Files
trade-gitops/.gitea/workflows/deploy-trade-r001-canary.yaml
mpabi 6672e1043d
All checks were successful
deploy-trade-r001-canary / apply (push) Successful in 1m1s
feat(canary): deploy r001 app surface on sol
2026-04-12 17:18:42 +02:00

113 lines
4.1 KiB
YAML

name: deploy-trade-r001-canary
on:
push:
branches:
- main
paths:
- environments/sol/trade-r001-canary/**
- .gitea/workflows/deploy-trade-r001-canary.yaml
workflow_dispatch:
jobs:
apply:
runs-on: k3s-deploy
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Materialize kubeconfig
env:
K3S_KUBECONFIG_B64: ${{ secrets.K3S_KUBECONFIG_B64 }}
run: |
test -n "$K3S_KUBECONFIG_B64"
printf '%s' "$K3S_KUBECONFIG_B64" | base64 -d >/tmp/kubeconfig
chmod 600 /tmp/kubeconfig
- name: Install kubectl
run: |
curl -fsSL -o /tmp/kubectl https://dl.k8s.io/release/v1.34.6/bin/linux/amd64/kubectl
install -m 0755 /tmp/kubectl /usr/local/bin/kubectl
kubectl version --client
- name: Verify prerequisite secrets
env:
KUBECONFIG: /tmp/kubeconfig
run: |
kubectl -n trade-r001-canary get secret trade-postgres trade-hasura trade-api trade-frontend-tokens trade-basic-auth gitea-registry
- name: Recreate bootstrap jobs
env:
KUBECONFIG: /tmp/kubeconfig
run: |
kubectl -n trade-r001-canary delete job postgres-migrate hasura-bootstrap --ignore-not-found=true
- name: Apply canary environment
env:
KUBECONFIG: /tmp/kubeconfig
run: |
kubectl apply -k environments/sol/trade-r001-canary
kubectl get ns trade-r001-canary --show-labels
kubectl -n trade-r001-canary get svc,resourcequota,limitrange
- name: Restart application surface
env:
KUBECONFIG: /tmp/kubeconfig
run: |
kubectl -n trade-r001-canary rollout restart deploy/hasura deploy/trade-api deploy/trade-frontend
- name: Wait for database and metadata bootstrap
env:
KUBECONFIG: /tmp/kubeconfig
run: |
kubectl -n trade-r001-canary wait --for=condition=complete job/postgres-migrate --timeout=300s
kubectl -n trade-r001-canary wait --for=condition=complete job/hasura-bootstrap --timeout=300s
- name: Wait for application rollouts
env:
KUBECONFIG: /tmp/kubeconfig
run: |
kubectl -n trade-r001-canary rollout status deploy/hasura --timeout=300s
kubectl -n trade-r001-canary rollout status deploy/trade-api --timeout=300s
kubectl -n trade-r001-canary rollout status deploy/trade-frontend --timeout=300s
kubectl -n trade-r001-canary get deploy,pods -o wide
- name: Verify canary namespace connectivity
env:
KUBECONFIG: /tmp/kubeconfig
run: |
kubectl -n trade-r001-canary delete pod canary-netcheck --ignore-not-found=true
kubectl -n trade-r001-canary run canary-netcheck \
--image=python:3.12-alpine \
--restart=Never \
--command -- sleep 600
kubectl -n trade-r001-canary wait --for=condition=Ready pod/canary-netcheck --timeout=180s
kubectl -n trade-r001-canary exec canary-netcheck -- python - <<'PY'
import socket
targets = [
("postgres-host.trade-infra.svc.cluster.local", 5432),
("redis-host.trade-infra.svc.cluster.local", 6379),
]
for host, port in targets:
with socket.create_connection((host, port), timeout=5):
print(f"OK {host}:{port}")
PY
kubectl -n trade-r001-canary exec canary-netcheck -- python - <<'PY'
import urllib.request
targets = [
"http://hasura:8080/healthz",
"http://trade-api:8787/healthz",
"http://trade-frontend:8081/healthz",
]
for url in targets:
with urllib.request.urlopen(url, timeout=10) as response:
if response.status != 200:
raise SystemExit(f"Unexpected status for {url}: {response.status}")
print(f"OK {url}")
PY
kubectl -n trade-r001-canary delete pod canary-netcheck --wait=true