t.behrendt/k_deploy_workflows
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

refactor!: modernize shared cicd deploy and validate workflows (#49)
Release / Release (push) Successful in 11s
Details

Browse Source 
Reviewed-on: #49
Co-authored-by: Timo Behrendt <t.behrendt@t00n.de>
Co-committed-by: Timo Behrendt <t.behrendt@t00n.de>
This commit was merged in pull request #49.
This commit is contained in:
Timo Behrendt
2026-04-29 19:49:08 +02:00
committed by t.behrendt
parent dc62bc4e6a
commit bb6706d1a0
6 changed files with 81 additions and 238 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/cd.yaml → .gitea/workflows/deploy.yaml
+33 -75
View File
@@ -3,35 +3,30 @@ name: Deploy
on:
workflow_call:
inputs:
# Optional: Override the default k8s directory path
k8s_dir:
description: "Path to Kubernetes manifests directory"
description: "Override the default k8s directory path (k8s/)"
required: false
default: "k8s/"
type: string
# Optional: Override the default helmfile path
helmfile_path:
description: "Path to helmfile.yaml"
description: "Override the default helmfile path (hemfile.yaml)"
required: false
default: "helmfile.yaml"
type: string
# Optional: Skip Helm deployment even if helmfile exists
skip_helm_deployment:
description: "Skip Helm deployment even if helmfile.yaml exists"
required: false
default: false
type: boolean
# Optional: Custom secrets to create (JSON array of secret objects)
custom_secrets:
description: "JSON array of secrets to create. Each secret should have: name, type, data"
skip_shared_secrets_deployment:
description: "Skip shared secrets deployment (e.g. restic backup secret)"
required: false
default: "[]"
type: string
# Optional: Branch to deploy from
deploy_branch:
description: "Branch to deploy from"
default: false
type: boolean
helmfile_env:
description: "Optional JSON object string of environment variables for Helmfile"
required: false
default: "main"
default: "{}"
type: string
jobs:
@@ -63,15 +58,33 @@ jobs:
echo "No k8s directory found at ${{ inputs.k8s_dir }}"
fi
deploy-shared-secrets:
runs-on: ubuntu-latest
needs: detect-service-type
if: inputs.skip_shared_secrets_deployment != 'true'
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- name: Set restic backup secret
uses: azure/k8s-create-secret@6e0ba8047235646753f2a3a3b359b4d0006ff218 # v5.0.1
with:
namespace: ${{ steps.namespace.outputs.namespace }}
secret-name: backupsidecar-secret
secret-type: generic
data: |
{
"restic_password": "${{ secrets.RESTIC_PASSWORD }}",
"restic_rest_username": "${{ secrets.RESTIC_REST_USERNAME }}",
"restic_rest_password": "${{ secrets.RESTIC_REST_PASSWORD }}",
"gotify_token": "${{ secrets.GOTIFY_TOKEN }}"
}
deploy-k8s:
runs-on: ubuntu-latest
needs: detect-service-type
if: needs.detect-service-type.outputs.has_k8s == 'true'
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.deploy_branch }}
- uses: ./.gitea/actions/extract-namespace-from-repo-name
- uses: https://gitea.t000-n.de/t.behrendt/k_deploy_actions/.gitea/actions/extract-namespace-from-repo-name@0.0.1
id: namespace
with:
repo: ${{ github.repository }}
@@ -80,29 +93,6 @@ jobs:
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Create custom secrets
id: create-secrets
run: |
# Parse custom secrets from input
SECRETS='${{ inputs.custom_secrets }}'
if [ "$SECRETS" != "[]" ]; then
echo "Creating custom secrets..."
echo "$SECRETS" | jq -c '.[]' | while read -r secret; do
SECRET_NAME=$(echo "$secret" | jq -r '.name')
SECRET_TYPE=$(echo "$secret" | jq -r '.type // "generic"')
SECRET_DATA=$(echo "$secret" | jq -r '.data')
echo "Creating secret: $SECRET_NAME (type: $SECRET_TYPE)"
# Create the secret using kubectl
echo "$SECRET_DATA" | kubectl create secret $SECRET_TYPE $SECRET_NAME \
--from-literal=secret.json="$SECRET_DATA" \
--namespace=${{ steps.namespace.outputs.namespace }} \
--dry-run=client -o yaml | kubectl apply -f -
done
else
echo "No custom secrets to create"
fi
- name: Deploy Kubernetes manifests
uses: azure/k8s-deploy@c7ebd0d5f39477a23f1b5dea0f52e6db04adf28e # v6.0.0
with:
@@ -120,9 +110,7 @@ jobs:
inputs.skip_helm_deployment != 'true'
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: ${{ inputs.deploy_branch }}
- uses: ./.gitea/actions/extract-namespace-from-repo-name
- uses: https://gitea.t000-n.de/t.behrendt/k_deploy_actions/.gitea/actions/extract-namespace-from-repo-name@0.0.1
id: namespace
with:
repo: ${{ github.repository }}
@@ -132,38 +120,16 @@ jobs:
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Create custom secrets
id: create-secrets
run: |
# Parse custom secrets from input
SECRETS='${{ inputs.custom_secrets }}'
if [ "$SECRETS" != "[]" ]; then
echo "Creating custom secrets..."
echo "$SECRETS" | jq -c '.[]' | while read -r secret; do
SECRET_NAME=$(echo "$secret" | jq -r '.name')
SECRET_TYPE=$(echo "$secret" | jq -r '.type // "generic"')
SECRET_DATA=$(echo "$secret" | jq -r '.data')
echo "Creating secret: $SECRET_NAME (type: $SECRET_TYPE)"
# Create the secret using kubectl
echo "$SECRET_DATA" | kubectl create secret $SECRET_TYPE $SECRET_NAME \
--from-literal=secret.json="$SECRET_DATA" \
--namespace=${{ steps.namespace.outputs.namespace }} \
--dry-run=client -o yaml | kubectl apply -f -
done
else
echo "No custom secrets to create"
fi
- name: Deploy Helm
uses: helmfile/helmfile-action@02671705b1dda1dc4b0a4ddd4f9f1ea8f4568c6f # v2.4.3
with:
helmfile-args: apply
env: ${{ fromJSON(inputs.helmfile_env) }}
# Summary job that always runs to show what was deployed
deployment-summary:
runs-on: ubuntu-latest
needs: [ detect-service-type, deploy-k8s, deploy-helm ]
needs: [detect-service-type, deploy-k8s, deploy-helm]
if: always()
steps:
- name: Deployment Summary
@@ -187,11 +153,3 @@ jobs:
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Service Type**: ${{ needs.detect-service-type.outputs.has_helmfile == 'true' && 'Helm + Kubernetes' || 'Kubernetes Only' }}" >> $GITHUB_STEP_SUMMARY
# Show custom secrets info
SECRETS='${{ inputs.custom_secrets }}'
if [ "$SECRETS" != "[]" ]; then
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Custom Secrets Created**: $(echo "$SECRETS" | jq length)" >> $GITHUB_STEP_SUMMARY
echo "$SECRETS" | jq -r '.[] | "- " + .name + " (" + (.type // "generic") + ")"' >> $GITHUB_STEP_SUMMARY
fi
.gitea/workflows/ci.yaml → .gitea/workflows/validate.yaml
+9 -3
View File
@@ -18,6 +18,11 @@ on:
required: false
default: false
type: boolean
helmfile_env:
description: "Optional JSON object string of environment variables for Helmfile"
required: false
default: "{}"
type: string
jobs:
detect-service-type:
@@ -54,7 +59,7 @@ jobs:
if: needs.detect-service-type.outputs.has_k8s == 'true'
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: ./.gitea/actions/extract-namespace-from-repo-name
- uses: https://gitea.t000-n.de/t.behrendt/k_deploy_actions/.gitea/actions/extract-namespace-from-repo-name@0.0.1
id: namespace
with:
repo: ${{ github.repository }}
@@ -79,7 +84,7 @@ jobs:
inputs.skip_helm_validation != 'true'
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: ./.gitea/actions/extract-namespace-from-repo-name
- uses: https://gitea.t000-n.de/t.behrendt/k_deploy_actions/.gitea/actions/extract-namespace-from-repo-name@0.0.1
id: namespace
with:
repo: ${{ github.repository }}
@@ -93,11 +98,12 @@ jobs:
uses: helmfile/helmfile-action@02671705b1dda1dc4b0a4ddd4f9f1ea8f4568c6f # v2.4.3
with:
helmfile-args: diff
env: ${{ fromJSON(inputs.helmfile_env) }}
# Summary job that always runs to show what was validated
ci-summary:
runs-on: ubuntu-latest
needs: [ detect-service-type, validate-k8s, validate-helm ]
needs: [detect-service-type, validate-k8s, validate-helm]
if: always()
steps:
- name: CI Summary