forked from N-Usha/java-on-aks-piggymetrics
-
Notifications
You must be signed in to change notification settings - Fork 9
130 lines (110 loc) · 6.24 KB
/
workflow.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# This workflow will build a docker container, publish it to Azure Container Registry, and deploy it to Azure Kubernetes Service.
#
# To configure this workflow, Set up the following secrets in your workspace:
# a. AZURE_CONTAINER_REGISTRY, AZURE_REGISTRY_USERNAME, AZURE_REGISTRY_PASSWORD with ACR name, username and password
# b. AKS_CLUSTER_NAME, AKS_RESOURCE_GROUP and AKS_NAMESPACE with AKS cluster name, resource group name and namespace
# c. AZURE_CREDENTIALS with the output of `az ad sp create-for-rbac --sdk-auth`
# d. All the other app specific config parameters
name: Build & Deploy to AKS
on: [push]
env:
CONFIG_PORT: '8888'
REGISTRY_PORT: '8761'
GATEWAY_PORT: '4000'
ACCOUNT_SERVICE_PORT: '6000'
AUTH_SERVICE_PORT: '5000'
STATISTICS_SERVICE_PORT: '7000'
NOTIFICATION_SERVICE_PORT: '8000'
IMAGE_TAG: ga-${{ github.sha }}
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
# Fetch secrets from Azure Key Vault
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Azure key vault - Get Secrets
uses: azure/get-keyvault-secrets@v1
with:
keyvault: ${{ secrets.AZURE_KEY_VAULT }}
secrets: '*'
- run: |
export CONTAINER_REGISTRY=${{ env.AZURE-CONTAINER-REGISTRY }}
export IMAGE_TAG=${{ env.IMAGE_TAG }}
echo 'Install ACR AAD credential helper and login'
curl -L https://aka.ms/acr/installaad/bash | /bin/bash
az acr login -n ${{ env.AZURE-CONTAINER-REGISTRY }}
echo 'Start Build'
cd config
mvn compile jib:build \
-Djib.container.environment=CONFIG_SERVICE_PASSWORD=${{ env.CONFIG-SERVICE-PASSWORD }}
cd ../registry
mvn compile jib:build
cd ../gateway
mvn compile jib:build
cd ../auth-service
mvn compile jib:build
cd ../account-service
mvn compile jib:build \
-Djib.container.environment=ACCOUNT_SERVICE_PASSWORD=${{ env.ACCOUNT-SERVICE-PASSWORD }}
cd ../statistics-service
mvn compile jib:build \
-Djib.container.environment=STATISTICS_SERVICE_PASSWORD=${{ env.STATISTICS-SERVICE-PASSWORD }}
cd ../notification-service
mvn compile jib:build \
-Djib.container.environment=NOTIFICATION_SERVICE_PASSWORD=${{ env.NOTIFICATION-SERVICE-PASSWORD }}
echo 'Build complete'
deploy-to-aks:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
# Set the target Azure Kubernetes Service (AKS) cluster.
- uses: azure/aks-set-context@v1
with:
creds: '${{ secrets.AZURE_CREDENTIALS }}'
cluster-name: '${{ secrets.AKS_CLUSTER_NAME }}'
resource-group: ${{ secrets.AKS_RESOURCE_GROUP }}
# Create namespace if doesn't exist
- run: |
kubectl create namespace ${{ secrets.AKS_NAMESPACE }} --dry-run -o json | kubectl apply -f -
# Fetch secrets from Azure Key Vault
- uses: Azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Azure key vault - Get Secrets
uses: azure/get-keyvault-secrets@v1
with:
keyvault: ${{ secrets.AZURE_KEY_VAULT }}
secrets: '*'
# Create generic secrets to be available on pods
- uses: azure/k8s-create-secret@v1
with:
namespace: ${{ secrets.AKS_NAMESPACE }}
secret-type: 'generic'
#arguments: --from-literal=config_service_password=${{ secrets.CONFIG_SERVICE_PASSWORD }} --from-literal=notification_service_password=${{ secrets.NOTIFICATION_SERVICE_PASSWORD }} --from-literal=statistics_service_password=${{ secrets.STATISTICS_SERVICE_PASSWORD }} --from-literal=account_service_password=${{ secrets.ACCOUNT_SERVICE_PASSWORD }} --from-literal=rabbitmq_password=${{ secrets.RABBITMQ_PASSWORD }} --from-literal=mongodb_uri=${{ secrets.MONGODB_URI }} --from-literal=mongodb_database=${{ secrets.MONGODB_DATABASE }} --from-literal=rabbitmq_username=${{ secrets.RABBITMQ_USERNAME }} --from-literal=rabbitmq_host=${{ secrets.RABBITMQ_HOST }} --from-literal=rabbitmq_port=${{ secrets.RABBITMQ_PORT }} --from-literal=notification_email_user=${{ secrets.NOTIFICATION_EMAIL_USER }} --from-literal=notification_email_pass=${{ secrets.NOTIFICATION_EMAIL_PASSWORD }} --from-literal=notification_email_host=${{ secrets.NOTIFICATION_EMAIL_HOST }} --from-literal=notification_email_port=${{ secrets.NOTIFICATION_EMAIL_PORT }}
arguments: --from-literal=config_service_password=${{ env.CONFIG-SERVICE-PASSWORD }} --from-literal=notification_service_password=${{ env.NOTIFICATION-SERVICE-PASSWORD }} --from-literal=statistics_service_password=${{ env.STATISTICS-SERVICE-PASSWORD }} --from-literal=account_service_password=${{ env.ACCOUNT-SERVICE-PASSWORD }} --from-literal=rabbitmq_password=${{ env.RABBITMQ-PASSWORD }} --from-literal=mongodb_uri=${{ env.MONGODB-URI }} --from-literal=mongodb_database=${{ env.MONGODB-DATABASE }} --from-literal=rabbitmq_username=${{ env.RABBITMQ-USERNAME }} --from-literal=rabbitmq_host=${{ env.RABBITMQ-HOST }} --from-literal=rabbitmq_port=${{ env.RABBITMQ_PORT }} --from-literal=notification_email_user=${{ env.SMTP-USER }} --from-literal=notification_email_pass=${{ env.SMTP-PASSWORD }} --from-literal=notification_email_host=${{ env.NOTIFICATION-EMAIL-HOST }} --from-literal=notification_email_port=${{ env.NOTIFICATION-EMAIL-PORT }}
secret-name: piggymetrics
# Replace CONTAINER_REGISTRY & IMAGE_TAG in all the manifest files
- uses: cschleiden/replace-tokens@v1
with:
tokenPrefix: '${'
tokenSuffix: '}'
files: '["kubernetes/*.yaml"]'
env:
CONTAINER_REGISTRY: ${{ env.AZURE-CONTAINER-REGISTRY }}
IMAGE_TAG: ${{ env.IMAGE_TAG }}
# Deploy app to AKS
- uses: azure/k8s-deploy@replaceLogic
with:
manifests: |
kubernetes/1-config.yaml
kubernetes/2-registry.yaml
kubernetes/3-gateway.yaml
kubernetes/4-auth-service.yaml
kubernetes/5-account-service.yaml
kubernetes/6-statistics-service.yaml
kubernetes/7-notification-service.yaml
namespace: ${{ secrets.AKS_NAMESPACE }}