-
Notifications
You must be signed in to change notification settings - Fork 12
226 lines (205 loc) · 8.23 KB
/
helm-deploy.yml
File metadata and controls
226 lines (205 loc) · 8.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
---
name: HELM
on:
workflow_call:
inputs:
provider:
required: true
type: string
description: 'Cloud provider to run the workflow. e.g. azure or aws'
eks-cluster-name:
required: false
type: string
description: 'EKS cluster name'
aws_region:
required: false
type: string
default: us-east-1
azure-cluster-name:
required: false
type: string
description: 'Azure cluster name'
resource-group:
required: false
type: string
description: 'Container for managing Azure resources'
helm-chart-directory:
required: true
type: string
description: 'Kubernetes deployment configurations files'
release-name:
required: false
type: string
description: 'Unique ID for installed chart'
timeout:
required: true
type: string
description: 'Timeout for helm install step in seconds'
values-file-path:
required: false
type: string
description: 'Values file path from helm chart directory'
history-max:
required: true
type: number
description: 'number of revisions stored in the revision history.'
namespace:
required: false
type: string
description: 'Boundary for Kubernetes resources'
dependency_repo_name:
required: false
type: string
description: 'Dependency Repo Name'
dependency_repo_url:
required: false
type: string
description: 'Dependency Repo URL'
rollback:
required: false
type: boolean
description: 'Environment name for rollback'
dependencies:
required: false
type: boolean
description: 'Install chart dependencies or not'
revision:
required: false
type: number
description: 'If this argument is omitted or set to 0, it will roll back to the previous release.'
uninstall:
required: false
type: boolean
default: false
description: 'Set true to uninstall helmchart'
role-duration-seconds:
required: false
type: number
default: 900
description: 'The assumed role duration in seconds, if assuming a role. Defaults to 1 hour.'
diagram-file-name:
required: false
type: string
default: diagram.png
description: 'Optional output diagram file name for kube-diagrams'
generate-diagram:
required: false
type: boolean
default: false
description: 'Set to true to generate KubeDiagram from Helm templates'
secrets:
AWS_ACCESS_KEY_ID:
description: 'AWS Access Key ID'
required: false
AWS_SECRET_ACCESS_KEY:
required: false
description: 'AWS Secret Access Key'
AWS_SESSION_TOKEN:
required: false
description: 'AWS Session Token'
BUILD_ROLE:
required: false
description: 'AWS OIDC role for aws authentication'
AZURE_CREDENTIALS:
description: 'Azure Credentilas'
required: false
set-parameters:
required: false
description: 'Overriding the default values using --set flag'
jobs:
helm-action:
runs-on: ubuntu-latest
steps:
- name: 📦 Checkout Repository
uses: actions/checkout@v6
- name: 🔧 Configure AWS credentials
if: ${{ inputs.provider == 'aws' }}
uses: aws-actions/configure-aws-credentials@v6
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
role-to-assume: ${{ secrets.BUILD_ROLE }}
aws-region: ${{ inputs.aws_region }}
role-duration-seconds: ${{ inputs.role-duration-seconds }}
role-skip-session-tagging: true
- name: ☁️ Install Azure CLI
if: ${{ inputs.provider == 'azure' }}
uses: azure/login@v3
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: 🔄 Update Kubeconfig
run: |
if [ "${{ inputs.provider }}" = "azure" ]; then
az aks get-credentials --resource-group ${{ inputs.resource-group }} --name ${{ inputs.azure-cluster-name }}
else
aws eks update-kubeconfig --name ${{ inputs.eks-cluster-name }} --region ${{ inputs.aws_region }}
fi
- name: 🧩 helm dependency build
if: ${{ inputs.rollback != true && inputs.uninstall != true && inputs.dependencies == true }}
run: |
# Split the input strings into arrays using ',' as delimiter
IFS=',' read -ra REPO_NAMES <<< "${{ inputs.dependency_repo_name }}"
IFS=',' read -ra REPO_URLS <<< "${{ inputs.dependency_repo_url }}"
# Loop through the arrays and add each Helm repo
for i in "${!REPO_NAMES[@]}"; do
echo "Adding repo ${REPO_NAMES[$i]} -> ${REPO_URLS[$i]}"
helm repo add "${REPO_NAMES[$i]}" "${REPO_URLS[$i]}"
done
helm repo update
helm dependency build "${{ inputs.helm-chart-directory }}"
- name: 🧪 helm lint
if: ${{ inputs.rollback != true && inputs.uninstall != true }}
run: |
helm lint ${{ inputs.helm-chart-directory }} -f ${{ inputs.values-file-path }}
- name: 📝 helm template
if: ${{ inputs.rollback != true && inputs.uninstall != true }}
run: |
helm template ${{ inputs.helm-chart-directory }} -f ${{ inputs.values-file-path }}
- name: 🖼️ Install Graphviz & KubeDiagrams
if: ${{ inputs.generate-diagram == true }}
run: |
sudo apt-get update
sudo apt-get install -y graphviz
pip install git+https://github.com/philippemerle/KubeDiagrams.git
- name: 🗺️ Generate Helm template and KubeDiagram
if: ${{ inputs.generate-diagram == true }}
run: |
helm template ${{ inputs.helm-chart-directory }} --namespace ${{ inputs.namespace }} -f ${{ inputs.values-file-path }} \
| kube-diagrams -o "${{ inputs.diagram-file-name }}" -
- name: 📤 Upload Diagram Artifact
if: ${{ inputs.generate-diagram == true }}
uses: actions/upload-artifact@v7
with:
name: helm-diagram
path: ${{ inputs.diagram-file-name }}
- name: 🚀 helm install and upgrade
if: ${{ inputs.rollback != true && inputs.uninstall != true }}
run: |
if [ -n "${{ secrets.set-parameters }}" ]; then
helm upgrade --install ${{ inputs.release-name }} ${{ inputs.helm-chart-directory }} -f ${{ inputs.values-file-path }} --namespace=${{ inputs.namespace }} --create-namespace ${{ secrets.set-parameters }} \
--history-max ${{ inputs.history-max }} --atomic --wait --debug --timeout ${{ inputs.timeout }}
else
helm upgrade --install ${{ inputs.release-name }} ${{ inputs.helm-chart-directory }} -f ${{ inputs.values-file-path }} --namespace=${{ inputs.namespace }} --create-namespace \
--history-max ${{ inputs.history-max }} --atomic --wait --debug --timeout ${{ inputs.timeout }}
fi
- name: ⏪ Helm Rollback
if: ${{ inputs.rollback == true && inputs.uninstall != true }}
run: |
echo "⏪ Attempting rollback of release: ${{ inputs.release-name }} to revision ${{ inputs.revision }}"
REVISION=${{ inputs.revision }}
REV_STATUS=$(helm history ${{ inputs.release-name }} -n ${{ inputs.namespace }} | awk -v rev="$REVISION" '$1 == rev {print $4}')
if [ -z "$REV_STATUS" ]; then
echo "❌ Revision $REVISION does not exist."
exit 1
fi
if [ "$REV_STATUS" = "failed" ] || [ "$REV_STATUS" = "pending" ]; then
echo "⚠️ Revision $REVISION exists but has status '$REV_STATUS'. Cannot roll back to it."
exit 1
fi
helm rollback ${{ inputs.release-name }} -n ${{ inputs.namespace }} $REVISION --debug
- name: 🗑️ Uninstall Helm Release
if: ${{ inputs.uninstall == true }}
run: |
helm uninstall ${{ inputs.release-name }} -n ${{ inputs.namespace }}
...