mirror of
https://github.com/ghndrx/k8s-game-2048.git
synced 2026-02-10 06:45:07 +00:00
a509e4603e
- Remove all custom domain SSL testing and health checks - Use only canonical Knative domains for all testing - Update all workflows to use domain secrets for health checks - Remove kubectl dependencies from deployment workflows - Update index.html to v2.0.2 for testing canonical domain workflow - Simplify smoke tests to focus on Knative canonical domains only - Clean up auto-promotion summaries to remove SSL references All workflows now test only the canonical Knative domains and avoid custom domain complexity for a cleaner, more reliable pipeline.
186 lines
7.4 KiB
YAML
186 lines
7.4 KiB
YAML
name: Deploy to Production
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
image_tag:
|
|
description: 'Image tag to deploy (default: latest)'
|
|
required: false
|
|
default: 'latest'
|
|
confirmation:
|
|
description: 'Type "DEPLOY" to confirm production deployment'
|
|
required: true
|
|
source_environment:
|
|
description: 'Source environment (staging or manual)'
|
|
required: false
|
|
default: 'staging'
|
|
workflow_run:
|
|
workflows: ["Deploy to Staging"]
|
|
types:
|
|
- completed
|
|
branches: [ main, master ]
|
|
|
|
env:
|
|
REGISTRY: ghcr.io
|
|
IMAGE_NAME: ${{ github.repository }}
|
|
|
|
jobs:
|
|
deploy-prod:
|
|
name: Deploy to Production
|
|
runs-on: ubuntu-latest
|
|
if: |
|
|
(github.event_name == 'workflow_dispatch' && github.event.inputs.confirmation == 'DEPLOY') ||
|
|
(github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success')
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Set image tag
|
|
run: |
|
|
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
|
|
IMAGE_TAG="${{ github.event.inputs.image_tag || 'latest' }}"
|
|
else
|
|
# For auto-promotion, use the latest successful build
|
|
IMAGE_TAG="main-$(echo "${{ github.sha }}" | cut -c1-7)"
|
|
fi
|
|
echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
|
|
echo "Deploying image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:$IMAGE_TAG"
|
|
|
|
- name: Deploy to production via webhook (Blue-Green)
|
|
run: |
|
|
echo "🚀 Triggering blue-green webhook deployment to production..."
|
|
|
|
# Prepare deployment payload
|
|
PAYLOAD=$(cat <<EOF
|
|
{
|
|
"environment": "production",
|
|
"image": "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}",
|
|
"namespace": "game-2048-prod",
|
|
"service_name": "game-2048-prod",
|
|
"deployment_id": "${{ github.run_id }}-${{ github.run_attempt }}",
|
|
"commit_sha": "${{ github.sha }}",
|
|
"triggered_by": "${{ github.actor }}",
|
|
"timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
|
|
"auto_promotion": "${{ github.event_name == 'workflow_run' }}",
|
|
"deployment_strategy": "blue-green",
|
|
"traffic_split": {
|
|
"initial": 10,
|
|
"intermediate": 50,
|
|
"final": 100
|
|
}
|
|
}
|
|
EOF
|
|
)
|
|
|
|
# Generate HMAC signature for webhook security
|
|
SIGNATURE=$(echo -n "$PAYLOAD" | openssl dgst -sha256 -hmac "${{ secrets.WEBHOOK_SECRET }}" -binary | base64)
|
|
|
|
# Send webhook
|
|
HTTP_CODE=$(curl -s -o /tmp/webhook_response.json -w "%{http_code}" \
|
|
-X POST \
|
|
-H "Content-Type: application/json" \
|
|
-H "X-Signature-SHA256: sha256=$SIGNATURE" \
|
|
-H "X-GitHub-Event: deployment" \
|
|
-H "X-GitHub-Delivery: ${{ github.run_id }}" \
|
|
-d "$PAYLOAD" \
|
|
"${{ secrets.PROD_WEBHOOK_URL }}")
|
|
|
|
echo "Webhook response code: $HTTP_CODE"
|
|
cat /tmp/webhook_response.json || echo "No response body"
|
|
|
|
if [ "$HTTP_CODE" -ge 200 ] && [ "$HTTP_CODE" -lt 300 ]; then
|
|
echo "✅ Webhook deployment triggered successfully!"
|
|
else
|
|
echo "❌ Webhook deployment failed with code: $HTTP_CODE"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Wait for blue-green deployment phases
|
|
run: |
|
|
echo "⏳ Waiting for blue-green deployment phases..."
|
|
echo "Phase 1: Initial deployment (10% traffic) - 2 minutes"
|
|
sleep 120
|
|
|
|
echo "Phase 2: Intermediate traffic split (50%) - 2 minutes"
|
|
sleep 120
|
|
|
|
echo "Phase 3: Full traffic switch (100%) - 1 minute"
|
|
sleep 60
|
|
|
|
echo "✅ Blue-green deployment phases completed"
|
|
|
|
- name: Production health check
|
|
run: |
|
|
echo "🏥 Performing comprehensive production health check..."
|
|
MAX_RETRIES=10
|
|
RETRY_COUNT=0
|
|
|
|
# Use the canonical Knative domain for health check
|
|
HEALTH_URL="https://game-2048-prod.game-2048-prod.${{ secrets.PROD_DOMAIN }}"
|
|
|
|
while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
|
|
echo "Attempt $((RETRY_COUNT + 1))/$MAX_RETRIES - Checking: $HEALTH_URL"
|
|
|
|
# Check if service responds
|
|
if curl -f -s --max-time 10 "$HEALTH_URL" > /dev/null; then
|
|
echo "✅ Basic health check passed!"
|
|
|
|
# Additional production validations
|
|
echo "🔍 Running extended production validations..."
|
|
|
|
# Check response time
|
|
RESPONSE_TIME=$(curl -o /dev/null -s -w '%{time_total}' "$HEALTH_URL")
|
|
echo "Response time: ${RESPONSE_TIME}s"
|
|
|
|
# Check if response contains expected content
|
|
if curl -s --max-time 10 "$HEALTH_URL" | grep -q "2048"; then
|
|
echo "✅ Content validation passed!"
|
|
echo "🌐 Production application is live at: $HEALTH_URL"
|
|
exit 0
|
|
else
|
|
echo "⚠️ Content validation failed, retrying..."
|
|
fi
|
|
else
|
|
echo "⚠️ Health check failed, retrying in 20 seconds..."
|
|
sleep 20
|
|
RETRY_COUNT=$((RETRY_COUNT + 1))
|
|
fi
|
|
done
|
|
|
|
echo "❌ Production health check failed after $MAX_RETRIES attempts"
|
|
echo "The deployment webhook was sent successfully, but the service is not responding correctly"
|
|
echo "Please check your cluster logs and consider rolling back"
|
|
exit 1
|
|
|
|
- name: Production deployment summary
|
|
if: always()
|
|
run: |
|
|
echo "## 🚀 Production Deployment Summary" >> $GITHUB_STEP_SUMMARY
|
|
echo "- **Environment:** Production" >> $GITHUB_STEP_SUMMARY
|
|
echo "- **Image:** \`${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }}\`" >> $GITHUB_STEP_SUMMARY
|
|
echo "- **Deployment Method:** Webhook-based Blue-Green" >> $GITHUB_STEP_SUMMARY
|
|
echo "- **Strategy:** 10% → 50% → 100% traffic split" >> $GITHUB_STEP_SUMMARY
|
|
echo "- **Triggered by:** ${{ github.actor }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "- **Commit:** ${{ github.sha }}" >> $GITHUB_STEP_SUMMARY
|
|
|
|
if [ "${{ github.event_name }}" = "workflow_run" ]; then
|
|
echo "- **Type:** Auto-promotion from Staging" >> $GITHUB_STEP_SUMMARY
|
|
else
|
|
echo "- **Type:** Manual deployment with confirmation" >> $GITHUB_STEP_SUMMARY
|
|
fi
|
|
|
|
if [ "${{ job.status }}" = "success" ]; then
|
|
echo "- **Status:** ✅ **LIVE IN PRODUCTION**" >> $GITHUB_STEP_SUMMARY
|
|
echo "- **URL:** https://game-2048-prod.game-2048-prod.${{ secrets.PROD_DOMAIN }}" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "### 🎉 Production is Live!" >> $GITHUB_STEP_SUMMARY
|
|
echo "- 🎮 [Play the game](https://game-2048-prod.game-2048-prod.${{ secrets.PROD_DOMAIN }})" >> $GITHUB_STEP_SUMMARY
|
|
echo "- 🧪 [Run smoke tests](https://github.com/${{ github.repository }}/actions/workflows/smoke-test.yml)" >> $GITHUB_STEP_SUMMARY
|
|
else
|
|
echo "- **Status:** ❌ Failed" >> $GITHUB_STEP_SUMMARY
|
|
echo "" >> $GITHUB_STEP_SUMMARY
|
|
echo "### ⚠️ Production Deployment Failed" >> $GITHUB_STEP_SUMMARY
|
|
echo "Please check the logs and consider manual intervention or rollback." >> $GITHUB_STEP_SUMMARY
|
|
fi
|