44278596c1
* Secure workflows (#1) (#1072) * Restrict permissions for the GITHUB_TOKEN in .github/workflows/label-feature.yml * Restrict permissions for the GITHUB_TOKEN in .github/workflows/label-support.yml * Restrict permissions for the GITHUB_TOKEN in .github/workflows/stale.yml * Restrict permissions for the GITHUB_TOKEN in .github/workflows/sync_ghes.yaml * Restrict permissions for the GITHUB_TOKEN in .github/workflows/validate-data.yaml Co-authored-by: Step Security <bot@stepsecurity.io> Co-authored-by: step-security[bot] <89328102+step-security[bot]@users.noreply.github.com> Co-authored-by: Step Security <bot@stepsecurity.io> * Directory for deployments (#1071) * moving deployment templates * including deployment directory in scripts * validate categories script init * introducing scout * introducing workflow * Update validate-categories.yaml * Update validate-categories.yaml * Update validate-categories.yaml * Update validate.rb * Update validate.rb * Update validate.rb * Update validate.rb * Update validate-categories.yaml * Update validate-categories.yaml * Update validate-categories.yaml * Update validate.rb * Update validate-categories.yaml * Update validate-categories.yaml * Create test_comment.yaml * rename * using [enter] * testing newline * test * setting up variable * using echo -e * using join * testing space space new line * setting multi line in echo * removing checkout * setting rows-generator * fixing error * using join * commit * Update test_comment.yaml * escaping pipe * printing debug line * using %0A * Update validate-categories.yaml * Update validate.rb * Update validate.rb * removing debug * removing variable * Update validate.rb * Update validate-categories.yaml * Validate categories comment on pr (#32) * reverting deployment directory * checking for output * Categories validation two workflows (#34) comment on pr in a separate workflow * Categories validation two workflows (#35) using right dir name * Categories validation two workflows (#36) . * Categories validation two workflows (#37) fixing typo * adding if conditions * adding try catch * using console instead of echo * equating to upstream * moving deployment templates * add codeql workflow to ghes * restoring from main (#1078) * Revert "add codeql workflow to ghes branch" * add codeql workflow to ghes * only run ghes sync checks on YML files * only check nwo of supported actions * Testing Partner Toggle. Co-authored-by: Varun Sharma <varunsh@stepsecurity.io> Co-authored-by: step-security[bot] <89328102+step-security[bot]@users.noreply.github.com> Co-authored-by: Step Security <bot@stepsecurity.io> Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com> Co-authored-by: Nick Fyson <nickfyson@github.com>
77 lines
2.5 KiB
YAML
77 lines
2.5 KiB
YAML
# This workflow will build a docker container, publish and deploy it to Tencent Kubernetes Engine (TKE).
|
|
#
|
|
# To configure this workflow:
|
|
#
|
|
# 1. Ensure that your repository contains the necessary configuration for your Tencent Kubernetes Engine cluster,
|
|
# including deployment.yml, kustomization.yml, service.yml, etc.
|
|
#
|
|
# 2. Set up secrets in your workspace:
|
|
# - TENCENT_CLOUD_SECRET_ID with Tencent Cloud secret id
|
|
# - TENCENT_CLOUD_SECRET_KEY with Tencent Cloud secret key
|
|
# - TENCENT_CLOUD_ACCOUNT_ID with Tencent Cloud account id
|
|
# - TKE_REGISTRY_PASSWORD with TKE registry password
|
|
#
|
|
# 3. Change the values for the TKE_IMAGE_URL, TKE_REGION, TKE_CLUSTER_ID and DEPLOYMENT_NAME environment variables (below).
|
|
|
|
name: Tencent Kubernetes Engine
|
|
|
|
on:
|
|
release:
|
|
types: [created]
|
|
|
|
# Environment variables available to all jobs and steps in this workflow
|
|
env:
|
|
TKE_IMAGE_URL: ccr.ccs.tencentyun.com/demo/mywebapp
|
|
TKE_REGION: ap-guangzhou
|
|
TKE_CLUSTER_ID: cls-mywebapp
|
|
DEPLOYMENT_NAME: tke-test
|
|
|
|
jobs:
|
|
setup-build-publish-deploy:
|
|
name: Setup, Build, Publish, and Deploy
|
|
runs-on: ubuntu-latest
|
|
environment: production
|
|
steps:
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@v2
|
|
|
|
# Build
|
|
- name: Build Docker image
|
|
run: |
|
|
docker build -t ${TKE_IMAGE_URL}:${GITHUB_SHA} .
|
|
|
|
- name: Login TKE Registry
|
|
run: |
|
|
docker login -u ${{ secrets.TENCENT_CLOUD_ACCOUNT_ID }} -p '${{ secrets.TKE_REGISTRY_PASSWORD }}' ${TKE_IMAGE_URL}
|
|
|
|
# Push the Docker image to TKE Registry
|
|
- name: Publish
|
|
run: |
|
|
docker push ${TKE_IMAGE_URL}:${GITHUB_SHA}
|
|
|
|
- name: Set up Kustomize
|
|
run: |
|
|
curl -o kustomize --location https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64
|
|
chmod u+x ./kustomize
|
|
|
|
- name: Set up ~/.kube/config for connecting TKE cluster
|
|
uses: TencentCloud/tke-cluster-credential-action@v1
|
|
with:
|
|
secret_id: ${{ secrets.TENCENT_CLOUD_SECRET_ID }}
|
|
secret_key: ${{ secrets.TENCENT_CLOUD_SECRET_KEY }}
|
|
tke_region: ${{ env.TKE_REGION }}
|
|
cluster_id: ${{ env.TKE_CLUSTER_ID }}
|
|
|
|
- name: Switch to TKE context
|
|
run: |
|
|
kubectl config use-context ${TKE_CLUSTER_ID}-context-default
|
|
|
|
# Deploy the Docker image to the TKE cluster
|
|
- name: Deploy
|
|
run: |
|
|
./kustomize edit set image ${TKE_IMAGE_URL}:${GITHUB_SHA}
|
|
./kustomize build . | kubectl apply -f -
|
|
kubectl rollout status deployment/${DEPLOYMENT_NAME}
|
|
kubectl get services -o wide
|