diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..9998671 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,58 @@ +name: Deploy + +on: + workflow_run: + workflows: ["Build"] + types: + - completed + + workflow_dispatch: {} + +permissions: + id-token: write + contents: read + +jobs: + check-secrets: + if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }} + runs-on: ubuntu-latest + outputs: + has-secrets: ${{ steps.check.outputs.has-secrets }} + steps: + - id: check + run: | + if [ -z "${{ secrets.AWS_ACCESS_KEY_ID }}" ] || \ + [ -z "${{ secrets.AWS_SECRET_ACCESS_KEY }}" ] || \ + [ -z "${{ secrets.AWS_ROLE_TO_ASSUME }}" ] || \ + [ -z "${{ secrets.AWS_ROLE_SESSION_NAME }}" ] || \ + [ -z "${{ secrets.AWS_EKS_CLUSTER_NAME }}" ] || \ + [ -z "${{ secrets.AWS_EKS_DEPLOYMENT_NAME }}" ] || \ + [ -z "${{ secrets.AWS_EKS_NAMESPACE }}" ]; then + echo "has-secrets=false" >> "$GITHUB_OUTPUT" + echo "::warning::One or more required secrets are missing. Skipping deploy." + else + echo "has-secrets=true" >> "$GITHUB_OUTPUT" + fi + + deploy: + needs: check-secrets + if: ${{ needs.check-secrets.outputs.has-secrets == 'true' }} + runs-on: ubuntu-latest + + steps: + - uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: us-west-2 + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} + role-session-name: ${{ secrets.AWS_ROLE_SESSION_NAME }} + role-duration-seconds: 1200 + + - name: Setup kubeconfig + shell: bash + run: aws eks update-kubeconfig --name ${{ secrets.AWS_EKS_CLUSTER_NAME }} --region us-west-2 + + - name: Update Kubernetes Docs deployment + run: | + kubectl set image ${{ secrets.AWS_EKS_DEPLOYMENT_NAME }} main=ghcr.io/txpipe/docs:${{ github.sha }} --namespace=${{ secrets.AWS_EKS_NAMESPACE }}