name: Build & Deploy to K3s on: push: branches: [main] env: REGISTRY: git.arthurbarre.fr BACKEND_IMAGE: git.arthurbarre.fr/ordinarthur/freedge-backend FRONTEND_IMAGE: git.arthurbarre.fr/ordinarthur/freedge-frontend REGISTRY_USER: ordinarthur jobs: build-and-deploy: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Login to Gitea Container Registry run: | echo "${{ secrets.REGISTRY_PASSWORD }}" | \ docker login ${{ env.REGISTRY }} -u ${{ env.REGISTRY_USER }} --password-stdin - name: Build backend image run: | docker build \ -t ${{ env.BACKEND_IMAGE }}:${{ github.sha }} \ -t ${{ env.BACKEND_IMAGE }}:latest \ ./backend - name: Build frontend image run: | docker build \ --build-arg VITE_API_BASE_URL=https://freedge.app/api \ --build-arg VITE_GOOGLE_CLIENT_ID=173866668387-i18igc0e1avqtsaqq6nig898bv6pvuk6.apps.googleusercontent.com \ -t ${{ env.FRONTEND_IMAGE }}:${{ github.sha }} \ -t ${{ env.FRONTEND_IMAGE }}:latest \ ./frontend - name: Push backend image run: | docker push ${{ env.BACKEND_IMAGE }}:${{ github.sha }} docker push ${{ env.BACKEND_IMAGE }}:latest - name: Push frontend image run: | docker push ${{ env.FRONTEND_IMAGE }}:${{ github.sha }} docker push ${{ env.FRONTEND_IMAGE }}:latest - name: Install kubectl run: | curl -LO "https://dl.k8s.io/release/$(curl -Ls https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" chmod +x kubectl mv kubectl /usr/local/bin/kubectl - name: Configure kubeconfig run: | mkdir -p ~/.kube echo "${{ secrets.KUBECONFIG }}" | base64 -d > ~/.kube/config - name: Apply namespace and shared resources run: | kubectl apply -f k8s/namespace.yml kubectl apply -f k8s/configmap.yml kubectl apply -f k8s/pvc.yml kubectl apply -f k8s/service.yml - name: Create image pull secret run: | kubectl -n freedge create secret docker-registry gitea-registry-secret \ --docker-server=${{ env.REGISTRY }} \ --docker-username=${{ env.REGISTRY_USER }} \ --docker-password="${{ secrets.REGISTRY_PASSWORD }}" \ --dry-run=client -o yaml | kubectl apply -f - - name: Create app secrets run: | kubectl -n freedge create secret generic freedge-secrets \ --from-literal=DATABASE_URL="${{ secrets.DATABASE_URL }}" \ --from-literal=JWT_SECRET="${{ secrets.JWT_SECRET }}" \ --from-literal=OPENAI_API_KEY="${{ secrets.OPENAI_API_KEY }}" \ --from-literal=STRIPE_SECRET_KEY="${{ secrets.STRIPE_SECRET_KEY }}" \ --from-literal=STRIPE_WEBHOOK_SECRET="${{ secrets.STRIPE_WEBHOOK_SECRET }}" \ --from-literal=STRIPE_PRICE_ID_ESSENTIAL="${{ secrets.STRIPE_PRICE_ID_ESSENTIAL }}" \ --from-literal=STRIPE_PRICE_ID_PREMIUM="${{ secrets.STRIPE_PRICE_ID_PREMIUM }}" \ --dry-run=client -o yaml | kubectl apply -f - - name: Deploy workloads run: | kubectl apply -f k8s/deployment.yml kubectl -n freedge set image deployment/freedge-backend \ freedge-backend=${{ env.BACKEND_IMAGE }}:${{ github.sha }} kubectl -n freedge set image deployment/freedge-frontend \ freedge-frontend=${{ env.FRONTEND_IMAGE }}:${{ github.sha }} kubectl -n freedge rollout status deployment/freedge-backend --timeout=180s kubectl -n freedge rollout status deployment/freedge-frontend --timeout=180s kubectl -n freedge rollout status deployment/freedge-proxy --timeout=180s - name: Cleanup old images run: | docker image prune -f