Skip to content

Build & Deploy

Build & Deploy #67

Workflow file for this run

name: Build & Deploy
on:
push:
branches:
- main
workflow_dispatch:
schedule:
- cron: '10 17 * * 4'
permissions:
id-token: write
contents: read
packages: write
jobs:
package:
uses: Chia-Network/actions/.github/workflows/docker-build.yaml@main
deploy:
name: Deploy ${{ matrix.mode.name }}
needs:
- package
runs-on: [k8s-public-fmt]
container:
image: registry.gitlab.com/cmmarslender/kubectl-helm:v3
strategy:
fail-fast: false
matrix:
mode:
- name: label-prs
- name: notify-stale-prs
- name: notify-pending-prs
- name: notify-unsigned
steps:
- uses: actions/checkout@v4
- name: Vault Login
uses: Chia-Network/actions/vault/login@main
with:
vault_url: ${{ secrets.VAULT_URL }}
role_name: github-github-bot
- name: Get secrets from vault
uses: hashicorp/vault-action@v3
with:
url: ${{ secrets.VAULT_URL }}
token: ${{ env.VAULT_TOKEN }}
secrets: |
secret/data/fmt/k8s/k8s-fmt api_server_url | K8S_API_SERVER_URL;
secret/data/github_users/chiaautomation/github-bot token | BOT_GITHUB_TOKEN;
secret/data/github/teams internal | INTERNAL_TEAM_NAME;
secret/data/fmt/mysql/db-info host | DB_HOST;
secret/data/fmt/mysql/users/github-bot username | DB_USER;
secret/data/fmt/mysql/users/github-bot password | DB_PASS;
secret/data/alertmanager-receiver/okta-app client-secret | WEBHOOK_AUTH_SECRET_TOKEN;
- name: Login to k8s cluster
uses: Chia-Network/actions/vault/k8s-login@main
with:
vault_url: ${{ secrets.VAULT_URL }}
vault_token: ${{ env.VAULT_TOKEN }}
backend_name: k8s-fmt
role_name: github-actions
cluster_url: ${{ env.K8S_API_SERVER_URL }}
- uses: Chia-Network/actions/helm/deploy@main
env:
DOCKER_TAG: "sha-${{ github.sha }}"
with:
namespace: "github-bot"
app_name: "github-bot-${{ matrix.mode.name }}"
helm_chart_repo: "https://chia-network.github.io/helm-charts"
helm_chart: "generic"
helm_values: "./k8s/${{ matrix.mode.name }}.yml"