-
Notifications
You must be signed in to change notification settings - Fork 5
139 lines (132 loc) · 4.26 KB
/
cleanup_helmfile.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: Cleanup release
# Triggered when a pull request is merged
on:
workflow_dispatch:
inputs:
dockerImage:
description: 'Docker image to delete'
required: false
type: string
appName:
description: 'Name of application to deploy'
required: true
default: ''
type: string
globalEnv:
description: 'Environment Name'
required: true
default: 'testing'
type: string
helmfileDir:
description: 'Directory to run helmfile'
required: false
default: '.'
type: string
kubeConfigSecret:
description: 'Path to kubeconfig in vault'
required: true
default: ''
type: string
vaultRole:
description: 'Role to authenticate in vault'
required: true
default: ''
type: string
workflow_call:
inputs:
appName:
description: 'Name of application to deploy'
required: true
default: ''
type: string
globalEnv:
description: 'Environment Name'
required: true
default: 'testing'
type: string
helmfileDir:
description: 'Directory to run helmfile'
required: false
default: '.'
type: string
kubeConfigSecret:
description: 'Path to kubeconfig in vault'
required: true
default: ''
type: string
vaultRole:
description: 'Role to authenticate in vault'
required: true
default: ''
type: string
dockerImage:
description: 'Docker image to delete'
required: false
type: string
jobs:
cleanup:
name: Cleanup
permissions:
id-token: write
contents: read
runs-on: ubuntu-20.04
strategy:
fail-fast: true
max-parallel: 1
matrix:
environment: [Dev]
region: [us-east-1]
# environment:
# name: ${{ matrix.environment }}
steps:
- name: Check out the repo
uses: actions/checkout@v3
- name: Inject slug/short variables
uses: rlespinasse/github-slug-action@v4
- name: Add inputs to GITHUB_ENV
run: |
echo "APP_NAMESPACE=${{ inputs.appNamespace }}" >> $GITHUB_ENV
echo "DOCKER_IMAGE=${{ inputs.dockerImage }}" >> $GITHUB_ENV
- name: Configure Kubectl
uses: azure/[email protected]
with:
version: 'v1.23.6'
id: install
# Install helm, helm-secrets, sops
- name: Install tools
shell: bash
run: |
curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /usr/share/keyrings/helm.gpg > /dev/null
sudo apt-get install apt-transport-https --yes
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
sudo apt-get update -y
sudo apt-get install helm gnupg -y
helm plugin install https://github.com/jkroepke/helm-secrets
helm plugin install https://github.com/databus23/helm-diff
cd /tmp
curl -O -L -C - https://github.com/helmfile/helmfile/releases/download/v0.167.1/helmfile_0.167.1_linux_amd64.tar.gz
tar -xzvf helmfile_0.167.1_linux_amd64.tar.gz
sudo mv helmfile /usr/bin/helmfile
sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
sudo chmod +x /usr/local/bin/yq
- name: Get Vault credentials
id: retrieve-vault-secrets
uses: hashicorp/[email protected]
with:
url: https://vault.k8s.blockscout.com
role: ${{ inputs.vaultRole }}
path: github-jwt
method: jwt
tlsSkipVerify: false
exportToken: true
secrets: |
${{ inputs.kubeConfigSecret }} kubeconfig | KUBECONFIG_BASE64 ;
# Delete release
- name: Delete
shell: bash
run: |
mkdir -p ~/.kube
echo $KUBECONFIG_BASE64 | base64 --decode > ~/.kube/config
chmod 600 ~/.kube/config
cd ${{ inputs.helmfileDir }}
helmfile -e ${{ inputs.globalEnv }} -l app=${{ inputs.appName }} destroy