major_tom/.gitea/workflows/deploy.yaml

name: Deploy

on:
  push:
    branches: [main]

env:
  REGISTRY: git.kimchi
  IMAGE: git.kimchi/tas/major_tom
  NAMESPACE: jnr-web
  DEPLOYMENT: jnr-web

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        run: |
          git config --global http.https://git.kimchi.sslVerify false
          git clone --depth 1 https://${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_PASSWORD }}@git.kimchi/tas/major_tom.git .

      - name: Build and push container image
        run: |
          set -ex

          IMAGE_TAG="${{ env.IMAGE }}:sha-${GITHUB_SHA::8}"
          IMAGE_LATEST="${{ env.IMAGE }}:latest"

          buildah bud --tls-verify=false -f Containerfile -t "$IMAGE_TAG" -t "$IMAGE_LATEST" .

          CREDS="${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_PASSWORD }}"

          echo "=== debug: test v2 endpoint ==="
          curl -sk https://git.kimchi/v2/ || true
          echo ""
          echo "=== debug: test v2 auth ==="
          curl -sk -u "$CREDS" https://git.kimchi/v2/ || true
          echo ""
          echo "=== debug: test token endpoint ==="
          curl -sk -u "$CREDS" "https://git.kimchi/v2/token?scope=repository:tas/major_tom:push,pull&service=container_registry" || true
          echo ""

          echo "=== buildah push tag ==="
          buildah push --tls-verify=false --creds "$CREDS" "$IMAGE_TAG"

          echo "=== buildah push latest ==="
          buildah push --tls-verify=false --creds "$CREDS" "$IMAGE_LATEST"

          echo "IMAGE_TAG=$IMAGE_TAG" >> "$GITHUB_ENV"

      - name: Deploy to k3s
        run: |
          mkdir -p ~/.kube
          echo "${{ secrets.KUBECONFIG }}" > ~/.kube/config
          chmod 600 ~/.kube/config

          kubectl set image deployment/${{ env.DEPLOYMENT }} \
            ${{ env.DEPLOYMENT }}="${{ env.IMAGE_TAG }}" \
            -n ${{ env.NAMESPACE }}

          kubectl rollout status deployment/${{ env.DEPLOYMENT }} \
            -n ${{ env.NAMESPACE }} --timeout=60s