keyvan/avisenna-landing-page
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: keyvan:2a7a08740b814fc8655e015ba1b5182f5e191175
Branches Tags
keyvan:main
..
compare: keyvan:26ba20c55e6b25b5349d8afb0b2329f2add8d529
Branches Tags
keyvan:main

10 commits
2a7a08740b ... 26ba20c55e

Author SHA1 Message Date
Keyvan
26ba20c55e
Merge pull request #1 from kebrahimpour/dev
Some checks are pending
Build and Deploy / build-and-deploy (push) Waiting to run
Details 
Dev
 2025-04-26 10:30:55 +02:00
Keyvan Ebrahimpour
93629b61f9 Fix k8s deployment error 2025-04-26 08:07:56 +00:00
Keyvan Ebrahimpour
7e3665b2cf Add Kubernetes deployment files for Portainer GitOps 2025-04-12 13:22:44 +00:00
Keyvan Ebrahimpour
e5ef3db0af use ubuntu 24.04 2025-04-11 22:56:16 +00:00
Keyvan Ebrahimpour
c61cfaff57 chore(release): bump version to v0.0.X 2025-04-11 22:47:42 +00:00
Keyvan Ebrahimpour
5cde1ce4d9 removed deploy.yaml 2025-04-11 22:41:06 +00:00
Keyvan Ebrahimpour
900af910df - Automatically creates ghcr-creds secret in the appropriate namespace if missing 
- Adds branch pattern triggers for k8s/** and scripts/** to enable CI/CD from infra or automation-related updates
- Improves workflow robustness and flexibility for feature and tooling branches
 2025-04-11 22:37:14 +00:00
Keyvan Ebrahimpour
bc69c20e05 test: trigger deploy to prod 2025-04-11 21:25:07 +00:00
Keyvan Ebrahimpour
bd7fdcc616 chore: trigger workflow 2025-04-11 21:15:43 +00:00
Keyvan Ebrahimpour
1abf73aaa3 chore: retrigger deploy after token update 2025-04-11 21:14:53 +00:00
9 changed files with 196 additions and 57 deletions
Show stats Expand all files Collapse all files

11
.github/workflows/build-and-deploy.yaml vendored
View file

@ -16,7 +16,11 @@ env:
jobs:
build-and-deploy:
runs-on: ubuntu-latest
runs-on: ubuntu-24.04
permissions:
contents: read
packages: write
steps:
- name: Checkout code
@ -38,12 +42,13 @@ jobs:
run: |
mkdir -p $HOME/.kube
echo "${{ secrets.KUBECONFIG_BASE64 }}" | base64 -d > $HOME/.kube/config
chmod 600 ~/.kube/config
shell: bash
- name: Detect container name
id: detect-container
run: |
CONTAINER=$(kubectl -n $NAMESPACE get deployment homepage -o=jsonpath='{.spec.template.spec.containers[0].name}')
CONTAINER=$(kubectl -n $NAMESPACE get deployment landing-page -o=jsonpath='{.spec.template.spec.containers[0].name}')
echo "container=$CONTAINER" >> $GITHUB_OUTPUT
env:
NAMESPACE: ${{ github.ref == 'refs/heads/main' && 'prod' || 'web' }}
@ -53,7 +58,7 @@ jobs:
IMAGE="ghcr.io/${{ github.repository }}:$VERSION"
CONTAINER="${{ steps.detect-container.outputs.container }}"
echo "Setting image for container $CONTAINER"
kubectl set image deployment/homepage $CONTAINER=$IMAGE -n $NAMESPACE
kubectl set image deployment/landing-page $CONTAINER=$IMAGE -n $NAMESPACE
env:
VERSION: ${{ vars.VERSION || 'latest' }}
NAMESPACE: ${{ github.ref == 'refs/heads/main' && 'prod' || 'web' }}

53
.github/workflows/deploy.yaml vendored
View file

@ -1,53 +0,0 @@
# .github/workflows/deploy.yaml
name: Build and Deploy to Kubernetes
#on:
# push:
# branches: [ main ]
jobs:
build-and-deploy:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Debug Variables
run: echo "Repository: ${{ github.repository }}"
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and Push Docker Image
run: |
IMAGE_NAME="ghcr.io/${{ github.repository }}"
docker build -t "$IMAGE_NAME:latest" .
docker push "$IMAGE_NAME:latest"
shell: bash
- name: Set up Kubeconfig
run: |
mkdir -p ~/.kube
echo "${{ secrets.KUBECONFIG_BASE64 }}" | base64 -d > ~/.kube/config
chmod 600 ~/.kube/config
- name: Deploy to Kubernetes
run: |
kubectl set image deployment/homepage homepage=ghcr.io/${{ github.repository }}:latest -n web
- name: Set up kubeconfig
run: |
mkdir -p ~/.kube
echo "${{ secrets.KUBECONFIG_BASE64 }}" | base64 -d > ~/.kube/config
chmod 600 ~/.kube/config
env:
KUBECONFIG: ~/.kube/config

30
infra/kubernetes/landing-page/deployment.yaml Normal file
View file

@ -0,0 +1,30 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: landing-page
labels:
app: landing-page
spec:
replicas: 1
selector:
matchLabels:
app: landing-page
template:
metadata:
labels:
app: landing-page
spec:
containers:
- name: landing-page
image: ghcr.io/kebrahimpour/avisenna-landing-page:latest
ports:
- containerPort: 80
resources:
limits:
memory: "128Mi"
cpu: "250m"
requests:
memory: "64Mi"
cpu: "100m"
imagePullSecrets:
- name: ghcr-secret

23
infra/kubernetes/landing-page/ingress.yaml Normal file
View file

@ -0,0 +1,23 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: landing-page
annotations:
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: traefik
tls:
- hosts:
- avisenna-engineering.de
secretName: landing-page-tls
rules:
- host: avisenna-engineering.de
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: landing-page
port:
number: 80

11
infra/kubernetes/landing-page/service.yaml Normal file
View file

@ -0,0 +1,11 @@
apiVersion: v1
kind: Service
metadata:
name: landing-page
spec:
selector:
app: landing-page
ports:
- port: 80
targetPort: 80
type: ClusterIP

42
k8s/deployment.yaml Normal file
View file

@ -0,0 +1,42 @@
apiVersion: v1
kind: Namespace
metadata:
name: prod
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: homepage
namespace: prod
spec:
replicas: 1
selector:
matchLabels:
app: homepage
template:
metadata:
labels:
app: homepage
spec:
containers:
- name: homepage
image: ghcr.io/kebrahimpour/avisenna-landing-page:latest
ports:
- containerPort: 80
imagePullPolicy: Always
imagePullSecrets:
- name: ghcr-creds
---
apiVersion: v1
kind: Service
metadata:
name: homepage
namespace: prod
spec:
selector:
app: homepage
ports:
- protocol: TCP
port: 80
targetPort: 80
type: ClusterIP

36
scripts/update-github-secrets.sh Normal file
View file

@ -0,0 +1,36 @@
#!/bin/bash
set -euo pipefail
REPO="kebrahimpour/avisenna-landing-page"
GHCR_PAT="${GHCR_PAT:-}"
TOKEN_SOURCE=""
# Try env or fallback to file
if [[ -z "$GHCR_PAT" ]]; then
TOKEN_PATH="$HOME/.secrets/g-token.txt"
if [[ -f "$TOKEN_PATH" ]]; then
GHCR_PAT=$(<"$TOKEN_PATH")
TOKEN_SOURCE="file"
fi
else
TOKEN_SOURCE="env"
fi
if [[ -z "$GHCR_PAT" ]]; then
echo "❌ GHCR_PAT not found. Set as env or in ~/.secrets/g-token.txt"
exit 1
fi
echo "🔐 Using GHCR_PAT from $TOKEN_SOURCE"
gh secret set GHCR_PAT --repo "$REPO" --body "$GHCR_PAT"
echo "✅ GHCR_PAT updated"
KCFG="$HOME/.kube/github-kubeconfig.yaml"
if [[ ! -f "$KCFG" ]]; then
echo "❌ Kubeconfig not found at $KCFG"
exit 1
fi
ENCODED_KCFG=$(base64 -w 0 "$KCFG")
gh secret set KUBECONFIG_B64 --repo "$REPO" --body "$ENCODED_KCFG"
echo "✅ KUBECONFIG_B64 updated"

45
scripts/update-kubeconfig-secret.sh Executable file
View file

@ -0,0 +1,45 @@
#!/bin/bash
set -euo pipefail
REPO="kebrahimpour/avisenna-landing-page"
SECRET_NAME="KUBECONFIG_BASE64"
SERVER="https://85.214.94.62:6443"
echo "📦 Generating kubeconfig for GitHub Actions..."
# Get secret associated with service account
SECRET_NAME_REF=$(kubectl -n web get sa deploy-bot -o jsonpath="{.secrets[0].name}")
TOKEN=$(kubectl -n web get secret "$SECRET_NAME_REF" -o jsonpath="{.data.token}" | base64 -d)
CA_CERT=$(kubectl -n web get secret "$SECRET_NAME_REF" -o jsonpath="{.data['ca\\.crt']}" | base64 -d)
mkdir -p .kube
# Generate kubeconfig
cat <<EOF > .kube/github-kubeconfig.yaml
apiVersion: v1
kind: Config
clusters:
- name: github-deploy
cluster:
certificate-authority-data: $(echo "$CA_CERT" | base64 -w 0)
server: $SERVER
contexts:
- name: github-deploy-context
context:
cluster: github-deploy
namespace: web
user: deploy-bot
current-context: github-deploy-context
users:
- name: deploy-bot
user:
token: $TOKEN
EOF
# Encode and push secret to GitHub
ENCODED=$(base64 -w 0 .kube/github-kubeconfig.yaml)
echo "🔐 Updating GitHub secret $SECRET_NAME..."
gh secret set $SECRET_NAME --repo "$REPO" --body "$ENCODED"
echo "✅ KUBECONFIG_BASE64 updated and ready."

2
version.txt
View file

@ -1 +1 @@
v0.0.5
v0.0.6