feat(fix-setstring) #19
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Development (Unified) | |
| on: | |
| push: | |
| branches-ignore: [ main ] | |
| pull_request: | |
| branches-ignore: [ main ] | |
| permissions: | |
| contents: read | |
| id-token: write | |
| packages: write | |
| pull-requests: write | |
| env: | |
| TF_IN_AUTOMATION: true | |
| TF_INPUT: false | |
| PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} | |
| GKE_CLUSTER: ${{ secrets.GKE_CLUSTER_NAME }} | |
| GKE_ZONE: ${{ secrets.GKE_ZONE }} | |
| GCP_REGION: ${{ secrets.GCP_REGION }} | |
| IMAGE_NAME: tasks-app | |
| jobs: | |
| # ===== PHASE 1: TERRAFORM ===== | |
| terraform-fmt-validate: | |
| name: Terraform Format & Validate | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: Develop | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Auth to Google Cloud (WIF) | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.8.5 | |
| terraform_wrapper: true | |
| - name: Cache Terraform plugins | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.terraform.d/plugin-cache | |
| ./.terraform | |
| key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }} | |
| restore-keys: | | |
| ${{ runner.os }}-terraform- | |
| - name: Terraform Init (backend dev) | |
| run: | | |
| cd terraform | |
| terraform init \ | |
| -backend-config=../configs/dev.config | |
| - name: Terraform Format Check | |
| run: | | |
| cd terraform | |
| terraform fmt -check -recursive | |
| - name: Terraform Validate | |
| run: | | |
| cd terraform | |
| terraform validate | |
| terraform-plan: | |
| name: Terraform Plan | |
| runs-on: ubuntu-latest | |
| needs: [terraform-fmt-validate] | |
| if: github.event_name == 'pull_request' || github.event_name == 'push' | |
| environment: | |
| name: Develop | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Auth to Google Cloud (WIF) | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.8.5 | |
| terraform_wrapper: true | |
| - name: Cache Terraform plugins | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.terraform.d/plugin-cache | |
| ./.terraform | |
| key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }} | |
| restore-keys: | | |
| ${{ runner.os }}-terraform- | |
| - name: Terraform Init (backend dev) | |
| run: | | |
| cd terraform | |
| terraform init \ | |
| -backend-config=../configs/dev.config | |
| - name: Terraform Plan (env dev) | |
| run: | | |
| cd terraform | |
| terraform plan \ | |
| -var-file=../environments/dev/terraform.tfvars \ | |
| -input=false | |
| terraform-apply: | |
| name: Terraform Apply | |
| runs-on: ubuntu-latest | |
| needs: [terraform-plan] | |
| if: github.event_name == 'push' | |
| environment: | |
| name: Develop | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Auth to Google Cloud (WIF) | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.8.5 | |
| terraform_wrapper: true | |
| - name: Cache Terraform plugins | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.terraform.d/plugin-cache | |
| ./.terraform | |
| key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }} | |
| restore-keys: | | |
| ${{ runner.os }}-terraform- | |
| - name: Terraform Init (backend dev) | |
| run: | | |
| cd terraform | |
| terraform init \ | |
| -backend-config=../configs/dev.config | |
| - name: Terraform Apply (env dev) | |
| run: | | |
| cd terraform | |
| terraform apply \ | |
| -auto-approve \ | |
| -var-file=../environments/dev/terraform.tfvars \ | |
| -input=false | |
| # ===== PHASE 2: TESTS ===== | |
| test: | |
| name: Run Tests | |
| runs-on: ubuntu-latest | |
| needs: [terraform-apply] | |
| if: github.event_name == 'push' | |
| environment: | |
| name: Develop | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install dependencies | |
| run: | | |
| cd app | |
| pip install -r requirements.txt | |
| - name: Run tests | |
| run: | | |
| cd app | |
| python -m pytest tests/ || echo "No tests found, continuing..." | |
| # ===== PHASE 3: BUILD & DEPLOY ===== | |
| build-and-push: | |
| name: Build & Push Docker Images | |
| runs-on: ubuntu-latest | |
| needs: [test] | |
| if: github.event_name == 'push' | |
| environment: | |
| name: Develop | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Auth to Google Cloud (WIF) | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v1 | |
| - name: Get Artifact Registry URL | |
| run: | | |
| echo "🔍 Recherche d'Artifact Registry dans le projet $PROJECT_ID..." | |
| # Lister tous les repositories pour debug | |
| echo "📋 Repositories disponibles:" | |
| gcloud artifacts repositories list --project=$PROJECT_ID | |
| # Récupérer le nom du repository | |
| REPO_NAME=$(gcloud artifacts repositories list --format="value(name)" --filter="format=DOCKER" --project=$PROJECT_ID | head -1) | |
| if [ -n "$REPO_NAME" ]; then | |
| # Utiliser la région depuis les secrets | |
| REPO_LOCATION=$GCP_REGION | |
| # Construire l'URL complète pour Docker (format correct) | |
| DOCKER_REGISTRY_URL="${REPO_LOCATION}-docker.pkg.dev/${PROJECT_ID}/${REPO_NAME}" | |
| echo "Debug - REPO_NAME: $REPO_NAME" | |
| echo "Debug - REPO_LOCATION: $REPO_LOCATION (depuis secret)" | |
| echo "Debug - PROJECT_ID: $PROJECT_ID" | |
| echo "Debug - URL construite: $DOCKER_REGISTRY_URL" | |
| echo "ARTIFACT_REGISTRY_URL=$DOCKER_REGISTRY_URL" >> $GITHUB_ENV | |
| echo "REGISTRY=$DOCKER_REGISTRY_URL" >> $GITHUB_ENV | |
| echo "✅ Artifact Registry trouvé: $DOCKER_REGISTRY_URL" | |
| echo "Repository: $REPO_NAME" | |
| echo "Location: $REPO_LOCATION" | |
| echo "Docker Registry: $DOCKER_REGISTRY_URL" | |
| else | |
| echo "❌ Aucun Artifact Registry trouvé !" | |
| echo "Vérifiez que Terraform a été déployé avec succès." | |
| exit 1 | |
| fi | |
| - name: Configure Docker for Artifact Registry | |
| run: | | |
| echo "🔧 Configuration de Docker pour Artifact Registry..." | |
| # Extraire le domaine du registry (ex: europe-west1-docker.pkg.dev) | |
| REGISTRY_DOMAIN=$(echo $REGISTRY | cut -d'/' -f1) | |
| echo "Registry Domain: $REGISTRY_DOMAIN" | |
| # Configurer gcloud comme assistant d'identification pour le domaine | |
| gcloud auth configure-docker $REGISTRY_DOMAIN --quiet | |
| echo "✅ Docker configuré pour le domaine $REGISTRY_DOMAIN" | |
| - name: Build and push to Artifact Registry | |
| run: | | |
| cd app | |
| echo "🐳 Construction de l'image Docker..." | |
| echo "Registry: $REGISTRY" | |
| echo "Image: $IMAGE_NAME" | |
| echo "Tag: $GITHUB_SHA" | |
| # Construction de l'image avec le bon registry | |
| docker build -t $REGISTRY/$IMAGE_NAME:$GITHUB_SHA . | |
| docker tag $REGISTRY/$IMAGE_NAME:$GITHUB_SHA $REGISTRY/$IMAGE_NAME:dev-latest | |
| echo "📤 Push vers Artifact Registry..." | |
| docker push $REGISTRY/$IMAGE_NAME:$GITHUB_SHA | |
| docker push $REGISTRY/$IMAGE_NAME:dev-latest | |
| echo "✅ Images poussées avec succès vers $REGISTRY" | |
| # ===== PHASE 4: KUBERNETES DEPLOYMENT ===== | |
| deploy-dev: | |
| name: Deploy to GKE | |
| runs-on: ubuntu-latest | |
| needs: [build-and-push] | |
| if: github.event_name == 'push' | |
| environment: | |
| name: Develop | |
| url: https://tasks-app-dev.example.com | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Auth to Google Cloud (WIF) | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
| service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v1 | |
| - name: Install gke-gcloud-auth-plugin | |
| run: | | |
| echo "🔧 Installation du plugin gke-gcloud-auth-plugin..." | |
| gcloud components install gke-gcloud-auth-plugin --quiet | |
| echo "✅ Plugin gke-gcloud-auth-plugin installé" | |
| - name: Get Artifact Registry URL | |
| run: | | |
| echo "🔍 Récupération de l'URL Artifact Registry..." | |
| REPO_NAME=$(gcloud artifacts repositories list --format="value(name)" --filter="format=DOCKER" --project=$PROJECT_ID | head -1) | |
| if [ -n "$REPO_NAME" ]; then | |
| DOCKER_REGISTRY_URL="${GCP_REGION}-docker.pkg.dev/${PROJECT_ID}/${REPO_NAME}" | |
| echo "REGISTRY=$DOCKER_REGISTRY_URL" >> $GITHUB_ENV | |
| echo "✅ Artifact Registry URL: $DOCKER_REGISTRY_URL" | |
| else | |
| echo "❌ Aucun Artifact Registry trouvé !" | |
| exit 1 | |
| fi | |
| - name: Configure kubectl | |
| run: | | |
| echo "🔧 Configuration de kubectl..." | |
| # Récupérer la location du cluster depuis GCP | |
| CLUSTER_LOCATION=$(gcloud container clusters list \ | |
| --project=$PROJECT_ID \ | |
| --filter="name=$GKE_CLUSTER" \ | |
| --format="value(location)") | |
| echo "📍 Emplacement du cluster: $CLUSTER_LOCATION" | |
| # Vérifier si c'est une région ou une zone | |
| if [[ $CLUSTER_LOCATION == *-*-[a-z] ]]; then | |
| # Format comme europe-west9-c → cluster zoné | |
| echo "🔸 Cluster zoné détecté" | |
| gcloud container clusters get-credentials $GKE_CLUSTER \ | |
| --zone $CLUSTER_LOCATION \ | |
| --project $PROJECT_ID | |
| else | |
| # Format comme europe-west1 → cluster régional | |
| echo "🔹 Cluster régional détecté" | |
| gcloud container clusters get-credentials $GKE_CLUSTER \ | |
| --region $CLUSTER_LOCATION \ | |
| --project $PROJECT_ID | |
| fi | |
| echo "✅ kubectl configuré pour le cluster $GKE_CLUSTER en $CLUSTER_LOCATION" | |
| - name: Install Helm | |
| uses: azure/setup-helm@v3 | |
| with: | |
| version: '3.12.0' | |
| - name: Get database password from Secret Manager | |
| run: | | |
| echo "🔐 Récupération des informations de connexion à la base de données..." | |
| # Récupérer le nom de l'instance Cloud SQL dynamiquement | |
| DB_INSTANCE_NAME=$(gcloud sql instances list --project=$PROJECT_ID --format="value(name)" | head -1) | |
| echo "Instance Cloud SQL trouvée: $DB_INSTANCE_NAME" | |
| # Récupérer l'IP privée de l'instance Cloud SQL | |
| DB_HOST=$(gcloud sql instances describe $DB_INSTANCE_NAME --project=$PROJECT_ID --format="value(ipAddresses[0].ipAddress)") | |
| echo "DB_HOST=$DB_HOST" >> $GITHUB_ENV | |
| echo "✅ IP de la base de données: $DB_HOST" | |
| # Récupérer le nom de la base de données | |
| echo "DB_NAME=tasksdb" >> $GITHUB_ENV | |
| # Récupérer le mot de passe depuis Secret Manager | |
| DB_PASSWORD=$(gcloud secrets versions access latest --secret="${DB_INSTANCE_NAME}-app-db-password" --project=$PROJECT_ID) | |
| echo "DB_PASSWORD=$DB_PASSWORD" >> $GITHUB_ENV | |
| echo "✅ Mot de passe récupéré depuis Secret Manager pour l'instance $DB_INSTANCE_NAME" | |
| - name: Deploy to GKE with Helm | |
| run: | | |
| echo "🚀 Déploiement sur GKE avec Helm..." | |
| echo " 📦 Image: $REGISTRY/$IMAGE_NAME:dev-latest" | |
| echo " 🗄️ DB Host: $DB_HOST" | |
| echo " 📊 DB Name: $DB_NAME" | |
| helm upgrade --install tasks-app-dev ./helm/tasks-app \ | |
| --namespace tasks-dev \ | |
| --create-namespace \ | |
| --values ./helm/tasks-app/values-dev.yaml \ | |
| --set image.repository="$REGISTRY/$IMAGE_NAME" \ | |
| --set-string image.tag=dev-latest \ | |
| --set-string env.DB_HOST=$DB_HOST \ | |
| --set-string env.DB_NAME=$DB_NAME \ | |
| --set-string env.DB_USER=tasks_app \ | |
| --set-string secrets.dbPassword="$DB_PASSWORD" \ | |
| --wait --timeout=10m \ | |
| --debug --atomic | |
| echo "✅ Déploiement terminé" | |
| - name: Verify deployment | |
| run: | | |
| echo "🔍 Vérification du déploiement..." | |
| kubectl get pods -n tasks-dev | |
| kubectl get services -n tasks-dev | |
| kubectl get ingress -n tasks-dev | |
| echo "✅ Vérification terminée" |