Skip to content
Build and Deploy

Use secrets in env #26

Sign in to view logs

Use secrets in env

Use secrets in env #26

Workflow file for this run

.github/workflows/deployment.yml at 85bb1fd
name: Build and Deploy
on:
workflow_dispatch:
push:
branches: [ "main" ]
jobs:
publish:
runs-on: ubuntu-latest
outputs:
image: ${{ steps.image_name.outputs.image }}
steps:
- uses: actions/checkout@v4
- name: Generate image name
id: image_name
run: echo "image=$(date +%s)" >> $GITHUB_OUTPUT
- name: Login to Harbor
run: |
echo $HARBOR_PASSWORD | docker login $HARBOR_URI -u $HARBOR_USERNAME --password-stdin
env:
HARBOR_USERNAME: ${{ secrets.HARBOR_USERNAME }}
HARBOR_PASSWORD: ${{ secrets.HARBOR_PASSWORD }}
HARBOR_URI: ${{ secrets.HARBOR_URI }}
- name: Build the Docker image
run: docker build . --file Dockerfile --tag $HARBOR_URI/abstractolotl/aznopoly-server:$IMAGE_NAME --tag $HARBOR_URI/abstractolotl/aznopoly-server:latest
env:
HARBOR_URI: ${{ secrets.HARBOR_URI }}
IMAGE_NAME: ${{ steps.image_name.outputs.image }}
- name: Push the Docker image
run: docker push $HARBOR_URI/abstractolotl/aznopoly-server --all-tags
env:
HARBOR_URI: ${{ secrets.HARBOR_URI }}
deployment:
needs: publish
runs-on: ubuntu-latest
steps:
- name: 'Checkout'
uses: 'actions/checkout@v4'
- name: Install jq
uses: dcarbone/install-jq-action@v2.1.0
- name: Import Secrets
id: import-secrets
uses: hashicorp/vault-action@v3
with:
url: ${{ secrets.VAULT_ADDR }}
method: userpass
username: ${{ secrets.VAULT_USERNAME }}
password: ${{ secrets.VAULT_PASSWORD }}
secrets: |
applications/data/aznopoly DISCORD_CLIENT_ID;
applications/data/aznopoly DISCORD_CLIENT_SECRET
- name: Step following 'Import Secrets'
run: |
touch secrets.json
echo '${{ toJson(steps.import-secrets.outputs) }}' | jq ". | {"secrets": .}" > secrets.json
- name: Deploy
uses: WyriHaximus/github-action-helm3@v4
with:
exec: helm upgrade --install --atomic --timeout 5m --history-max 5 -f secrets.json --namespace=backend --set image.tag=$IMAGE_NAME aznopoly-server helm-charts
kubeconfig: '${{ secrets.KUBECONFIG }}'
env:
HARBOR_URI: ${{ secrets.HARBOR_URI }}
IMAGE_NAME: ${{needs.publish.outputs.image}}