Disable External Secrets, create GHCR secret from CD workflow instead #7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CD | |
| on: | |
| push: | |
| branches: [main] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| packages: write | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: crunchloop/workshops | |
| AWS_REGION: sa-east-1 | |
| EKS_CLUSTER: k8-dev | |
| NAMESPACE: workshops | |
| DEPLOY_ROLE_ARN: ${{ vars.AWS_DEPLOY_ROLE_ARN }} | |
| jobs: | |
| docker-publish: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| image-tag: ${{ steps.sha.outputs.short }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Get short SHA | |
| id: sha | |
| run: echo "short=${GITHUB_SHA::7}" >> "$GITHUB_OUTPUT" | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=sha,prefix= | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| - uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| deploy: | |
| needs: docker-publish | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ env.DEPLOY_ROLE_ARN }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - run: aws eks update-kubeconfig --name ${{ env.EKS_CLUSTER }} --region ${{ env.AWS_REGION }} | |
| - uses: azure/setup-helm@v4 | |
| - name: Create GHCR pull secret | |
| run: | | |
| kubectl create namespace ${{ env.NAMESPACE }} --dry-run=client -o yaml | kubectl apply -f - | |
| kubectl create secret docker-registry ghcr-secret \ | |
| --namespace ${{ env.NAMESPACE }} \ | |
| --docker-server=ghcr.io \ | |
| --docker-username=${{ github.actor }} \ | |
| --docker-password=${{ secrets.GITHUB_TOKEN }} \ | |
| --dry-run=client -o yaml | kubectl apply -f - | |
| - name: Deploy with Helm | |
| run: | | |
| helm upgrade --install workshops \ | |
| infra/charts/workshops \ | |
| --namespace ${{ env.NAMESPACE }} \ | |
| --create-namespace \ | |
| --values infra/k8/apps/values/workshops.yaml \ | |
| --set image.tag=${{ needs.docker-publish.outputs.image-tag }} \ | |
| --wait \ | |
| --timeout 5m |