From a1a845cd62f857c34a373e0d407bdb561a19d6e8 Mon Sep 17 00:00:00 2001
From: Stanislav Melnichuk <s.melnichuk@wilix.org>
Date: Mon, 29 May 2023 19:19:32 +0300
Subject: [PATCH] Moved drone deploy template.

---
 .gitea/workflows/werf-deploy-template.yml | 153 ++++++++++++++++++++++
 1 file changed, 153 insertions(+)
 create mode 100644 .gitea/workflows/werf-deploy-template.yml

diff --git a/.gitea/workflows/werf-deploy-template.yml b/.gitea/workflows/werf-deploy-template.yml
new file mode 100644
index 0000000..ddcf2dd
--- /dev/null
+++ b/.gitea/workflows/werf-deploy-template.yml
@@ -0,0 +1,153 @@
+on:
+  workflow_call:
+    inputs:
+      stand_name:
+        description: 'Stand name, has influence on addresses and settings.'
+        required: true
+        type: string
+      kube_namespace:
+        required: true
+        type: string
+      docker_repo_path:
+        default: private.docker.wilix.dev
+        required: false
+        type: string
+      docker_images_path:
+        required: true
+        type: string
+      has_secrets:
+        default: true
+        required: false
+        type: boolean
+      werf_secret_key_vault_location:
+        required: true
+        type: string
+      werf_debug:
+        default: false
+        required: false
+        type: boolean
+    secrets:
+      VAULT_ROLE_ID:
+        required: true
+      VAULT_SECRET_ID:
+        required: true
+
+# FIXME Убрать хардкод для токена оповещений и канала оповещений
+
+jobs:
+  converge:
+    name: Deploy stand
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - id: import-secrets
+        uses: https://github.com/hashicorp/vault-action@v2
+        with:
+          url: https://vault.wilix.dev
+          method: approle
+          roleId: ${{ secrets.VAULT_ROLE_ID }}
+          secretId: ${{ secrets.VAULT_SECRET_ID }}
+          secrets: |
+            dev/wilix/main/data/ci local_cluster_kube_config_base64 ;
+            dev/wilix/main/data/ci docker_registry_username ;
+            dev/wilix/main/data/ci docker_registry_password ;
+            dev/wilix/loop/data/ci/loop-vizor notification_url | MATTERMOST_WEBHOOK_URL ;
+
+      - name: Login to nexus docker
+        uses: https://github.com/docker/login-action@v2
+        with:
+          registry: ${{ inputs.docker_repo_path }}
+          username: ${{ steps.import-secrets.outputs.docker_registry_username }}
+          password: ${{ steps.import-secrets.outputs.docker_registry_password }}
+
+      - name: Install werf
+        uses: https://github.com/werf/actions/install@v1.2
+
+      - name: Add helm repositories
+        run: |
+          werf helm repo add wilix-dysnix https://artifacts.wilix.dev/repository/helm-dysnix
+          werf helm repo add wilix-bitnami https://artifacts.wilix.dev/repository/helm-bitnami
+
+      - name: Get werf secret key if needed
+        if: ${{ inputs.has_secrets }}
+        uses: https://github.com/hashicorp/vault-action@v2
+        with:
+          url: https://vault.wilix.dev
+          method: approle
+          roleId: ${{ secrets.VAULT_ROLE_ID }}
+          secretId: ${{ secrets.VAULT_SECRET_ID }}
+          secrets: |
+            ${{ inputs.werf_secret_key_vault_location }} | WERF_SECRET_KEY ;
+
+      - name: Setup secrets if need
+        if: ${{ inputs.has_secrets }}
+        run: echo "WERF_SECRET_VALUES_STAND=.helm/secret-values-${{ inputs.stand_name }}.yaml" >> "$GITHUB_ENV"
+
+      - name: Setup debug if need
+        if: ${{ inputs.werf_debug }}
+        run: echo "WERF_LOG_DEBUG=true" >> "$GITHUB_ENV"
+
+      - name: Deploy
+        run: werf converge
+        env:
+          WERF_ENV: ${{ inputs.stand_name }}
+          WERF_VALUES_STAND: '.helm/values-${{ inputs.stand_name }}.yaml'
+          WERF_NAMESPACE: ${{ inputs.kube_namespace }}
+          WERF_REPO: ${{ inputs.docker_repo_path }}/${{ inputs.docker_images_path }}
+          WERF_KUBECONFIG_BASE64: ${{ steps.import-secrets.outputs.local_cluster_kube_config_base64 }}
+
+      - name: prepare success notification body
+        uses: https://github.com/finnp/create-file-action@master
+        env:
+          FILE_NAME: "mattermost.json"
+          FILE_DATA: |
+            {
+              "channel": "project_loop_notifications",
+              "attachments": [
+                {
+                  "fallback": "Деплой прошел успешно для ${{ gitea.repository }}",
+                  "text": "Деплой прошел успешно для ${{ gitea.repository }} в ${{ inputs.stand_name }}",
+                  "color": "#00FF00",
+                  "fields": [
+                    {
+                      "short": true,
+                      "title": "Сборка",
+                      "value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
+                    }
+                  ]
+                }
+              ]
+            }
+
+      - name: prepare failed notification body
+        uses: https://github.com/finnp/create-file-action@master
+        if: failure()
+        env:
+          FILE_NAME: "mattermost.json"
+          FILE_DATA: |
+            {
+              "channel": "project_loop_notifications",
+              "attachments": [
+                {
+                  "fallback": "Деплой упал для ${{ gitea.repository }}",
+                  "text": "Деплой упал для ${{ gitea.repository }} в ${{ inputs.stand_name }}",
+                  "color": "#FF0000",
+                  "fields": [
+                    {
+                      "short": true,
+                      "title": "Сборка",
+                      "value": "https://git.wilix.dev/${{ gitea.repository }}/actions/runs/${{ gitea.run_id }}"
+                    }
+                  ]
+                }
+              ]
+            }
+
+      - name: loop fail notification
+        uses: https://github.com/mattermost/action-mattermost-notify@master
+        if: ${{ job.status == 'success' || job.status == 'failure' }}