Created
December 2, 2025 17:00
-
-
Save ethanke/dc7f0dbed714e727d21089f35e484798 to your computer and use it in GitHub Desktop.
Judge CI/CD workflow
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy | |
| on: | |
| push: | |
| branches: [main, master] | |
| workflow_dispatch: | |
| inputs: | |
| commit_sha: | |
| description: 'Commit SHA to deploy' | |
| required: false | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up kubectl | |
| run: | | |
| curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" | |
| chmod +x kubectl | |
| sudo mv kubectl /usr/local/bin/ | |
| - name: Set up kubeconfig | |
| run: | | |
| echo "${{ secrets.KUBECONFIG }}" | base64 -d > /tmp/kubeconfig | |
| export KUBECONFIG=/tmp/kubeconfig | |
| - name: Get commit SHA | |
| id: commit | |
| run: | | |
| if [[ "${{ github.event_name }}" == "workflow_dispatch" ]] && [[ -n "${{ github.event.inputs.commit_sha }}" ]]; then | |
| COMMIT_SHA="${{ github.event.inputs.commit_sha }}" | |
| else | |
| COMMIT_SHA="${{ github.sha }}" | |
| fi | |
| echo "sha=${COMMIT_SHA}" >> $GITHUB_OUTPUT | |
| echo "Deploying commit: ${COMMIT_SHA}" | |
| - name: Wait for CI Builder to be ready | |
| run: | | |
| CI_BUILDER_URL="https://ci-builder.lum.tools" | |
| CI_BUILDER_AUTH="${{ secrets.CI_BUILDER_AUTH }}" | |
| if [[ -z "$CI_BUILDER_AUTH" ]]; then | |
| echo "Error: CI_BUILDER_AUTH secret not set" | |
| echo "Please add CI_BUILDER_AUTH secret in GitHub: Settings → Secrets → Actions" | |
| echo "Format: ci-builder:password" | |
| exit 1 | |
| fi | |
| echo "Waiting for CI Builder to be accessible..." | |
| for i in {1..60}; do | |
| if curl -s --max-time 5 --fail -u "${CI_BUILDER_AUTH}" "${CI_BUILDER_URL}/health" > /dev/null 2>&1; then | |
| echo "CI Builder is ready!" | |
| break | |
| fi | |
| if [ $i -eq 60 ]; then | |
| echo "CI Builder failed to become accessible" | |
| exit 1 | |
| fi | |
| echo "Attempt $i/60: Waiting for CI Builder..." | |
| sleep 2 | |
| done | |
| - name: Deploy via CI Builder | |
| run: | | |
| export KUBECONFIG=/tmp/kubeconfig | |
| # CI Builder HTTPS endpoint with authentication | |
| CI_BUILDER_URL="https://ci-builder.lum.tools" | |
| CI_BUILDER_AUTH="${{ secrets.CI_BUILDER_AUTH }}" | |
| if [[ -z "$CI_BUILDER_AUTH" ]]; then | |
| echo "Error: CI_BUILDER_AUTH secret not set" | |
| exit 1 | |
| fi | |
| # Prepare git token | |
| GIT_TOKEN="${{ secrets.GH_PAT }}" | |
| if [[ -z "$GIT_TOKEN" ]]; then | |
| echo "Warning: GH_PAT secret not set, using default token" | |
| GIT_TOKEN="adminuser:0ceb5e47efd9139cb5a01b54ec87203f6d1ff9f1254e1fa1bd8bc8fd253aea8d" | |
| fi | |
| # Construct repo URL | |
| REPO_URL="${{ github.server_url }}/${{ github.repository }}.git" | |
| # Build payload | |
| PAYLOAD=$(cat <<EOF | |
| { | |
| "repo_url": "${REPO_URL}", | |
| "commit_sha": "${{ steps.commit.outputs.sha }}", | |
| "service_name": "judge", | |
| "namespace": "default", | |
| "dockerfile_path": "Dockerfile", | |
| "git_token": "${GIT_TOKEN}" | |
| } | |
| EOF | |
| ) | |
| echo "Deploying service via ${CI_BUILDER_URL}..." | |
| curl -X POST "${CI_BUILDER_URL}/build-push-rollout" \ | |
| -u "${CI_BUILDER_AUTH}" \ | |
| -H "Content-Type: application/json" \ | |
| -d "${PAYLOAD}" \ | |
| --fail-with-body \ | |
| --max-time 600 | |
| - name: Verify Deployment | |
| run: | | |
| export KUBECONFIG=/tmp/kubeconfig | |
| kubectl -n default rollout status deployment/judge-deployment --timeout=300s | |
| - name: Cleanup | |
| if: always() | |
| run: | | |
| export KUBECONFIG=/tmp/kubeconfig | |
| rm -f /tmp/kubeconfig |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment