Deploy to Prod #30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ============================================================================= | |
| # Deploy to Production | |
| # ============================================================================= | |
| # Manually triggered workflow to deploy a tested version to production. | |
| # Requires semantic version tag (v1.2.3). | |
| # Validates that version was deployed to test first. | |
| # Also rebuilds typesense-sync image to keep it in lockstep. | |
| # ============================================================================= | |
| name: Deploy to Prod | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: 'Version tag to promote (e.g., v1.2.3)' | |
| required: true | |
| type: string | |
| permissions: write-all | |
| env: | |
| OPENSHIFT_NAMESPACE_TOOLS: 6cdc9e-tools | |
| OPENSHIFT_NAMESPACE_PROD: 6cdc9e-prod | |
| IMAGE_NAME: eagle-api | |
| SYNC_IMAGE_NAME: typesense-sync | |
| APP_NAME: eagle-api | |
| jobs: | |
| validate: | |
| name: Validate Version | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Validate version format | |
| run: | | |
| if [[ ! "${{ inputs.version }}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
| echo "Error: Version must be in format v1.2.3" | |
| exit 1 | |
| fi | |
| - name: Verify Git tag exists | |
| run: | | |
| if ! git rev-parse "${{ inputs.version }}" >/dev/null 2>&1; then | |
| echo "Error: Git tag ${{ inputs.version }} does not exist" | |
| echo "Please deploy to test first to create the version" | |
| exit 1 | |
| fi | |
| echo "Git tag ${{ inputs.version }} verified" | |
| deploy: | |
| name: Deploying ${{ inputs.version }} to Prod | |
| needs: validate | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository at version tag | |
| uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ inputs.version }} | |
| - name: Install OpenShift CLI | |
| run: | | |
| curl -LO "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz" | |
| tar -xvzf openshift-client-linux.tar.gz | |
| sudo mv oc /usr/local/bin/ | |
| rm -f openshift-client-linux.tar.gz | |
| - name: Log into OpenShift | |
| run: oc login --token=${{ secrets.OPENSHIFT_TOKEN }} --server=${{ secrets.OPENSHIFT_URL }} | |
| - name: Verify image tag exists | |
| run: | | |
| echo "Verifying image tag ${{ inputs.version }} exists..." | |
| if ! oc -n ${{ env.OPENSHIFT_NAMESPACE_TOOLS }} get imagestreamtag ${{ env.IMAGE_NAME }}:${{ inputs.version }} &>/dev/null; then | |
| echo "Error: Image tag ${{ inputs.version }} does not exist" | |
| exit 1 | |
| fi | |
| echo "Image tag verified" | |
| - name: Tag version as prod | |
| run: | | |
| echo "Tagging ${{ inputs.version }} as prod..." | |
| oc -n ${{ env.OPENSHIFT_NAMESPACE_TOOLS }} tag \ | |
| ${{ env.IMAGE_NAME }}:${{ inputs.version }} ${{ env.IMAGE_NAME }}:prod | |
| - name: Install Helm | |
| run: | | |
| curl -fsSL https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash | |
| helm version | |
| - name: Deploy with Helm | |
| run: | | |
| helm upgrade --install ${{ env.APP_NAME }} ./helm/${{ env.APP_NAME }} \ | |
| --namespace ${{ env.OPENSHIFT_NAMESPACE_PROD }} \ | |
| --values ./helm/${{ env.APP_NAME }}/values-prod.yaml \ | |
| --set image.tag=prod \ | |
| --wait --timeout=10m | |
| - name: Verify deployment | |
| run: | | |
| echo "Deployment successful!" | |
| oc get pods -n ${{ env.OPENSHIFT_NAMESPACE_PROD }} -l app.kubernetes.io/name=${{ env.APP_NAME }} | |
| build-sync: | |
| name: Build Sync Image | |
| needs: validate | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository at version tag | |
| uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ inputs.version }} | |
| - name: Login to OpenShift registry | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ${{ secrets.OPENSHIFT_REPOSITORY }} | |
| username: ${{ secrets.OPENSHIFT_REPOSITORY_USERNAME }} | |
| password: ${{ secrets.OPENSHIFT_REPOSITORY_PASSWORD }} | |
| - name: Build and push sync image | |
| uses: docker/build-push-action@v7 | |
| with: | |
| context: ./typesense-sync | |
| push: true | |
| tags: | | |
| ${{ secrets.OPENSHIFT_REPOSITORY }}/${{ env.OPENSHIFT_NAMESPACE_TOOLS }}/${{ env.SYNC_IMAGE_NAME }}:prod | |
| ${{ secrets.OPENSHIFT_REPOSITORY }}/${{ env.OPENSHIFT_NAMESPACE_TOOLS }}/${{ env.SYNC_IMAGE_NAME }}:${{ inputs.version }} | |
| deploy-sync: | |
| name: Deploy Sync to Prod | |
| needs: [deploy, build-sync] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Install OpenShift CLI | |
| run: | | |
| curl -LO "https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz" | |
| tar -xvzf openshift-client-linux.tar.gz | |
| sudo mv oc /usr/local/bin/ | |
| rm -f openshift-client-linux.tar.gz | |
| - name: Log into OpenShift | |
| run: oc login --token=${{ secrets.OPENSHIFT_TOKEN }} --server=${{ secrets.OPENSHIFT_URL }} | |
| - name: Restart sync deployments | |
| run: | | |
| echo "Restarting typesense-sync deployments to pick up new image..." | |
| if oc get deployment typesense-typesense-sync -n ${{ env.OPENSHIFT_NAMESPACE_PROD }} &>/dev/null; then | |
| oc rollout restart deployment/typesense-typesense-sync -n ${{ env.OPENSHIFT_NAMESPACE_PROD }} | |
| oc rollout status deployment/typesense-typesense-sync -n ${{ env.OPENSHIFT_NAMESPACE_PROD }} --timeout=3m | |
| echo "✓ Sync deployment restarted" | |
| else | |
| echo "⚠ typesense-sync deployment not found — skipping (run Deploy Typesense workflow first)" | |
| fi |