name: Build and Deploy Production on: push: tags: - "*" paths: - "deployment/**" - "docker/**" - "src/**" - "Dockerfile" - "pyproject.toml" - "uv.lock" workflow_dispatch: jobs: build: runs-on: ubuntu-latest container: catthehacker/ubuntu:act-latest permissions: contents: read packages: write steps: - name: Checkout repository uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to Container Registry uses: docker/login-action@v3 with: registry: ${{ vars.CONTAINER_REGISTRY }} username: ${{ secrets.CONTAINER_REGISTRY_USERNAME }} password: ${{ secrets.CONTAINER_REGISTRY_TOKEN }} - name: Determine image tag id: determine-tag run: | case "${{ github.ref }}" in refs/tags/*) TAG_NAME=${{ github.ref }} TAG_NAME=${TAG_NAME##*/} echo "::set-output name=tag::${TAG_NAME}" ;; *) echo "Unsupported ref: ${{ github.ref }}" exit 1 ;; esac - name: Build and push Docker image uses: docker/build-push-action@v5 with: context: . push: true tags: ${{ vars.CONTAINER_REGISTRY }}/${{ vars.CONTAINER_IMAGE_NAME }}:${{ steps.determine-tag.outputs.tag }} cache-from: type=gha cache-to: type=gha,mode=max deploy: needs: build runs-on: ubuntu-latest container: catthehacker/ubuntu:act-latest environment: name: production url: https://portal.servala.com/ steps: - name: Checkout repository uses: actions/checkout@v4 - name: Determine image tag id: determine-tag run: | case "${{ github.ref }}" in refs/tags/*) TAG_NAME=${{ github.ref }} TAG_NAME=${TAG_NAME##*/} echo "::set-output name=tag::${TAG_NAME}" ;; *) echo "Unsupported ref: ${{ github.ref }}" exit 1 ;; esac - name: Deploy to OpenShift uses: docker://quay.io/appuio/oc:v4.16 with: entrypoint: /bin/bash args: | -c "set -e && oc login --token=${OPENSHIFT_TOKEN} --server=${OPENSHIFT_URL} && \ pushd deployment/kustomize/overlays/production && \ kustomize edit set image ${{ vars.CONTAINER_REGISTRY }}/${{ vars.CONTAINER_IMAGE_NAME }}:${{ steps.determine-tag.outputs.tag }} && \ cat kustomization.yaml && popd && \ oc -n ${NAMESPACE} apply --overwrite -k deployment/kustomize/overlays/production && \ oc -n ${NAMESPACE} rollout restart deployment/servala" env: NAMESPACE: ${{ vars.NAMESPACE_PORTAL_PRODUCTION }} KUBECONFIG: /tmp/kube_config OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN_PRODUCTION }} OPENSHIFT_URL: ${{ secrets.OPENSHIFT_URL }} - name: Verify deployment uses: docker://quay.io/appuio/oc:v4.16 with: entrypoint: /bin/bash args: | -c "set -e && oc login --token=${OPENSHIFT_TOKEN} --server=${OPENSHIFT_URL} && \ echo 'Waiting for deployment to complete...' && \ oc -n ${NAMESPACE} rollout status deployment/servala --timeout=300s && \ echo 'Checking pod status...' && \ oc -n ${NAMESPACE} get pods -l app=servala && \ READY_PODS=$(oc -n ${NAMESPACE} get pods -l app=servala -o jsonpath='{.items[*].status.containerStatuses[0].ready}' | grep -o 'true' | wc -l) && \ TOTAL_PODS=$(oc -n ${NAMESPACE} get pods -l app=servala --no-headers | wc -l) && \ echo \"Ready pods: $READY_PODS/$TOTAL_PODS\" && \ if [ \"$READY_PODS\" -eq \"$TOTAL_PODS\" ]; then \ echo '✅ Deployment verified successfully!' && exit 0; \ else \ echo '❌ Deployment verification failed!' && exit 1; \ fi" env: NAMESPACE: ${{ vars.NAMESPACE_PORTAL_PRODUCTION }} KUBECONFIG: /tmp/kube_config OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN_PRODUCTION }} OPENSHIFT_URL: ${{ secrets.OPENSHIFT_URL }}