name: Deploy Promiscuity Auth API on: push: branches: - main workflow_dispatch: {} jobs: deploy: runs-on: self-hosted env: IMAGE_NAME: promiscuity-auth:latest IMAGE_TAR: /tmp/promiscuity-auth.tar # All nodes that might run the pod (control-plane + workers) NODES: "192.168.86.64 192.168.86.66 192.168.86.72" steps: - name: Checkout repo uses: actions/checkout@v4 # ----------------------------- # Build Docker image # ----------------------------- - name: Build Docker image run: | cd microservices/Auth docker build -t "${IMAGE_NAME}" . # ----------------------------- # Save image as TAR on runner # ----------------------------- - name: Save Docker image to TAR run: | docker save "${IMAGE_NAME}" -o "${IMAGE_TAR}" # ----------------------------- # Copy TAR to each Kubernetes node # ----------------------------- - name: Copy TAR to nodes run: | for node in ${NODES}; do echo "Copying image tar to $node ..." scp -o StrictHostKeyChecking=no "${IMAGE_TAR}" hz@"$node":/tmp/promiscuity-auth.tar done # ----------------------------- # Import image into containerd on each node # ----------------------------- - name: Import image on nodes run: | for node in ${NODES}; do echo "Importing image on $node ..." ssh -o StrictHostKeyChecking=no hz@"$node" "sudo ctr -n k8s.io images import /tmp/promiscuity-auth.tar" done # ----------------------------- # CLEANUP: delete TAR from nodes # ----------------------------- - name: Clean TAR from nodes run: | for node in ${NODES}; do echo "Removing image tar on $node ..." ssh -o StrictHostKeyChecking=no hz@"$node" "rm -f /tmp/promiscuity-auth.tar" done # ----------------------------- # CLEANUP: delete TAR from runner # ----------------------------- - name: Clean TAR on runner run: | rm -f "${IMAGE_TAR}" # ----------------------------- # Write kubeconfig from secret # ----------------------------- - name: Write kubeconfig from secret env: KUBECONFIG_CONTENT: ${{ secrets.KUBECONFIG }} run: | mkdir -p /tmp/kube printf '%s\n' "$KUBECONFIG_CONTENT" > /tmp/kube/config # ----------------------------- # Apply Kubernetes manifests # (You create these files in your repo) # ----------------------------- - name: Apply Auth deployment & service env: KUBECONFIG: /tmp/kube/config run: | kubectl apply -f microservices/Auth/k8s/deployment.yaml -n promiscuity-auth kubectl apply -f microservices/Auth/k8s/service.yaml -n promiscuity-auth # ----------------------------- # Rollout restart & wait # ----------------------------- - name: Restart Auth deployment env: KUBECONFIG: /tmp/kube/config run: | kubectl rollout restart deployment/promiscuity-auth -n promiscuity-auth kubectl rollout status deployment/promiscuity-auth -n promiscuity-auth