GenZ/.github/workflows/deploy.yml at master · FardinHash/GenZ · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: Deploy

on:
  push:
    branches: [master]
    paths:
      - "helm/**"
      - ".github/workflows/deploy.yml"
  workflow_dispatch:
    inputs:
      namespace:
        description: "Kubernetes namespace"
        required: true
        default: "genz"
      environment:
        description: "values file suffix (e.g., prod)"
        required: false
        default: ""

jobs:
  helm-deploy:
    runs-on: ubuntu-latest
    env:
      KUBE_CONFIG_BASE64: ${{ secrets.KUBE_CONFIG_BASE64 }}
      API_IMAGE_REPO: ghcr.io/intellwe/genz-api
      WEB_IMAGE_REPO: ghcr.io/intellwe/genz-web
      IMAGE_PULL_SECRET_NAME: regcred
      SECRET_REF: genz-api-env
      DB_HOST: postgres-postgresql
      REDIS_HOST: redis-master
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup kubectl
        if: env.KUBE_CONFIG_BASE64 != ''
        shell: bash
        run: |
          set -euo pipefail
          mkdir -p "$HOME/.kube"
          # If the secret looks like raw kubeconfig (starts with apiVersion), write as-is.
          if echo "$KUBE_CONFIG_BASE64" | head -n1 | grep -q "apiVersion:"; then
            echo "Detected raw kubeconfig in secret"
            printf "%s" "$KUBE_CONFIG_BASE64" > "$HOME/.kube/config"
          else
            echo "Decoding base64 kubeconfig from secret"
            # Try decode; if it fails, write as-is
            if ! printf "%s" "$KUBE_CONFIG_BASE64" | base64 -d > "$HOME/.kube/config" 2>/dev/null; then
              echo "Base64 decode failed; writing content as-is"
              printf "%s" "$KUBE_CONFIG_BASE64" > "$HOME/.kube/config"
            fi
          fi
          kubectl version --client

      - name: Setup Helm
        if: env.KUBE_CONFIG_BASE64 != ''
        uses: azure/setup-helm@v4

      - name: Create namespace
        if: env.KUBE_CONFIG_BASE64 != ''
        run: |
          kubectl create namespace "${{ github.event.inputs.namespace || 'genz' }}" || true

      - name: Deploy genz-api
        if: env.KUBE_CONFIG_BASE64 != ''
        run: |
          NS=${{ github.event.inputs.namespace || 'genz' }}
          SUFFIX=${{ github.event.inputs.environment }}
          EXTRA=""
          if [ -n "$SUFFIX" ] && [ -f helm/genz-api/values-$SUFFIX.yaml ]; then EXTRA="-f helm/genz-api/values-$SUFFIX.yaml"; fi
          DB_URL="postgresql+psycopg://postgres:postgres@${DB_HOST}:5432/genz"
          REDIS_URL="redis://${REDIS_HOST}:6379/0"
          helm upgrade --install genz-api helm/genz-api -n "$NS" $EXTRA \
            --set image.repository="${API_IMAGE_REPO}" \
            --set env.DATABASE_URL="${DB_URL}" \
            --set env.REDIS_URL="${REDIS_URL}" \
            --set secretRef="${SECRET_REF}" \
            --set imagePullSecrets[0].name="${IMAGE_PULL_SECRET_NAME}"

      - name: Deploy genz-web
        if: env.KUBE_CONFIG_BASE64 != ''
        run: |
          NS=${{ github.event.inputs.namespace || 'genz' }}
          SUFFIX=${{ github.event.inputs.environment }}
          EXTRA=""
          if [ -n "$SUFFIX" ] && [ -f helm/genz-web/values-$SUFFIX.yaml ]; then EXTRA="-f helm/genz-web/values-$SUFFIX.yaml"; fi
          API_BASE="http://genz-api:8000"
          helm upgrade --install genz-web helm/genz-web -n "$NS" $EXTRA \
            --set image.repository="${WEB_IMAGE_REPO}" \
            --set env.NEXT_PUBLIC_API_BASE_URL="${API_BASE}" \
            --set imagePullSecrets[0].name="${IMAGE_PULL_SECRET_NAME}"

      - name: Skip (no kubeconfig provided)
        if: env.KUBE_CONFIG_BASE64 == ''
        run: echo "No KUBE_CONFIG_BASE64 secret; skipping deploy."