Skip to content

cd: use gcp workload identity provider for authentication #21

cd: use gcp workload identity provider for authentication

cd: use gcp workload identity provider for authentication #21

Workflow file for this run

name: ci-cd
on: push
jobs:
# test:
# environment: development
# runs-on: ubuntu-22.04
# container: tyknkd/spark:3.3.2-scala2.13-jdk17-gradle8.7-jammy
# env:
# NEWS_API_KEY: ${{ secrets.NEWS_API_KEY }}
# OS_ENV: container
# PGPASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
# POSTGRES_DB: collector_db
# POSTGRES_HOST: db
# POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
# POSTGRES_USER: postgresuser
# RABBITMQ_DEFAULT_PASS: ${{ secrets.RABBITMQ_DEFAULT_PASS }}
# RABBITMQ_DEFAULT_USER: rabbituser
# services:
# db:
# image: postgres:16.2
# env:
# POSTGRES_DB: ${{ env.POSTGRES_DB }}
# POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
# POSTGRES_USER: ${{ env.POSTGRES_USER }}
# options: >-
# --health-cmd pg_isready
# --health-interval 10s
# --health-timeout 5s
# --health-retries 5
# ports:
# - 5432:5432
# mq:
# image: rabbitmq:3.13-management
# env:
# RABBITMQ_DEFAULT_PASS: ${{ secrets.RABBITMQ_DEFAULT_PASS }}
# RABBITMQ_DEFAULT_USER: ${{ env.RABBITMQ_DEFAULT_USER }}
# ports:
# - 5672:5672
# - 15692:15692
# options: >-
# --health-cmd "rabbitmq-diagnostics check_port_connectivity"
# --health-interval 10s
# --health-timeout 5s
# --health-retries 5
# steps:
# - name: Install PostgreSQL client
# run: |
# apt update
# apt install -y postgresql-client
#
# - name: Check out repository
# uses: actions/checkout@v4
#
# - name: Initialize databases
# shell: bash
# run: |
# source .env
# chmod +x ./docker-databases/docker-entrypoint-initdb.d/init-additional-db.sh
# ./docker-databases/docker-entrypoint-initdb.d/init-additional-db.sh
#
# - name: Run tests
# shell: bash
# run: |
# source .env
# gradle test
#
# publish:
# needs: test
# if: github.ref == 'refs/heads/main'
# environment: production
# runs-on: ubuntu-22.04
# steps:
# - name: Log in to Docker Hub
# uses: docker/login-action@v3
# with:
# username: ${{ secrets.DOCKER_USERNAME }}
# password: ${{ secrets.DOCKER_TOKEN }}
#
# - name: Check out repository
# uses: actions/checkout@v4
#
# - name: Build and push Docker images
# shell: bash
# run: docker compose build --push data-collector data-analyzer web-server
deploy:
# needs: publish
# if: github.ref == 'refs/heads/main'
environment: production
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2
with:
project_id: ${{ secrets.GKE_PROJECT_ID }}
workload_identity_provider: projects/784362733291/locations/global/workloadIdentityPools/github/providers/news-analyzer
- name: Set up gcloud
uses: google-github-actions/setup-gcloud@v2
with:
project_id: ${{ secrets.GKE_PROJECT_ID }}
install_components: kubectl, gke-gcloud-auth-plugin
- name: Configure GKE cluster authentication
uses: google-github-actions/get-gke-credentials@v2
with:
cluster_name: ${{ secrets.GKE_CLUSTER }}
location: ${{ secrets.GKE_ZONE }}
- name: Update Kubernetes secrets
run: |
kubectl create secret generic postgres-password-secret \
--from-literal=postgres-password=${{ secrets.POSTGRES_PASSWORD }} \
--save-config \
--dry-run=client \
-o yaml | kubectl apply -f -
kubectl create secret generic mq-password-secret \
--from-literal=mq-password=${{ secrets.RABBITMQ_DEFAULT_PASS }} \
--save-config \
--dry-run=client \
-o yaml | kubectl apply -f -
kubectl create secret generic grafana-password-secret \
--from-literal=grafana-password=${{ secrets.GRAFANA_PASSWORD }} \
--save-config \
--dry-run=client \
-o yaml | kubectl apply -f -
kubectl create secret generic news-api-key-secret \
--from-literal=news-api-key=${{ secrets.NEWS_API_KEY }} \
--save-config \
--dry-run=client \
-o yaml | kubectl apply -f -
- name: Install Helm
run: curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
- name: Deploy to GKE
env:
DEPLOYMENT_NAME: news-analyzer
run: |
helm upgrade $DEPLOYMENT_NAME deployment/ \
--install \
--wait
kubectl rollout status deployment/$DEPLOYMENT_NAME
kubectl get services -o wide