44278596c1
* Secure workflows (#1) (#1072) * Restrict permissions for the GITHUB_TOKEN in .github/workflows/label-feature.yml * Restrict permissions for the GITHUB_TOKEN in .github/workflows/label-support.yml * Restrict permissions for the GITHUB_TOKEN in .github/workflows/stale.yml * Restrict permissions for the GITHUB_TOKEN in .github/workflows/sync_ghes.yaml * Restrict permissions for the GITHUB_TOKEN in .github/workflows/validate-data.yaml Co-authored-by: Step Security <bot@stepsecurity.io> Co-authored-by: step-security[bot] <89328102+step-security[bot]@users.noreply.github.com> Co-authored-by: Step Security <bot@stepsecurity.io> * Directory for deployments (#1071) * moving deployment templates * including deployment directory in scripts * validate categories script init * introducing scout * introducing workflow * Update validate-categories.yaml * Update validate-categories.yaml * Update validate-categories.yaml * Update validate.rb * Update validate.rb * Update validate.rb * Update validate.rb * Update validate-categories.yaml * Update validate-categories.yaml * Update validate-categories.yaml * Update validate.rb * Update validate-categories.yaml * Update validate-categories.yaml * Create test_comment.yaml * rename * using [enter] * testing newline * test * setting up variable * using echo -e * using join * testing space space new line * setting multi line in echo * removing checkout * setting rows-generator * fixing error * using join * commit * Update test_comment.yaml * escaping pipe * printing debug line * using %0A * Update validate-categories.yaml * Update validate.rb * Update validate.rb * removing debug * removing variable * Update validate.rb * Update validate-categories.yaml * Validate categories comment on pr (#32) * reverting deployment directory * checking for output * Categories validation two workflows (#34) comment on pr in a separate workflow * Categories validation two workflows (#35) using right dir name * Categories validation two workflows (#36) . * Categories validation two workflows (#37) fixing typo * adding if conditions * adding try catch * using console instead of echo * equating to upstream * moving deployment templates * add codeql workflow to ghes * restoring from main (#1078) * Revert "add codeql workflow to ghes branch" * add codeql workflow to ghes * only run ghes sync checks on YML files * only check nwo of supported actions * Testing Partner Toggle. Co-authored-by: Varun Sharma <varunsh@stepsecurity.io> Co-authored-by: step-security[bot] <89328102+step-security[bot]@users.noreply.github.com> Co-authored-by: Step Security <bot@stepsecurity.io> Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com> Co-authored-by: Nick Fyson <nickfyson@github.com>
76 lines
2.7 KiB
YAML
76 lines
2.7 KiB
YAML
# This workflow will build a docker container, publish it to IBM Container Registry, and deploy it to IKS when a release is created
|
|
#
|
|
# To configure this workflow:
|
|
#
|
|
# 1. Ensure that your repository contains a Dockerfile
|
|
# 2. Setup secrets in your repository by going to settings: Create ICR_NAMESPACE and IBM_CLOUD_API_KEY
|
|
# 3. Change the values for the IBM_CLOUD_REGION, REGISTRY_HOSTNAME, IMAGE_NAME, IKS_CLUSTER, DEPLOYMENT_NAME, and PORT
|
|
|
|
name: Build and Deploy to IKS
|
|
|
|
on:
|
|
release:
|
|
types: [created]
|
|
|
|
# Environment variables available to all jobs and steps in this workflow
|
|
env:
|
|
GITHUB_SHA: ${{ github.sha }}
|
|
IBM_CLOUD_API_KEY: ${{ secrets.IBM_CLOUD_API_KEY }}
|
|
IBM_CLOUD_REGION: us-south
|
|
ICR_NAMESPACE: ${{ secrets.ICR_NAMESPACE }}
|
|
REGISTRY_HOSTNAME: us.icr.io
|
|
IMAGE_NAME: iks-test
|
|
IKS_CLUSTER: example-iks-cluster-name-or-id
|
|
DEPLOYMENT_NAME: iks-test
|
|
PORT: 5001
|
|
|
|
jobs:
|
|
setup-build-publish-deploy:
|
|
name: Setup, Build, Publish, and Deploy
|
|
runs-on: ubuntu-latest
|
|
environment: production
|
|
steps:
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@v2
|
|
|
|
# Download and Install IBM Cloud CLI
|
|
- name: Install IBM Cloud CLI
|
|
run: |
|
|
curl -fsSL https://clis.cloud.ibm.com/install/linux | sh
|
|
ibmcloud --version
|
|
ibmcloud config --check-version=false
|
|
ibmcloud plugin install -f kubernetes-service
|
|
ibmcloud plugin install -f container-registry
|
|
|
|
# Authenticate with IBM Cloud CLI
|
|
- name: Authenticate with IBM Cloud CLI
|
|
run: |
|
|
ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" -r "${IBM_CLOUD_REGION}" -g default
|
|
ibmcloud cr region-set "${IBM_CLOUD_REGION}"
|
|
ibmcloud cr login
|
|
|
|
# Build the Docker image
|
|
- name: Build with Docker
|
|
run: |
|
|
docker build -t "$REGISTRY_HOSTNAME"/"$ICR_NAMESPACE"/"$IMAGE_NAME":"$GITHUB_SHA" \
|
|
--build-arg GITHUB_SHA="$GITHUB_SHA" \
|
|
--build-arg GITHUB_REF="$GITHUB_REF" .
|
|
|
|
# Push the image to IBM Container Registry
|
|
- name: Push the image to ICR
|
|
run: |
|
|
docker push $REGISTRY_HOSTNAME/$ICR_NAMESPACE/$IMAGE_NAME:$GITHUB_SHA
|
|
|
|
# Deploy the Docker image to the IKS cluster
|
|
- name: Deploy to IKS
|
|
run: |
|
|
ibmcloud ks cluster config --cluster $IKS_CLUSTER
|
|
kubectl config current-context
|
|
kubectl create deployment $DEPLOYMENT_NAME --image=$REGISTRY_HOSTNAME/$ICR_NAMESPACE/$IMAGE_NAME:$GITHUB_SHA --dry-run -o yaml > deployment.yaml
|
|
kubectl apply -f deployment.yaml
|
|
kubectl rollout status deployment/$DEPLOYMENT_NAME
|
|
kubectl create service loadbalancer $DEPLOYMENT_NAME --tcp=80:$PORT --dry-run -o yaml > service.yaml
|
|
kubectl apply -f service.yaml
|
|
kubectl get services -o wide
|