awoooi/.github/workflows/cd.yaml

name: CD

on:
  push:
    branches: [main]
    paths-ignore:
      - 'docs/**'
      - '*.md'

env:
  REGISTRY: 192.168.0.110:5000
  IMAGE_PREFIX: library/awoooi

jobs:
  # ==================== Build & Push Images ====================
  build-images:
    name: Build & Push Images
    runs-on: self-hosted
    strategy:
      matrix:
        app: [web, api]
    steps:
      - uses: actions/checkout@v4

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login to WOOO Harbor
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ secrets.HARBOR_USER }}
          password: ${{ secrets.HARBOR_PASSWORD }}

      - name: Generate image tag
        id: tag
        run: |
          SHA=$(git rev-parse --short HEAD)
          RUN_ID=${{ github.run_id }}
          echo "tag=${SHA}-${RUN_ID}" >> $GITHUB_OUTPUT

      - name: Build & Push to Harbor
        uses: docker/build-push-action@v5
        with:
          context: .
          file: apps/${{ matrix.app }}/Dockerfile
          push: true
          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-${{ matrix.app }}:${{ steps.tag.outputs.tag }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

      - name: Output image tag
        run: |
          echo "::notice::Image pushed: ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-${{ matrix.app }}:${{ steps.tag.outputs.tag }}"

  # ==================== Deploy to UAT ====================
  deploy-uat:
    name: Deploy to UAT
    runs-on: self-hosted
    needs: build-images
    environment: uat
    steps:
      - uses: actions/checkout@v4

      - name: Setup Kubeconfig
        run: |
          mkdir -p ~/.kube
          echo "${{ secrets.KUBE_CONFIG_UAT }}" | base64 -d > ~/.kube/config
          chmod 600 ~/.kube/config

      - name: Generate image tag
        id: tag
        run: |
          SHA=$(git rev-parse --short HEAD)
          RUN_ID=${{ github.run_id }}
          echo "tag=${SHA}-${RUN_ID}" >> $GITHUB_OUTPUT

      - name: Deploy with Kustomize
        run: |
          cd k8s/overlays/uat
          kustomize edit set image \
            awoooi-web=${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-web:${{ steps.tag.outputs.tag }} \
            awoooi-api=${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-api:${{ steps.tag.outputs.tag }}
          kubectl apply -k .

      - name: Wait for rollout
        run: |
          kubectl rollout status deployment/awoooi-web -n awoooi-uat --timeout=300s
          kubectl rollout status deployment/awoooi-api -n awoooi-uat --timeout=300s

      - name: Health check
        run: |
          sleep 10
          curl -f https://api-uat.awoooi.wooo.work/v1/health || exit 1