From d2f27d527ee93601f80f5e76e693d002ea1e526a Mon Sep 17 00:00:00 2001 From: "benoit.couloigner" Date: Thu, 16 Oct 2025 15:08:13 +0200 Subject: [PATCH 01/18] premier test cloudnative-pg --- .github/workflows/cd.yml | 1 + .github/workflows/deploy.yml | 177 ++++++++++---------- helm/api-platform/Chart.yaml | 10 +- helm/api-platform/templates/postgresql.yaml | 37 ++++ helm/api-platform/templates/secrets.yaml | 2 +- 5 files changed, 129 insertions(+), 98 deletions(-) create mode 100644 helm/api-platform/templates/postgresql.yaml diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index c853606c3..45e4454c3 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -55,5 +55,6 @@ jobs: gke-credentials: ${{ secrets.GKE_SA_KEY }} gke-project: ${{ secrets.GKE_PROJECT }} gh-key: ${{ secrets.GH_KEY }} + pgpasswd: ${{ secrets.PGPASSWORD }} # cloudflare-api-token: ${{ secrets.CF_API_TOKEN }} # cloudflare-zone-id: ${{ secrets.CF_ZONE_ID }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 650e2a43f..a2afbdd25 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -39,12 +39,58 @@ on: # required: true jobs: + meta: + name: Meta + runs-on: ubuntu-latest + outputs: + context: ${{ steps.meta.outputs.context }} + cors: ${{ steps.meta.outputs.cors }} + environment: ${{ steps.meta.outputs.environment }} + namespace: ${{ steps.meta.outputs.namespace }} + release_name: ${{ steps.meta.outputs.release_name }} + replica: ${{ steps.meta.outputs.replica }} + url: ${{ steps.meta.outputs.url }} + + steps: + - name: Generate metadata + id: meta + run: | + set -o pipefail + if [[ "${{ github.ref }}" == 'refs/heads/main' ]]; then + # Tags are deployed in prod + echo "context=prod" >> "$GITHUB_ENV" + echo 'cors=["https://api-platform.com", "http://localhost", "https://localhost", "http://localhost:3000"]' >> "$GITHUB_ENV" + echo "environment=prod" >> "$GITHUB_ENV" + echo "namespace=prod-website" >> "$GITHUB_ENV" + echo "release_name=website-prod" >> "$GITHUB_ENV" + echo "replica=1" >> "$GITHUB_ENV" + echo "url=api-platform.com" >> "$GITHUB_ENV" + else + echo "context=nonprod" >> "$GITHUB_ENV" + if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then + echo "environment=Preview" >> "$GITHUB_ENV" + echo release_name=pr-$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH") >> "$GITHUB_ENV" + export release_name=pr-$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH") + else + echo "environment=Staging" >> "$GITHUB_ENV" + echo "release_name=${{ github.ref_name }}" >> "$GITHUB_ENV" + export release_name=${{ github.ref_name }} + fi + echo 'cors=["https://${{ env.RELEASE_NAME}}.apip.preprod-tilleuls.ovh", "http://localhost", "https://localhost", "http://localhost:3000"]' >> "$GITHUB_ENV" + echo "namespace=nonprod-website" >> "$GITHUB_ENV" + echo "replica=1" >> "$GITHUB_ENV" + echo "url=$RELEASE_NAME.apip.preprod-tilleuls.ovh" >> "$GITHUB_ENV" + fi + + deploy: name: Deploy runs-on: ubuntu-latest permissions: contents: 'read' id-token: 'write' + environment: + name: ${{ needs.meta.outputs.environment }} steps: - name: Checkout uses: actions/checkout@v3 @@ -71,101 +117,48 @@ jobs: helm repo add bitnami https://charts.bitnami.com/bitnami/ helm repo add stable https://charts.helm.sh/stable/ helm dependency build ./helm/api-platform - - name: Define namespace - run: | - set -o pipefail - if [[ "${{ github.ref }}" == 'refs/heads/main' ]]; then - # Tags are deployed in prod - echo "CONTEXT=prod" >> "$GITHUB_ENV" - echo "RELEASE_NAME=website-prod" >> "$GITHUB_ENV" - echo "URL=api-platform.com" >> "$GITHUB_ENV" - echo 'CORS=["https://api-platform.com", "http://localhost", "https://localhost", "http://localhost:3000"]' >> "$GITHUB_ENV" - echo "NAMESPACE=prod-website" >> "$GITHUB_ENV" - echo "REPLICA=1" >> "$GITHUB_ENV" - else - CONTEXT=nonprod - if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then - echo RELEASE_NAME=pr-$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH") >> "$GITHUB_ENV" - export RELEASE_NAME=pr-$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH") - else - echo "RELEASE_NAME=${{ github.ref_name }}" >> "$GITHUB_ENV" - export RELEASE_NAME=${{ github.ref_name }} - fi - echo "URL=$RELEASE_NAME.apip.preprod-tilleuls.ovh" >> "$GITHUB_ENV" - echo "REPLICA=1" >> "$GITHUB_ENV" - echo "NAMESPACE=nonprod-website" >> "$GITHUB_ENV" - echo 'CORS=["https://${{ env.RELEASE_NAME}}.apip.preprod-tilleuls.ovh", "http://localhost", "https://localhost", "http://localhost:3000"]' >> "$GITHUB_ENV" - fi - name: HELM Deploy run: | set -o pipefail - if ! helm -n ${{ env.NAMESPACE }} status ${{ env.RELEASE_NAME }} &>/dev/null; then - JWT_PASSPHRASE=$(openssl rand -base64 32) - JWT_SECRET_KEY=$(openssl genpkey -pass file:<(echo "$JWT_PASSPHRASE") -aes256 -algorithm rsa -pkeyopt rsa_keygen_bits:4096) - helm upgrade ${{ env.RELEASE_NAME }} ./helm/api-platform \ - --reuse-values \ - --install \ - --create-namespace \ - --debug \ - --wait \ - --atomic \ - --namespace=${{ env.NAMESPACE }} \ - --set=app.version=${{ github.sha }} \ - --set=php.image.repository=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/php \ - --set=php.image.tag=${{ inputs.docker-images-version }} \ - --set=php.image.pullPolicy=Always \ - --set=caddy.image.repository=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/caddy \ - --set=caddy.image.tag=${{ inputs.docker-images-version }} \ - --set=caddy.image.pullPolicy=Always \ - --set=pwa.image.repository=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/pwa \ - --set=pwa.image.tag=${{ inputs.docker-images-version }} \ - --set=pwa.image.pullPolicy=Always \ - --set=bucket.s3Upstream=storage.googleapis.com \ - --set=bucket.s3Name=api-platform-website-v3 \ - --set=service.type=NodePort \ - --set=ingress.enabled=true \ - --set=ingress.hosts[0].host=${{ env.URL }} \ - --set=ingress.hosts[0].paths[0].path=/ \ - --set=ingress.hosts[0].paths[0].pathType=ImplementationSpecific \ - --set=ingress.tls[0].hosts[0]=${{ env.URL }} \ - --set=ingress.annotations."cert-manager\.io/cluster-issuer"=letsencrypt-production \ - --set=ingress.tls[0].secretName=${{ env.RELEASE_NAME }}-website-ssl \ - --set=php.jwt.secretKey="$JWT_SECRET_KEY" \ - --set=php.jwt.publicKey="$(openssl pkey -in <(echo "$JWT_SECRET_KEY") -passin file:<(echo "$JWT_PASSPHRASE") -pubout)" \ - --set=php.jwt.passphrase=$JWT_PASSPHRASE \ - --set=php.corsAllowOrigin="^$(echo "${{ join(fromJSON(env.CORS), '|') }}" | sed 's/\./\\./g')$" \ - --set=php.host=${{ env.URL }} \ - --set=next.rootUrl=${{ env.URL }} \ - --set=github.key=${{ secrets.gh-key }} \ - --set=postgresql.global.postgresql.auth.password=$(openssl rand -base64 32 | tr -d "=+/") \ - --set=postgresql.global.postgresql.auth.username=website \ - | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' - else - helm upgrade ${{ env.RELEASE_NAME }} ./helm/api-platform \ - --reuse-values \ - --install \ - --create-namespace \ - --debug \ - --wait \ - --atomic \ - --namespace=${{ env.NAMESPACE }} \ - --set=app.version=${{ github.sha }} \ - --set=php.image.repository=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/php \ - --set=php.image.tag=${{ inputs.docker-images-version }} \ - --set=php.image.pullPolicy=Always \ - --set=caddy.image.repository=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/caddy \ - --set=caddy.image.tag=${{ inputs.docker-images-version }} \ - --set=caddy.image.pullPolicy=Always \ - --set=pwa.image.repository=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/pwa \ - --set=pwa.image.tag=${{ inputs.docker-images-version }} \ - --set=pwa.image.pullPolicy=Always \ - --set=php.corsAllowOrigin="^$(echo "${{ join(fromJSON(env.CORS), '|') }}" | sed 's/\./\\./g')$" \ - --set=github.key=${{ secrets.gh-key }} \ - --set=next.rootUrl=${{ env.URL }} \ - --set=bucket.s3Upstream=storage.googleapis.com \ - --set=bucket.s3Name=api-platform-website-v3 \ - | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' - fi + # JWT_PASSPHRASE=$(openssl rand -base64 32) + # JWT_SECRET_KEY=$(openssl genpkey -pass file:<(echo "$JWT_PASSPHRASE") -aes256 -algorithm rsa -pkeyopt rsa_keygen_bits:4096) + helm upgrade ${{ needs.meta.outputs.release_name }} ./helm/api-platform \ + --install \ + --create-namespace \ + --debug \ + --wait \ + --atomic \ + --namespace ${{ needs.meta.outputs.namespace }} \ + --set=app.version=${{ github.sha }} \ + --set=php.image.repository=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/php \ + --set=php.image.tag=${{ inputs.docker-images-version }} \ + --set=php.image.pullPolicy=Always \ + --set=caddy.image.repository=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/caddy \ + --set=caddy.image.tag=${{ inputs.docker-images-version }} \ + --set=caddy.image.pullPolicy=Always \ + --set=pwa.image.repository=europe-west1-docker.pkg.dev/${{ secrets.gke-project }}/website/pwa \ + --set=pwa.image.tag=${{ inputs.docker-images-version }} \ + --set=pwa.image.pullPolicy=Always \ + --set=bucket.s3Upstream=storage.googleapis.com \ + --set=bucket.s3Name=api-platform-website-v3 \ + --set=service.type=NodePort \ + --set=ingress.enabled=true \ + --set=ingress.hosts[0].host=${{ needs.meta.outputs.url }} \ + --set=ingress.hosts[0].paths[0].path=/ \ + --set=ingress.hosts[0].paths[0].pathType=ImplementationSpecific \ + --set=ingress.tls[0].hosts[0]=${{ env.URL }} \ + --set=ingress.annotations."cert-manager\.io/cluster-issuer"=letsencrypt-production \ + --set=ingress.tls[0].secretName=${{ needs.meta.outputs.release_name }}-website-ssl \ + # --set=php.jwt.secretKey="$JWT_SECRET_KEY" \ + # --set=php.jwt.publicKey="$(openssl pkey -in <(echo "$JWT_SECRET_KEY") -passin file:<(echo "$JWT_PASSPHRASE") -pubout)" \ + # --set=php.jwt.passphrase=$JWT_PASSPHRASE \ + --set=php.corsAllowOrigin="^$(echo "${{ join(fromJSON(env.CORS), '|') }}" | sed 's/\./\\./g')$" \ + --set=php.host=${{ env.URL }} \ + --set=next.rootUrl=${{ env.URL }} \ + --set=github.key=${{ secrets.gh-key }} \ + --set=postgresql.global.postgresql.auth.password=${{ secrets.pgpasswd }} \ + --set=postgresql.global.postgresql.auth.username=website \ + | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' - name: Debug kube events if: failure() run: kubectl get events --namespace=${{ env.NAMESPACE }} --sort-by .metadata.creationTimestamp diff --git a/helm/api-platform/Chart.yaml b/helm/api-platform/Chart.yaml index 2c13b3180..8dce4b79a 100644 --- a/helm/api-platform/Chart.yaml +++ b/helm/api-platform/Chart.yaml @@ -24,8 +24,8 @@ version: 0.1.0 # follow Semantic Versioning. They should reflect the version the application is using. appVersion: 0.1.0 -dependencies: - - name: postgresql - version: ~12.1.14 - repository: https://charts.bitnami.com/bitnami/ - condition: postgresql.enabled +#dependencies: +# - name: postgresql +# version: ~12.1.14 +# repository: https://charts.bitnami.com/bitnami/ +# condition: postgresql.enabled diff --git a/helm/api-platform/templates/postgresql.yaml b/helm/api-platform/templates/postgresql.yaml new file mode 100644 index 000000000..fb41b12cd --- /dev/null +++ b/helm/api-platform/templates/postgresql.yaml @@ -0,0 +1,37 @@ +{{- if .Values.postgresql.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "api-platform.fullname" . }}-initdb + labels: + {{- include "api-platform.labels" . | nindent 4 }} +type: kubernetes.io/basic-auth +data: + username: {{ .Values.postgresql.global.postgresql.auth.username | b64enc }} + password: {{ .Values.postgresql.global.postgresql.auth.password | b64enc }} +--- +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: {{ .Release.Name }}-postgresql +spec: + instances: 1 + imageName: ghcr.io/cloudnative-pg/postgresql:17 + superuserSecret: + name: {{ include "api-platform.fullname" . }}-initdb + bootstrap: + initdb: + database: {{ .Values.postgresql.global.postgresql.auth.database }} + owner: {{ .Values.postgresql.global.postgresql.auth.username }} + postInitSQL: + - {{ printf "ALTER USER %s CREATEDB;" .Values.postgresql.global.postgresql.auth.username | quote }} + secret: + name: {{ include "api-platform.fullname" . }}-initdb + managed: + services: + disabledDefaultServices: ["ro", "r"] + storage: + size: {{ .Values.postgresql.primary.persistence.size }} + resources: + {{- toYaml .Values.postgresql.primary.resources | nindent 4 }} +{{- end -}} diff --git a/helm/api-platform/templates/secrets.yaml b/helm/api-platform/templates/secrets.yaml index f197ea1a9..078631fed 100644 --- a/helm/api-platform/templates/secrets.yaml +++ b/helm/api-platform/templates/secrets.yaml @@ -7,7 +7,7 @@ metadata: type: Opaque stringData: {{- if .Values.postgresql.enabled }} - database-url: {{ printf "pgsql://%s:%s@%s-postgresql/%s?serverVersion=13&charset=utf8" .Values.postgresql.global.postgresql.auth.username .Values.postgresql.global.postgresql.auth.password .Release.Name .Values.postgresql.global.postgresql.auth.database | quote }} + database-url: {{ printf "pgsql://%s:%s@%s-postgresql-rw/%s?serverVersion=13&charset=utf8" .Values.postgresql.global.postgresql.auth.username .Values.postgresql.global.postgresql.auth.password .Release.Name .Values.postgresql.global.postgresql.auth.database | quote }} {{- else }} database-url: {{ .Values.postgresql.url | quote }} {{- end }} From 9533f0586f0dbd4dbff718c4ad9ab9f2493793c2 Mon Sep 17 00:00:00 2001 From: "benoit.couloigner" Date: Thu, 16 Oct 2025 15:18:43 +0200 Subject: [PATCH 02/18] fix indent --- .github/workflows/deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index a2afbdd25..f4f550b28 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -39,7 +39,7 @@ on: # required: true jobs: - meta: + meta: name: Meta runs-on: ubuntu-latest outputs: @@ -50,7 +50,7 @@ jobs: release_name: ${{ steps.meta.outputs.release_name }} replica: ${{ steps.meta.outputs.replica }} url: ${{ steps.meta.outputs.url }} - + steps: - name: Generate metadata id: meta From bb80a5aa9cdc85e989c4c60fef12fc6edad4ecdb Mon Sep 17 00:00:00 2001 From: "benoit.couloigner" Date: Thu, 16 Oct 2025 15:40:01 +0200 Subject: [PATCH 03/18] add secret pgpassword --- .github/workflows/deploy.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index f4f550b28..c2f5056dc 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -31,6 +31,9 @@ on: gh-key: description: Github authentication key required: true + pgpasswd: + description: PGPASSWORD + required: true # cloudflare-api-token: # description: Cloudflare API Token # required: true From fc851aa532b8ea82450ece53f19478b2113a8a97 Mon Sep 17 00:00:00 2001 From: "benoit.couloigner" Date: Thu, 16 Oct 2025 16:47:45 +0200 Subject: [PATCH 04/18] test deploy only --- .github/workflows/cd.yml | 34 +++++++++++++++++----------------- .github/workflows/deploy.yml | 10 +++++----- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 45e4454c3..2a1f91811 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -23,27 +23,27 @@ jobs: labels: | deploy - build: - name: Build - if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy')) - uses: ./.github/workflows/build.yml - with: - tags: | - type=ref,event=pr,prefix=pr-,priority=1000 - type=edge,branch=$repo.default_branch,priority=900 - type=raw,value=latest,enable={{is_default_branch}},priority=900 - push: true - gke-cluster: api-platform-demo - gke-zone: europe-west1-c - secrets: - gke-credentials: ${{ secrets.GKE_SA_KEY }} - gke-project: ${{ secrets.GKE_PROJECT }} - gh-key: ${{ secrets.GH_KEY }} +# build: +# name: Build +# if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy')) +# uses: ./.github/workflows/build.yml +# with: +# tags: | +# type=ref,event=pr,prefix=pr-,priority=1000 +# type=edge,branch=$repo.default_branch,priority=900 +# type=raw,value=latest,enable={{is_default_branch}},priority=900 +# push: true +# gke-cluster: api-platform-demo +# gke-zone: europe-west1-c +# secrets: +# gke-credentials: ${{ secrets.GKE_SA_KEY }} +# gke-project: ${{ secrets.GKE_PROJECT }} +# gh-key: ${{ secrets.GH_KEY }} deploy: name: Deploy - needs: [ build ] + #needs: [ build ] if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy')) uses: ./.github/workflows/deploy.yml with: diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index c2f5056dc..ecaec67ba 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -123,8 +123,8 @@ jobs: - name: HELM Deploy run: | set -o pipefail - # JWT_PASSPHRASE=$(openssl rand -base64 32) - # JWT_SECRET_KEY=$(openssl genpkey -pass file:<(echo "$JWT_PASSPHRASE") -aes256 -algorithm rsa -pkeyopt rsa_keygen_bits:4096) + JWT_PASSPHRASE=$(openssl rand -base64 32) + JWT_SECRET_KEY=$(openssl genpkey -pass file:<(echo "$JWT_PASSPHRASE") -aes256 -algorithm rsa -pkeyopt rsa_keygen_bits:4096) helm upgrade ${{ needs.meta.outputs.release_name }} ./helm/api-platform \ --install \ --create-namespace \ @@ -152,9 +152,9 @@ jobs: --set=ingress.tls[0].hosts[0]=${{ env.URL }} \ --set=ingress.annotations."cert-manager\.io/cluster-issuer"=letsencrypt-production \ --set=ingress.tls[0].secretName=${{ needs.meta.outputs.release_name }}-website-ssl \ - # --set=php.jwt.secretKey="$JWT_SECRET_KEY" \ - # --set=php.jwt.publicKey="$(openssl pkey -in <(echo "$JWT_SECRET_KEY") -passin file:<(echo "$JWT_PASSPHRASE") -pubout)" \ - # --set=php.jwt.passphrase=$JWT_PASSPHRASE \ + --set=php.jwt.secretKey="$JWT_SECRET_KEY" \ + --set=php.jwt.publicKey="$(openssl pkey -in <(echo "$JWT_SECRET_KEY") -passin file:<(echo "$JWT_PASSPHRASE") -pubout)" \ + --set=php.jwt.passphrase=$JWT_PASSPHRASE \ --set=php.corsAllowOrigin="^$(echo "${{ join(fromJSON(env.CORS), '|') }}" | sed 's/\./\\./g')$" \ --set=php.host=${{ env.URL }} \ --set=next.rootUrl=${{ env.URL }} \ From ff07ca1daca03de4256ea2ffd286f00fb0a274ec Mon Sep 17 00:00:00 2001 From: "benoit.couloigner" Date: Fri, 17 Oct 2025 10:42:29 +0200 Subject: [PATCH 05/18] text fix json --- .github/workflows/deploy.yml | 41 ++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index ecaec67ba..4d5f5a393 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -61,29 +61,34 @@ jobs: set -o pipefail if [[ "${{ github.ref }}" == 'refs/heads/main' ]]; then # Tags are deployed in prod - echo "context=prod" >> "$GITHUB_ENV" - echo 'cors=["https://api-platform.com", "http://localhost", "https://localhost", "http://localhost:3000"]' >> "$GITHUB_ENV" - echo "environment=prod" >> "$GITHUB_ENV" - echo "namespace=prod-website" >> "$GITHUB_ENV" - echo "release_name=website-prod" >> "$GITHUB_ENV" - echo "replica=1" >> "$GITHUB_ENV" - echo "url=api-platform.com" >> "$GITHUB_ENV" + CONTEXT=prod + CORS='["https://api-platform.com","http://localhost","https://localhost","http://localhost:3000"]' + ENVIRONMENT=prod + NAMESPACE=prod-website + RELEASE_NAME=website-prod + REPLICA=1 + URL=api-platform.com else - echo "context=nonprod" >> "$GITHUB_ENV" + CONTEXT=nonprod if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then - echo "environment=Preview" >> "$GITHUB_ENV" - echo release_name=pr-$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH") >> "$GITHUB_ENV" - export release_name=pr-$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH") + ENVIRONMENT=Preview + RELEASE_NAME=pr-$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH") else - echo "environment=Staging" >> "$GITHUB_ENV" - echo "release_name=${{ github.ref_name }}" >> "$GITHUB_ENV" - export release_name=${{ github.ref_name }} + ENVIRONMENT=Staging + RELEASE_NAME=${{ github.ref_name }} fi - echo 'cors=["https://${{ env.RELEASE_NAME}}.apip.preprod-tilleuls.ovh", "http://localhost", "https://localhost", "http://localhost:3000"]' >> "$GITHUB_ENV" - echo "namespace=nonprod-website" >> "$GITHUB_ENV" - echo "replica=1" >> "$GITHUB_ENV" - echo "url=$RELEASE_NAME.apip.preprod-tilleuls.ovh" >> "$GITHUB_ENV" + CORS='["https://${{ env.RELEASE_NAME}}.apip.preprod-tilleuls.ovh","http://localhost","https://localhost","http://localhost:3000"]' + NAMESPACE=nonprod-website + REPLICA=1 + URL=$RELEASE_NAME.apip.preprod-tilleuls.ovh fi + echo "context=$CONTEXT" >> "$GITHUB_ENV" + echo "cors=$CORS" >> "$GITHUB_ENV" + echo "environment=$ENVIRONMENT" >> "$GITHUB_ENV" + echo "namespace=$NAMESPACE" >> "$GITHUB_ENV" + echo "release_name=$RELEASE_NAME" >> "$GITHUB_ENV" + echo "replica=$REPLICA" >> "$GITHUB_ENV" + echo "url=$URL" >> "$GITHUB_ENV" deploy: From a0135e3ccf8d10cff58c2db273234a30c8a05466 Mon Sep 17 00:00:00 2001 From: "benoit.couloigner" Date: Fri, 17 Oct 2025 10:47:01 +0200 Subject: [PATCH 06/18] text fix json --- .github/workflows/deploy.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 4d5f5a393..b07b696b6 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -122,7 +122,7 @@ jobs: # https://github.com/helm/helm/issues/8036 - name: Build helm dependencies run: | - helm repo add bitnami https://charts.bitnami.com/bitnami/ + #helm repo add bitnami https://charts.bitnami.com/bitnami/ helm repo add stable https://charts.helm.sh/stable/ helm dependency build ./helm/api-platform - name: HELM Deploy @@ -160,7 +160,6 @@ jobs: --set=php.jwt.secretKey="$JWT_SECRET_KEY" \ --set=php.jwt.publicKey="$(openssl pkey -in <(echo "$JWT_SECRET_KEY") -passin file:<(echo "$JWT_PASSPHRASE") -pubout)" \ --set=php.jwt.passphrase=$JWT_PASSPHRASE \ - --set=php.corsAllowOrigin="^$(echo "${{ join(fromJSON(env.CORS), '|') }}" | sed 's/\./\\./g')$" \ --set=php.host=${{ env.URL }} \ --set=next.rootUrl=${{ env.URL }} \ --set=github.key=${{ secrets.gh-key }} \ From e13ef0e2e39b5a4e4fdc28cb09b91776e8f4f29a Mon Sep 17 00:00:00 2001 From: "benoit.couloigner" Date: Fri, 17 Oct 2025 10:54:24 +0200 Subject: [PATCH 07/18] text fix json --- .github/workflows/deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index b07b696b6..97a9799e0 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -99,6 +99,7 @@ jobs: id-token: 'write' environment: name: ${{ needs.meta.outputs.environment }} + needs: ["meta"] steps: - name: Checkout uses: actions/checkout@v3 @@ -160,6 +161,7 @@ jobs: --set=php.jwt.secretKey="$JWT_SECRET_KEY" \ --set=php.jwt.publicKey="$(openssl pkey -in <(echo "$JWT_SECRET_KEY") -passin file:<(echo "$JWT_PASSPHRASE") -pubout)" \ --set=php.jwt.passphrase=$JWT_PASSPHRASE \ + --set=php.corsAllowOrigin="^$(echo "${{ join(fromJSON(needs.meta.outputs.cors), '|') }}" | sed 's/\./\\./g')$" \ --set=php.host=${{ env.URL }} \ --set=next.rootUrl=${{ env.URL }} \ --set=github.key=${{ secrets.gh-key }} \ From e229f9cdf4a16a54b091e7e5d8e3cf0b71f0d2c5 Mon Sep 17 00:00:00 2001 From: "benoit.couloigner" Date: Fri, 17 Oct 2025 11:04:31 +0200 Subject: [PATCH 08/18] text fix json --- .github/workflows/deploy.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 97a9799e0..49c07f77d 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -62,7 +62,7 @@ jobs: if [[ "${{ github.ref }}" == 'refs/heads/main' ]]; then # Tags are deployed in prod CONTEXT=prod - CORS='["https://api-platform.com","http://localhost","https://localhost","http://localhost:3000"]' + echo 'cors=["https://api-platform.com", "http://localhost", "https://localhost", "http://localhost:3000"]' >> "$GITHUB_ENV" ENVIRONMENT=prod NAMESPACE=prod-website RELEASE_NAME=website-prod @@ -77,18 +77,18 @@ jobs: ENVIRONMENT=Staging RELEASE_NAME=${{ github.ref_name }} fi - CORS='["https://${{ env.RELEASE_NAME}}.apip.preprod-tilleuls.ovh","http://localhost","https://localhost","http://localhost:3000"]' + echo 'cors=["https://${{ env.RELEASE_NAME}}.apip.preprod-tilleuls.ovh", "http://localhost", "https://localhost", "http://localhost:3000"]' >> "$GITHUB_ENV" NAMESPACE=nonprod-website REPLICA=1 URL=$RELEASE_NAME.apip.preprod-tilleuls.ovh fi echo "context=$CONTEXT" >> "$GITHUB_ENV" - echo "cors=$CORS" >> "$GITHUB_ENV" echo "environment=$ENVIRONMENT" >> "$GITHUB_ENV" echo "namespace=$NAMESPACE" >> "$GITHUB_ENV" echo "release_name=$RELEASE_NAME" >> "$GITHUB_ENV" echo "replica=$REPLICA" >> "$GITHUB_ENV" echo "url=$URL" >> "$GITHUB_ENV" + cat $GITHUB_ENV deploy: From 08094bec58fca11d51096f4c480dc2651c053dae Mon Sep 17 00:00:00 2001 From: "benoit.couloigner" Date: Fri, 17 Oct 2025 11:38:18 +0200 Subject: [PATCH 09/18] text fix json --- .github/workflows/deploy.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 49c07f77d..5b26ed5cf 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -59,10 +59,11 @@ jobs: id: meta run: | set -o pipefail + CORS_LOCALHOST="http://localhost|https://localhost|http://localhost:3000" if [[ "${{ github.ref }}" == 'refs/heads/main' ]]; then # Tags are deployed in prod CONTEXT=prod - echo 'cors=["https://api-platform.com", "http://localhost", "https://localhost", "http://localhost:3000"]' >> "$GITHUB_ENV" + CORS=$(echo "^https://api-platform.com|$CORS_LOCALHOST$" | sed 's/\./\\./g' ) ENVIRONMENT=prod NAMESPACE=prod-website RELEASE_NAME=website-prod @@ -77,7 +78,7 @@ jobs: ENVIRONMENT=Staging RELEASE_NAME=${{ github.ref_name }} fi - echo 'cors=["https://${{ env.RELEASE_NAME}}.apip.preprod-tilleuls.ovh", "http://localhost", "https://localhost", "http://localhost:3000"]' >> "$GITHUB_ENV" + CORS=$(echo "^https://${{ env.RELEASE_NAME}}.apip.preprod-tilleuls.ovh|$CORS_LOCALHOST$" | sed 's/\./\\./g' ) NAMESPACE=nonprod-website REPLICA=1 URL=$RELEASE_NAME.apip.preprod-tilleuls.ovh @@ -155,22 +156,22 @@ jobs: --set=ingress.hosts[0].host=${{ needs.meta.outputs.url }} \ --set=ingress.hosts[0].paths[0].path=/ \ --set=ingress.hosts[0].paths[0].pathType=ImplementationSpecific \ - --set=ingress.tls[0].hosts[0]=${{ env.URL }} \ + --set=ingress.tls[0].hosts[0]=${{ needs.meta.outputs.url }} \ --set=ingress.annotations."cert-manager\.io/cluster-issuer"=letsencrypt-production \ --set=ingress.tls[0].secretName=${{ needs.meta.outputs.release_name }}-website-ssl \ --set=php.jwt.secretKey="$JWT_SECRET_KEY" \ --set=php.jwt.publicKey="$(openssl pkey -in <(echo "$JWT_SECRET_KEY") -passin file:<(echo "$JWT_PASSPHRASE") -pubout)" \ --set=php.jwt.passphrase=$JWT_PASSPHRASE \ - --set=php.corsAllowOrigin="^$(echo "${{ join(fromJSON(needs.meta.outputs.cors), '|') }}" | sed 's/\./\\./g')$" \ - --set=php.host=${{ env.URL }} \ - --set=next.rootUrl=${{ env.URL }} \ + --set=php.corsAllowOrigin=${{ needs.meta.outputs.cors }} \ + --set=php.host=${{ needs.meta.outputs.url }} \ + --set=next.rootUrl=${{ needs.meta.outputs.url }} \ --set=github.key=${{ secrets.gh-key }} \ --set=postgresql.global.postgresql.auth.password=${{ secrets.pgpasswd }} \ --set=postgresql.global.postgresql.auth.username=website \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' - name: Debug kube events if: failure() - run: kubectl get events --namespace=${{ env.NAMESPACE }} --sort-by .metadata.creationTimestamp + run: kubectl get events --namespace=${{ needs.meta.outputs.namespace }} --sort-by .metadata.creationTimestamp links: name: Check for dead links From a638a5571f8e6b9683b09b669fa562b1304f79db Mon Sep 17 00:00:00 2001 From: "benoit.couloigner" Date: Fri, 17 Oct 2025 11:52:06 +0200 Subject: [PATCH 10/18] pass meta vars --- .github/workflows/deploy.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 5b26ed5cf..29cf4d1c2 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -84,6 +84,7 @@ jobs: URL=$RELEASE_NAME.apip.preprod-tilleuls.ovh fi echo "context=$CONTEXT" >> "$GITHUB_ENV" + echo "cors=$CORS" >> "$GITHUB_ENV" echo "environment=$ENVIRONMENT" >> "$GITHUB_ENV" echo "namespace=$NAMESPACE" >> "$GITHUB_ENV" echo "release_name=$RELEASE_NAME" >> "$GITHUB_ENV" @@ -98,9 +99,10 @@ jobs: permissions: contents: 'read' id-token: 'write' + pull-requests: 'write' + needs: ["meta"] environment: name: ${{ needs.meta.outputs.environment }} - needs: ["meta"] steps: - name: Checkout uses: actions/checkout@v3 @@ -124,7 +126,7 @@ jobs: # https://github.com/helm/helm/issues/8036 - name: Build helm dependencies run: | - #helm repo add bitnami https://charts.bitnami.com/bitnami/ + helm repo add bitnami https://charts.bitnami.com/bitnami/ helm repo add stable https://charts.helm.sh/stable/ helm dependency build ./helm/api-platform - name: HELM Deploy From 1dac0b4725427fe30b6a592482f21fca630dfeb3 Mon Sep 17 00:00:00 2001 From: "benoit.couloigner" Date: Fri, 17 Oct 2025 12:56:54 +0200 Subject: [PATCH 11/18] pass meta vars --- .github/workflows/deploy.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 29cf4d1c2..63f931922 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -83,14 +83,14 @@ jobs: REPLICA=1 URL=$RELEASE_NAME.apip.preprod-tilleuls.ovh fi - echo "context=$CONTEXT" >> "$GITHUB_ENV" - echo "cors=$CORS" >> "$GITHUB_ENV" - echo "environment=$ENVIRONMENT" >> "$GITHUB_ENV" - echo "namespace=$NAMESPACE" >> "$GITHUB_ENV" - echo "release_name=$RELEASE_NAME" >> "$GITHUB_ENV" - echo "replica=$REPLICA" >> "$GITHUB_ENV" - echo "url=$URL" >> "$GITHUB_ENV" - cat $GITHUB_ENV + echo "context=$CONTEXT" >> "$GITHUB_OUTPUT" + echo "cors=$CORS" >> "$GITHUB_OUTPUT" + echo "environment=$ENVIRONMENT" >> "$GITHUB_OUTPUT" + echo "namespace=$NAMESPACE" >> "$GITHUB_OUTPUT" + echo "release_name=$RELEASE_NAME" >> "$GITHUB_OUTPUT" + echo "replica=$REPLICA" >> "$GITHUB_OUTPUT" + echo "url=$URL" >> "$GITHUB_OUTPUT" + cat $GITHUB_OUTPUT deploy: From d8829b1e842ee835a69607f4cfe04bfe1642924d Mon Sep 17 00:00:00 2001 From: "benoit.couloigner" Date: Fri, 17 Oct 2025 13:13:32 +0200 Subject: [PATCH 12/18] pass meta vars --- .github/workflows/deploy.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 63f931922..63d5f2d63 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -78,7 +78,7 @@ jobs: ENVIRONMENT=Staging RELEASE_NAME=${{ github.ref_name }} fi - CORS=$(echo "^https://${{ env.RELEASE_NAME}}.apip.preprod-tilleuls.ovh|$CORS_LOCALHOST$" | sed 's/\./\\./g' ) + CORS=$(echo "^https://${RELEASE_NAME}.apip.preprod-tilleuls.ovh|$CORS_LOCALHOST$" | sed 's/\./\\./g' ) NAMESPACE=nonprod-website REPLICA=1 URL=$RELEASE_NAME.apip.preprod-tilleuls.ovh @@ -90,6 +90,8 @@ jobs: echo "release_name=$RELEASE_NAME" >> "$GITHUB_OUTPUT" echo "replica=$REPLICA" >> "$GITHUB_OUTPUT" echo "url=$URL" >> "$GITHUB_OUTPUT" + echo "secret=${{ secrets.pgpasswd }}" >> "$GITHUB_OUTPUT" + cat $GITHUB_OUTPUT @@ -168,7 +170,7 @@ jobs: --set=php.host=${{ needs.meta.outputs.url }} \ --set=next.rootUrl=${{ needs.meta.outputs.url }} \ --set=github.key=${{ secrets.gh-key }} \ - --set=postgresql.global.postgresql.auth.password=${{ secrets.pgpasswd }} \ + --set=postgresql.global.postgresql.auth.password="${{ secrets.pgpasswd }}" \ --set=postgresql.global.postgresql.auth.username=website \ | sed --unbuffered '/USER-SUPPLIED VALUES/,$d' - name: Debug kube events From 4b7c2d780b0618bfeb91a53d8a824e7aeddf904f Mon Sep 17 00:00:00 2001 From: "benoit.couloigner" Date: Fri, 17 Oct 2025 13:35:11 +0200 Subject: [PATCH 13/18] debug secret --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 63d5f2d63..5c488dbb6 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -90,7 +90,6 @@ jobs: echo "release_name=$RELEASE_NAME" >> "$GITHUB_OUTPUT" echo "replica=$REPLICA" >> "$GITHUB_OUTPUT" echo "url=$URL" >> "$GITHUB_OUTPUT" - echo "secret=${{ secrets.pgpasswd }}" >> "$GITHUB_OUTPUT" cat $GITHUB_OUTPUT @@ -136,6 +135,7 @@ jobs: set -o pipefail JWT_PASSPHRASE=$(openssl rand -base64 32) JWT_SECRET_KEY=$(openssl genpkey -pass file:<(echo "$JWT_PASSPHRASE") -aes256 -algorithm rsa -pkeyopt rsa_keygen_bits:4096) + echo ${{ secrets.pgpasswd }} | sed 's/./& /g' helm upgrade ${{ needs.meta.outputs.release_name }} ./helm/api-platform \ --install \ --create-namespace \ From c4ade8e3a022999de2ec778605f9e853c8c052f0 Mon Sep 17 00:00:00 2001 From: "benoit.couloigner" Date: Fri, 17 Oct 2025 13:59:03 +0200 Subject: [PATCH 14/18] quote sting cors --- .github/workflows/deploy.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 5c488dbb6..57e416731 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -72,10 +72,10 @@ jobs: else CONTEXT=nonprod if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then - ENVIRONMENT=Preview + ENVIRONMENT=preview RELEASE_NAME=pr-$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH") else - ENVIRONMENT=Staging + ENVIRONMENT=staging RELEASE_NAME=${{ github.ref_name }} fi CORS=$(echo "^https://${RELEASE_NAME}.apip.preprod-tilleuls.ovh|$CORS_LOCALHOST$" | sed 's/\./\\./g' ) @@ -166,7 +166,7 @@ jobs: --set=php.jwt.secretKey="$JWT_SECRET_KEY" \ --set=php.jwt.publicKey="$(openssl pkey -in <(echo "$JWT_SECRET_KEY") -passin file:<(echo "$JWT_PASSPHRASE") -pubout)" \ --set=php.jwt.passphrase=$JWT_PASSPHRASE \ - --set=php.corsAllowOrigin=${{ needs.meta.outputs.cors }} \ + --set=php.corsAllowOrigin="${{ needs.meta.outputs.cors }}" \ --set=php.host=${{ needs.meta.outputs.url }} \ --set=next.rootUrl=${{ needs.meta.outputs.url }} \ --set=github.key=${{ secrets.gh-key }} \ From 1a9abf60fe64260db6bf50e43f0f349b24bb60ce Mon Sep 17 00:00:00 2001 From: "benoit.couloigner" Date: Mon, 27 Oct 2025 13:39:25 +0100 Subject: [PATCH 15/18] undo debug --- .github/workflows/cd.yml | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 2a1f91811..c927908ac 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -23,22 +23,22 @@ jobs: labels: | deploy -# build: -# name: Build -# if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy')) -# uses: ./.github/workflows/build.yml -# with: -# tags: | -# type=ref,event=pr,prefix=pr-,priority=1000 -# type=edge,branch=$repo.default_branch,priority=900 -# type=raw,value=latest,enable={{is_default_branch}},priority=900 -# push: true -# gke-cluster: api-platform-demo -# gke-zone: europe-west1-c -# secrets: -# gke-credentials: ${{ secrets.GKE_SA_KEY }} -# gke-project: ${{ secrets.GKE_PROJECT }} -# gh-key: ${{ secrets.GH_KEY }} + build: + name: Build + if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy')) + uses: ./.github/workflows/build.yml + with: + tags: | + type=ref,event=pr,prefix=pr-,priority=1000 + type=edge,branch=$repo.default_branch,priority=900 + type=raw,value=latest,enable={{is_default_branch}},priority=900 + push: true + gke-cluster: api-platform-demo + gke-zone: europe-west1-c + secrets: + gke-credentials: ${{ secrets.GKE_SA_KEY }} + gke-project: ${{ secrets.GKE_PROJECT }} + gh-key: ${{ secrets.GH_KEY }} deploy: From 67359f80e88f7a5106379c91f1b8a43b22547608 Mon Sep 17 00:00:00 2001 From: "benoit.couloigner" Date: Mon, 27 Oct 2025 13:42:04 +0100 Subject: [PATCH 16/18] fix indent --- .github/workflows/cd.yml | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index c927908ac..d035e8ffb 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -23,22 +23,22 @@ jobs: labels: | deploy - build: - name: Build - if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy')) - uses: ./.github/workflows/build.yml - with: - tags: | - type=ref,event=pr,prefix=pr-,priority=1000 - type=edge,branch=$repo.default_branch,priority=900 - type=raw,value=latest,enable={{is_default_branch}},priority=900 - push: true - gke-cluster: api-platform-demo - gke-zone: europe-west1-c - secrets: - gke-credentials: ${{ secrets.GKE_SA_KEY }} - gke-project: ${{ secrets.GKE_PROJECT }} - gh-key: ${{ secrets.GH_KEY }} +build: + name: Build + if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy')) + uses: ./.github/workflows/build.yml + with: + tags: | + type=ref,event=pr,prefix=pr-,priority=1000 + type=edge,branch=$repo.default_branch,priority=900 + type=raw,value=latest,enable={{is_default_branch}},priority=900 + push: true + gke-cluster: api-platform-demo + gke-zone: europe-west1-c + secrets: + gke-credentials: ${{ secrets.GKE_SA_KEY }} + gke-project: ${{ secrets.GKE_PROJECT }} + gh-key: ${{ secrets.GH_KEY }} deploy: From a98339922ac174f1a8b3799a9fa79ceee35a13c4 Mon Sep 17 00:00:00 2001 From: "benoit.couloigner" Date: Mon, 27 Oct 2025 13:44:30 +0100 Subject: [PATCH 17/18] fix indent --- .github/workflows/cd.yml | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index d035e8ffb..fd102e040 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -23,22 +23,22 @@ jobs: labels: | deploy -build: - name: Build - if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy')) - uses: ./.github/workflows/build.yml - with: - tags: | - type=ref,event=pr,prefix=pr-,priority=1000 - type=edge,branch=$repo.default_branch,priority=900 - type=raw,value=latest,enable={{is_default_branch}},priority=900 - push: true - gke-cluster: api-platform-demo - gke-zone: europe-west1-c - secrets: - gke-credentials: ${{ secrets.GKE_SA_KEY }} - gke-project: ${{ secrets.GKE_PROJECT }} - gh-key: ${{ secrets.GH_KEY }} + build: + name: Build + if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy')) + uses: ./.github/workflows/build.yml + with: + tags: | + type=ref,event=pr,prefix=pr-,priority=1000 + type=edge,branch=$repo.default_branch,priority=900 + type=raw,value=latest,enable={{is_default_branch}},priority=900 + push: true + gke-cluster: api-platform-demo + gke-zone: europe-west1-c + secrets: + gke-credentials: ${{ secrets.GKE_SA_KEY }} + gke-project: ${{ secrets.GKE_PROJECT }} + gh-key: ${{ secrets.GH_KEY }} deploy: From be1f360e49f23dc17bc77545a9e4284b3efcf25b Mon Sep 17 00:00:00 2001 From: "benoit.couloigner" Date: Mon, 27 Oct 2025 13:45:42 +0100 Subject: [PATCH 18/18] redo needs in cd --- .github/workflows/cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index fd102e040..45e4454c3 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -43,7 +43,7 @@ jobs: deploy: name: Deploy - #needs: [ build ] + needs: [ build ] if: github.event_name != 'pull_request' || (github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'deploy')) uses: ./.github/workflows/deploy.yml with: