main/data/ci docker_registry_username ; + dev/wilix/main/data/ci docker_registry_password ; + dev/wilix/loop/data/ci/loop-vizor notification_url | MATTERMOST_WEBHOOK_URL ; + + - name: Login to nexus docker + uses: https://github.com/docker/login-action@v2 + with: + registry: ${{ inputs.docker_repo_path }} + username: ${{ steps.import-secrets.outputs.docker_registry_username }} + password: ${{ steps.import-secrets.outputs.docker_registry_password }} + + - name: Install werf + uses: https://github.com/werf/actions/install@v1.2 + + - name: Add helm repositories + run: | + werf helm repo add wilix-dysnix https://artifacts.wilix.dev/repository/helm-dysnix + werf helm repo add wilix-bitnami https://artifacts.wilix.dev/repository/helm-bitnami + + - name: Get werf secret key if needed + if: ${{ inputs.has_secrets }} + uses: https://github.com/hashicorp/vault-action@v2 + with: + url: https://vault.wilix.dev + method: approle + roleId: ${{ secrets.VAULT_ROLE_ID }} + secretId: ${{ secrets.VAULT_SECRET_ID }} + secrets: | + ${{ inputs.werf_secret_key_vault_location }} | WERF_SECRET_KEY ; + + - name: Setup secrets if need + if: ${{ inputs.has_secrets }} + run: echo "WERF_SECRET_VALUES_STAND=.helm/secret-values-${{ inputs.stand_name }}.yaml" >> "$GITHUB_ENV" + + - name: Setup debug if need + if: ${{ inputs.werf_debug }} + run: echo "WERF_LOG_DEBUG=true" >> "$GITHUB_ENV" + + - name: Deploy + run: werf converge + env: + WERF_ENV: ${{ inputs.stand_name }} + WERF_VALUES_STAND: '.helm/values-${{ inputs.stand_name }}.yaml' + WERF_NAMESPACE: ${{ inputs.kube_namespace }} + WERF_REPO: ${{ inputs.docker_repo_path }}/${{ inputs.docker_images_path }} + WERF_KUBECONFIG_BASE64: ${{ steps.import-secrets.outputs.local_cluster_kube_config_base64 }} + + - name: prepare success notification body + uses: https://github.com/finnp/create-file-action@master + env: + FILE_NAME: "mattermost.json" + FILE_DATA: | + { + "channel": "project_loop_notifications", + "attachments": [ + { + "fallback": "Деплой прошел успешно для ${{ gitea.repository }}", + "text": "Деплой прошел успешно для ${{ gitea.repository }} в ${{ inputs.stand_name }}", + "color": "#00FF00", + "fields": [ + { + "short": true, + "title": "Сборка", + "value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}" + } + ] + } + ] + } + + - name: prepare failed notification body + uses: https://github.com/finnp/create-file-action@master + if: failure() + env: + FILE_NAME: "mattermost.json" + FILE_DATA: | + { + "channel": "project_loop_notifications", + "attachments": [ + { + "fallback": "Деплой упал для ${{ gitea.repository }}", + "text": "Деплой упал для ${{ gitea.repository }} в ${{ inputs.stand_name }}", + "color": "#FF0000", + "fields": [ + { + "short": true, + "title": "Сборка", + "value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}" + } + ] + } + ] + } + + - name: loop fail notification + uses: https://github.com/mattermost/action-mattermost-notify@master + if: ${{ job.status == 'success' || job.status == 'failure' }}