From 94b23fc839a6cc60c876dafe0b3d03d1b1080ecb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gon=C3=A7alo=20Rodrigues?= Date: Sat, 13 Jun 2026 14:03:05 +0100 Subject: [PATCH] ci: add GitHub Actions workflows and update image references to ghcr.io Three path-filtered workflows (finance-api, auth-users, auth-gateway) each build, push to ghcr.io, and rollout to k3s on push to main. Deployment manifests updated from local image refs to ghcr.io with imagePullSecrets referencing a ghcr-credentials k8s secret. Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/auth-gateway.yml | 56 +++++++++++++++++ .github/workflows/auth-users.yml | 56 +++++++++++++++++ .github/workflows/finance-api.yml | 60 +++++++++++++++++++ .../auth/services/gateway/k8s/deployment.yaml | 6 +- apps/auth/services/users/k8s/deployment.yaml | 6 +- apps/finance/services/api/k8s/deployment.yaml | 6 +- 6 files changed, 184 insertions(+), 6 deletions(-) create mode 100644 .github/workflows/auth-gateway.yml create mode 100644 .github/workflows/auth-users.yml create mode 100644 .github/workflows/finance-api.yml diff --git a/.github/workflows/auth-gateway.yml b/.github/workflows/auth-gateway.yml new file mode 100644 index 0000000..30b3131 --- /dev/null +++ b/.github/workflows/auth-gateway.yml @@ -0,0 +1,56 @@ +name: auth-gateway + +on: + push: + branches: [main] + paths: + - apps/auth/services/gateway/** + - go.mod + - go.sum + +env: + IMAGE: ghcr.io/${{ github.repository_owner }}/homelab/auth-gateway + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - uses: actions/checkout@v4 + + - name: Log in to ghcr.io + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and push + uses: docker/build-push-action@v6 + with: + context: . + file: apps/auth/services/gateway/Dockerfile + push: true + tags: | + ${{ env.IMAGE }}:${{ github.sha }} + ${{ env.IMAGE }}:latest + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Deploy to k3s + env: + KUBECONFIG_DATA: ${{ secrets.KUBECONFIG }} + run: | + mkdir -p ~/.kube + echo "$KUBECONFIG_DATA" | base64 -d > ~/.kube/config + chmod 600 ~/.kube/config + kubectl set image deployment/gateway \ + gateway=${{ env.IMAGE }}:${{ github.sha }} \ + -n auth + kubectl rollout status deployment/gateway -n auth --timeout=120s diff --git a/.github/workflows/auth-users.yml b/.github/workflows/auth-users.yml new file mode 100644 index 0000000..0390e57 --- /dev/null +++ b/.github/workflows/auth-users.yml @@ -0,0 +1,56 @@ +name: auth-users + +on: + push: + branches: [main] + paths: + - apps/auth/services/users/** + - go.mod + - go.sum + +env: + IMAGE: ghcr.io/${{ github.repository_owner }}/homelab/auth-users + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - uses: actions/checkout@v4 + + - name: Log in to ghcr.io + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and push + uses: docker/build-push-action@v6 + with: + context: . + file: apps/auth/services/users/Dockerfile + push: true + tags: | + ${{ env.IMAGE }}:${{ github.sha }} + ${{ env.IMAGE }}:latest + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Deploy to k3s + env: + KUBECONFIG_DATA: ${{ secrets.KUBECONFIG }} + run: | + mkdir -p ~/.kube + echo "$KUBECONFIG_DATA" | base64 -d > ~/.kube/config + chmod 600 ~/.kube/config + kubectl set image deployment/users \ + users=${{ env.IMAGE }}:${{ github.sha }} \ + -n auth + kubectl rollout status deployment/users -n auth --timeout=120s diff --git a/.github/workflows/finance-api.yml b/.github/workflows/finance-api.yml new file mode 100644 index 0000000..e30e623 --- /dev/null +++ b/.github/workflows/finance-api.yml @@ -0,0 +1,60 @@ +name: finance-api + +on: + push: + branches: [main] + paths: + - apps/finance/** + - go.mod + - go.sum + +env: + IMAGE: ghcr.io/${{ github.repository_owner }}/homelab/finance-api + +jobs: + build-and-deploy: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - uses: actions/checkout@v4 + + - name: Log in to ghcr.io + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build and push + uses: docker/build-push-action@v6 + with: + context: . + file: apps/finance/services/api/Dockerfile + push: true + tags: | + ${{ env.IMAGE }}:${{ github.sha }} + ${{ env.IMAGE }}:latest + cache-from: type=gha + cache-to: type=gha,mode=max + + - name: Run tests + run: | + go test ./apps/finance/services/api/main/... + + - name: Deploy to k3s + env: + KUBECONFIG_DATA: ${{ secrets.KUBECONFIG }} + run: | + mkdir -p ~/.kube + echo "$KUBECONFIG_DATA" | base64 -d > ~/.kube/config + chmod 600 ~/.kube/config + kubectl set image deployment/api \ + api=${{ env.IMAGE }}:${{ github.sha }} \ + -n finance + kubectl rollout status deployment/api -n finance --timeout=120s diff --git a/apps/auth/services/gateway/k8s/deployment.yaml b/apps/auth/services/gateway/k8s/deployment.yaml index ade73ba..2a114b6 100644 --- a/apps/auth/services/gateway/k8s/deployment.yaml +++ b/apps/auth/services/gateway/k8s/deployment.yaml @@ -15,10 +15,12 @@ spec: labels: app: gateway spec: + imagePullSecrets: + - name: ghcr-credentials containers: - name: gateway - image: homelab/gateway:latest - imagePullPolicy: IfNotPresent + image: ghcr.io/goncalorodri/homelab/auth-gateway:latest + imagePullPolicy: Always ports: - name: http containerPort: 8080 diff --git a/apps/auth/services/users/k8s/deployment.yaml b/apps/auth/services/users/k8s/deployment.yaml index 84e3d1d..31bbeac 100644 --- a/apps/auth/services/users/k8s/deployment.yaml +++ b/apps/auth/services/users/k8s/deployment.yaml @@ -15,10 +15,12 @@ spec: labels: app: users spec: + imagePullSecrets: + - name: ghcr-credentials containers: - name: users - image: homelab/users:latest - imagePullPolicy: IfNotPresent + image: ghcr.io/goncalorodri/homelab/auth-users:latest + imagePullPolicy: Always ports: - name: http containerPort: 8080 diff --git a/apps/finance/services/api/k8s/deployment.yaml b/apps/finance/services/api/k8s/deployment.yaml index ccf2151..e205c52 100644 --- a/apps/finance/services/api/k8s/deployment.yaml +++ b/apps/finance/services/api/k8s/deployment.yaml @@ -15,10 +15,12 @@ spec: labels: app: api spec: + imagePullSecrets: + - name: ghcr-credentials containers: - name: api - image: homelab/api:latest - imagePullPolicy: IfNotPresent + image: ghcr.io/goncalorodri/homelab/finance-api:latest + imagePullPolicy: Always ports: - name: http containerPort: 8080