94b23fc839
Three path-filtered workflows (finance-api, auth-users, auth-gateway) each build, push to ghcr.io, and rollout to k3s on push to main. Deployment manifests updated from local image refs to ghcr.io with imagePullSecrets referencing a ghcr-credentials k8s secret. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
57 lines
1.4 KiB
YAML
57 lines
1.4 KiB
YAML
name: auth-gateway
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
paths:
|
|
- apps/auth/services/gateway/**
|
|
- go.mod
|
|
- go.sum
|
|
|
|
env:
|
|
IMAGE: ghcr.io/${{ github.repository_owner }}/homelab/auth-gateway
|
|
|
|
jobs:
|
|
build-and-deploy:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
packages: write
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Log in to ghcr.io
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ghcr.io
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
|
|
- name: Build and push
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
file: apps/auth/services/gateway/Dockerfile
|
|
push: true
|
|
tags: |
|
|
${{ env.IMAGE }}:${{ github.sha }}
|
|
${{ env.IMAGE }}:latest
|
|
cache-from: type=gha
|
|
cache-to: type=gha,mode=max
|
|
|
|
- name: Deploy to k3s
|
|
env:
|
|
KUBECONFIG_DATA: ${{ secrets.KUBECONFIG }}
|
|
run: |
|
|
mkdir -p ~/.kube
|
|
echo "$KUBECONFIG_DATA" | base64 -d > ~/.kube/config
|
|
chmod 600 ~/.kube/config
|
|
kubectl set image deployment/gateway \
|
|
gateway=${{ env.IMAGE }}:${{ github.sha }} \
|
|
-n auth
|
|
kubectl rollout status deployment/gateway -n auth --timeout=120s
|