65 lines
1.9 KiB
YAML
65 lines
1.9 KiB
YAML
on:
|
|
workflow_call:
|
|
inputs:
|
|
tag:
|
|
required: false
|
|
type: string
|
|
default: latest
|
|
debug:
|
|
required: false
|
|
type: boolean
|
|
default: false
|
|
migrate:
|
|
type: boolean
|
|
default: false
|
|
environment:
|
|
type: string
|
|
required: true
|
|
host:
|
|
type: string
|
|
required: true
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: gpu
|
|
env:
|
|
CR_REGISTRY: crp8vh46gd976oq8ipla
|
|
CR_REPO: ${{ github.event.repository.name }}
|
|
TAG: ${{ inputs.tag }}
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@master
|
|
- name: Yandex Cloud Login
|
|
uses: yc-actions/yc-cr-login@v2
|
|
with:
|
|
yc-sa-json-credentials: ${{ secrets.YC_SA_JSON_CREDENTIALS }}
|
|
- name: Import Secrets
|
|
uses: hashicorp/vault-action@v2
|
|
id: vault
|
|
with:
|
|
url: https://vault.hublab.ru/
|
|
method: approle
|
|
roleId: ${{ secrets.VAULT_ROLE_ID }}
|
|
secretId: ${{ secrets.VAULT_SECRET_ID }}
|
|
secrets: |
|
|
hub/data/tach/${{ inputs.environment }}/base * | PFX_;
|
|
hub/data/tach/${{ inputs.environment }}/${{github.event.repository.name}} * | PFX_;
|
|
- name: Save envs
|
|
run: |
|
|
env | grep '^PFX_' | while IFS= read -r line; \
|
|
do new_key=$(echo "$line" | cut -d= -f1 | sed "s/^PFX_//"); \
|
|
value=$(echo "$line" | cut -d= -f2-); \
|
|
echo "$new_key=$value" >> .env; \
|
|
done
|
|
source .env
|
|
cat .env
|
|
- name: Migrate
|
|
if: ${{ inputs.migrate == 'true' }}
|
|
run: |
|
|
docker run --env-file=.env --pull=always --rm cr.yandex/$CR_REGISTRY/$CR_REPO:$TAG alembic upgrade head
|
|
- name: Deploy
|
|
env:
|
|
DOCKER_HOST: tcp://${{ inputs.host }}:2376
|
|
run: |
|
|
docker compose pull
|
|
docker compose -p ${{ inputs.environment }} up -d --force-recreate |